CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-35234 – Trend Micro Maximum Security Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-35234
11 Jul 2022 — Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. Trend Micro Security versiones 2021 y 2022 (Consumer), es susceptible a una vulnerabilidad de divulgación de información de lectura fuera de límites que podría permitir a un atacante leer información confidencial de otras ubicaciones de memoria y causar un bloq... • https://helpcenter.trendmicro.com/en-us/article/tmka-11058 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-33158 – Trend Micro Proxy One Pro Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-33158
16 Jun 2022 — Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system. Trend Micro VPN Proxy versiones 5.2.1026 y anteriores, contiene una vulnerabilidad relacionada con algunas carpetas demasiado permisivas en un directorio clave que podría permitir a un atacante local obtener una escalada de privilegios en un sistema afectado This vulnerability allows ... • https://helpcenter.trendmicro.com/en-us/article/tmka-11042 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30702 – Trend Micro Internet Security Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-30702
27 May 2022 — Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine. Trend Micro Security versiones 2022 y 2021 (Consumer) es susceptible a una vulnerabilidad de divulgación de información de lectura fuera de límites que podría permitir a un atacante revelar información confidencial en un equipo afectado This vulnerability allows local attackers to disclose sensitive in... • https://helpcenter.trendmicro.com/en-us/article/tmka-11022 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-30703 – Trend Micro Internet Security Exposed Dangerous Method Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-30703
27 May 2022 — Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation. Trend Micro Security versiones 2021 y 2022 (Consumer) es susceptible a una vulnerabilidad de método peligroso expuesto que podría permitir a un atacante obtener acceso a direcciones del kernel filtradas y revelar inform... • https://helpcenter.trendmicro.com/en-us/article/tmka-11021 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28394
https://notcve.org/view.php?id=CVE-2022-28394
26 May 2022 — EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was reported on an EOL version of the product, and users are advised to upgrade to the latest supported version (5.x). CVE de producto EOL - El instalador de Trend Micro Password Manager (Consumer) versiones 3.7.0.1223 y posteriores prop... • https://helpcenter.trendmicro.com/ja-jp/article/TMKA-10977 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30687 – Trend Micro Maximum Security Link Following Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2022-30687
26 May 2022 — Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files. Trend Micro Maximum Security 2022 es vulnerable a la siguiente vulnerabilidad que podría permitir a un usuario local con pocos privilegios manipular la función de borrado seguro del producto para eliminar archivos arbitrarios This vulnerability allows local attackers to delete arbitrary files on affected ins... • https://helpcenter.trendmicro.com/en-us/article/tmka-11017 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-30700 – Trend Micro Apex One Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-30700
26 May 2022 — An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de asignación de permisos incorrecta en Trend Micro Apex One y Apex One as a Service podría permitir a un atacante local cargar una DLL con privilegios... • https://success.trendmicro.com/solution/000291008 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-30701 – Trend Micro Apex One Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-30701
26 May 2022 — An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de elemento de ruta de búsqueda no controlada en Trend Micro Apex One y Apex One as a Service pod... • https://success.trendmicro.com/solution/000291008 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30523 – Trend Micro Password Manager Link Following Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-30523
11 May 2022 — Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the affected machine. Trend Micro Password Manager (Consumer) versión 5.0.0.1266 y anteriores, es susceptible a una vulnerabilidad de escalada de privilegios de seguimiento de enlaces que podría permitir a un atacante ... • https://helpcenter.trendmicro.com/en-us/article/tmka-09071 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27883 – Trend Micro Antivirus for Mac Link Following Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-27883
01 Apr 2022 — A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this vulnerability. Una vulnerabilidad de seguimiento de enlaces en Trend Micro Antivirus para Mac versión 11.5, podría permitir a un atacante crear un archivo especialmente diseñado como un enlace simbólico que puede conllevar... • https://helpcenter.trendmicro.com/en-us/article/tmka-10978 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •