CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 1CVE-2022-25331
https://notcve.org/view.php?id=CVE-2022-25331
24 Feb 2022 — Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process. Unas excepciones no capturadas que pueden generarse en Trend Micro ServerProtection Information Server versión 6.0/5.8, podrían permitir a un atacante remoto bloquear el proceso • https://success.trendmicro.com/solution/000290507 •
CVSS: 9.8EPSS: 3%CPEs: 6EXPL: 1CVE-2022-25330
https://notcve.org/view.php?id=CVE-2022-25330
24 Feb 2022 — Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution. Unas condiciones de desbordamiento de enteros que se presentan en Trend Micro ServerProtect Information Server versión 6.0/5.8, podrían permitir a un atacante remoto bloquear el proceso o lograr una ejecución de código remota • https://success.trendmicro.com/solution/000290507 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 2%CPEs: 6EXPL: 0CVE-2022-25329
https://notcve.org/view.php?id=CVE-2022-25329
24 Feb 2022 — Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated actions. Trend Micro ServerProtect Information Server versión 6.0/5.8, usa una credencial estática para llevar a cabo la autenticación cuando es escrito un comando específico en la consola. Un atacante remoto no aut... • https://success.trendmicro.com/solution/000290507 • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 14%CPEs: 5EXPL: 0CVE-2021-36745 – Trend Micro ServerProtect Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-36745
26 Sep 2021 — A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentication on affected installations. Una vulnerabilidad en Trend Micro ServerProtect for Storage versión 6.0, ServerProtect for EMC Celerra versión 5.8, ServerProtect for Network Appliance Filers versión 5.8 y ServerProtect for Microsoft Windows / Novell Netwar... • https://success.trendmicro.com/jp/solution/000289030 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 5.5EPSS: 0%CPEs: 39EXPL: 0CVE-2021-25252
https://notcve.org/view.php?id=CVE-2021-25252
03 Mar 2021 — Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. La API Virus Scan (VSAPI) y el Advanced Threat Scan Engine (ATSE) de Trend Micro, son susceptibles a una vulnerabilidad de agotamiento de la memoria que puede conllevar a una denegación de servicio o a un congelamiento del sistema si es explotada por un atacante usando ... • https://success.trendmicro.com/solution/000285675 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25224 – Trend Micro ServerProtect splx_manual_scan Memory Exhaustion Denial-Of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-25224
27 Jan 2021 — A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de agotamiento de la memoria en Trend Micro ServerProtect para Linux versión 3.0, podría permitir a un atacante ... • https://success.trendmicro.com/solution/000284207 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25225 – Trend Micro ServerProtect splx_schedule_scan Memory Exhaustion Denial-Of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-25225
27 Jan 2021 — A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de agotamiento de la memoria en Trend Micro ServerProtect para Linux versión 3.0, podría permitir a un atacan... • https://success.trendmicro.com/solution/000284207 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25226 – Trend Micro ServerProtect vsapiapp Memory Exhaustion Denial-Of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-25226
27 Jan 2021 — A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de agotamiento de la memoria en Trend Micro ServerProtect para Linux versión 3.0, podría permitir a un atacante ... • https://success.trendmicro.com/solution/000284207 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28575 – Trend Micro ServerProtect ioctlMod Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-28575
24 Nov 2020 — A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability. Una vulnerabilidad de escalada de privilegios de desbordamiento de búfer en la región heap de la memoria en Trend Micro ServerProtect para Linux versión 3.0, puede permitir a un atacante escalar privilegio... • https://success.trendmicro.com/solution/000281950 • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 2%CPEs: 1EXPL: 0CVE-2020-24561
https://notcve.org/view.php?id=CVE-2020-24561
15 Sep 2020 — A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. An attacker must first obtain admin/root privileges on the SPLX console to exploit this vulnerability. Una vulnerabilidad de inyección de comandos en Trend Micro ServerProtect para Linux versión 3.0, podría permitir a un atacante ejecutar código arbitrario en un sistema afectado. Un atacante debe primero obtener privilegios admin/root en la consola SPLX p... • https://success.trendmicro.com/solution/000268419 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •