CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-15363 – Trend Micro Maximum Security ID_AMSP_MASTER Out-Of-Bounds Read Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-15363
An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Una vulnerabilidad de lectura fuera de límites y de escalado de privilegios en productos Trend Micro Security 2018 (Consumer) podría permitir que un atacante local escale privilegios en instalaciones vulnerables. En primer lugar, un atacante debe obtener la habilidad para ejecutar código de bajos privilegios en el sistema objetivo para explotar esta vulnerabilidad. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Maximum Security. • https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx https://www.zerodayinitiative.com/advisories/ZDI-18-963 • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15364 – Trend Micro OfficeScan Named Pipe Request Processing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-15364
A Named Pipe Request Processing Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro OfficeScan XG (12.0) could allow a local attacker to disclose sensitive information on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Una vulnerabilidad de procesamiento de peticiones de tuberías nombradas, lectura fuera de límites y divulgación de información en Trend Micro OfficeScan XG (12.0) podría permitir que un atacante local revele información sensible en instalaciones vulnerables. En primer lugar, un atacante debe obtener la habilidad para ejecutar código de bajos privilegios en el sistema objetivo para explotar esta vulnerabilidad. This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Trend Micro OfficeScan. • https://success.trendmicro.com/solution/1120678 https://www.zerodayinitiative.com/advisories/ZDI-18-964 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-10514 – Trend Micro Maximum Security ID_AMSP_MASTER Missing Impersonation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-10514
A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Una vulnerabilidad de falta de suplantación y de escalado de privilegios en productos Trend Micro Security 2018 (Consumer) podría permitir que un atacante local escale privilegios en instalaciones vulnerables. En primer lugar, un atacante debe obtener la habilidad para ejecutar código de bajos privilegios en el sistema objetivo para explotar esta vulnerabilidad. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Maximum Security. • https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx https://www.zerodayinitiative.com/advisories/ZDI-18-962 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-10512
https://notcve.org/view.php?id=CVE-2018-10512
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS). Una vulnerabilidad en Trend Micro Control Manager (versiones 6.0 y 7.0) podría permitir que un atacante manipule un .dll proxy inverso en instalaciones vulnerables, lo que podría conducir a una denegación de servicio (DoS). • https://success.trendmicro.com/solution/1120112 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-10511
https://notcve.org/view.php?id=CVE-2018-10511
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations. Una vulnerabilidad en Trend Micro Control Manager (versiones 6.0 y 7.0) podría permitir que un atacante lleve a cabo un ataque de SSRF (Server-Side Request Forgery) en instalaciones vulnerables. • https://success.trendmicro.com/solution/1120112 • CWE-918: Server-Side Request Forgery (SSRF) •