CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15625
https://notcve.org/view.php?id=CVE-2019-15625
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information. Se presenta una vulnerabilidad de uso de memoria en Trend Micro Password Manager versión 3.8, que podría permitir a un atacante con acceso y permisos a los procesos de la memoria de la víctima extraer información confidencial. • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123595.aspx https://esupport.trendmicro.com/support/pwm/solution/ja-jp/1123614.aspx https://jvn.jp/en/jp/JVN49593434/index.html https://jvn.jp/jp/JVN49593434/index.html •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 2CVE-2019-20357 – Trend Micro Security (Consumer) Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2019-20357
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system. Se presenta una vulnerabilidad de Ejecución de Código Arbitrario Persistente en la familia de productos de consumo Trend Micro Security 2020 (versiones v160) y 2019 (versión v15), que podría permitir potencialmente a un atacante la capacidad de crear un programa malicioso para escalar privilegios y lograr la persistencia sobre el sistema vulnerable. Trend Micro Security can potentially allow an attacker to use a malicious program to escalate privileges to SYSTEM integrity and obtain persistence on a vulnerable system. • http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx https://seclists.org/bugtraq/2020/Jan/28 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 2CVE-2019-19697 – Trend Micro Security 2019 Security Bypass Protected Service Tampering
https://notcve.org/view.php?id=CVE-2019-19697
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability. Se presenta una vulnerabilidad de ejecución de código arbitrario en la familia de productos de consumo Trend Micro Security 2019 (versión v15), que podría permitir a un atacante alcanzar privilegios elevados y alterar los servicios protegidos al deshabilitarlos o de otro modo impedir que se inicien. Un atacante ya debe poseer privilegios de administrador sobre la máquina de destino para explotar la vulnerabilidad. • http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx https://seclists.org/bugtraq/2020/Jan/29 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19695
https://notcve.org/view.php?id=CVE-2019-19695
A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it. Una vulnerabilidad de escalada de privilegios en Trend Micro Antivirus para Mac 2019 (versión v9.0.1379 y por debajo), podría permitir a un atacante crear un enlace simbólico a un archivo de destino y modificarlo. • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124055.aspx • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19692
https://notcve.org/view.php?id=CVE-2019-19692
Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Note that the Japanese version of the product is NOT affected. Trend Micro Apex One (2019) está afectado por una vulnerabilidad de tipo cross-site scripting (XSS) en la consola del producto. Tenga en cuenta que la versión japonesa del producto NO está afectada. • https://success.trendmicro.com/solution/000159569 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •