cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-32849,https://securityvulnerability.io/vulnerability/CVE-2024-32849,Privilege Escalation Vulnerability Affects Trend Micro Security 17.x (Consumer),"Trend Micro Security 17.x for Consumer users is susceptible to a Privilege Escalation vulnerability. This vulnerability can be exploited by a local attacker to delete privileged files belonging to Trend Micro, potentially affecting the integrity of the software's functionalities and user data. Timely patching and updates are advised to mitigate any risks associated with this vulnerability.",Trend Micro,Trend Micro Maximum Security (consumer),7.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-10T22:15:00.000Z,0
CVE-2024-23940,https://securityvulnerability.io/vulnerability/CVE-2024-23940,Trend Micro uiAirSupport Vulnerable to DLL Hijacking/Proxying,"The DLL hijacking vulnerability in Trend Micro uiAirSupport affects versions 6.0.2092 and earlier, allowing an attacker to exploit the system by impersonating and manipulating a library. This exploitation could lead to unauthorized code execution within the affected product, potentially enabling privilege escalation on the user’s system. Users of Trend Micro Security 2023 should remain vigilant about this security issue and apply relevant updates or patches as they become available to mitigate the associated risks.",Trend Micro,Trend Micro Security (Consumer) uiAirSupport,7.8,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-01-29T18:22:34.819Z,0
CVE-2023-28929,https://securityvulnerability.io/vulnerability/CVE-2023-28929,DLL Hijacking Vulnerability in Trend Micro Security Products,"Trend Micro Security products from the years 2021 to 2023 are susceptible to a DLL Hijacking vulnerability that can enable attackers to exploit a specific executable file. This exploitation can lead to the execution of malicious programs whenever the compromised executable is launched, posing significant risks to users’ systems and data security.",Trend Micro,Trend Micro Security (consumer),7.8,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-06-26T22:15:00.000Z,0
CVE-2022-48191,https://securityvulnerability.io/vulnerability/CVE-2022-48191,Privilege Escalation Vulnerability in Trend Micro Maximum Security 2022,"A vulnerability in Trend Micro Maximum Security 2022 (17.7) allows low-privileged users to write a malicious executable to a designated location. During the removal and restoration process, an attacker could exploit this flaw to replace an original folder with a mount point leading to an arbitrary location, thereby escalating their privileges on the affected system. This presents a significant risk, as it can compromise the integrity of the system and provide unauthorized access to sensitive information.",Trend Micro,Trend Micro Maxium Security (Consumer),7,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-01-20T07:15:00.000Z,0
CVE-2022-37348,https://securityvulnerability.io/vulnerability/CVE-2022-37348,Out-Of-Bounds Read Vulnerability in Trend Micro Security Software,"Trend Micro Security versions 2021 and 2022 are affected by a vulnerability that allows an attacker to exploit an Out-Of-Bounds Read condition. This may lead to the unauthorized access of sensitive information from memory locations that should otherwise remain protected. Additionally, attackers could potentially cause system instability, including crashes on affected machines. This issue requires prompt detection and remediation to safeguard user data and maintain system integrity.",Trend Micro,Trend Micro Security (consumer),5.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-09-19T18:00:59.000Z,0
CVE-2022-37347,https://securityvulnerability.io/vulnerability/CVE-2022-37347,Out-Of-Bounds Read Vulnerability in Trend Micro Security Products,"Trend Micro Security versions 2021 and 2022 are afflicted by an Out-Of-Bounds Read vulnerability, enabling attackers to potentially access sensitive information from unauthorized memory locations, which may culminate in system crashes. This issue highlights the importance of maintaining strict memory management practices to mitigate information disclosure threats.",Trend Micro,Trend Micro Security (consumer),5.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-09-19T18:00:58.000Z,0
CVE-2022-34893,https://securityvulnerability.io/vulnerability/CVE-2022-34893,Link Following Vulnerability in Trend Micro Security 2022,"Trend Micro Security 2022 is susceptible to a link following vulnerability that permits attackers with lower privileges to manipulate mountpoints. This manipulation can potentially lead to a privilege escalation, allowing an unauthorized user to gain elevated access or control over the affected machine. It is crucial for users of Trend Micro Security 2022 to apply security best practices and stay informed about updates to mitigate risks associated with this vulnerability.",Trend Micro,Trend Micro Security (consumer),7.8,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-09-19T18:00:57.000Z,0
CVE-2022-35234,https://securityvulnerability.io/vulnerability/CVE-2022-35234,Out-Of-Bounds Read Vulnerability in Trend Micro Security Products,"Trend Micro Security 2021 and 2022 (Consumer) contains an Out-Of-Bounds Read vulnerability that enables attackers to potentially access sensitive data from non-allocated memory areas. This flaw might also lead to system instability, resulting in application crashes. The vulnerability poses a risk of unauthorized exposure of confidential information, necessitating prompt mitigation measures.",Trend Micro,Trend Micro Security(consumer),7.1,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-07-30T00:15:00.000Z,0
CVE-2022-30703,https://securityvulnerability.io/vulnerability/CVE-2022-30703,Exposed Dangerous Method Vulnerability in Trend Micro Security Products,"Trend Micro Security 2021 and 2022 products have a vulnerability that allows an attacker to exploit an exposed dangerous method, potentially leading to the disclosure of sensitive information through leaked kernel addresses. This vulnerability raises concerns for user data privacy and may also allow for the escalation of privileges if successfully exploited, making it crucial for users to apply security patches and remain vigilant.",Trend Micro,Trend Micro Security (consumer),7.8,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2022-06-09T20:15:23.000Z,0
CVE-2022-30702,https://securityvulnerability.io/vulnerability/CVE-2022-30702,Out-Of-Bounds Read Vulnerability in Trend Micro Security Products,"Trend Micro Security 2022 and 2021 products are susceptible to an Out-Of-Bounds Read Information Disclosure vulnerability. This flaw may enable an attacker to exploit the affected software, potentially leading to the revelation of sensitive information from the system. By manipulating the program's execution flow, an attacker can access unauthorized data, posing significant risks to data confidentiality and integrity.",Trend Micro,Trend Micro Security (consumer),5.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-06-09T20:15:21.000Z,0
CVE-2021-44023,https://securityvulnerability.io/vulnerability/CVE-2021-44023,Denial-of-Service Vulnerability in Trend Micro Security Products,"A vulnerability exists in the Trend Micro Security (Consumer) 2021 product family that can be exploited through the PC Health Checkup feature. An attacker may leverage this vulnerability to create symbolic links, which can lead to unauthorized file modifications. Such modifications can disrupt the normal function of the software, potentially resulting in a denial-of-service scenario. It's crucial for users to remain vigilant and apply any security updates provided by Trend Micro to mitigate the associated risks.",Trend Micro,Trend Micro Security (consumer),7.1,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2021-12-16T02:28:35.000Z,0
CVE-2021-43772,https://securityvulnerability.io/vulnerability/CVE-2021-43772,File Modification Vulnerability in Trend Micro Security 2021,"Trend Micro Security 2021 version 17.0 for consumers has a vulnerability that permits unauthorized modifications to files located within its protected folders, leading to potential security breaches and data compromise. This flaw can go undetected, posing a serious risk to users relying on this software for secure file management.",Trend Micro,Trend Micro Security 2021 (consumer),5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-12-03T10:50:09.000Z,0
CVE-2021-36744,https://securityvulnerability.io/vulnerability/CVE-2021-36744,Directory Junction Vulnerability in Trend Micro Security Software,"Trend Micro Security (Consumer) versions 2021 and 2020 are exposed to a directory junction vulnerability that could enable an attacker to escalate privileges on a compromised system. This exploitation could lead to unauthorized access, allowing attackers to manipulate files or processes. In addition, the vulnerability poses a risk of creating a denial of service, significantly impacting system availability and integrity.",Trend Micro,Trend Micro Security (consumer),7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2021-09-06T11:37:47.000Z,0
CVE-2021-32460,https://securityvulnerability.io/vulnerability/CVE-2021-32460,Improper Access Control Vulnerability in Trend Micro Maximum Security 2021,"The Trend Micro Maximum Security 2021 product is susceptible to an improper access control vulnerability within its installer. This flaw can potentially allow a local attacker, who already possesses user privileges on the target machine, to escalate their permissions. Exploitation of this vulnerability can compromise the security of the affected system, emphasizing the need for users to maintain strict access controls and apply the latest security updates.",Trend Micro,Trend Micro Maxmium Security (consumer),7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2021-06-03T10:32:27.000Z,0
CVE-2021-25251,https://securityvulnerability.io/vulnerability/CVE-2021-25251,Code Injection Vulnerability in Trend Micro Security Products,"The Trend Micro Security 2020 and 2021 families are susceptible to a code injection vulnerability that can potentially be exploited by an attacker with administrator privileges. This vulnerability allows the attacker to bypass the program's password protection, ultimately disabling critical security functions. If exploited, it can expose the user's system to further threats due to the disabled protection mechanisms.",Trend Micro,Trend Micro Security (consumer),7.2,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2021-02-10T22:00:15.000Z,0
CVE-2020-27697,https://securityvulnerability.io/vulnerability/CVE-2020-27697,Installer Package Vulnerability in Trend Micro Security 2020,"The installer package of Trend Micro Security 2020 contains a vulnerability that can be exploited via a symlink attack. By placing a malicious DLL file in an unsecured location, attackers can gain high-level privileges during the installation process. This can result in unauthorized access and potential compromise of the system. It is crucial for users to ensure that the installation process is conducted in a secure environment to mitigate the risk of such vulnerabilities.",Trend Micro,Trend Micro Security (consumer),7.8,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2020-11-18T18:45:38.000Z,0
CVE-2020-27695,https://securityvulnerability.io/vulnerability/CVE-2020-27695,Installer Package Vulnerability in Trend Micro Security 2020,"A vulnerability exists in the installer package of Trend Micro Security 2020 that allows an attacker to place a malicious DLL file in a local directory. During installation, this can result in unauthorized administrative privileges being obtained by the attacker. This exploit poses significant risks as it can lead to full control over the compromised system.",Trend Micro,Trend Micro Security (consumer),7.8,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2020-11-18T18:45:37.000Z,0
CVE-2020-27696,https://securityvulnerability.io/vulnerability/CVE-2020-27696,Installer Package Vulnerability in Trend Micro Security 2020,"Trend Micro Security 2020 contains a vulnerability in the installer package, allowing attackers to exploit a specific Windows system directory. This misconfiguration could enable unauthorized users to gain administrative privileges during the product installation process, posing significant security risks. It is crucial for users to be aware of this vulnerability and apply recommended updates to mitigate potential exploitation.",Trend Micro,Trend Micro Security (consumer),7.8,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2020-11-18T18:45:37.000Z,0
CVE-2020-25775,https://securityvulnerability.io/vulnerability/CVE-2020-25775,Arbitrary File Deletion Vulnerability in Trend Micro Security Products,"The Trend Micro Security 2020 (v16) product family is exposed to a security race condition that permits unprivileged users to exploit the secure erase functionality, potentially leading to unauthorized file deletions. This vulnerability can be manipulated to delete files that are typically protected due to their higher privilege status. The implications could severely compromise the integrity of data management within the affected systems.",Trend Micro,Trend Micro Security (consumer),6.3,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2020-09-29T00:15:00.000Z,0
CVE-2020-24560,https://securityvulnerability.io/vulnerability/CVE-2020-24560,Incomplete SSL Server Certification Validation in Trend Micro Security Products,"An incomplete SSL server certification validation vulnerability exists in Trend Micro Security 2019 (v15) that can potentially be exploited by attackers. This flaw allows attackers to combine it with other tactics to mislead users into downloading malicious updates rather than legitimate ones. The issue stems from improper verification of the server certificate during communications with the update server, which poses significant risks to users who may receive harmful updates instead of expected security patches. Ensuring proper validation of server certificates is crucial to protect against such vulnerabilities.",Trend Micro,Trend Micro Security (consumer),7.5,HIGH,0.0018700000364333391,false,,false,false,false,,,false,false,,2020-09-24T01:50:22.000Z,0
CVE-2020-15604,https://securityvulnerability.io/vulnerability/CVE-2020-15604,Incomplete SSL Server Certification Validation in Trend Micro Security 2019,"An incomplete SSL server certification validation vulnerability exists in Trend Micro Security 2019 (v15), which could enable an attacker to exploit this flaw alongside other methods. This may mislead an affected client into downloading a malicious update, compromising the security of their system. The vulnerability stems from the update files not being properly verified, categorized under CWE-494. Existing users are advised to review security practices and ensure updates are obtained from trusted sources.",Trend Micro,Trend Micro Security (consumer),7.5,HIGH,0.0018700000364333391,false,,false,false,false,,,false,false,,2020-09-24T01:50:21.000Z,0
CVE-2020-8607,https://securityvulnerability.io/vulnerability/CVE-2020-8607,Input Validation Vulnerability in Trend Micro Rootkit Protection Driver,"An input validation issue present in various Trend Micro products utilizing a specific version of the rootkit protection driver can potentially be exploited by an attacker with administrative privileges. This flaw allows unauthorized modification of kernel addresses, which may lead to system instability, crashes, or even execution of arbitrary code at the kernel level. The attacker must have already gained administrator access to the affected machine prior to exploitation, emphasizing the need for robust security measures to prevent initial unauthorized access.",Trend Micro,"Trend Micro Apex One,Trend Micro Officescan,Trend Micro Deep Security,Trend Micro Worry-free Business Security,Trend Micro Security (consumer Family),Trend Micro Safe Lock,Trend Micro Serverprotect,Trend Micro Portable Security,Trend Micro Housecall,Trend Micro Anti-threat Toolkit (attk),Trend Micro Rootkit Buster",6.7,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2020-08-05T14:05:23.000Z,0
CVE-2020-15603,https://securityvulnerability.io/vulnerability/CVE-2020-15603,Invalid Memory Read Vulnerability in Trend Micro Security Products,"An invalid memory read vulnerability exists in Trend Micro Security 2020, where an attacker could exploit the driver to initiate system calls with invalid addresses. This manipulation could lead to a system crash, posing significant risks to users utilizing affected versions of the software.",Trend Micro,Trend Micro Security (consumer),7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2020-07-15T19:15:16.000Z,0
CVE-2020-15602,https://securityvulnerability.io/vulnerability/CVE-2020-15602,Remote Code Execution Vulnerability in Trend Micro Security Products,"An untrusted search path vulnerability exists in the Trend Micro Security 2020 product line, allowing attackers to execute arbitrary code on affected systems. This vulnerability arises when the Trend Micro installer attempts to load dynamic link library (DLL) files from its own directory. If the installer is executed with administrator privileges, it becomes susceptible to exploitation when the user opens a malicious directory or device. For a successful attack, user interaction is required, making this a significant concern for potential risk exposure.",Trend Micro,Trend Micro Security (consumer),7.8,HIGH,0.002300000051036477,false,,false,false,false,,,false,false,,2020-07-15T19:15:15.000Z,0
CVE-2019-19694,https://securityvulnerability.io/vulnerability/CVE-2019-19694,Denial of Service Vulnerability in Trend Micro Security Products,"The Trend Micro Security 2019 consumer products are at risk of a denial of service attack, enabling malicious actors to interfere with system startup processes. By manipulating a key file during startup, attackers can disable essential malware protection features or potentially incapacitate the entire product, exposing users to security threats.",Trend Micro,Trend Micro Security (consumer),4.7,MEDIUM,0.000699999975040555,false,,false,false,false,,,false,false,,2020-02-20T22:50:23.000Z,0