Filtered by vendor Trendmicro
Subscriptions
Total
497 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-41179 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2024-09-26 | 7.2 High |
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. | ||||
CVE-2017-11380 | 1 Trendmicro | 1 Deep Discovery Director | 2024-09-17 | N/A |
Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1. | ||||
CVE-2017-11392 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2024-09-17 | N/A |
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745. | ||||
CVE-2017-14078 | 1 Trendmicro | 1 Mobile Security | 2024-09-17 | N/A |
SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | ||||
CVE-2017-11391 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2024-09-17 | N/A |
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744. | ||||
CVE-2017-11382 | 1 Trendmicro | 1 Deep Discovery Email Inspector | 2024-09-17 | N/A |
Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Formerly ZDI-CAN-4350. | ||||
CVE-2011-1327 | 1 Trendmicro | 1 Trend Micro Internet Security | 2024-09-17 | N/A |
The Keystroke Encryption feature in Trend Micro Internet Security 2009 (aka Virus Buster 2009 and PC-cillin 2009) does not completely encrypt passwords, which allows local users to obtain sensitive information by leveraging a keylogger. | ||||
CVE-2017-14080 | 1 Trendmicro | 1 Mobile Security | 2024-09-17 | N/A |
Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password. | ||||
CVE-2017-11381 | 1 Trendmicro | 1 Deep Discovery Director | 2024-09-17 | N/A |
A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console. | ||||
CVE-2017-8801 | 1 Trendmicro | 1 Officescan | 2024-09-16 | N/A |
Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website. | ||||
CVE-2017-11393 | 1 Trendmicro | 1 Officescan | 2024-09-16 | N/A |
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543. | ||||
CVE-2017-11395 | 1 Trendmicro | 1 Smart Protection Server | 2024-09-16 | N/A |
Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations. | ||||
CVE-2010-5179 | 2 Microsoft, Trendmicro | 2 Windows Xp, Internet Security 2010 | 2024-09-16 | N/A |
Race condition in Trend Micro Internet Security Pro 2010 17.50.1647.0000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute | ||||
CVE-2017-11379 | 1 Trendmicro | 1 Deep Discovery Director | 2024-09-16 | N/A |
Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1. | ||||
CVE-2017-14079 | 1 Trendmicro | 1 Mobile Security | 2024-09-16 | N/A |
Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | ||||
CVE-2017-11396 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-09-16 | 7.2 High |
Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections. | ||||
CVE-2016-3987 | 1 Trendmicro | 1 Password Manager | 2024-09-16 | 9.8 Critical |
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. | ||||
CVE-2017-11394 | 1 Trendmicro | 1 Officescan | 2024-09-16 | N/A |
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544. | ||||
CVE-2023-52325 | 1 Trendmicro | 1 Apex Central | 2024-09-12 | 7.5 High |
A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this vulnerability. | ||||
CVE-2023-47196 | 1 Trendmicro | 1 Apex One | 2024-09-12 | 7.8 High |
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47197. |