Filtered by vendor Trendmicro
Subscriptions
Total
551 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45797 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-04-24 | 7.1 High |
| An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2017-14078 | 1 Trendmicro | 1 Mobile Security | 2025-04-20 | N/A |
| SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | ||||
| CVE-2017-5481 | 1 Trendmicro | 1 Officescan | 2025-04-20 | N/A |
| Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation. | ||||
| CVE-2017-11388 | 1 Trendmicro | 1 Control Manager | 2025-04-20 | N/A |
| SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638. | ||||
| CVE-2016-9314 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2025-04-20 | N/A |
| Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. This backup file contains sensitive information like passwd/shadow files, RSA certificates, Private Keys and Default Passphrase, etc. This was resolved in Version 6.5 CP 1737. | ||||
| CVE-2017-11381 | 1 Trendmicro | 1 Deep Discovery Director | 2025-04-20 | N/A |
| A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console. | ||||
| CVE-2016-6269 | 1 Trendmicro | 1 Smart Protection Server | 2025-04-20 | 9.1 Critical |
| Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php. | ||||
| CVE-2017-11380 | 1 Trendmicro | 1 Deep Discovery Director | 2025-04-20 | N/A |
| Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1. | ||||
| CVE-2017-9036 | 1 Trendmicro | 1 Serverprotect | 2025-04-20 | 7.8 High |
| Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory. | ||||
| CVE-2016-8584 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | N/A |
| Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value. | ||||
| CVE-2017-9035 | 1 Trendmicro | 1 Serverprotect | 2025-04-20 | 7.4 High |
| Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers. | ||||
| CVE-2017-8801 | 1 Trendmicro | 1 Officescan | 2025-04-20 | N/A |
| Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website. | ||||
| CVE-2017-7896 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2025-04-20 | N/A |
| Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS. | ||||
| CVE-2016-6220 | 1 Trendmicro | 1 Control Manager | 2025-04-20 | 7.5 High |
| Information Disclosure vulnerability in the Dashboard and Error Pages in Trend Micro Control Manager SP3 6.0. | ||||
| CVE-2017-6340 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2025-04-20 | N/A |
| Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. Additionally, IWSVA implements incorrect access control that allows any authenticated, remote user (even with low privileges like 'Auditor') to create or modify reports, and consequently take advantage of this XSS vulnerability. The JavaScript is executed when victims visit reports or auditlog pages. | ||||
| CVE-2016-9316 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2025-04-20 | N/A |
| Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages. This was resolved in Version 6.5 CP 1737. | ||||
| CVE-2017-11389 | 1 Trendmicro | 1 Control Manager | 2025-04-20 | N/A |
| Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684. | ||||
| CVE-2017-11379 | 1 Trendmicro | 1 Deep Discovery Director | 2025-04-20 | N/A |
| Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1. | ||||
| CVE-2016-8586 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | N/A |
| detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||
| CVE-2016-8590 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | N/A |
| log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||