Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
8368 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25252 | 7 Apple, Emc, Linux and 4 more | 25 Macos, Celerra Network Attached Storage, Linux Kernel and 22 more | 2024-11-21 | 5.5 Medium |
| Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. | ||||
| CVE-2021-25251 | 2 Microsoft, Trendmicro | 9 Windows, Antivirus\+ Security 2020, Antivirus\+ Security 2021 and 6 more | 2024-11-21 | 7.2 High |
| The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability. | ||||
| CVE-2021-25249 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2024-11-21 | 7.8 High |
| An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-25248 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2024-11-21 | 5.5 Medium |
| An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-25247 | 2 Microsoft, Trendmicro | 2 Windows, Housecall For Home Networks | 2024-11-21 | 7.8 High |
| A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability. | ||||
| CVE-2021-25243 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2024-11-21 | 5.3 Medium |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information. | ||||
| CVE-2021-25242 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2024-11-21 | 5.3 Medium |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information. | ||||
| CVE-2021-25241 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Worry-free Business Security | 2024-11-21 | 5.3 Medium |
| A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep. | ||||
| CVE-2021-25240 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2024-11-21 | 5.3 Medium |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information. | ||||
| CVE-2021-25239 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2024-11-21 | 5.3 Medium |
| An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes. | ||||
| CVE-2021-25238 | 2 Microsoft, Trendmicro | 3 Windows, Officescan, Worry-free Business Security | 2024-11-21 | 5.3 Medium |
| An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent's managing port. | ||||
| CVE-2021-25237 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 5.3 Medium |
| An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents. | ||||
| CVE-2021-25236 | 2 Microsoft, Trendmicro | 3 Windows, Officescan, Worry-free Business Security | 2024-11-21 | 5.3 Medium |
| A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep. | ||||
| CVE-2021-25235 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Officescan | 2024-11-21 | 5.3 Medium |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration file. | ||||
| CVE-2021-25234 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2024-11-21 | 5.3 Medium |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file. | ||||
| CVE-2021-25233 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2024-11-21 | 5.3 Medium |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file. | ||||
| CVE-2021-25232 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Officescan | 2024-11-21 | 5.3 Medium |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database. | ||||
| CVE-2021-25231 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2024-11-21 | 5.3 Medium |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file. | ||||
| CVE-2021-25230 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Officescan | 2024-11-21 | 5.3 Medium |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception file. | ||||
| CVE-2021-23827 | 4 Apple, Keybase, Microsoft and 1 more | 4 Macos, Keybase, Windows and 1 more | 2024-11-21 | 5.5 Medium |
| Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the "Explode message/Explode now" functionality. Local filesystem access is needed by the attacker. | ||||