← Back

Trendmicro

trendmicro

559 CVEs • 105 products

Products (105)

Click to collapse
Toggle
Apex One
apex_one
164 CVEs
Officescan
officescan
71 CVEs
Worry Free Business Security
worry-free_business_security
58 CVEs
Apex Central
apex_central
35 CVEs
Interscan Web Security Virtual Appliance
interscan_web_security_virtual_appliance
29 CVEs
Worry Free Business Security Services
worry-free_business_security_services
25 CVEs
Control Manager
control_manager
22 CVEs
Mobile Security
mobile_security
21 CVEs
Email Encryption Gateway
email_encryption_gateway
19 CVEs
Antivirus+
antivirus+
18 CVEs
Serverprotect
serverprotect
18 CVEs
Internet Security
internet_security
17 CVEs
Password Manager
password_manager
15 CVEs
Deep Security Agent
deep_security_agent
15 CVEs
Interscan Messaging Security Virtual Appliance
interscan_messaging_security_virtual_appliance
13 CVEs
Smart Protection Server
smart_protection_server
13 CVEs
Maximum Security
maximum_security
13 CVEs
Premium Security
premium_security
13 CVEs
Threat Discovery Appliance
threat_discovery_appliance
12 CVEs
Maximum Security 2020
maximum_security_2020
12 CVEs
Internet Security 2020
internet_security_2020
11 CVEs
Premium Security 2020
premium_security_2020
11 CVEs
Housecall
housecall
9 CVEs
Trend Micro Endpoint Encryption
trend_micro_endpoint_encryption
9 CVEs
Trend Micro Antivirus
trend_micro_antivirus
8 CVEs
Security
security
8 CVEs
Maximum Security 2019
maximum_security_2019
8 CVEs
Deep Security
deep_security
7 CVEs
Internet Security 2019
internet_security_2019
7 CVEs
Premium Security 2019
premium_security_2019
7 CVEs
Housecall For Home Networks
housecall_for_home_networks
7 CVEs
Maximum Security 2022
maximum_security_2022
7 CVEs
Deep Discovery Inspector
deep_discovery_inspector
6 CVEs
Scanmail
scanmail
6 CVEs
Antivirus + Security
antivirus_+_security
6 CVEs
Antivirus+ Security 2020
antivirus+_security_2020
6 CVEs
Antivirus For Mac 2017
antivirus_for_mac_2017
5 CVEs
Antivirus For Mac 2018
antivirus_for_mac_2018
5 CVEs
Antivirus For Mac 2019
antivirus_for_mac_2019
5 CVEs
Antivirus + Security 2019
antivirus_+_security_2019
5 CVEs
Vulnerability Protection
vulnerability_protection
5 CVEs
Maximum Security 2021
maximum_security_2021
5 CVEs
Home Network Security
home_network_security
5 CVEs
Trend Vision One
trend_vision_one
5 CVEs
Deep Security Manager
deep_security_manager
4 CVEs
Officescan Cloud
officescan_cloud
4 CVEs
Serverprotect For Storage
serverprotect_for_storage
4 CVEs
Interscan Messaging Security Suite
interscan_messaging_security_suite
3 CVEs
Endpoint Sensor
endpoint_sensor
3 CVEs
Deep Discovery Director
deep_discovery_director
3 CVEs
Antivirus+ 2020
antivirus+_2020
3 CVEs
Officescan Business Security
officescan_business_security
3 CVEs
Antivirus+ Security 2021
antivirus+_security_2021
3 CVEs
Internet Security 2021
internet_security_2021
3 CVEs
Premium Security 2021
premium_security_2021
3 CVEs
Serverprotect For Network Appliance Filer
serverprotect_for_network_appliance_filer
3 CVEs
Interscan Web Security Suite
interscan_web_security_suite
2 CVEs
Deep Discovery Email Inspector
deep_discovery_email_inspector
2 CVEs
Officescan Xg
officescan_xg
2 CVEs
Dr. Safety
dr._safety
2 CVEs
Anti Threat Toolkit
anti-threat_toolkit
2 CVEs
Antivirus + Security 2020
antivirus_+_security_2020
2 CVEs
Im Security
im_security
2 CVEs
Portable Security
portable_security
2 CVEs
Safe Lock
safe_lock
2 CVEs
Antivirus+ 2019
antivirus+_2019
2 CVEs
Cloud Edge
cloud_edge
2 CVEs
Maximum Security 2023
maximum_security_2023
2 CVEs
Antivirus One
antivirus_one
2 CVEs
Client Server Messaging Suite
client_server_messaging_suite
1 CVE
Trend Micro Internet Security
trend_micro_internet_security
1 CVE
Internet Security 2010
internet_security_2010
1 CVE
Tmeext.sys
tmeext.sys
1 CVE
Virtual Mobile Infrastructure
virtual_mobile_infrastructure
1 CVE
Encryption For Email
encryption_for_email
1 CVE
Endpoint Application Control
endpoint_application_control
1 CVE
Officescan Monthly
officescan_monthly
1 CVE
Apex One As A Service
apex_one_as_a_service
1 CVE
Business Security
business_security
1 CVE
Ransom Buster
ransom_buster
1 CVE
Deep Security As A Service
deep_security_as_a_service
1 CVE
Antivirus Toolkit
antivirus_toolkit
1 CVE
Officescan Business Security Service
officescan_business_security_service
1 CVE
Online Scan
online_scan
1 CVE
Rootkit Buster
rootkit_buster
1 CVE
Deep Discovery Analyzer
deep_discovery_analyzer
1 CVE
Portal Protect
portal_protect
1 CVE
Scanmail For Ibm Domino
scanmail_for_ibm_domino
1 CVE
Serverprotect For Network Appliance Filers
serverprotect_for_network_appliance_filers
1 CVE
Security For Best Buy
security_for_best_buy
1 CVE
Antivirus+ Security
antivirus+_security
1 CVE
Antivirus For Mac
antivirus_for_mac
1 CVE
Vpn Proxy One Pro
vpn_proxy_one_pro
1 CVE
Txone Stellarone
txone_stellarone
1 CVE
Antivirus+ Security 2022
antivirus+_security_2022
1 CVE
Internet Security 2022
internet_security_2022
1 CVE
Premium Security 2022
premium_security_2022
1 CVE
Antivirus+ Security 2023
antivirus+_security_2023
1 CVE
Internet Security 2023
internet_security_2023
1 CVE
Premium Security 2023
premium_security_2023
1 CVE

CVEs (559)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2016-9315
1Trendmicro
1Interscan Web Security Virtual Appliance
May 13, 2026
Feb 21, 2017
N/A· v4
8.8 HIGH· v3
4.0 MEDIUM· v2
Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticat...Show more
Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. This was resolved in Version 6.5 CP 1737.Show less
CVE-2016-9314
1Trendmicro
1Interscan Web Security Virtual Appliance
May 13, 2026
Feb 21, 2017
N/A· v4
7.8 HIGH· v3
4.0 MEDIUM· v2
Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users...Show more
Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. This backup file contains sensitive information like passwd/shadow files, RSA certificates, Private Keys and Default Passphrase, etc. This was resolved in Version 6.5 CP 1737.Show less
CVE-2016-9269
1Trendmicro
1Interscan Web Security Virtual Appliance
May 13, 2026
Feb 21, 2017
N/A· v4
9.9 CRITICAL· v3
9.0 HIGH· v2
Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with le...Show more
Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality. This was resolved in Version 6.5 CP 1737.Show less
CVE-2016-6270
1Trendmicro
1Virtual Mobile Infrastructure
May 13, 2026
Jan 30, 2017
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell...Show more
The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/.Show less
CVE-2016-6269
1Trendmicro
1Smart Protection Server
May 13, 2026
Jan 30, 2017
N/A· v4
9.1 CRITICAL· v3
7.5 HIGH· v2
Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via th...Show more
Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php.Show less
CVE-2016-6268
1Trendmicro
1Smart Protection Server
May 13, 2026
Jan 30, 2017
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the So...Show more
Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory.Show less
CVE-2016-6267
1Trendmicro
1Smart Protection Server
May 13, 2026
Jan 30, 2017
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1)...Show more
SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php.Show less
CVE-2016-6266
1Trendmicro
1Smart Protection Server
May 13, 2026
Jan 30, 2017
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters...Show more
ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action.Show less
CVE-2016-1226
1Trendmicro
1Internet Security
May 6, 2026
Jun 19, 2016
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1225
1Trendmicro
1Internet Security
May 6, 2026
Jun 19, 2016
N/A· v4
6.5 MEDIUM· v3
5.0 MEDIUM· v2
Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2016-1224
1Trendmicro
2Worry Free Business Security
Worry Free Business Security Services
May 6, 2026
Jun 19, 2016
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) at...Show more
CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors.Show less
CVE-2016-1223
1Trendmicro
3Officescan
Worry Free Business SecurityWorry Free Business Security Services
May 6, 2026
Jun 19, 2016
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2016-4351
1Trendmicro
1Email Encryption Gateway
May 6, 2026
May 5, 2016
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-3987
1Trendmicro
1Password Manager
May 6, 2026
Apr 12, 2016
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.
CVE-2015-2873
1Trendmicro
1Deep Discovery Inspector
May 6, 2026
Aug 23, 2015
N/A· v4
N/A· v3
5.5 MEDIUM· v2
Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attacker...Show more
Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL.Show less
CVE-2015-2872
1Trendmicro
1Deep Discovery Inspector
May 6, 2026
Aug 23, 2015
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x bef...Show more
Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allow remote attackers to inject arbitrary web script or HTML via (1) crafted input to index.php that is processed by certain Internet Explorer 7 configurations or (2) crafted input to the widget feature.Show less
CVE-2014-9641
1Trendmicro
1Tmeext.sys
May 6, 2026
Feb 6, 2015
N/A· v4
N/A· v3
7.2 HIGH· v2
The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x...Show more
The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222400 IOCTL call.Show less
CVE-2014-8510
1Trendmicro
1Interscan Web Security Virtual Appliance
May 6, 2026
Nov 7, 2014
N/A· v4
N/A· v3
4.0 MEDIUM· v2
The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving filter...Show more
The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving filters.Show less
CVE-2014-3922
1Trendmicro
1Interscan Messaging Security Virtual Appliance
May 6, 2026
May 30, 2014
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr par...Show more
Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss.Show less
CVE-2012-2996
1Trendmicro
1Interscan Messaging Security Suite
Apr 29, 2026
Sep 17, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allows remote attackers to hijack the authentication of administrators for...Show more
Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allows remote attackers to hijack the authentication of administrators for requests that create admin accounts via a saveAuth action.Show less