Lucene search

K

Scanmail Security Vulnerabilities

cve
cve

CVE-2021-25252

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted...

5.5CVSS

5.4AI Score

0.0004EPSS

2021-03-03 04:15 PM
32
cve
cve

CVE-2019-14688

Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial...

7CVSS

6.9AI Score

0.001EPSS

2020-02-20 11:15 PM
71
cve
cve

CVE-2017-14091

A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange...

7.5CVSS

8.3AI Score

0.003EPSS

2017-12-16 02:29 AM
32
cve
cve

CVE-2017-14092

The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled...

8.8CVSS

8.8AI Score

0.001EPSS

2017-12-16 02:29 AM
34
cve
cve

CVE-2017-14093

The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS)...

6.1CVSS

7.2AI Score

0.001EPSS

2017-12-16 02:29 AM
26
cve
cve

CVE-2017-14090

A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not...

9.1CVSS

9.1AI Score

0.003EPSS

2017-12-16 02:29 AM
27
cve
cve

CVE-2015-3326

Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute...

7.1AI Score

0.003EPSS

2015-05-14 12:59 AM
28
cve
cve

CVE-2003-1343

Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly...

7.5AI Score

0.05EPSS

2007-10-14 07:00 PM
19
cve
cve

CVE-2007-0851

Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed...

7.8AI Score

0.397EPSS

2007-02-08 06:28 PM
22
cve
cve

CVE-2005-0533

Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a...

7.9AI Score

0.215EPSS

2005-05-02 04:00 AM
19
cve
cve

CVE-2004-1003

Trend ScanMail allows remote attackers to obtain potentially sensitive information or disable the anti-virus capability via the smency.nsf...

6.2AI Score

0.087EPSS

2005-03-01 05:00 AM
21
cve
cve

CVE-2001-0586

TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local attacker to recover the administrative credentials for ScanMail via a combination of unprotected registry keys and weakly encrypted...

6.8AI Score

0.0004EPSS

2002-03-09 05:00 AM
22