Vulnerabilities > Trendmicro > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-25 | CVE-2018-10350 | SQL Injection vulnerability in Trendmicro Smart Protection Server A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php. | 9.0 |
| 2018-05-23 | CVE-2018-10357 | Path Traversal vulnerability in Trendmicro Endpoint Application Control 2.0 A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. | 9.0 |
| 2018-05-23 | CVE-2018-10356 | SQL Injection vulnerability in Trendmicro Email Encryption Gateway 5.5 A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRequestDomains class. | 9.0 |
| 2018-05-23 | CVE-2018-10354 | OS Command Injection vulnerability in Trendmicro Email Encryption Gateway 5.5 A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer. | 9.0 |
| 2018-05-23 | CVE-2018-10351 | SQL Injection vulnerability in Trendmicro Email Encryption Gateway 5.5 A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. | 9.0 |
| 2018-03-15 | CVE-2018-6229 | SQL Injection vulnerability in Trendmicro Email Encryption Gateway 5.5 A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system. | 10.0 |
| 2018-03-15 | CVE-2018-6228 | SQL Injection vulnerability in Trendmicro Email Encryption Gateway 5.5 A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system. | 10.0 |
| 2018-03-15 | CVE-2018-6221 | Improper Certificate Validation vulnerability in Trendmicro Email Encryption Gateway 5.5 An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their own. | 9.3 |
| 2017-09-22 | CVE-2017-14078 | SQL Injection vulnerability in Trendmicro Mobile Security 9.7 SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | 10.0 |
| 2017-09-22 | CVE-2017-11396 | Unspecified vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections. | 9.0 |