Vulnerabilities (CVE)

Filtered by vendor Trendmicro Subscribe
Total 496 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-1453 13 Antiy, Ca, Drweb and 10 more 14 Avl Sdk, Etrust Vet Antivirus, Dr.web Antivirus and 11 more 2025-04-11 4.3 MEDIUM N/A
The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
CVE-2010-5179 2 Microsoft, Trendmicro 2 Windows Xp, Internet Security 2010 2025-04-11 6.2 MEDIUM N/A
Race condition in Trend Micro Internet Security Pro 2010 17.50.1647.0000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
CVE-2012-2996 1 Trendmicro 1 Interscan Messaging Security Suite 2025-04-11 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allows remote attackers to hijack the authentication of administrators for requests that create admin accounts via a saveAuth action.
CVE-2010-0564 1 Trendmicro 1 Officescan 2025-04-11 5.0 MEDIUM N/A
Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in OfficeScan 8.0 before SP1 Patch 5 - Build 3510, possibly tmufeng.dll before 3.0.0.1029, allows attackers to cause a denial of service (crash or OfficeScan hang) via unspecified vectors. NOTE: it is likely that this issue also affects tmufeng.dll before 2.0.0.1049 for OfficeScan 10.0.
CVE-2009-1435 1 Trendmicro 1 Officescan 2025-04-09 2.1 LOW N/A
NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 Patch 1 allows local users to cause a denial of service (application crash) via directories with long pathnames. NOTE: some of these details are obtained from third party information.
CVE-2009-0613 1 Trendmicro 1 Interscan Web Security Suite 2025-04-09 6.0 MEDIUM N/A
Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 allows remote authenticated Auditor and Report Only users to bypass intended permission settings, and modify the system configuration, via requests to unspecified JSP pages.
CVE-2009-0686 1 Trendmicro 1 Internet Security 2025-04-09 7.2 HIGH N/A
The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted IRP in a METHOD_NEITHER IOCTL request to \Device\tmactmon that overwrites memory.
CVE-2009-0612 1 Trendmicro 2 Interscan Web Security Suite, Interscan Web Security Virtual Appliance 2025-04-09 4.3 MEDIUM N/A
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header.
CVE-2008-2433 1 Trendmicro 3 Client Server Messaging Suite, Officescan, Worry-free Business Security 2025-04-09 7.5 HIGH 9.8 CRITICAL
The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. NOTE: this can be leveraged for code execution through an unspecified "manipulation of the configuration."
CVE-2022-48191 2 Microsoft, Trendmicro 2 Windows, Maximum Security 2022 2025-04-03 N/A 7.0 HIGH
A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system.
CVE-2006-1380 1 Trendmicro 1 Interscan Messaging Security Suite 2025-04-03 7.2 HIGH N/A
ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite (IMSS) 5.5 build 1183 and possibly other versions before 5.7.0.1121, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying ISNTSysMonitor.exe.
CVE-2024-36306 1 Trendmicro 1 Apex One 2025-03-27 N/A 6.1 MEDIUM
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2023-0587 1 Trendmicro 1 Apex One 2025-03-27 N/A 9.1 CRITICAL
A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\SampleSubmission) on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed.
CVE-2024-36303 1 Trendmicro 1 Apex One 2025-03-25 N/A 7.8 HIGH
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2024-36302.
CVE-2024-36359 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2025-03-18 N/A 5.4 MEDIUM
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2024-36305 1 Trendmicro 1 Apex One 2025-03-14 N/A 7.8 HIGH
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2024-45334 1 Trendmicro 1 Antivirus One 2025-03-13 N/A 7.8 HIGH
Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions.
CVE-2021-36741 2 Microsoft, Trendmicro 5 Windows, Apex One, Officescan and 2 more 2025-03-13 6.5 MEDIUM 8.8 HIGH
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vulnerability.
CVE-2024-45335 1 Trendmicro 1 Antivirus One 2025-03-13 N/A 8.4 HIGH
Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection.
CVE-2023-25144 2 Microsoft, Trendmicro 2 Windows, Apex One 2025-03-06 N/A 7.8 HIGH
An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership.