Vulnerabilities > Trendmicro > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-31 | CVE-2016-9319 | Improper Certificate Validation vulnerability in Trendmicro Mobile Security 9.7 There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. | 5.9 |
| 2017-03-21 | CVE-2017-5565 | Uncontrolled Search Path Element vulnerability in Trendmicro products Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Trend Micro process via a "DoubleAgent" attack. | 6.7 |
| 2017-02-21 | CVE-2016-9316 | Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages. | 5.4 |
| 2016-06-19 | CVE-2016-1226 | Cross-site Scripting vulnerability in Trendmicro Internet Security 10.0/8.0 Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-06-19 | CVE-2016-1225 | Information Exposure vulnerability in Trendmicro Internet Security 10.0/8.0 Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors. | 6.5 |
| 2016-06-19 | CVE-2016-1224 | Cross-site Scripting vulnerability in Trendmicro products CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors. | 6.1 |
| 2016-06-19 | CVE-2016-1223 | Path Traversal vulnerability in Trendmicro products Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors. | 5.3 |