VYPR
Vendor

Trend Micro

Trend Micro Inc. is an American-Japanese cyber security software company. The company has globally dispersed R&D in 16 locations across every continent excluding Antarctica. The company develops enterprise security software for servers, containers, and cloud computing environments, networks, and end points. Its cloud and virtualization security products provide automated security for customers of VMware, Amazon AWS, Microsoft Azure, and Google Cloud Platform.

Founded 1988
Products
121
CVEs
696
Across products
834
Status
Private

Products

121
View all 121 products →

Recent CVEs

696
View all 696 CVEs →
  • CVE-2016-7552CriApr 12, 2017
    risk 0.74cvss 9.8epss 0.93

    On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.

  • CVE-2016-7547CriApr 12, 2017
    risk 0.74cvss 9.8epss 0.93

    A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface.

  • CVE-2017-11394CriAug 3, 2017
    risk 0.72cvss 9.8epss 0.67

    Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.

  • CVE-2018-6229CriMar 15, 2018
    risk 0.68cvss 9.8epss 0.11

    A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.

  • CVE-2018-6228CriMar 15, 2018
    risk 0.68cvss 9.8epss 0.11

    A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.

  • CVE-2018-6223CriMar 15, 2018
    risk 0.68cvss 9.8epss 0.11

    A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters.

  • CVE-2018-6220CriMar 15, 2018
    risk 0.68cvss 9.8epss 0.10

    An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems.

  • CVE-2017-14097CriJan 19, 2018
    risk 0.68cvss 9.8epss 0.13

    An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system.

  • CVE-2017-14094CriJan 19, 2018
    risk 0.68cvss 9.8epss 0.19

    A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system.

  • CVE-2017-14078CriSep 22, 2017
    risk 0.68cvss 9.8epss 0.50

    SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.

  • CVE-2016-9269CriFeb 21, 2017
    risk 0.68cvss 9.9epss 0.13

    Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as…

  • CVE-2016-3987CriApr 12, 2016
    risk 0.68cvss 9.8epss 0.22

    The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.

  • CVE-2017-14089CriOct 6, 2017
    risk 0.67cvss 9.8epss 0.10

    An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.

  • CVE-2017-11385CriAug 2, 2017
    risk 0.67cvss 9.8epss 0.39

    SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545.

  • CVE-2017-11384CriAug 2, 2017
    risk 0.67cvss 9.8epss 0.39

    SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561.

  • CVE-2017-11383CriAug 2, 2017
    risk 0.67cvss 9.8epss 0.39

    SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560.

  • CVE-2017-11389CriAug 2, 2017
    risk 0.66cvss 9.8epss 0.27

    Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684.

  • CVE-2017-11386CriAug 2, 2017
    risk 0.66cvss 9.8epss 0.24

    SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZDI-CAN-4549.

  • CVE-2018-10511CriAug 15, 2018
    risk 0.65cvss 10.0epss 0.03

    A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations.

  • CVE-2017-11393CriAug 3, 2017
    risk 0.65cvss 9.8epss 0.16

    Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543.