All the vulnerabilites related to Trend Micro, Inc. - Trend Micro Security
jvndb-2023-001291
Vulnerability from jvndb
Published
2023-03-03 11:10
Modified
2024-06-13 17:06
Severity ?
Summary
Multiple vulnerabilities in Trend Micro Maximum Security
Details
Trend Micro Incorporated has released security updates for Trend Micro Maximum Security. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001291.html",
  "dc:date": "2024-06-13T17:06+09:00",
  "dcterms:issued": "2023-03-03T11:10+09:00",
  "dcterms:modified": "2024-06-13T17:06+09:00",
  "description": "Trend Micro Incorporated has released security updates for Trend Micro Maximum Security.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001291.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:trendmicro:maximum_security_2022",
      "@product": "Trend Micro Maximum Security 2022",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:security",
      "@product": "Trend Micro Security",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "7.8",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2023-001291",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/vu/JVNVU96882769/index.html",
      "@id": "JVNVU#96882769",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-30687",
      "@id": "CVE-2022-30687",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-34893",
      "@id": "CVE-2022-34893",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-35234",
      "@id": "CVE-2022-35234",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-37347",
      "@id": "CVE-2022-37347",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-37348",
      "@id": "CVE-2022-37348",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-48191",
      "@id": "CVE-2022-48191",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-30687",
      "@id": "CVE-2022-30687",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-34893",
      "@id": "CVE-2022-34893",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-35234",
      "@id": "CVE-2022-35234",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-37347",
      "@id": "CVE-2022-37347",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-37348",
      "@id": "CVE-2022-37348",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-48191",
      "@id": "CVE-2022-48191",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-59",
      "@title": "Link Following(CWE-59)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/125.html",
      "@id": "CWE-125",
      "@title": "Out-of-bounds Read(CWE-125)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/367.html",
      "@id": "CWE-367",
      "@title": "Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367)"
    }
  ],
  "title": "Multiple vulnerabilities in Trend Micro Maximum Security"
}

jvndb-2023-000033
Vulnerability from jvndb
Published
2023-04-14 15:44
Modified
2024-04-26 17:48
Severity ?
Summary
Trend Micro Security may insecurely load Dynamic Link Libraries
Details
Trend Micro Security provided by Trend Micro Incorporated contains an insecure DLL loading issue (CWE-427). While the affected version of Trend Micro Security is installed and a malicious DLL is placed in a directory where some application executable resides, invoking the application executable may result in Trend Micro Security loading the malicious DLL. Rintaro Fujita of Nippon Telegraph and Telephone Corporation, Hiroki Hada of NTT Security (Japan) KK and Hiroki Mashiko of NTT DATA Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000033.html",
  "dc:date": "2024-04-26T17:48+09:00",
  "dcterms:issued": "2023-04-14T15:44+09:00",
  "dcterms:modified": "2024-04-26T17:48+09:00",
  "description": "Trend Micro Security provided by Trend Micro Incorporated contains an insecure DLL loading issue (CWE-427).\r\nWhile the affected version of Trend Micro Security is installed and a malicious DLL is placed in a directory where some application executable resides, invoking the application executable may result in Trend Micro Security loading the malicious DLL.\r\n\r\nRintaro Fujita of Nippon Telegraph and Telephone Corporation, Hiroki Hada of NTT Security (Japan) KK and Hiroki Mashiko of NTT DATA Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000033.html",
  "sec:cpe": {
    "#text": "cpe:/a:trendmicro:security",
    "@product": "Trend Micro Security",
    "@vendor": "Trend Micro, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "8.6",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2023-000033",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN76257155/index.html",
      "@id": "JVN#76257155",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/ta/JVNTA91240916/",
      "@id": "JVNTA#91240916",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-28929",
      "@id": "CVE-2023-28929",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-28929",
      "@id": "CVE-2023-28929",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Trend Micro Security may insecurely load Dynamic Link Libraries"
}

jvndb-2022-002295
Vulnerability from jvndb
Published
2022-08-19 11:42
Modified
2022-08-19 11:42
Severity ?
Summary
Multiple vulnerabilities in Trend Micro Security
Details
Trend Micro Incorporated has released security updates for Trend Micro Security. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002295.html",
  "dc:date": "2022-08-19T11:42+09:00",
  "dcterms:issued": "2022-08-19T11:42+09:00",
  "dcterms:modified": "2022-08-19T11:42+09:00",
  "description": "Trend Micro Incorporated has released security updates for Trend Micro Security.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002295.html",
  "sec:cpe": {
    "#text": "cpe:/a:trendmicro:security",
    "@product": "Trend Micro Security",
    "@vendor": "Trend Micro, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "7.8",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2022-002295",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU93109244/index.html",
      "@id": "JVNVU#93109244",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-30702",
      "@id": "CVE-2022-30702",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-30703",
      "@id": "CVE-2022-30703",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-30702",
      "@id": "CVE-2022-30702",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-30703",
      "@id": "CVE-2022-30703",
      "@source": "NVD"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/125.html",
      "@id": "CWE-125",
      "@title": "Out-of-bounds Read(CWE-125)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-noinfo",
      "@title": "No Mapping(CWE-noinfo)"
    }
  ],
  "title": "Multiple vulnerabilities in Trend Micro Security"
}

jvndb-2018-000013
Vulnerability from jvndb
Published
2018-02-15 16:39
Modified
2018-04-11 12:23
Severity ?
Summary
Insecure DLL Loading issue in multiple Trend Micro products
Details
Multiple products provided by Trend Micro Incorporated contain an insecure DLL loading issue (CWE-427). When invoking the installers of other applications while the concerned products are installed to the PC, the DLL placed in the same directory as the the installers (of the other applications) may be insecurely loaded. Hidenori Ohta of Mitsubishi Electric Information Systems Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000013.html",
  "dc:date": "2018-04-11T12:23+09:00",
  "dcterms:issued": "2018-02-15T16:39+09:00",
  "dcterms:modified": "2018-04-11T12:23+09:00",
  "description": "Multiple products provided by Trend Micro Incorporated contain an insecure DLL loading issue (CWE-427).\r\n When invoking the installers of other applications while the concerned products are installed to the PC, the DLL placed in the same directory as the the installers (of the other applications) may be insecurely loaded.\r\n\r\nHidenori Ohta of Mitsubishi Electric Information Systems Corporation reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000013.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:trendmicro:business_security",
      "@product": "Worry-Free Business Security",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:business_security_services",
      "@product": "Worry-Free Business Security Services",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:deep_security",
      "@product": "Trend Micro Deep Security",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:endpoint_sensor",
      "@product": "Trend Micro Endpoint Sensor",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:security",
      "@product": "Trend Micro Security",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:virus_baster_corporate_edition",
      "@product": "OfficeScan",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000013",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN28865183/index.html",
      "@id": "JVN#28865183",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
      "@id": "JVNTA#91240916",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6218",
      "@id": "CVE-2018-6218",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-6218",
      "@id": "CVE-2018-6218",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/security/ciadr/vul/20180215-jvn.html",
      "@id": "Security Alert for Vulnerability in multiple Trend Micro products (JVN#28865183)",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Insecure DLL Loading issue in multiple Trend Micro products"
}