Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2017-11379 | Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1. | 7.5 | 0.21% | 2017-08-01 | 2026-05-13 |
| CVE-2017-11380 | Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1. | 9.8 | 0.85% | 2017-08-01 | 2026-05-13 |
| CVE-2017-11381 | A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console. | 9.8 | 18.47% | 2017-08-01 | 2026-05-13 |
| CVE-2017-11383 | SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560. | 9.8 | 6.80% | 2017-08-02 | 2026-05-13 |
| CVE-2017-11384 | SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561. | 9.8 | 6.80% | 2017-08-02 | 2026-05-13 |
| CVE-2017-11385 | SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545. | 9.8 | 6.80% | 2017-08-02 | 2026-05-13 |
| CVE-2017-11386 | SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZDI-CAN-4549. | 9.8 | 6.80% | 2017-08-02 | 2026-05-13 |
| CVE-2017-11387 | Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512. | 7.5 | 2.09% | 2017-08-02 | 2026-05-13 |
| CVE-2017-11388 | SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638. | 8.8 | 5.88% | 2017-08-02 | 2026-05-13 |
| CVE-2017-11389 | Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684. | 9.8 | 7.21% | 2017-08-02 | 2026-05-13 |
| CVE-2017-11390 | XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706. | 7.5 | 0.57% | 2017-08-02 | 2026-05-13 |
| CVE-2017-11382 | Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Formerly ZDI-CAN-4350. | 7.5 | 1.12% | 2017-08-03 | 2026-05-13 |
| CVE-2017-11391 | Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744. | 8.8 | 81.39% | 2017-08-03 | 2026-05-13 |
| CVE-2017-11392 | Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745. | 8.8 | 73.94% | 2017-08-03 | 2026-05-13 |
| CVE-2017-11393 | Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543. | 9.8 | 8.43% | 2017-08-03 | 2026-05-13 |
| CVE-2017-11394 | Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544. | 9.8 | 80.67% | 2017-08-03 | 2026-05-13 |
| CVE-2017-11395 | Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations. | 8.8 | 7.94% | 2017-09-22 | 2026-05-13 |
| CVE-2017-11396 | Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections. | 7.2 | 0.88% | 2017-09-22 | 2026-05-13 |
| CVE-2017-14078 | SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | 9.8 | 66.33% | 2017-09-22 | 2026-05-13 |
| CVE-2017-14079 | Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | 8.8 | 10.20% | 2017-09-22 | 2026-05-13 |