Vulnerabilities > Trendmicro > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-08-04 CVE-2021-32465 Improper Preservation of Permissions vulnerability in Trendmicro Apex ONE and Officescan
An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations.
network
low complexity
trendmicro CWE-281
6.5
2021-07-29 CVE-2021-36742 Improper Input Validation vulnerability in Trendmicro products
A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations.
local
low complexity
trendmicro CWE-20
4.6
2021-05-27 CVE-2021-32459 Use of Hard-coded Credentials vulnerability in Trendmicro Home Network Security
Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted network request to lead to arbitrary authentication.
network
low complexity
trendmicro CWE-798
5.5
2021-05-26 CVE-2021-32457 Unspecified vulnerability in Trendmicro Home Network Security 6.1.567/6.6.604
Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl to escalate privileges on affected devices.
local
low complexity
trendmicro
4.6
2021-05-12 CVE-2021-28649 Incorrect Default Permissions vulnerability in Trendmicro Housecall for Home Networks 5.3.0.1063
An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan.
4.4
2021-05-12 CVE-2021-31519 Incorrect Default Permissions vulnerability in Trendmicro Housecall for Home Networks 5.3.0.1063
An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan.
4.4
2021-05-10 CVE-2021-31520 Improper Authentication vulnerability in Trendmicro IM Security 1.6/1.6.5
A weak session token authentication bypass vulnerability in Trend Micro IM Security 1.6 and 1.6.5 could allow an remote attacker to guess currently logged-in administrators' session session token in order to gain access to the product's web management interface.
6.8
2021-04-22 CVE-2021-28648 Improper Privilege Management vulnerability in Trendmicro Antivirus 10.5/11.0
Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application.
local
low complexity
trendmicro CWE-269
4.6
2021-04-13 CVE-2021-28647 Uncontrolled Search Path Element vulnerability in Trendmicro Password Manager 5.0/5.0.0.1076/5.0.0.1081
Trend Micro Password Manager version 5 (Consumer) is vulnerable to a DLL Hijacking vulnerability which could allow an attacker to inject a malicious DLL file during the installation progress and could execute a malicious program each time a user installs a program.
4.4
2021-03-03 CVE-2021-25252 Resource Exhaustion vulnerability in Trendmicro products
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
local
low complexity
trendmicro CWE-400
4.9