Vulnerabilities > Trendmicro > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-12-18 CVE-2019-19690 Weak Password Requirements vulnerability in Trendmicro Mobile Security 10.3.1/9.7/9.8
Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature.
network
low complexity
trendmicro CWE-521
critical
9.8
2019-12-09 CVE-2019-18190 NULL Pointer Dereference vulnerability in Trendmicro products
Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances.
network
low complexity
trendmicro CWE-476
critical
9.8
2019-10-28 CVE-2019-18189 Path Traversal vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user.
network
low complexity
trendmicro CWE-22
critical
9.8
2018-08-15 CVE-2018-10511 Server-Side Request Forgery (SSRF) vulnerability in Trendmicro Control Manager 6.0/7.0
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations.
network
low complexity
trendmicro CWE-918
critical
10.0
2018-08-15 CVE-2018-10510 Path Traversal vulnerability in Trendmicro Control Manager 6.0/7.0
A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-22
critical
9.8
2018-07-06 CVE-2018-3608 Code Injection vulnerability in Trendmicro products
A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes.
network
low complexity
trendmicro CWE-94
critical
9.8
2018-03-15 CVE-2018-6231 OS Command Injection vulnerability in Trendmicro Smart Protection Server
A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations.
network
low complexity
trendmicro CWE-78
critical
9.8
2018-03-15 CVE-2018-6229 SQL Injection vulnerability in Trendmicro Email Encryption Gateway 5.5
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
network
low complexity
trendmicro CWE-89
critical
9.8
2018-03-15 CVE-2018-6228 SQL Injection vulnerability in Trendmicro Email Encryption Gateway 5.5
A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
network
low complexity
trendmicro CWE-89
critical
9.8
2018-03-15 CVE-2018-6223 Missing Authentication for Critical Function vulnerability in Trendmicro Email Encryption Gateway 5.5
A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters.
network
low complexity
trendmicro CWE-306
critical
9.8