Trend Micro

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-5840 1Trend Micro 1Deep Discovery Inspector May 6, 2026 Jun 30, 2016 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Con...Show more hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.Show less
CVE-2016-3664 1Trend Micro 1Mobile Security May 6, 2026 May 23, 2016 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive informa...Show more Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive information via a crafted certificate.Show less
CVE-2015-3326 1Trend Micro 1Scanmail May 6, 2026 May 14, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which...Show more Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack.Show less
CVE-2012-2998 1Trend Micro 1Control Manager Apr 29, 2026 Sep 28, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-5001 1Trend Micro 1Control Manager Apr 29, 2026 Dec 25, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbit...Show more Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101.Show less
CVE-2008-3866 1Trend Micro 3Internet Security 2007 Internet Security 2008Officescan Apr 23, 2026 Jan 21, 2009 N/A· v4 N/A· v3 4.6 MEDIUM· v2 The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies o...Show more The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.Show less
CVE-2008-3865 1Trend Micro 3Internet Security 2007 Internet Security 2008Officescan Apr 23, 2026 Jan 21, 2009 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Intern...Show more Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.Show less
CVE-2008-3864 1Trend Micro 3Internet Security 2007 Internet Security 2008Officescan Apr 23, 2026 Jan 21, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, all...Show more The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.Show less
CVE-2008-2435 1Trend Micro 1Housecall Apr 23, 2026 Dec 23, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback fu...Show more Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function.Show less
CVE-2008-2434 1Trend Micro 1Housecall Apr 23, 2026 Dec 23, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOT...Show more The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder.Show less
CVE-2008-5545 1Trend Micro 1Trend Micro Antivirus Apr 23, 2026 Dec 12, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the b...Show more Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.Show less
CVE-2008-0014 1Trend Micro 1Serverprotect Apr 23, 2026 Nov 17, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a d...Show more Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0013.Show less
CVE-2008-0013 1Trend Micro 1Serverprotect Apr 23, 2026 Nov 17, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a d...Show more Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0014.Show less
CVE-2008-0012 1Trend Micro 1Serverprotect Apr 23, 2026 Nov 17, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a d...Show more Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0013 and CVE-2008-0014.Show less
CVE-2007-0074 1Trend Micro 1Serverprotect Apr 23, 2026 Nov 17, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a folder read operation over RPC...Show more Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a folder read operation over RPC.Show less
CVE-2007-0073 1Trend Micro 1Serverprotect Apr 23, 2026 Nov 17, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a file read operation over RPC.
CVE-2007-0072 1Trend Micro 1Serverprotect Apr 23, 2026 Nov 17, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a read operation over RPC.
CVE-2006-5269 1Trend Micro 1Serverprotect Apr 23, 2026 Nov 17, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, probably related to an RPC interface.
CVE-2006-5268 1Trend Micro 1Serverprotect Apr 23, 2026 Nov 17, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via vectors related to obtaining "administrative access to the RPC interface."
CVE-2008-3862 1Trend Micro 1Officescan Apr 23, 2026 Oct 23, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary...Show more Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to "parsing CGI requests."Show less

12 3 4 5 6 Next