Vulnerabilities > Trendmicro > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-25 | CVE-2018-6233 | Classic Buffer Overflow vulnerability in Trendmicro products A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222060 by the tmnciesc.sys driver. | 7.2 |
| 2018-05-25 | CVE-2018-6232 | Classic Buffer Overflow vulnerability in Trendmicro products A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x22205C by the tmnciesc.sys driver. | 7.2 |
| 2018-03-15 | CVE-2018-6231 | OS Command Injection vulnerability in Trendmicro Smart Protection Server A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations. | 7.5 |
| 2018-03-15 | CVE-2018-6230 | SQL Injection vulnerability in Trendmicro Email Encryption Gateway 5.5 A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system. | 8.3 |
| 2018-03-15 | CVE-2018-6222 | OS Command Injection vulnerability in Trendmicro Email Encryption Gateway 5.5 Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system. | 7.2 |
| 2018-03-15 | CVE-2018-6220 | Injection vulnerability in Trendmicro Email Encryption Gateway 5.5 An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems. | 7.5 |
| 2018-02-09 | CVE-2018-3601 | Improper Authentication vulnerability in Trendmicro Control Manager 6.0 A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations. | 7.5 |
| 2018-01-19 | CVE-2017-14094 | Injection vulnerability in Trendmicro Smart Protection Server 3.0/3.1/3.2 A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system. | 7.5 |
| 2017-12-16 | CVE-2017-14091 | Insufficient Verification of Data Authenticity vulnerability in Trendmicro Scanmail 12.0 A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory. | 7.6 |
| 2017-10-06 | CVE-2017-14089 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan 11.0/12.0 An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues. | 7.5 |