Vulnerabilities (CVE)

Filtered by vendor Trendmicro Subscribe
Filtered by product Scanmail
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-25252 7 Apple, Emc, Linux and 4 more 25 Macos, Celerra Network Attached Storage, Linux Kernel and 22 more 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
CVE-2019-14688 2 Microsoft, Trendmicro 9 Windows, Control Manager, Endpoint Sensor and 6 more 2024-11-21 5.1 MEDIUM 7.0 HIGH
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run.
CVE-2017-14093 1 Trendmicro 1 Scanmail 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks.
CVE-2017-14092 1 Trendmicro 1 Scanmail 2024-11-21 6.8 MEDIUM 8.8 HIGH
The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.
CVE-2017-14091 1 Trendmicro 1 Scanmail 2024-11-21 7.6 HIGH 7.5 HIGH
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory.
CVE-2017-14090 1 Trendmicro 1 Scanmail 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.