Vulnerabilities > Trendmicro > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-12 | CVE-2022-44648 | Out-of-bounds Read vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44647. | 5.5 |
| 2022-10-10 | CVE-2022-41748 | Incorrect Default Permissions vulnerability in Trendmicro Apex ONE 2019 A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations. | 6.7 |
| 2022-06-09 | CVE-2022-30703 | Unspecified vulnerability in Trendmicro Security 2021/2022 Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. | 4.6 |
| 2022-05-27 | CVE-2022-28394 | Uncontrolled Search Path Element vulnerability in Trendmicro Password Manager EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). | 6.9 |
| 2022-05-27 | CVE-2022-30687 | Link Following vulnerability in Trendmicro Maximum Security 2022 17.7 Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files. | 6.6 |
| 2022-03-08 | CVE-2022-26319 | Uncontrolled Search Path Element vulnerability in Trendmicro Portable Security 2.0/3.0 An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to elevate local privileges. | 6.9 |
| 2022-02-24 | CVE-2022-24678 | Resource Exhaustion vulnerability in Trendmicro products An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations. | 5.0 |
| 2022-02-24 | CVE-2022-25331 | Unspecified vulnerability in Trendmicro products Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process. | 5.0 |
| 2022-01-20 | CVE-2022-23119 | Path Traversal vulnerability in Trendmicro Deep Security Agent 10.0/11.0 A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. | 4.3 |
| 2022-01-20 | CVE-2022-23120 | Code Injection vulnerability in Trendmicro Deep Security Agent 10.0/11.0 A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. | 6.9 |