CVE-2021-25252
https://notcve.org/view.php?id=CVE-2021-25252
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. La API Virus Scan (VSAPI) y el Advanced Threat Scan Engine (ATSE) de Trend Micro, son susceptibles a una vulnerabilidad de agotamiento de la memoria que puede conllevar a una denegación de servicio o a un congelamiento del sistema si es explotada por un atacante usando un archivo especialmente diseñado • https://success.trendmicro.com/solution/000285675 • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-14090
https://notcve.org/view.php?id=CVE-2017-14090
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted. Existe una vulnerabilidad en Trend Micro ScanMail for Exchange 12.0 en la que algunas comunicaciones con los servidores de actualización no están codificadas. • https://success.trendmicro.com/solution/1118486 https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities • CWE-326: Inadequate Encryption Strength •
CVE-2017-14091
https://notcve.org/view.php?id=CVE-2017-14091
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory. Existe una vulnerabilidad en Trend Micro ScanMail for Exchange 12.0 en la que ciertas instalaciones específicas que emplean una característica poco común (Other Update Sources) podrían ser explotadas para sobrescribir archivos sensibles en el directorio ScanMail for Exchange. • https://success.trendmicro.com/solution/1118486 https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2017-14093
https://notcve.org/view.php?id=CVE-2017-14093
The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks. Las páginas Log Query y Quarantine Query en Trend Micro ScanMail for Exchange 12.0 son vulnerables a ataques de Cross-Site Scripting (XSS). • https://success.trendmicro.com/solution/1118486 https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-14092
https://notcve.org/view.php?id=CVE-2017-14092
The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain. La falta de tokens Anti-CSRF en os formularios de la interfaz web de Trend Micro ScanMail for Exchange 12.0 podría permitir que un atacante envíe peticiones autenticadas cuando un usuario autenticado navega por un dominio controlado por el atacante. • https://success.trendmicro.com/solution/1118486 https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities • CWE-352: Cross-Site Request Forgery (CSRF) •