Vulnerabilities > Trendmicro > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-09 | CVE-2020-27019 | Missing Authentication for Critical Function vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key. | 5.5 |
| 2020-11-09 | CVE-2020-27018 | Server-Side Request Forgery (SSRF) vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. | 5.5 |
| 2020-11-09 | CVE-2020-27017 | XXE vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. | 4.9 |
| 2020-10-30 | CVE-2020-27015 | Information Exposure Through an Error Message vulnerability in Trendmicro Antivirus 2020 Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. | 4.4 |
| 2020-10-30 | CVE-2020-27014 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Antivirus 2020 Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. | 6.4 |
| 2020-10-14 | CVE-2020-27013 | Unspecified vulnerability in Trendmicro Antivirus 2020 Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data. | 4.4 |
| 2020-10-14 | CVE-2020-25778 | Information Exposure Through an Error Message vulnerability in Trendmicro Antivirus 2019/2020 Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. | 6.0 |
| 2020-10-14 | CVE-2020-25777 | Unspecified vulnerability in Trendmicro Antivirus 2019/2020 Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. | 5.4 |
| 2020-09-29 | CVE-2020-25775 | Race Condition vulnerability in Trendmicro products The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges. | 6.3 |
| 2020-09-29 | CVE-2020-25774 | Out-of-bounds Read vulnerability in Trendmicro Apex ONE 2019/Saas A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. | 4.3 |