CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-24565 – Trend Micro Apex One scanServer64 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-24565
25 Sep 2020 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of SYSTEM. • https://success.trendmicro.com/solution/000271974 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25770 – Trend Micro Apex One scanServer64 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-25770
25 Sep 2020 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of SYSTEM. • https://success.trendmicro.com/solution/000271974 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-24562 – Trend Micro OfficeScan Hard Link Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-24562
25 Sep 2020 —  Este CVE es similar, pero no idéntico a CVE-2020-24556 This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro OfficeScan. ... An attacker can leverage this vulnerability to escalate privileges and execute code as an administrator. • https://success.trendmicro.com/solution/000263633 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25771 – Trend Micro Apex One scanServer64 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-25771
25 Sep 2020 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of SYSTEM. • https://success.trendmicro.com/solution/000271974 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-24563 – Trend Micro Apex One Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-24563
25 Sep 2020 — Un atacante primero debe obtener la capacidad de ejecutar código poco privilegiado sobre el objetivo a fin de explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. • https://success.trendmicro.com/solution/000271974 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-24564 – Trend Micro Apex One Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-24564
25 Sep 2020 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of SYSTEM. • https://success.trendmicro.com/solution/000271974 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25772 – Trend Micro Apex One scanServer64 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-25772
25 Sep 2020 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of SYSTEM. • https://success.trendmicro.com/solution/000271974 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-15840
https://notcve.org/view.php?id=CVE-2020-15840
24 Sep 2020 — In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs. En Liferay Portal versiones anteriores a 7.3.1, Liferay Portal versión 6.2 EE y Liferay DXP versión 7.2, DXP ??versión 7.1 y DXP versión 7.0, la propiedad "portlet.resource.id.banned.paths.regexp" puede ser omitida con unas URL codificadas duplicadas. • https://issues.liferay.com/browse/LPE-17046 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25603 – Ubuntu Security Notice USN-5617-1
https://notcve.org/view.php?id=CVE-2020-25603
23 Sep 2020 — An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or escalate privileges. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25596 – Ubuntu Security Notice USN-5617-1
https://notcve.org/view.php?id=CVE-2020-25596
23 Sep 2020 — An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or escalate privileges. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •