CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2023-28929
https://notcve.org/view.php?id=CVE-2023-28929
26 Jun 2023 — Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started. • https://helpcenter.trendmicro.com/en-us/article/tmka-19062 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-44023 – Trend Micro Maximum Security Link Following Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-44023
14 Dec 2021 — A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service. Una vulnerabilidad de denegación de servicio (DoS) en la familia de productos Trend Micro Security (Consumer) versión 2021, podría permitir a un atacante abusar de la función PC Health Checkup del producto para crear... • https://helpcenter.trendmicro.com/en-us/article/tmka-10867 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-36744 – Trend Micro Maximum Security Directory Junction Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-36744
30 Aug 2021 — Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service. Trend Micro Security (Consumer) versiones 2021 y 2020, son vulnerables a una vulnerabilidad de salto de directorios que podría permitir a un atacante explotar el sistema para escalar privilegios y crear una denegación de servicio. This vulnerability allows local attackers to create a denial-of-service con... • https://helpcenter.trendmicro.com/en-us/article/tmka-10568 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32460 – Trend Micro Maximum Security Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-32460
21 May 2021 — The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on the machine to exploit this vulnerability. El producto de consumo Trend Micro Maximum Security 2021 (versión v17) es suceptible a una vulnerabilidad de control de acceso inapropiado en el instalador que podría perm... • https://helpcenter.trendmicro.com/en-us/article/TMKA-10336 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2021-25251
https://notcve.org/view.php?id=CVE-2021-25251
10 Feb 2021 — The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability. Las familias de productos de consumo Trend Micro Security 2020 y 2021, son vulnerables a una vulnerabilidad de inyección de código que podría permitir a un atacante desactivar la protección con ... • https://helpcenter.trendmicro.com/en-us/article/TMKA-10211 • CWE-94: Improper Control of Generation of Code ('Code Injection') •