CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2021-25251
https://notcve.org/view.php?id=CVE-2021-25251
The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability. Las familias de productos de consumo Trend Micro Security 2020 y 2021, son vulnerables a una vulnerabilidad de inyección de código que podría permitir a un atacante desactivar la protección con contraseña del programa y desactivar la protección. Un atacante ya debe tener privilegios de administrador en la máquina para explotar esta vulnerabilidad • https://helpcenter.trendmicro.com/en-us/article/TMKA-10211 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 2CVE-2019-20357 – Trend Micro Security (Consumer) Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2019-20357
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system. Se presenta una vulnerabilidad de Ejecución de Código Arbitrario Persistente en la familia de productos de consumo Trend Micro Security 2020 (versiones v160) y 2019 (versión v15), que podría permitir potencialmente a un atacante la capacidad de crear un programa malicioso para escalar privilegios y lograr la persistencia sobre el sistema vulnerable. Trend Micro Security can potentially allow an attacker to use a malicious program to escalate privileges to SYSTEM integrity and obtain persistence on a vulnerable system. • http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx https://seclists.org/bugtraq/2020/Jan/28 • CWE-428: Unquoted Search Path or Element •