VYPR

Vendor CVEs

Trend Micro

All CVEs

696 total · sorted by risk
  • CVE-2018-3607HigFeb 9, 2018
    risk 0.58cvss 8.8epss 0.15

    XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

  • CVE-2018-3603HigFeb 9, 2018
    risk 0.58cvss 8.8epss 0.08

    A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

  • CVE-2018-3602HigFeb 9, 2018
    risk 0.58cvss 8.8epss 0.08

    An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

  • CVE-2017-14079HigSep 22, 2017
    risk 0.58cvss 8.8epss 0.11

    Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.

  • CVE-2017-11395HigSep 22, 2017
    risk 0.58cvss 8.8epss 0.14

    Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.

  • CVE-2017-11388HigAug 2, 2017
    risk 0.58cvss 8.8epss 0.14

    SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638.

  • CVE-2016-8593HigApr 28, 2017
    risk 0.58cvss 8.8epss 0.07

    Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the dID parameter.

  • CVE-2016-8592HigApr 28, 2017
    risk 0.58cvss 8.8epss 0.06

    log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.

  • CVE-2016-8591HigApr 28, 2017
    risk 0.58cvss 8.8epss 0.06

    log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.

  • CVE-2016-8590HigApr 28, 2017
    risk 0.58cvss 8.8epss 0.06

    log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.

  • CVE-2016-8589HigApr 28, 2017
    risk 0.58cvss 8.8epss 0.06

    log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.

  • CVE-2016-8586HigApr 28, 2017
    risk 0.58cvss 8.8epss 0.06

    detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.

  • CVE-2016-8585HigApr 28, 2017
    risk 0.58cvss 8.8epss 0.07

    admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.

  • CVE-2016-6270HigJan 30, 2017
    risk 0.58cvss 8.8epss 0.06

    The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to…

  • CVE-2016-6266HigJan 30, 2017
    risk 0.58cvss 8.8epss 0.08

    ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register…

  • CVE-2018-10509HigJun 12, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability.

  • CVE-2018-10508HigJun 12, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations. An attacker must already have at least guest privileges in order to exploit this vulnerability.

  • CVE-2018-10352HigMay 23, 2018
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Authentication is required to exploit this vulnerability.

  • CVE-2018-10351HigMay 23, 2018
    risk 0.57cvss 8.8epss 0.04

    A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability.

  • CVE-2017-14095HigJan 19, 2018
    risk 0.57cvss 8.1epss 0.12

    A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system.

  • CVE-2017-14092HigDec 16, 2017
    risk 0.57cvss 8.8epss 0.01

    The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.

  • CVE-2017-9033HigMay 26, 2017
    risk 0.57cvss 8.8epss 0.02

    Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to…

  • CVE-2017-5481HigMay 3, 2017
    risk 0.57cvss 8.8epss 0.02

    Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation.

  • CVE-2026-34926MedKEVMay 21, 2026
    risk 0.56cvss 6.7epss 0.13

    A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the…

  • CVE-2018-6221HigMar 15, 2018
    risk 0.56cvss 8.1epss 0.06

    An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their own.

  • CVE-2017-14084HigOct 6, 2017
    risk 0.56cvss 8.1epss 0.10

    A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.

  • CVE-2018-6222HigMar 15, 2018
    risk 0.54cvss 7.8epss 0.01

    Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system.

  • CVE-2018-3609HigFeb 16, 2018
    risk 0.54cvss 8.1epss 0.22

    A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations.

  • CVE-2016-9314HigFeb 21, 2017
    risk 0.54cvss 7.8epss 0.03

    Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration…

  • CVE-2017-14087HigOct 6, 2017
    risk 0.52cvss 7.5epss 0.08

    A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.

  • CVE-2017-14086HigOct 6, 2017
    risk 0.52cvss 7.5epss 0.08

    Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to…

  • CVE-2017-14083HigOct 6, 2017
    risk 0.52cvss 7.5epss 0.06

    A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file.

  • CVE-2026-45208HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this…

  • CVE-2026-45207HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different process protection communication mechanism. Please note: an attacker must…

  • CVE-2026-45206HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism. Please note: an attacker must…

  • CVE-2026-34930HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism. Please note: an attacker must first obtain the…

  • CVE-2026-34929HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism. Please note: an attacker must first…

  • CVE-2026-34928HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different named pipe communication mechanism. Please note: an attacker must first obtain…

  • CVE-2026-34927HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this…

  • CVE-2025-71217HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on…

  • CVE-2025-71216HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target…

  • CVE-2025-71214HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target…

  • CVE-2025-71213HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this…

  • CVE-2025-71212HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.01

    A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit…

  • CVE-2018-15363HigAug 30, 2018
    risk 0.51cvss 7.8epss 0.00

    An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target…

  • CVE-2018-10514HigAug 30, 2018
    risk 0.51cvss 7.8epss 0.00

    A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target…

  • CVE-2018-10513HigAug 30, 2018
    risk 0.51cvss 7.8epss 0.01

    A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on…

  • CVE-2018-6235HigMay 25, 2018
    risk 0.51cvss 7.8epss 0.00

    An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker…

  • CVE-2018-6233HigMay 25, 2018
    risk 0.51cvss 7.8epss 0.01

    A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222060 by the tmnciesc.sys driver. An attacker must…

  • CVE-2018-6232HigMay 25, 2018
    risk 0.51cvss 7.8epss 0.01

    A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x22205C by the tmnciesc.sys driver. An attacker must…

Page 2 of 14