Vulnerabilities > Trendmicro > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-14 | CVE-2017-6398 | Remote Code Execution vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 9.11600 An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. | 9.0 |
| 2017-03-10 | CVE-2017-6798 | Untrusted Search Path vulnerability in Trendmicro Endpoint Sensor 1.6 Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulnerability that allows remote attackers to execute arbitrary code, aka Trend Micro Vulnerability Identifier 2015-0208. | 9.3 |
| 2017-02-21 | CVE-2016-9269 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Interscan web Security Virtual Appliance Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality. | 9.0 |
| 2017-01-30 | CVE-2016-6270 | Command Injection vulnerability in Trendmicro Virtual Mobile Infrastructure 5.0 The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/. | 9.0 |
| 2016-04-12 | CVE-2016-3987 | Improper Access Control vulnerability in Trendmicro Password Manager The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. | 10.0 |
| 2010-08-31 | CVE-2010-3189 | Code Injection vulnerability in Trendmicro Internet Security 2010 The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer. | 9.3 |
| 2008-08-27 | CVE-2008-2433 | Use of Insufficiently Random Values vulnerability in Trendmicro products The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. | 9.8 |