Filtered by vendor Trendmicro
Subscribe
Total
414 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6229 | 1 Trendmicro | 1 Email Encryption Gateway | 2018-04-04 | 10.0 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system. | |||||
| CVE-2018-3605 | 1 Trendmicro | 1 Control Manager | 2018-03-01 | 6.5 MEDIUM | 8.8 HIGH |
| TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | |||||
| CVE-2018-3607 | 1 Trendmicro | 1 Control Manager | 2018-02-27 | 6.5 MEDIUM | 8.8 HIGH |
| XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | |||||
| CVE-2018-3606 | 1 Trendmicro | 1 Control Manager | 2018-02-27 | 6.5 MEDIUM | 8.8 HIGH |
| XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | |||||
| CVE-2018-3604 | 1 Trendmicro | 1 Control Manager | 2018-02-27 | 6.5 MEDIUM | 8.8 HIGH |
| GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | |||||
| CVE-2018-3603 | 1 Trendmicro | 1 Control Manager | 2018-02-27 | 6.5 MEDIUM | 8.8 HIGH |
| A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | |||||
| CVE-2018-3602 | 1 Trendmicro | 1 Control Manager | 2018-02-27 | 6.5 MEDIUM | 8.8 HIGH |
| An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | |||||
| CVE-2018-3600 | 1 Trendmicro | 1 Control Manager | 2018-02-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations. | |||||
| CVE-2018-3601 | 1 Trendmicro | 1 Control Manager | 2018-02-27 | 7.5 HIGH | 9.8 CRITICAL |
| A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations. | |||||
| CVE-2017-14082 | 1 Trendmicro | 1 Mobile Security | 2018-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| An uninitialized pointer information disclosure vulnerability in Trend Micro Mobile Security (Enterprise) versions 9.7 and below could allow an unauthenticated remote attacker to disclosure sensitive information on a vulnerable system. | |||||
| CVE-2017-14096 | 1 Trendmicro | 1 Smart Protection Server | 2018-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems. | |||||
| CVE-2012-1457 | 26 Aladdin, Alwil, Anti-virus and 23 more | 28 Esafe, Avast Antivirus, Vba32 and 25 more | 2018-01-17 | 4.3 MEDIUM | N/A |
| The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. | |||||
| CVE-2012-1459 | 32 Ahnlab, Alwil, Anti-virus and 29 more | 34 V3 Internet Security, Avast Antivirus, Vba32 and 31 more | 2018-01-17 | 4.3 MEDIUM | N/A |
| The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. | |||||
| CVE-2017-11397 | 1 Trendmicro | 1 Encryption For Email | 2017-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system. | |||||
| CVE-2017-14091 | 1 Trendmicro | 1 Scanmail | 2017-12-27 | 7.6 HIGH | 7.5 HIGH |
| A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory. | |||||
| CVE-2017-14093 | 1 Trendmicro | 1 Scanmail | 2017-12-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks. | |||||
| CVE-2017-14090 | 1 Trendmicro | 1 Scanmail | 2017-12-26 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted. | |||||
| CVE-2017-14092 | 1 Trendmicro | 1 Scanmail | 2017-12-26 | 6.8 MEDIUM | 8.8 HIGH |
| The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain. | |||||
| CVE-2017-11394 | 1 Trendmicro | 1 Officescan | 2017-10-13 | 10.0 HIGH | 9.8 CRITICAL |
| Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544. | |||||
| CVE-2017-14088 | 1 Trendmicro | 2 Officescan, Officescan Xg | 2017-10-13 | 6.9 MEDIUM | 7.0 HIGH |
| Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. | |||||