CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2023-28929
https://notcve.org/view.php?id=CVE-2023-28929
26 Jun 2023 — Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started. • https://helpcenter.trendmicro.com/en-us/article/tmka-19062 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48191 – Trend Micro Maximum Security Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-48191
18 Jan 2023 — A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system. Existe una vulnerabilidad en Trend Micro Maximum Security 2022 (17.7) en la que un usuario con pocos privilegios puede escribir un ejecutable malicioso conocido ... • https://helpcenter.trendmicro.com/en-us/article/tmka-11252 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30687 – Trend Micro Maximum Security Link Following Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2022-30687
26 May 2022 — Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files. Trend Micro Maximum Security 2022 es vulnerable a la siguiente vulnerabilidad que podría permitir a un usuario local con pocos privilegios manipular la función de borrado seguro del producto para eliminar archivos arbitrarios This vulnerability allows local attackers to delete arbitrary files on affected ins... • https://helpcenter.trendmicro.com/en-us/article/tmka-11017 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •