CVSS: 5.5EPSS: 0%CPEs: 39EXPL: 0CVE-2021-25252
https://notcve.org/view.php?id=CVE-2021-25252
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. La API Virus Scan (VSAPI) y el Advanced Threat Scan Engine (ATSE) de Trend Micro, son susceptibles a una vulnerabilidad de agotamiento de la memoria que puede conllevar a una denegación de servicio o a un congelamiento del sistema si es explotada por un atacante usando un archivo especialmente diseñado • https://success.trendmicro.com/solution/000285675 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.0EPSS: 0%CPEs: 12EXPL: 0CVE-2019-14688
https://notcve.org/view.php?id=CVE-2019-14688
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run. Trend Micro ha reempaquetado instaladores para varios productos de Trend Micro que usaron una versión de un paquete de instalación que tenía una vulnerabilidad de secuestro de DLL, que podría ser explotada durante la instalación de un nuevo producto. Se encontró que la vulnerabilidad SOLO es explotable durante la instalación inicial del producto por parte de un usuario autorizado. • https://success.trendmicro.com/solution/1123562 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14090
https://notcve.org/view.php?id=CVE-2017-14090
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted. Existe una vulnerabilidad en Trend Micro ScanMail for Exchange 12.0 en la que algunas comunicaciones con los servidores de actualización no están codificadas. • https://success.trendmicro.com/solution/1118486 https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities • CWE-326: Inadequate Encryption Strength •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14091
https://notcve.org/view.php?id=CVE-2017-14091
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory. Existe una vulnerabilidad en Trend Micro ScanMail for Exchange 12.0 en la que ciertas instalaciones específicas que emplean una característica poco común (Other Update Sources) podrían ser explotadas para sobrescribir archivos sensibles en el directorio ScanMail for Exchange. • https://success.trendmicro.com/solution/1118486 https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14092
https://notcve.org/view.php?id=CVE-2017-14092
The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain. La falta de tokens Anti-CSRF en os formularios de la interfaz web de Trend Micro ScanMail for Exchange 12.0 podría permitir que un atacante envíe peticiones autenticadas cuando un usuario autenticado navega por un dominio controlado por el atacante. • https://success.trendmicro.com/solution/1118486 https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities • CWE-352: Cross-Site Request Forgery (CSRF) •