18 matches found
Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla. Of these, 14 have been classified as high, seven have been classified as moderate, and one has been rated low in severity. The issues were addressed in...
Cleartext transmission issue in TONE store App to TONE store
Overview TONE store App provided by DREAM TRAIN INTERNET INC. contains a cleartext transmission issue to TONE store website CWE-419. Kodai Karakawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...
Wiz at Re:Inforce 2023
See what is new with Wiz at Re:Inforce and learn about how Wiz and AWS continue to strengthen a strategic relationship to secure customers’ AWS environments...
AttacheCase may insecurely load Dynamic Link Libraries
Overview AttacheCase may insecurely load Dynamic Link Libraries. AttacheCase is an open source file encryption software provided by HiBARA Software. AttacheCase contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Taizoh Tsukamoto of...
Open source protection that security teams will love
Open source code is the gateway to quick application deployment – see how Trend Micro and Snyk have partnered up to create developer-friendly security for your open source components...
How To Build a Better Bug Bounty Program
Editor’s Note: Sam Bocetta, a guest author on the Carbon Black blog, is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyber warfare, cyber defense, and cryptography. Every software company in the world, regardless of whether the...
Partner Perspectives: From Alert to Action: How VMRay Provides Carbon Black with Detail-Rich Threat Intelligence
Good things happen when two leaders in their respective fields bring together their complementary capabilities. That’s the case with Carbon Black’s deep expertise in endpoint detection and response EDR and VMRay’s singular focus on dynamic malware analysis. The sum ends up being even greater than...
RBB SPEED TEST App fails to verify SSL server certificates
Overview RBB SPEED TEST App provided by IID, Inc. fails to verify SSL server certificates. DigiGnome reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attacker to...
Cross-site request forgery vulnerability in Toshiba Lighting & Technology Corporation Home gateway
Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains cross-site request forgery. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
Multiple cross-site scripting vulnerabilities in Webmin
Overview Webmin contains multiple cross-site scripting vulnerabilities CWE-79 due to issues in outputting error messages into a HTML page and the function to edit the database. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...
Cybozu Office vulnerable to denial-of-service (DoS)
Overview Cybozu Office contains a denial-of-service DoS vulnerability. Shuichi Uruma reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information...
simple chat vulnerable to cross-site scripting
Overview simple chat provided by Let's PHP! contains a cross-site scripting vulnerability CWE-79. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...
DMM.com Securities FX Apps for Android fail to verify SSL server certificates
Overview Multiple Android Applications provided by DMM.com Securities Co.,Ltd. fail to verify SSL server certificates. Gaku Taniguchi of RiskFinder,inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...
ANA App fails to verify SSL server certificates
Overview ANA App provided by ALL NIPPON AIRWAYS CO., LTD fails to verify SSL server certificates. AOKI Keiichi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attacker...
"Honda Moto LINC" App for Android fails to verify SSL server certificates
Overview "Honda Moto LINC" App for Android fails to verify SSL server certificates. Yasuyuki KOBAYASHI reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attacker to...
"Restaurant Karaoke SHIDAX" App for Android fails to verify SSL server certificates
Overview "Restaurant Karaoke SHIDAX" App for Android fails to verify SSL server certificates. Yasuyuki KOBAYASHI reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attack...
Loctouch for Android vulnerable in handling of implicit intents
Overview Loctouch for Android contains a vulnerability in the handling of implicit intents. Loctouch provided by NHN Japan, is an application that logs location information. Loctouch for Android contains a vulnerability in the handling of implicit intents. Gaku Mochizuki of Mitsui Bussan Secure...
Redmine vulnerable to cross-site scripting
Overview Redmine contains a cross-site scripting vulnerability. Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Yoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...