Filtered by vendor Trendmicro
Subscribe
Total
575 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11383 | 1 Trendmicro | 1 Control Manager | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560. | |||||
| CVE-2017-11382 | 1 Trendmicro | 1 Deep Discovery Email Inspector | 2026-06-17 | 6.4 MEDIUM | 7.5 HIGH |
| Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Formerly ZDI-CAN-4350. | |||||
| CVE-2017-11381 | 1 Trendmicro | 1 Deep Discovery Director | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console. | |||||
| CVE-2017-11380 | 1 Trendmicro | 1 Deep Discovery Director | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1. | |||||
| CVE-2017-11379 | 1 Trendmicro | 1 Deep Discovery Director | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1. | |||||
| CVE-2016-9319 | 1 Trendmicro | 1 Mobile Security | 2026-06-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. | |||||
| CVE-2016-9316 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2026-06-17 | 3.5 LOW | 5.4 MEDIUM |
| Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages. This was resolved in Version 6.5 CP 1737. | |||||
| CVE-2016-9315 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2026-06-17 | 4.0 MEDIUM | 8.8 HIGH |
| Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. This was resolved in Version 6.5 CP 1737. | |||||
| CVE-2016-9314 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2026-06-17 | 4.0 MEDIUM | 7.8 HIGH |
| Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. This backup file contains sensitive information like passwd/shadow files, RSA certificates, Private Keys and Default Passphrase, etc. This was resolved in Version 6.5 CP 1737. | |||||
| CVE-2016-9269 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2026-06-17 | 9.0 HIGH | 9.9 CRITICAL |
| Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality. This was resolved in Version 6.5 CP 1737. | |||||
| CVE-2016-8593 | 1 Trendmicro | 1 Threat Discovery Appliance | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the dID parameter. | |||||
| CVE-2016-8592 | 1 Trendmicro | 1 Threat Discovery Appliance | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | |||||
| CVE-2016-8591 | 1 Trendmicro | 1 Threat Discovery Appliance | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | |||||
| CVE-2016-8590 | 1 Trendmicro | 1 Threat Discovery Appliance | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | |||||
| CVE-2016-8589 | 1 Trendmicro | 1 Threat Discovery Appliance | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | |||||
| CVE-2016-8588 | 1 Trendmicro | 1 Threat Discovery Appliance | 2026-06-17 | 6.0 MEDIUM | 7.3 HIGH |
| The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file. | |||||
| CVE-2016-8587 | 1 Trendmicro | 1 Threat Discovery Appliance | 2026-06-17 | 6.0 MEDIUM | 7.3 HIGH |
| dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/. | |||||
| CVE-2016-8586 | 1 Trendmicro | 1 Threat Discovery Appliance | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | |||||
| CVE-2016-8585 | 1 Trendmicro | 1 Threat Discovery Appliance | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter. | |||||
| CVE-2016-8584 | 1 Trendmicro | 1 Threat Discovery Appliance | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value. | |||||