CVSS: 5.5EPSS: 0%CPEs: 39EXPL: 0CVE-2021-25252
https://notcve.org/view.php?id=CVE-2021-25252
03 Mar 2021 — Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. La API Virus Scan (VSAPI) y el Advanced Threat Scan Engine (ATSE) de Trend Micro, son susceptibles a una vulnerabilidad de agotamiento de la memoria que puede conllevar a una denegación de servicio o a un congelamiento del sistema si es explotada por un atacante usando ... • https://success.trendmicro.com/solution/000285675 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.0EPSS: 0%CPEs: 12EXPL: 0CVE-2019-14688
https://notcve.org/view.php?id=CVE-2019-14688
20 Feb 2020 — Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run. Trend Micro ha reempaquetado instaladores para varios... • https://success.trendmicro.com/solution/1123562 • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2019-7003 – ACM SQL Injection
https://notcve.org/view.php?id=CVE-2019-7003
11 Jul 2019 — A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated. Una vulnerabilidad de inyección SQL en el componente de reportes de Avaya Control Manager, podría permitir a un atacante no autenticado ejecu... • http://www.securityfocus.com/bid/109134 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 0CVE-2018-10510
https://notcve.org/view.php?id=CVE-2018-10510
15 Aug 2018 — A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations. Una vulnerabilidad de salto de directorio por ejecución remota de código en Trend Micro Control Manager (versiones 6.0 y 7.0) podría permitir que un atacante ejecute código arbitrario en instalaciones vulnerables. • https://success.trendmicro.com/solution/1120112 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-10511
https://notcve.org/view.php?id=CVE-2018-10511
15 Aug 2018 — A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations. Una vulnerabilidad en Trend Micro Control Manager (versiones 6.0 y 7.0) podría permitir que un atacante lleve a cabo un ataque de SSRF (Server-Side Request Forgery) en instalaciones vulnerables. • https://success.trendmicro.com/solution/1120112 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-10512
https://notcve.org/view.php?id=CVE-2018-10512
15 Aug 2018 — A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS). Una vulnerabilidad en Trend Micro Control Manager (versiones 6.0 y 7.0) podría permitir que un atacante manipule un .dll proxy inverso en instalaciones vulnerables, lo que podría conducir a una denegación de servicio (DoS). • https://success.trendmicro.com/solution/1120112 •
CVSS: 9.8EPSS: 31%CPEs: 118EXPL: 0CVE-2007-0851
https://notcve.org/view.php?id=CVE-2007-0851
08 Feb 2007 — Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable. Un desbordamiento de búfer en Trend Micro Scan Engine versiones 8.000 y 8.300 anteriores al archivo de patrones de virus versión 4.245.00, tal y como es usado en otros productos como Cyber Clean Center (CCC) Cleaner, permite a atacantes remotos ejecuta... • http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289 •