Filtered by vendor Trendmicro
Subscribe
Search
Total
364 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9488 | 1 Trendmicro | 2 Deep Security Manager, Vulnerability Protection | 2019-09-13 | 4.0 MEDIUM | 4.9 MEDIUM |
| Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM). | |||||
| CVE-2018-18334 | 1 Trendmicro | 1 Dr. Safety | 2019-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Private Browser of Trend Micro Dr. Safety for Android (Consumer) versions below 3.0.1478 could allow an remote attacker to bypass the Same Origin Policy (SOP) and obtain sensitive information via crafted JavaScript code on vulnerable installations. | |||||
| CVE-2018-15366 | 1 Trendmicro | 3 Antivirus For Mac 2017, Antivirus For Mac 2018, Antivirus For Mac 2019 | 2018-12-04 | 7.2 HIGH | 7.8 HIGH |
| A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2018-15367 | 1 Trendmicro | 3 Antivirus For Mac 2017, Antivirus For Mac 2018, Antivirus For Mac 2019 | 2018-12-04 | 7.2 HIGH | 7.8 HIGH |
| A ctl_set KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2018-18327 | 1 Trendmicro | 3 Antivirus For Mac 2017, Antivirus For Mac 2018, Antivirus For Mac 2019 | 2018-12-04 | 7.2 HIGH | 7.8 HIGH |
| A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6eDC offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2018-18328 | 1 Trendmicro | 3 Antivirus For Mac 2017, Antivirus For Mac 2018, Antivirus For Mac 2019 | 2018-12-04 | 7.2 HIGH | 7.8 HIGH |
| A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F6A offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2018-18329 | 1 Trendmicro | 3 Antivirus For Mac 2017, Antivirus For Mac 2018, Antivirus For Mac 2019 | 2018-12-04 | 7.2 HIGH | 7.8 HIGH |
| A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F4E offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2018-15365 | 1 Trendmicro | 1 Deep Discovery Inspector | 2018-11-16 | 3.5 LOW | 5.4 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability. | |||||
| CVE-2018-15364 | 1 Trendmicro | 1 Officescan Xg | 2018-11-08 | 1.9 LOW | 4.7 MEDIUM |
| A Named Pipe Request Processing Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro OfficeScan XG (12.0) could allow a local attacker to disclose sensitive information on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. | |||||
| CVE-2009-0613 | 1 Trendmicro | 1 Interscan Web Security Suite | 2018-10-30 | 6.0 MEDIUM | N/A |
| Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 allows remote authenticated Auditor and Report Only users to bypass intended permission settings, and modify the system configuration, via requests to unspecified JSP pages. | |||||
| CVE-2009-0612 | 1 Trendmicro | 2 Interscan Web Security Suite, Interscan Web Security Virtual Appliance | 2018-10-30 | 4.3 MEDIUM | N/A |
| Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header. | |||||
| CVE-2018-10513 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus \+ Security, Internet Security and 2 more | 2018-10-26 | 7.2 HIGH | 7.8 HIGH |
| A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. | |||||
| CVE-2018-10510 | 2 Microsoft, Trendmicro | 2 Windows, Control Manager | 2018-10-12 | 7.5 HIGH | 9.8 CRITICAL |
| A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations. | |||||
| CVE-2010-3189 | 1 Trendmicro | 1 Internet Security | 2018-10-10 | 9.3 HIGH | N/A |
| The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer. | |||||
| CVE-2009-1435 | 1 Trendmicro | 1 Officescan | 2018-10-10 | 2.1 LOW | N/A |
| NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 Patch 1 allows local users to cause a denial of service (application crash) via directories with long pathnames. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0686 | 1 Trendmicro | 1 Internet Security | 2018-10-10 | 7.2 HIGH | N/A |
| The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted IRP in a METHOD_NEITHER IOCTL request to \Device\tmactmon that overwrites memory. | |||||
| CVE-2017-14087 | 1 Trendmicro | 1 Officescan | 2018-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. | |||||
| CVE-2017-14089 | 1 Trendmicro | 1 Officescan | 2018-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues. | |||||
| CVE-2017-14085 | 1 Trendmicro | 1 Officescan | 2018-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules. | |||||
| CVE-2018-3608 | 2 Microsoft, Trendmicro | 7 Windows, Antivirus \+ Security, Internet Security and 4 more | 2018-08-28 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes. | |||||
| CVE-2018-10506 | 1 Trendmicro | 1 Officescan | 2018-07-27 | 1.9 LOW | 4.7 MEDIUM |
| A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within the processing of IOCTL 0x220004 by the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2018-6235 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+, Internet Security and 2 more | 2018-06-28 | 7.2 HIGH | 7.8 HIGH |
| An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2018-6234 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+, Internet Security and 2 more | 2018-06-28 | 2.1 LOW | 5.5 MEDIUM |
| An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2018-6236 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+, Internet Security and 2 more | 2018-06-28 | 6.9 MEDIUM | 7.0 HIGH |
| A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2018-10357 | 1 Trendmicro | 1 Endpoint Application Control | 2018-06-26 | 9.0 HIGH | 8.8 HIGH |
| A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability. | |||||
| CVE-2018-10350 | 2 Linux, Trendmicro | 2 Linux Kernel, Smart Protection Server | 2018-06-25 | 9.0 HIGH | 8.8 HIGH |
| A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php. Authentication is required in order to exploit this vulnerability. | |||||
| CVE-2018-6237 | 2 Linux, Trendmicro | 2 Linux Kernel, Smart Protection Server | 2018-06-25 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation. | |||||
| CVE-2018-10356 | 1 Trendmicro | 1 Email Encryption Gateway | 2018-06-22 | 9.0 HIGH | 8.8 HIGH |
| A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRequestDomains class. Authentication is required to exploit this vulnerability. | |||||
| CVE-2018-10353 | 1 Trendmicro | 1 Email Encryption Gateway | 2018-06-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in the formChangePass class. Authentication is required to exploit this vulnerability. | |||||
| CVE-2018-10352 | 1 Trendmicro | 1 Email Encryption Gateway | 2018-06-22 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Authentication is required to exploit this vulnerability. | |||||
| CVE-2018-10351 | 1 Trendmicro | 1 Email Encryption Gateway | 2018-06-22 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability. | |||||
| CVE-2018-6221 | 1 Trendmicro | 1 Email Encryption Gateway | 2018-04-04 | 9.3 HIGH | 8.1 HIGH |
| An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their own. | |||||
| CVE-2018-6219 | 1 Trendmicro | 1 Email Encryption Gateway | 2018-04-04 | 6.4 MEDIUM | 6.5 MEDIUM |
| An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data. | |||||
| CVE-2018-6224 | 1 Trendmicro | 1 Email Encryption Gateway | 2018-04-04 | 6.8 MEDIUM | 8.8 HIGH |
| A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled domain. | |||||
| CVE-2018-6220 | 1 Trendmicro | 1 Email Encryption Gateway | 2018-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems. | |||||
| CVE-2018-6226 | 1 Trendmicro | 1 Email Encryption Gateway | 2018-04-04 | 3.5 LOW | 5.4 MEDIUM |
| Reflected cross-site scripting (XSS) vulnerabilities in two Trend Micro Email Encryption Gateway 5.5 configuration files could allow an attacker to inject client-side scripts into vulnerable systems. | |||||
| CVE-2018-6227 | 1 Trendmicro | 1 Email Encryption Gateway | 2018-04-04 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject client-side scripts into vulnerable systems. | |||||
| CVE-2018-6228 | 1 Trendmicro | 1 Email Encryption Gateway | 2018-04-04 | 10.0 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system. | |||||
| CVE-2018-6225 | 1 Trendmicro | 1 Email Encryption Gateway | 2018-04-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script. | |||||
| CVE-2018-6230 | 1 Trendmicro | 1 Email Encryption Gateway | 2018-04-04 | 8.3 HIGH | 6.8 MEDIUM |
| A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system. | |||||
| CVE-2018-6229 | 1 Trendmicro | 1 Email Encryption Gateway | 2018-04-04 | 10.0 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system. | |||||
| CVE-2018-3605 | 1 Trendmicro | 1 Control Manager | 2018-03-01 | 6.5 MEDIUM | 8.8 HIGH |
| TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | |||||
| CVE-2018-3607 | 1 Trendmicro | 1 Control Manager | 2018-02-27 | 6.5 MEDIUM | 8.8 HIGH |
| XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | |||||
| CVE-2018-3606 | 1 Trendmicro | 1 Control Manager | 2018-02-27 | 6.5 MEDIUM | 8.8 HIGH |
| XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | |||||
| CVE-2018-3603 | 1 Trendmicro | 1 Control Manager | 2018-02-27 | 6.5 MEDIUM | 8.8 HIGH |
| A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | |||||
| CVE-2018-3604 | 1 Trendmicro | 1 Control Manager | 2018-02-27 | 6.5 MEDIUM | 8.8 HIGH |
| GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | |||||
| CVE-2018-3602 | 1 Trendmicro | 1 Control Manager | 2018-02-27 | 6.5 MEDIUM | 8.8 HIGH |
| An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | |||||
| CVE-2018-3600 | 1 Trendmicro | 1 Control Manager | 2018-02-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations. | |||||
| CVE-2018-3601 | 1 Trendmicro | 1 Control Manager | 2018-02-27 | 7.5 HIGH | 9.8 CRITICAL |
| A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations. | |||||
| CVE-2017-14082 | 1 Trendmicro | 1 Mobile Security | 2018-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| An uninitialized pointer information disclosure vulnerability in Trend Micro Mobile Security (Enterprise) versions 9.7 and below could allow an unauthenticated remote attacker to disclosure sensitive information on a vulnerable system. | |||||