CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2024-23940
https://notcve.org/view.php?id=CVE-2024-23940
29 Jan 2024 — Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system. Trend Micro uiAirSupport, incluido en la familia de productos de consumo Trend Micro Security 2023, versión 6.0.2092 y anteriores, es vulnerable a una vulnerabilida... • https://helpcenter.trendmicro.com/en-us/article/tmka-12134 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41178 – Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-41178
23 Jan 2024 — Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41176. Las vulnerabilidades de cross-site scripting (XSS) reflejado en Trend Micro Mobile Security (Enterprise) podrían permitir una explotación contra una víctima autenticada que visita un enlace malicioso proporcionado por un ... • https://success.trendmicro.com/dcx/s/solution/000294695?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 50EXPL: 0CVE-2023-52337 – Trend Micro Deep Security Improper Access Control Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-52337
19 Jan 2024 — An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de control de acceso inadecuado en Trend Micro Deep Security 20.0 y Trend Micro Cloud One - Endpoint and Workload Security Agen... • https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US •
CVSS: 7.8EPSS: 0%CPEs: 50EXPL: 0CVE-2023-52338 – Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-52338
19 Jan 2024 — A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de link following en Trend Micro Deep Security 20.0 y Trend Micro Cloud One - Endpoint and Workload Security Agent podría permitir a ... • https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41176 – Trend Micro Mobile Security for Enterprises DevicesManagementEditNotePopupTip Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2023-41176
19 Jan 2024 — Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41177. Las vulnerabilidades de cross-site scripting (XSS) reflejado en Trend Micro Mobile Security (Enterprise) podrían permitir una explotación contra una víctima autenticada que visita un enlace malicioso proporcionado por un ... • https://success.trendmicro.com/dcx/s/solution/000294695?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41177 – Trend Micro Mobile Security for Enterprises ServerUpdate_UpdateSuccessful Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2023-41177
19 Jan 2024 — Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41178. Las vulnerabilidades de cross-site scripting (XSS) reflejado en Trend Micro Mobile Security (Enterprise) podrían permitir una explotación contra una víctima autenticada que visita un enlace malicioso proporcionado por un ... • https://success.trendmicro.com/dcx/s/solution/000294695?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 35%CPEs: 5EXPL: 0CVE-2023-41179 – Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41179
19 Sep 2023 — A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. Una vulnerabilidad en el módulo de desinstalación AV de terceros contenido en Trend Micro Ape... • https://jvn.jp/en/vu/JVNVU90967486 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35695
https://notcve.org/view.php?id=CVE-2023-35695
26 Jun 2023 — A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product. • https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.5EPSS: 3%CPEs: 1EXPL: 1CVE-2023-32522
https://notcve.org/view.php?id=CVE-2023-32522
26 Jun 2023 — A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.4EPSS: 26%CPEs: 1EXPL: 1CVE-2023-32521
https://notcve.org/view.php?id=CVE-2023-32521
26 Jun 2023 — A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files. • https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •