CVSS: 7.0EPSS: 0%CPEs: 12EXPL: 0CVE-2019-14688
https://notcve.org/view.php?id=CVE-2019-14688
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run. Trend Micro ha reempaquetado instaladores para varios productos de Trend Micro que usaron una versión de un paquete de instalación que tenía una vulnerabilidad de secuestro de DLL, que podría ser explotada durante la instalación de un nuevo producto. Se encontró que la vulnerabilidad SOLO es explotable durante la instalación inicial del producto por parte de un usuario autorizado. • https://success.trendmicro.com/solution/1123562 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9264
https://notcve.org/view.php?id=CVE-2020-9264
ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. ESET Archive Support Module versiones anteriores a 1296, permite omitir la detección de virus por medio de un Compression Information Field diseñado en un archivo ZIP. Esto afecta a las versiones anteriores a 1294 de Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security para Android, Smart TV Security y NOD32 Antivirus 4 para Linux Desktop. • http://seclists.org/fulldisclosure/2020/Feb/21 https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html https://support.eset.com/en/ca7387-modules-review-december-2019 • CWE-436: Interpretation Conflict •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19690
https://notcve.org/view.php?id=CVE-2019-19690
Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature. Trend Micro Mobile Security for Android (Consumer) versiones 10.3.1 y por debajo en Android versión 8.0+ presenta un problema donde un atacante podría omitir la funcionalidad App Password Protection del producto. • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124037.aspx • CWE-521: Weak Password Requirements •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-14082 – Trend Micro Mobile Security for Enterprise clt_report_sms_status Uninitialized Pointer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-14082
An uninitialized pointer information disclosure vulnerability in Trend Micro Mobile Security (Enterprise) versions 9.7 and below could allow an unauthenticated remote attacker to disclosure sensitive information on a vulnerable system. Una vulnerabilidad de divulgación de información de puntero no inicializado en Trend Micro Mobile Security (Enterprise) en versiones 9.7 y anteriores podría permitir que un atacante remoto no autenticado revele información sensible en un sistema vulnerable. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of the clt_report_sms_status action. The issue results from the lack of proper initialization of a pointer prior to accessing it. • http://www.securityfocus.com/bid/102216 http://www.zerodayinitiative.com/advisories/ZDI-17-972 https://success.trendmicro.com/solution/1118993 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-14079 – Trend Micro Mobile Security for Enterprise upload_img_file Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-14079
Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. Las subidas de archivos sin restricción en las versiones anteriores a 9.7 Patch 3 de Trend Micro Mobile Security (Enterprise) permiten que atacantes remotos ejecuten código arbitrario en instalaciones vulnerables. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the upload_img_file action. The issue results from the lack of proper validation of user-supplied data, which can allow for the upload of arbitrary files. • http://www.securityfocus.com/bid/100970 http://www.zerodayinitiative.com/advisories/ZDI-17-785 http://www.zerodayinitiative.com/advisories/ZDI-17-789 http://www.zerodayinitiative.com/advisories/ZDI-17-790 http://www.zerodayinitiative.com/advisories/ZDI-17-807 https://success.trendmicro.com/solution/1118224 • CWE-434: Unrestricted Upload of File with Dangerous Type •