Vulnerabilities > Trendmicro > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-24 | CVE-2022-25330 | Integer Overflow or Wraparound vulnerability in Trendmicro products Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution. | 9.8 |
2021-09-29 | CVE-2021-36745 | Forced Browsing vulnerability in Trendmicro Serverprotect 5.8/6.0 A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentication on affected installations. | 9.8 |
2020-12-17 | CVE-2020-8466 | OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password. | 9.8 |
2020-12-17 | CVE-2020-8465 | Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root. | 9.8 |
2020-11-18 | CVE-2020-28578 | Out-of-bounds Write vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. | 9.8 |
2020-09-15 | CVE-2020-24561 | Command Injection vulnerability in Trendmicro Serverprotect 3.0 A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. | 9.1 |
2020-05-27 | CVE-2020-8606 | Improper Authentication vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance. | 9.8 |
2020-03-18 | CVE-2020-8600 | Path Traversal vulnerability in Trendmicro Worry-Free Business Security 10.0/9.0/9.5 Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication. | 9.8 |
2020-03-18 | CVE-2020-8599 | Unspecified vulnerability in Trendmicro Apex ONE and Officescan Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. | 9.8 |
2020-03-18 | CVE-2020-8598 | Missing Authentication for Critical Function vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. | 9.8 |