NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2017-11379 | Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1. | 7.5 | 0.21% | 2017-08-01 | 2026-05-13 |
| CVE-2017-11380 | Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1. | 9.8 | 0.85% | 2017-08-01 | 2026-05-13 |
| CVE-2017-11381 | A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console. | 9.8 | 18.47% | 2017-08-01 | 2026-05-13 |
| CVE-2017-11382 | Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Formerly ZDI-CAN-4350. | 7.5 | 1.12% | 2017-08-03 | 2026-05-13 |
| CVE-2017-11383 | SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560. | 9.8 | 6.80% | 2017-08-02 | 2026-05-13 |
| CVE-2017-11384 | SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561. | 9.8 | 6.80% | 2017-08-02 | 2026-05-13 |
| CVE-2017-11385 | SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545. | 9.8 | 6.80% | 2017-08-02 | 2026-05-13 |
| CVE-2017-11386 | SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZDI-CAN-4549. | 9.8 | 6.80% | 2017-08-02 | 2026-05-13 |
| CVE-2017-11387 | Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512. | 7.5 | 2.09% | 2017-08-02 | 2026-05-13 |
| CVE-2017-11388 | SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638. | 8.8 | 5.88% | 2017-08-02 | 2026-05-13 |
| CVE-2017-11389 | Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684. | 9.8 | 7.21% | 2017-08-02 | 2026-05-13 |
| CVE-2017-11390 | XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706. | 7.5 | 0.57% | 2017-08-02 | 2026-05-13 |
| CVE-2017-11391 | Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744. | 8.8 | 81.39% | 2017-08-03 | 2026-05-13 |
| CVE-2017-11392 | Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745. | 8.8 | 73.94% | 2017-08-03 | 2026-05-13 |
| CVE-2017-11393 | Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543. | 9.8 | 8.43% | 2017-08-03 | 2026-05-13 |
| CVE-2017-11394 | Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544. | 9.8 | 80.67% | 2017-08-03 | 2026-05-13 |
| CVE-2017-11395 | Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations. | 8.8 | 7.94% | 2017-09-22 | 2026-05-13 |
| CVE-2017-11396 | Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections. | 7.2 | 0.88% | 2017-09-22 | 2026-05-13 |
| CVE-2017-11397 | A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system. | 7.8 | 0.51% | 2017-12-16 | 2026-05-13 |
| CVE-2017-11398 | A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system. | 8.8 | 5.35% | 2018-01-19 | 2024-11-21 |