485 results (0.003 seconds)

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1

CVE-2024-23940

https://notcve.org/view.php?id=CVE-2024-23940

29 Jan 2024 — Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system. Trend Micro uiAirSupport, incluido en la familia de productos de consumo Trend Micro Security 2023, versión 6.0.2092 y anteriores, es vulnerable a una vulnerabilida... • https://helpcenter.trendmicro.com/en-us/article/tmka-12134 • CWE-427: Uncontrolled Search Path Element •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-41178 – Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2023-41178

23 Jan 2024 — Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41176. Las vulnerabilidades de cross-site scripting (XSS) reflejado en Trend Micro Mobile Security (Enterprise) podrían permitir una explotación contra una víctima autenticada que visita un enlace malicioso proporcionado por un ... • https://success.trendmicro.com/dcx/s/solution/000294695?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0

CVE-2023-52324 – Trend Micro Apex Central Unrestricted File Upload Vulnerability

https://notcve.org/view.php?id=CVE-2023-52324

19 Jan 2024 — An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations. Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any valid set of credentials. Also, this vulnerability could be potentially used in combination with another vulnerability to execute arbitrary code. Una vulnerabilidad de carga de archivos sin restricciones en Trend Mi... • https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.8EPSS: 0%CPEs: 50EXPL: 0

CVE-2023-52337 – Trend Micro Deep Security Improper Access Control Local Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2023-52337

19 Jan 2024 — An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de control de acceso inadecuado en Trend Micro Deep Security 20.0 y Trend Micro Cloud One - Endpoint and Workload Security Agen... • https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US •

CVSS: 7.8EPSS: 0%CPEs: 50EXPL: 0

CVE-2023-52338 – Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2023-52338

19 Jan 2024 — A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de link following en Trend Micro Deep Security 20.0 y Trend Micro Cloud One - Endpoint and Workload Security Agent podría permitir a ... • https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-41176 – Trend Micro Mobile Security for Enterprises DevicesManagementEditNotePopupTip Cross-Site Scripting Vulnerability

https://notcve.org/view.php?id=CVE-2023-41176

19 Jan 2024 — Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41177. Las vulnerabilidades de cross-site scripting (XSS) reflejado en Trend Micro Mobile Security (Enterprise) podrían permitir una explotación contra una víctima autenticada que visita un enlace malicioso proporcionado por un ... • https://success.trendmicro.com/dcx/s/solution/000294695?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-41177 – Trend Micro Mobile Security for Enterprises ServerUpdate_UpdateSuccessful Cross-Site Scripting Vulnerability

https://notcve.org/view.php?id=CVE-2023-41177

19 Jan 2024 — Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41178. Las vulnerabilidades de cross-site scripting (XSS) reflejado en Trend Micro Mobile Security (Enterprise) podrían permitir una explotación contra una víctima autenticada que visita un enlace malicioso proporcionado por un ... • https://success.trendmicro.com/dcx/s/solution/000294695?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-52329 – Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2023-52329

18 Jan 2024 — Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52326. Ciertos widgets del panel de Trend Micro Apex Central (local) son vulnerables a ataques de cross-site scripting (XSS) que pueden permitir a un atacante lograr la ejecución remota de código en los servidores afectados. Tenga en cuen... • https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-52326 – Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2023-52326

16 Jan 2024 — Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52327. Ciertos widgets del panel de Trend Micro Apex Central (local) son vulnerables a ataques de cross-site scripting (XSS) que pueden permitir a un atacante lograr la ejecución remota de código en los servidores afectados. Tenga en cuen... • https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-52327 – Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2023-52327

16 Jan 2024 — Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52328. Ciertos widgets del panel de Trend Micro Apex Central (local) son vulnerables a ataques de cross-site scripting (XSS) que pueden permitir a un atacante lograr la ejecución remota de código en los servidores afectados. Tenga en cuen... • https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •