Vulnerabilities > Trendmicro > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-02-24 CVE-2022-24678 Resource Exhaustion vulnerability in Trendmicro products
An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations.
network
low complexity
trendmicro CWE-400
5.0
2022-02-24 CVE-2022-25331 Unspecified vulnerability in Trendmicro products
Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process.
network
low complexity
trendmicro
5.0
2022-01-20 CVE-2022-23119 Path Traversal vulnerability in Trendmicro Deep Security Agent 10.0/11.0
A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system.
network
trendmicro CWE-22
4.3
2022-01-20 CVE-2022-23120 Code Injection vulnerability in Trendmicro Deep Security Agent 10.0/11.0
A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root.
6.9
2022-01-10 CVE-2021-44024 Link Following vulnerability in Trendmicro products
A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM.
local
low complexity
trendmicro CWE-59
6.6
2022-01-10 CVE-2021-45442 Link Following vulnerability in Trendmicro products
A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM.
local
low complexity
trendmicro CWE-59
6.6
2021-11-30 CVE-2021-43771 Unspecified vulnerability in Trendmicro Antivirus 11.0/11.0.2062/11.0.2150
Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application.
local
low complexity
trendmicro
4.6
2021-10-21 CVE-2021-23139 NULL Pointer Dereference vulnerability in Trendmicro products
A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations.
network
low complexity
trendmicro CWE-476
5.0
2021-10-21 CVE-2021-42011 Incorrect Default Permissions vulnerability in Trendmicro Apex ONE 2019
An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations.
local
low complexity
trendmicro CWE-276
4.6
2021-10-21 CVE-2021-42012 Out-of-bounds Write vulnerability in Trendmicro products
A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations.
local
low complexity
trendmicro CWE-787
4.6