CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32461 – Trend Micro Password Manager Integer Truncation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-32461
Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer overflow and escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Trend Micro Password Manager (Consumer) versiones 5.0.0.1217 y por debajo es susceptible a una vulnerabilidad de Escalada de Privilegios por Truncamiento de Enteros que podría permitir a un atacante local desencadenar un desbordamiento de búfer y una escalada de privilegios en las instalaciones afectadas. Un atacante debe obtener primero la capacidad de ejecutar código poco privilegiado en el sistema objetivo para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Trend Micro Password Manager Central Control Service. • https://helpcenter.trendmicro.com/en-us/article/TMKA-10388 https://www.zerodayinitiative.com/advisories/ZDI-21-773 • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 0CVE-2021-32462 – Trend Micro Password Manager Exposed Dangerous Function Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-32462
Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected installations. Authentication is required to exploit this vulnerability. Trend Micro Password Manager (Consumer) versiones 5.0.0.1217 y por debajo es susceptible a una vulnerabilidad de Ejecución de Código Remota de Función Peligrosa Expuesta que podría permitir a un cliente no privilegiado manipular el registro y escalar privilegios para SYSTEM en las instalaciones afectadas. Es requerida la autenticación para explotar esta vulnerabilidad This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Password Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the Trend Micro Password Manager Central Control Service. • https://helpcenter.trendmicro.com/en-us/article/TMKA-10388 https://www.zerodayinitiative.com/advisories/ZDI-21-774 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31521
https://notcve.org/view.php?id=CVE-2021-31521
Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal. Trend Micro InterScan Web Security Virtual Appliance versión 6.5 se ha detectado que presenta una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en el producto de Captive Portal • https://success.trendmicro.com/solution/000286452 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-32459
https://notcve.org/view.php?id=CVE-2021-32459
Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted network request to lead to arbitrary authentication. An attacker must first obtain the ability to execute high-privileged code on the target device in order to exploit this vulnerability. La versión 6.6.604 y anteriores de Trend Micro Home Network Security contienen una vulnerabilidad de contraseña codificada en el servidor de recopilación de registros que podría permitir a un atacante utilizar una solicitud de red especialmente diseñada para llevar a una autenticación arbitraria. Un atacante debe obtener primero la capacidad de ejecutar código con privilegios elevados en el dispositivo de destino para poder explotar esta vulnerabilidad • https://helpcenter.trendmicro.com/en-us/article/TMKA-10337 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1241 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-32458
https://notcve.org/view.php?id=CVE-2021-32458
Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl which could lead to code execution on affected devices. An attacker must first obtain the ability to execute low-privileged code on the target device in order to exploit this vulnerability. La versión 6.6.604 y anteriores de Trend Micro Home Network Security son vulnerables a una vulnerabilidad de desbordamiento del búfer basada en la pila de iotcl que podría permitir a un atacante emitir un iotcl especialmente diseñado que podría conducir a la ejecución de código en los dispositivos afectados. Un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el dispositivo de destino para poder explotar esta vulnerabilidad • https://helpcenter.trendmicro.com/en-us/article/TMKA-10337 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1231 • CWE-787: Out-of-bounds Write •