CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2023-28929
https://notcve.org/view.php?id=CVE-2023-28929
26 Jun 2023 — Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started. • https://helpcenter.trendmicro.com/en-us/article/tmka-19062 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2023-32523 – Trend Micro Mobile Security for Enterprises widget WFUser Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-32523
12 May 2023 — Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32524. This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro... • https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2023-32524 – Trend Micro Mobile Security for Enterprises widgetforsecurity WFUser Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-32524
12 May 2023 — Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32523. This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro... • https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32525 – Trend Micro Mobile Security for Enterprises widget set_certificates_config Unrestricted File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2023-32525
12 May 2023 — Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32526. This vulnerability allows remote attackers to create arbitrary files on affected installations of Trend Micro Mobile Security for Enterpris... • https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32526 – Trend Micro Mobile Security for Enterprises widgetforsecurity set_certificates_config Unrestricted File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2023-32526
12 May 2023 — Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32525. This vulnerability allows remote attackers to create arbitrary files on affected installations of Trend Micro Mobile Security for Enterpris... • https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 0CVE-2023-32527 – Trend Micro Mobile Security for Enterprises widget getWidgetPoolManager Local File Inclusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-32527
12 May 2023 — Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32528. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Mobile Security for Enterprise... • https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 0CVE-2023-32528 – Trend Micro Mobile Security for Enterprises widgetforsecurity getWidgetPoolManager Local File Inclusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-32528
12 May 2023 — Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32527. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Mobile Security for Enterprise... • https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48191 – Trend Micro Maximum Security Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-48191
18 Jan 2023 — A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system. Existe una vulnerabilidad en Trend Micro Maximum Security 2022 (17.7) en la que un usuario con pocos privilegios puede escribir un ejecutable malicioso conocido ... • https://helpcenter.trendmicro.com/en-us/article/tmka-11252 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 4.4EPSS: 0%CPEs: 37EXPL: 0CVE-2022-40707 – Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-40707
23 Sep 2022 — An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40708. Una vulnerabilidad de lectura fuera de límites en Trend Micro Deep Security 20 y ... • https://success.trendmicro.com/solution/000291590 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 37EXPL: 0CVE-2022-40708 – Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-40708
23 Sep 2022 — An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707. Una vulnerabilidad de lectura fuera de límites en Trend Micro Deep Security 20 y ... • https://success.trendmicro.com/solution/000291590 • CWE-125: Out-of-bounds Read •