CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25224 – Trend Micro ServerProtect splx_manual_scan Memory Exhaustion Denial-Of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-25224
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de agotamiento de la memoria en Trend Micro ServerProtect para Linux versión 3.0, podría permitir a un atacante local diseñar archivos específicos que pueden causar una denegación de servicio en el producto afectado. El fallo específico se presenta dentro de un componente de escaneo manual. • https://success.trendmicro.com/solution/000284207 https://www.zerodayinitiative.com/advisories/ZDI-21-085 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25225 – Trend Micro ServerProtect splx_schedule_scan Memory Exhaustion Denial-Of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-25225
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de agotamiento de la memoria en Trend Micro ServerProtect para Linux versión 3.0, podría permitir a un atacante local diseñar archivos específicos que pueden causar una denegación de servicio en el producto afectado. El fallo específico se presenta dentro de un componente de escaneo programado. • https://success.trendmicro.com/solution/000284207 https://www.zerodayinitiative.com/advisories/ZDI-21-086 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25226 – Trend Micro ServerProtect vsapiapp Memory Exhaustion Denial-Of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-25226
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de agotamiento de la memoria en Trend Micro ServerProtect para Linux versión 3.0, podría permitir a un atacante local diseñar archivos específicos que pueden causar una denegación de servicio en el producto afectado. El fallo específico se presenta dentro de un componente de motor de escaneo. • https://success.trendmicro.com/solution/000284207 https://www.zerodayinitiative.com/advisories/ZDI-21-087 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28575 – Trend Micro ServerProtect ioctlMod Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-28575
A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability. Una vulnerabilidad de escalada de privilegios de desbordamiento de búfer en la región heap de la memoria en Trend Micro ServerProtect para Linux versión 3.0, puede permitir a un atacante escalar privilegios en las instalaciones afectadas. Un atacante primero debe obtener la capacidad de ejecutar código muy privilegiado en el objetivo a fin de explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro ServerProtect. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ioctlMod function. • https://success.trendmicro.com/solution/000281950 https://www.zerodayinitiative.com/advisories/ZDI-20-1378 • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24561
https://notcve.org/view.php?id=CVE-2020-24561
A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. An attacker must first obtain admin/root privileges on the SPLX console to exploit this vulnerability. Una vulnerabilidad de inyección de comandos en Trend Micro ServerProtect para Linux versión 3.0, podría permitir a un atacante ejecutar código arbitrario en un sistema afectado. Un atacante debe primero obtener privilegios admin/root en la consola SPLX para explotar esta vulnerabilidad • https://success.trendmicro.com/solution/000268419 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •