Vulnerabilities > Trendmicro > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-09-22 CVE-2017-11396 Unspecified vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.
network
low complexity
trendmicro
critical
9.0
2017-08-03 CVE-2017-11394 Improper Input Validation vulnerability in Trendmicro Officescan 11.0/12.0
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-20
critical
10.0
2017-08-03 CVE-2017-11393 Improper Input Validation vulnerability in Trendmicro Officescan 11.0/12.0
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-20
critical
10.0
2017-05-26 CVE-2017-9034 Improper Input Validation vulnerability in Trendmicro Serverprotect 3.0
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates.
network
low complexity
trendmicro CWE-20
critical
10.0
2017-04-28 CVE-2016-8592 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance
log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
network
low complexity
trendmicro CWE-264
critical
9.0
2017-04-28 CVE-2016-8591 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance
log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
network
low complexity
trendmicro CWE-264
critical
9.0
2017-04-28 CVE-2016-8590 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance
log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
network
low complexity
trendmicro CWE-264
critical
9.0
2017-04-28 CVE-2016-8589 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance
log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
network
low complexity
trendmicro CWE-264
critical
9.0
2017-04-28 CVE-2016-8586 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance
detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
network
low complexity
trendmicro CWE-264
critical
9.0
2017-04-28 CVE-2016-8585 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance
admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.
network
low complexity
trendmicro CWE-264
critical
9.0