Trendmicro: Security Vulnerabilities
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability.
CVSS Score
6.7
EPSS Score
0.003
Published
2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.
CVSS Score
7.8
EPSS Score
0.002
Published
2020-01-18
A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-12-24
Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Note that the Japanese version of the product is NOT affected.
CVSS Score
6.1
EPSS Score
0.006
Published
2019-12-20
The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVSS Score
7.1
EPSS Score
0.002
Published
2019-12-20
A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this vulnerability.
CVSS Score
4.9
EPSS Score
0.005
Published
2019-12-20
A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application directory and elevate privileges.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-12-18
Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-12-18
Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature.
CVSS Score
9.8
EPSS Score
0.002
Published
2019-12-18
A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account.
CVSS Score
8.8
EPSS Score
0.008
Published
2019-12-16