CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 1CVE-2022-25331
https://notcve.org/view.php?id=CVE-2022-25331
24 Feb 2022 — Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process. Unas excepciones no capturadas que pueden generarse en Trend Micro ServerProtection Information Server versión 6.0/5.8, podrían permitir a un atacante remoto bloquear el proceso • https://success.trendmicro.com/solution/000290507 •
CVSS: 9.8EPSS: 3%CPEs: 6EXPL: 1CVE-2022-25330
https://notcve.org/view.php?id=CVE-2022-25330
24 Feb 2022 — Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution. Unas condiciones de desbordamiento de enteros que se presentan en Trend Micro ServerProtect Information Server versión 6.0/5.8, podrían permitir a un atacante remoto bloquear el proceso o lograr una ejecución de código remota • https://success.trendmicro.com/solution/000290507 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 2%CPEs: 6EXPL: 0CVE-2022-25329
https://notcve.org/view.php?id=CVE-2022-25329
24 Feb 2022 — Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated actions. Trend Micro ServerProtect Information Server versión 6.0/5.8, usa una credencial estática para llevar a cabo la autenticación cuando es escrito un comando específico en la consola. Un atacante remoto no aut... • https://success.trendmicro.com/solution/000290507 • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 14%CPEs: 5EXPL: 0CVE-2021-36745 – Trend Micro ServerProtect Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-36745
26 Sep 2021 — A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentication on affected installations. Una vulnerabilidad en Trend Micro ServerProtect for Storage versión 6.0, ServerProtect for EMC Celerra versión 5.8, ServerProtect for Network Appliance Filers versión 5.8 y ServerProtect for Microsoft Windows / Novell Netwar... • https://success.trendmicro.com/jp/solution/000289030 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 5.5EPSS: 0%CPEs: 39EXPL: 0CVE-2021-25252
https://notcve.org/view.php?id=CVE-2021-25252
03 Mar 2021 — Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. La API Virus Scan (VSAPI) y el Advanced Threat Scan Engine (ATSE) de Trend Micro, son susceptibles a una vulnerabilidad de agotamiento de la memoria que puede conllevar a una denegación de servicio o a un congelamiento del sistema si es explotada por un atacante usando ... • https://success.trendmicro.com/solution/000285675 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.2EPSS: 0%CPEs: 25EXPL: 0CVE-2020-8607
https://notcve.org/view.php?id=CVE-2020-8607
05 Aug 2020 — An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.... • https://jvn.jp/en/vu/JVNVU99160193/index.html • CWE-20: Improper Input Validation •
CVSS: 7.0EPSS: 0%CPEs: 12EXPL: 0CVE-2019-14688
https://notcve.org/view.php?id=CVE-2019-14688
20 Feb 2020 — Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run. Trend Micro ha reempaquetado instaladores para varios... • https://success.trendmicro.com/solution/1123562 • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 25%CPEs: 2EXPL: 0CVE-2007-0072
https://notcve.org/view.php?id=CVE-2007-0072
17 Nov 2008 — Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a read operation over RPC. Desbordamiento de búfer basado en montículo en un procedimiento no especificado en Trend Micro ServerProtect 5.7 y 5.58 permite a atacantes remotos ejecutar código de su elección mediante vectores desconocidos, posiblemente relacionados con una operación de lectura sobre RPC. • http://blogs.iss.net/archive/trend.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 25%CPEs: 2EXPL: 0CVE-2007-0073
https://notcve.org/view.php?id=CVE-2007-0073
17 Nov 2008 — Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a file read operation over RPC. Desbordamiento de búfer en memoria libre para la reserva dinámica (heap) en un procedimiento no especificado de Trend Micro ServerProtect 5.7 y 5.58 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, posiblemente relacionados con una operación de lectur... • http://blogs.iss.net/archive/trend.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 25%CPEs: 2EXPL: 0CVE-2007-0074
https://notcve.org/view.php?id=CVE-2007-0074
17 Nov 2008 — Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a folder read operation over RPC. Desbordamiento de búfer en un procedimiento no especificado en Trend Micro ServerProtect 5.7 y 5.58 permite a atacantes remotos ejecutar código de su elección mediante vectores desconocidos, posiblemente relacionados con una operación de lectura de carpeta sobre RPC. • http://blogs.iss.net/archive/trend.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •