Vulnerabilities > Trendmicro > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-15 | CVE-2018-6220 | Injection vulnerability in Trendmicro Email Encryption Gateway 5.5 An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems. | 9.8 |
| 2018-02-09 | CVE-2018-3601 | Improper Authentication vulnerability in Trendmicro Control Manager 6.0 A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations. | 9.8 |
| 2018-01-19 | CVE-2017-14097 | Unspecified vulnerability in Trendmicro Smart Protection Server An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system. | 9.8 |
| 2018-01-19 | CVE-2017-14094 | Injection vulnerability in Trendmicro Smart Protection Server A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system. | 9.8 |
| 2017-12-16 | CVE-2017-14090 | Inadequate Encryption Strength vulnerability in Trendmicro Scanmail 12.0 A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted. | 9.1 |
| 2017-10-06 | CVE-2017-14089 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan 11.0/12.0 An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues. | 9.8 |
| 2017-09-22 | CVE-2017-14080 | Improper Authentication vulnerability in Trendmicro Mobile Security 9.7 Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password. | 9.8 |
| 2017-09-22 | CVE-2017-14078 | SQL Injection vulnerability in Trendmicro Mobile Security 9.7 SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | 9.8 |
| 2017-08-03 | CVE-2017-11394 | Improper Input Validation vulnerability in Trendmicro Officescan 11.0/12.0 Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. | 9.8 |
| 2017-08-03 | CVE-2017-11393 | Improper Input Validation vulnerability in Trendmicro Officescan 11.0/12.0 Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. | 9.8 |