Vulnerabilities > Trendmicro > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-03-31 CVE-2016-9319 Improper Certificate Validation vulnerability in Trendmicro Mobile Security 9.7
There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398.
network
high complexity
trendmicro CWE-295
5.9
2017-03-21 CVE-2017-5565 Uncontrolled Search Path Element vulnerability in Trendmicro products
Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Trend Micro process via a "DoubleAgent" attack.
local
low complexity
trendmicro CWE-427
6.7
2017-02-21 CVE-2016-9316 Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance
Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages.
network
low complexity
trendmicro CWE-79
5.4
2016-06-19 CVE-2016-1226 Cross-site Scripting vulnerability in Trendmicro Internet Security 10.0/8.0
Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
trendmicro CWE-79
6.1
2016-06-19 CVE-2016-1225 Information Exposure vulnerability in Trendmicro Internet Security 10.0/8.0
Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors.
network
low complexity
trendmicro CWE-200
6.5
2016-06-19 CVE-2016-1224 Cross-site Scripting vulnerability in Trendmicro products
CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors.
network
low complexity
trendmicro CWE-79
6.1
2016-06-19 CVE-2016-1223 Path Traversal vulnerability in Trendmicro products
Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors.
network
low complexity
trendmicro CWE-22
5.3