Filtered by vendor Trendmicro
Subscriptions
Total
507 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8600 | 1 Trendmicro | 1 Worry-free Business Security | 2024-11-21 | 9.8 Critical |
| Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication. | ||||
| CVE-2020-8598 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2024-11-21 | 9.8 Critical |
| Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. | ||||
| CVE-2020-8470 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2024-11-21 | 7.5 High |
| Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. | ||||
| CVE-2020-8469 | 1 Trendmicro | 1 Password Manager | 2024-11-21 | 7.8 High |
| Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation. | ||||
| CVE-2020-8466 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 9.8 Critical |
| A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password. | ||||
| CVE-2020-8465 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 9.8 Critical |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root. | ||||
| CVE-2020-8464 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 7.5 High |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access. | ||||
| CVE-2020-8463 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 7.5 High |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths. | ||||
| CVE-2020-8462 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product. | ||||
| CVE-2020-8461 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 8.8 High |
| A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token. | ||||
| CVE-2020-28583 | 1 Trendmicro | 2 Apex One, Officescan | 2024-11-21 | 5.3 Medium |
| An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information. | ||||
| CVE-2020-28582 | 1 Trendmicro | 2 Apex One, Officescan | 2024-11-21 | 5.3 Medium |
| An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents. | ||||
| CVE-2020-28581 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 7.2 High |
| A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. | ||||
| CVE-2020-28580 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 7.2 High |
| A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. | ||||
| CVE-2020-28579 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 8.8 High |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. | ||||
| CVE-2020-28578 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 9.8 Critical |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. | ||||
| CVE-2020-28577 | 1 Trendmicro | 2 Apex One, Officescan | 2024-11-21 | 5.3 Medium |
| An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names. | ||||
| CVE-2020-28576 | 1 Trendmicro | 2 Apex One, Officescan | 2024-11-21 | 5.3 Medium |
| An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information. | ||||
| CVE-2020-28575 | 1 Trendmicro | 1 Serverprotect | 2024-11-21 | 6.7 Medium |
| A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability. | ||||
| CVE-2020-28574 | 1 Trendmicro | 1 Worry-free Business Security | 2024-11-21 | 7.5 High |
| A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console. | ||||