Filtered by vendor Trendmicro
Subscriptions
Total
506 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47194 | 1 Trendmicro | 1 Apex One | 2024-11-21 | 7.8 High |
| An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47195. | ||||
| CVE-2023-47193 | 1 Trendmicro | 1 Apex One | 2024-11-21 | 7.8 High |
| An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47194. | ||||
| CVE-2023-47192 | 1 Trendmicro | 1 Apex One | 2024-11-21 | 7.8 High |
| An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2023-41178 | 1 Trendmicro | 1 Mobile Security | 2024-11-21 | 6.1 Medium |
| Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41176. | ||||
| CVE-2023-41177 | 1 Trendmicro | 1 Mobile Security | 2024-11-21 | 6.1 Medium |
| Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41178. | ||||
| CVE-2023-41176 | 1 Trendmicro | 1 Mobile Security | 2024-11-21 | 6.1 Medium |
| Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41177. | ||||
| CVE-2023-38627 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | 5.4 Medium |
| A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38626. | ||||
| CVE-2023-38626 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | 5.4 Medium |
| A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38625. | ||||
| CVE-2023-38625 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | 5.4 Medium |
| A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38624. | ||||
| CVE-2023-38624 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | 5.4 Medium |
| A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38625 through CVE-2023-38627. | ||||
| CVE-2023-32604 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | 5.4 Medium |
| Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32605. | ||||
| CVE-2023-32537 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | 5.4 Medium |
| Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32536. | ||||
| CVE-2023-32536 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | 5.4 Medium |
| Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32537. | ||||
| CVE-2023-32535 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | 6.1 Medium |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32534. | ||||
| CVE-2023-32534 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | 6.1 Medium |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535. | ||||
| CVE-2023-32533 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | 6.1 Medium |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535. | ||||
| CVE-2023-32532 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | 6.1 Medium |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535. | ||||
| CVE-2023-32531 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | 6.1 Medium |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32532 through 32535. | ||||
| CVE-2023-28005 | 2 Microsoft, Trendmicro | 2 Windows, Trend Micro Endpoint Encryption | 2024-11-21 | 6.8 Medium |
| A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below could allow an attacker with physical access to an affected device to bypass Microsoft Windows� Secure Boot process in an attempt to execute other attacks to obtain access to the contents of the device. An attacker must first obtain physical access to the target system in order to exploit this vulnerability. It is also important to note that the contents of the drive(s) encrypted with TMEE FDE would still be protected and would NOT be accessible by the attacker by exploitation of this vulnerability alone. | ||||
| CVE-2023-0587 | 1 Trendmicro | 1 Apex One | 2024-11-21 | 9.1 Critical |
| A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\SampleSubmission) on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed. | ||||