Vulnerabilities > Trendmicro > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-18 | CVE-2019-19690 | Weak Password Requirements vulnerability in Trendmicro Mobile Security 10.3.1/9.7/9.8 Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature. | 9.8 |
| 2019-12-09 | CVE-2019-18190 | NULL Pointer Dereference vulnerability in Trendmicro products Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances. | 9.8 |
| 2019-10-28 | CVE-2019-18189 | Path Traversal vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. | 9.8 |
| 2018-08-15 | CVE-2018-10511 | Server-Side Request Forgery (SSRF) vulnerability in Trendmicro Control Manager 6.0/7.0 A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations. | 10.0 |
| 2018-08-15 | CVE-2018-10510 | Path Traversal vulnerability in Trendmicro Control Manager 6.0/7.0 A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations. | 9.8 |
| 2018-07-06 | CVE-2018-3608 | Code Injection vulnerability in Trendmicro products A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes. | 9.8 |
| 2018-03-15 | CVE-2018-6231 | OS Command Injection vulnerability in Trendmicro Smart Protection Server A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations. | 9.8 |
| 2018-03-15 | CVE-2018-6229 | SQL Injection vulnerability in Trendmicro Email Encryption Gateway 5.5 A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system. | 9.8 |
| 2018-03-15 | CVE-2018-6228 | SQL Injection vulnerability in Trendmicro Email Encryption Gateway 5.5 A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system. | 9.8 |
| 2018-03-15 | CVE-2018-6223 | Missing Authentication for Critical Function vulnerability in Trendmicro Email Encryption Gateway 5.5 A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters. | 9.8 |