CVSS: 5.5EPSS: 0%CPEs: 39EXPL: 0CVE-2021-25252
https://notcve.org/view.php?id=CVE-2021-25252
03 Mar 2021 — Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. La API Virus Scan (VSAPI) y el Advanced Threat Scan Engine (ATSE) de Trend Micro, son susceptibles a una vulnerabilidad de agotamiento de la memoria que puede conllevar a una denegación de servicio o a un congelamiento del sistema si es explotada por un atacante usando ... • https://success.trendmicro.com/solution/000285675 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 1%CPEs: 3EXPL: 0CVE-2016-1223
https://notcve.org/view.php?id=CVE-2016-1223
19 Jun 2016 — Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x y Worry-Free Business Security 9.0 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. • http://esupport.trendmicro.com/solution/ja-JP/1114102.aspx • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1224
https://notcve.org/view.php?id=CVE-2016-1224
19 Jun 2016 — CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en Trend Micro Worry-Free Business Security Service 5.x y Worry-Free Business Security 9.0 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques XSS a través de vectores no especificados. • http://esupport.trendmicro.com/solution/ja-JP/1114102.aspx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 12%CPEs: 4EXPL: 0CVE-2008-2433
https://notcve.org/view.php?id=CVE-2008-2433
27 Aug 2008 — The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. NOTE: this can be leveraged for code execution through an unspecified "manipulation of the configuration." La consola de administración web en Trend Micro OfficeScan 7.0 hasta 8.0, Worry-Free Business Security 5.0,... • http://secunia.com/advisories/31373 • CWE-330: Use of Insufficiently Random Values •