CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31521
https://notcve.org/view.php?id=CVE-2021-31521
17 Jun 2021 — Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal. Trend Micro InterScan Web Security Virtual Appliance versión 6.5 se ha detectado que presenta una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en el producto de Captive Portal • https://success.trendmicro.com/solution/000286452 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-32459
https://notcve.org/view.php?id=CVE-2021-32459
27 May 2021 — Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted network request to lead to arbitrary authentication. An attacker must first obtain the ability to execute high-privileged code on the target device in order to exploit this vulnerability. La versión 6.6.604 y anteriores de Trend Micro Home Network Security contienen una vulnerabilidad de contraseña codificada en el se... • https://helpcenter.trendmicro.com/en-us/article/TMKA-10337 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-32458
https://notcve.org/view.php?id=CVE-2021-32458
27 May 2021 — Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl which could lead to code execution on affected devices. An attacker must first obtain the ability to execute low-privileged code on the target device in order to exploit this vulnerability. La versión 6.6.604 y anteriores de Trend Micro Home Network Security son vulnerables a una vulnerabilidad de desbordamiento del... • https://helpcenter.trendmicro.com/en-us/article/TMKA-10337 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32457
https://notcve.org/view.php?id=CVE-2021-32457
26 May 2021 — Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl to escalate privileges on affected devices. An attacker must first obtain the ability to execute low-privileged code on the target device in order to exploit this vulnerability. La versión 6.6.604 y anteriores de Trend Micro Home Network Security son vulnerables a una vulnerabilidad de desbordamiento del búfer basad... • https://helpcenter.trendmicro.com/en-us/article/TMKA-10337 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32460 – Trend Micro Maximum Security Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-32460
21 May 2021 — The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on the machine to exploit this vulnerability. El producto de consumo Trend Micro Maximum Security 2021 (versión v17) es suceptible a una vulnerabilidad de control de acceso inapropiado en el instalador que podría perm... • https://helpcenter.trendmicro.com/en-us/article/TMKA-10336 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.1EPSS: 1%CPEs: 2EXPL: 0CVE-2021-31520 – Trend Micro IM Security Weak Session Token Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-31520
07 May 2021 — A weak session token authentication bypass vulnerability in Trend Micro IM Security 1.6 and 1.6.5 could allow an remote attacker to guess currently logged-in administrators' session session token in order to gain access to the product's web management interface. Una vulnerabilidad de omisión de autenticación de token de sesión débil en Trend Micro IM Security versiones 1.6 y 1.6.5, podría permitir a un atacante remoto adivinar el token de sesión de los administradores que han iniciado sesión actualmente par... • https://success.trendmicro.com/solution/000286439 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-31518
https://notcve.org/view.php?id=CVE-2021-31518
05 May 2021 — Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the device. This vulnerability is similar, but not identical to CVE-2021-31517. Trend Micro Home Network Security versiones 6.5.599 y anteriores, es susceptible a una vulnerabilidad de análisis de archivos que podría permitir a un atacante explotar la vulnerabilidad y causar una denegación de servicio en el dispositivo... • https://helpcenter.trendmicro.com/en-us/article/TMKA-10312 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-31517
https://notcve.org/view.php?id=CVE-2021-31517
05 May 2021 — Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the device. This vulnerability is similar, but not identical to CVE-2021-31518. Trend Micro Home Network Security versiones 6.5.599 y anteriores, es susceptible a una vulnerabilidad de análisis de archivos que podría permitir a un atacante explotar la vulnerabilidad y causar una denegación de servicio en el dispositivo... • https://helpcenter.trendmicro.com/en-us/article/TMKA-10312 •
CVSS: 5.5EPSS: 0%CPEs: 39EXPL: 0CVE-2021-25252
https://notcve.org/view.php?id=CVE-2021-25252
03 Mar 2021 — Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. La API Virus Scan (VSAPI) y el Advanced Threat Scan Engine (ATSE) de Trend Micro, son susceptibles a una vulnerabilidad de agotamiento de la memoria que puede conllevar a una denegación de servicio o a un congelamiento del sistema si es explotada por un atacante usando ... • https://success.trendmicro.com/solution/000285675 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2021-25251
https://notcve.org/view.php?id=CVE-2021-25251
10 Feb 2021 — The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability. Las familias de productos de consumo Trend Micro Security 2020 y 2021, son vulnerables a una vulnerabilidad de inyección de código que podría permitir a un atacante desactivar la protección con ... • https://helpcenter.trendmicro.com/en-us/article/TMKA-10211 • CWE-94: Improper Control of Generation of Code ('Code Injection') •