Filtered by vendor Trendmicro
Subscribe
Total
559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14091 | 1 Trendmicro | 1 Scanmail | 2025-04-20 | 7.6 HIGH | 7.5 HIGH |
|
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory.
|
|||||
| CVE-2017-11390 | 1 Trendmicro | 1 Control Manager | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706.
|
|||||
| CVE-2017-14092 | 1 Trendmicro | 1 Scanmail | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.
|
|||||
| CVE-2017-11379 | 1 Trendmicro | 1 Deep Discovery Director | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1.
|
|||||
| CVE-2016-8587 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | 6.0 MEDIUM | 7.3 HIGH |
|
dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/.
|
|||||
| CVE-2016-7552 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
|
|||||
| CVE-2017-11395 | 1 Trendmicro | 1 Smart Protection Server | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.
|
|||||
| CVE-2017-14087 | 1 Trendmicro | 1 Officescan | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
|
|||||
| CVE-2016-8593 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the dID parameter.
|
|||||
| CVE-2016-8590 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
|
log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
|
|||||
| CVE-2017-11394 | 1 Trendmicro | 1 Officescan | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
|
|||||
| CVE-2017-6339 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to client browsers to complete a secure passage for HTTPS connections. It also allows administrators to upload their own certificates signed by a root CA. An attacker with low privileges can download the current CA certificate ...
Show More |
|||||
| CVE-2017-11392 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745.
|
|||||
| CVE-2017-6338 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key.
|
|||||
| CVE-2017-7896 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS.
|
|||||
| CVE-2017-14089 | 1 Trendmicro | 1 Officescan | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.
|
|||||
| CVE-2017-5481 | 1 Trendmicro | 1 Officescan | 2025-04-20 | 4.0 MEDIUM | 8.8 HIGH |
|
Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation.
|
|||||
| CVE-2017-9034 | 1 Trendmicro | 1 Serverprotect | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates.
|
|||||
| CVE-2017-11387 | 1 Trendmicro | 1 Control Manager | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512.
|
|||||
| CVE-2016-8584 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value.
|
|||||
| CVE-2016-9316 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages. This was resolved in Version 6.5 CP 1737.
|
|||||
| CVE-2016-6268 | 1 Trendmicro | 1 Smart Protection Server | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
|
Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory.
|
|||||
| CVE-2017-14093 | 1 Trendmicro | 1 Scanmail | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks.
|
|||||
| CVE-2017-11381 | 1 Trendmicro | 1 Deep Discovery Director | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console.
|
|||||
| CVE-2017-14080 | 1 Trendmicro | 1 Mobile Security | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password.
|
|||||
| CVE-2017-9033 | 1 Trendmicro | 1 Serverprotect | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoption_set.cgi, related to the lack of anti-CSRF tokens.
|
|||||
| CVE-2017-14084 | 1 Trendmicro | 1 Officescan | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
|
A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.
|
|||||
| CVE-2016-6269 | 1 Trendmicro | 1 Smart Protection Server | 2025-04-20 | 7.5 HIGH | 9.1 CRITICAL |
|
Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php.
|
|||||
| CVE-2017-11393 | 1 Trendmicro | 1 Officescan | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543.
|
|||||
| CVE-2017-11397 | 1 Trendmicro | 1 Encryption For Email | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system.
|
|||||
| CVE-2016-8591 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
|
log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
|
|||||
| CVE-2016-9315 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2025-04-20 | 4.0 MEDIUM | 8.8 HIGH |
|
Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. This was resolved in Version 6.5 CP 1737.
|
|||||
| CVE-2016-8585 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
|
admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.
|
|||||
| CVE-2017-5565 | 1 Trendmicro | 4 Antivirus\+, Internet Security, Maximum Security and 1 more | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
|
Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Trend Micro process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Prov ...
Show More |
|||||
| CVE-2017-8801 | 1 Trendmicro | 1 Officescan | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website.
|
|||||
| CVE-2017-9032 | 1 Trendmicro | 1 Serverprotect | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) T1 or (2) tmLastConfigFileModifiedDate parameter to log_management.cgi.
|
|||||
| CVE-2017-14078 | 1 Trendmicro | 1 Mobile Security | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
|
|||||
| CVE-2017-11391 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744.
|
|||||
| CVE-2017-11386 | 1 Trendmicro | 1 Control Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZDI-CAN-4549.
|
|||||
| CVE-2017-6798 | 1 Trendmicro | 1 Endpoint Sensor | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulnerability that allows remote attackers to execute arbitrary code, aka Trend Micro Vulnerability Identifier 2015-0208.
|
|||||