CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-15604
https://notcve.org/view.php?id=CVE-2020-15604
24 Sep 2020 — An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-494: Update files are not properly verified. Una vulnerabilidad de comprobación de certificación de servidor SSL incompleta en la familia de productos de consumo Trend Micro Security 2019 versión (v15), podría ... • https://helpcenter.trendmicro.com/en-us/article/TMKA-09890 • CWE-295: Improper Certificate Validation CWE-494: Download of Code Without Integrity Check •
CVSS: 7.2EPSS: 0%CPEs: 25EXPL: 0CVE-2020-8607
https://notcve.org/view.php?id=CVE-2020-8607
05 Aug 2020 — An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.... • https://jvn.jp/en/vu/JVNVU99160193/index.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-15603
https://notcve.org/view.php?id=CVE-2020-15603
15 Jul 2020 — An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash. Una vulnerabilidad de lectura de memoria no válida en un controlador de la familia de consumidores de productos Trend Micro Secuity 2020 (versiones v16.0.0.1302 y posteriores), podría permitir a un atacante manipular el controlador ... • https://helpcenter.trendmicro.com/en-us/article/TMKA-09645 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-15602
https://notcve.org/view.php?id=CVE-2020-15602
15 Jul 2020 — An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious direc... • https://helpcenter.trendmicro.com/en-us/article/TMKA-09644 • CWE-426: Untrusted Search Path •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2019-19694
https://notcve.org/view.php?id=CVE-2019-19694
20 Feb 2020 — The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the entire product completely.. La familia de productos del consumidor de Trend Micro Security 2019 (versiones 15.0.0.1163 y posteriores), es vulnerable a un ataque de denegación de servicio (DoS) en el que un actor ... • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124056.aspx •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 3CVE-2019-19697 – Trend Micro Security 2019 Security Bypass Protected Service Tampering
https://notcve.org/view.php?id=CVE-2019-19697
17 Jan 2020 — An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability. Se presenta una vulnerabilidad de ejecución de código arbitrario en la familia de productos de consumo Trend Micro Security 2019 (versi... • https://packetstorm.news/files/id/155992 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 3CVE-2019-20357 – Trend Micro Security (Consumer) Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2019-20357
17 Jan 2020 — A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system. Se presenta una vulnerabilidad de Ejecución de Código Arbitrario Persistente en la familia de productos de consumo Trend Micro Security 2020 (versiones v160) y 2019 (versión v15), que podría permitir potencialmente a... • https://packetstorm.news/files/id/155993 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2019-19693 – Trend Micro Maximum Security Link Resolution Information Disclosure And Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-19693
19 Dec 2019 — The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. La familia de productos de consumo Trend Micro Security 2020, contiene una vulnerabilidad que podría permitir a un atacante local revelar información confide... • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124043.aspx • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2019-18190
https://notcve.org/view.php?id=CVE-2019-18190
09 Dec 2019 — Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances. Trend Micro Security (Consumer) 2020 (versión v16.x), está afectado por una vulnerabilidad en donde los errores de desreferencia del puntero null resultan en el bloqueo de la aplicación, lo que podría conllevar a la potencial ejecución de código sin firmar bajo det... • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124031.aspx • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-15628
https://notcve.org/view.php?id=CVE-2019-15628
02 Dec 2019 — Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started. Trend Micro Security (Consumer) 2020 (versiones v16.0.1221 y posteriores), está afectado por una vulnerabilidad de secuestro de DLL que podría permitir a un atacante usar un servicio específico como un mecanismo de ejecución y/o pers... • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124011.aspx • CWE-426: Untrusted Search Path •