Lucene search
+L
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/05/09 12:0 a.m.47 views

JVN#39605485: The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries

The installer of The Public Certification Service for Individuals "The JPKI user's software" provided by Japan Agency for Local Authority Information Systems J-LIS contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be...

7.3CVSS7.3AI score0.00505EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/14 12:0 a.m.47 views

JVN#01537659: WN-AC1167GR vulnerable to cross-site scripting

WN-AC1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AC1167GR contains a stored cross-site scripting vulnerability CWE-79. Impact If a user accesses a malicious URL while logged in, an arbitrary script may be executed on the user's web browser. Solution Update the Firmware...

5.4CVSS5.3AI score0.00891EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/09/29 12:0 a.m.47 views

JVN#50347324: ManageEngine ServiceDesk Plus vulnerable to cross-site scripting

ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus contains a stored cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on a web browser of a user that is logged in. Solution Update the software Upda...

5.4CVSS5.2AI score0.01927EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/06/07 12:0 a.m.47 views

JVN#03188560: Apache Struts 1 vulnerability that allows unintended remote operations against components on memory

The Apache Sturts 1 ActionForm contains a vulnerability which allows unintended remote operations against components on server memory, such as Servlets and ClassLoader, when the following 2 conditions are met: Condition 1: When the following ActionForm including its subclasses are in the session...

8.1CVSS8.5AI score0.13122EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/05/30 12:0 a.m.47 views

JVN#18975349: Multiple access restriction bypass vulnerabilities in Cybozu Garoon

Cybozu Garoon is a groupware. Cybozu Garoon contains multiple access restriction bypass vulnerabilities below. Operation restriction bypass in the mail function - CVE-2016-1188 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2|...

8.1CVSS7AI score0.0123EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/07/09 12:0 a.m.47 views

JVN#78187936: Cacti vulnerable to cross-site scripting

Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing parameters in settings.php. Impact If a user views a malicious page while logged in, an arbitrary script may be executed on the...

4.3CVSS5.3AI score0.01846EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/18 12:0 a.m.47 views

JVN#83881261: Ruby on Rails library Paperclip vulnerable to cross-site scripting

Paperclip provided by thoughtbot is a library to upload files in Ruby on Rails. Paperclip contains a persistent cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to t...

4.3CVSS8.8AI score0.02121EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/05 12:0 a.m.47 views

JVN#79284156: NetFlow Analyzer vulnerable to cross-site request forgery

NetFlow Analyzer provided by Zoho Corporation is a traffic analysis tool. NetFlow Analyzer contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, various administrative functions may be performed. Solution Update the software build and apply...

6.8CVSS6.3AI score0.02009EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/03/24 12:0 a.m.47 views

JVN#86448949: The Validator in TERASOLUNA Server Framework for Java(WEB) vulnerable to input validation bypass

The Validator in Apache Struts 1.1 and later contains a function MPV -- Multi Page Validator to efficiently define rules for input validation across multiple pages during screen transitions. The MPV contains a vulnerability where input validation may be bypassed. When the Apache Struts 1 Validato...

7.5CVSS7.6AI score0.21261EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/03/20 12:0 a.m.47 views

JVN#39175666: MP Form Mail CGI eCommerce edition vulnerable to code injection

MP Form Mail CGI eCommerce edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce edition contains a code injection vulnerability. Impact Arbitrary Perl code may be executed on the server where it resides. Solution Update the software Update to...

7.5CVSS6.7AI score0.02443EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/12/02 12:0 a.m.47 views

JVN#67792023: Multiple improper data validation vulnerabilities in Syslink driver for Texas Instruments OMAP mobile processors

The OMAP mobile processor provided by Texas Instruments is used in some Android tablets, smartphones and other devices. The Syslink driver for some OMAP mobile processors is used to implement the communication of processes between the host and slave processors. The Syslink driver contains multipl...

4.6CVSS7.3AI score0.00377EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/12/02 12:0 a.m.47 views

JVN#71762315: LG Electronics mobile access routers lack access restrictions

LG Electronics mobile access routers provided by NTT DOCOMO, INC. lack access restrictions in the web administration interface. Impact An attacker that can access the device may bypass authentication and obtain information stored on the device. Solution Apply an Update Apply the update according ...

5CVSS6.4AI score0.01354EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/01/22 12:0 a.m.47 views

JVN#51770585: EC-CUBE vulnerable to authorization bypass

EC-CUBE from EC-CUBE CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an authorization bypass vulnerability CWE-639. Impact A user of the affected shopping website may obtain other users' information by sending a crafted HTTP request. Solution Apply the update or...

9.1CVSS9.1AI score0.02245EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/07/17 12:0 a.m.47 views

JVN#07497769: Oracle Outside In vulnerable to buffer overflow

Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a buffer overflow vulnerability. Impact When Oracle Outside In processes a specially crafted Ichitaro Word Processor file, arbitrary code may be executed. Solution Apply an update Update to the latest version...

6.8CVSS6.8AI score0.01385EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/07/13 12:0 a.m.47 views

JVN#46088915: Yahoo! Browser vulnerable in the WebView class

Yahoo! Browser is a web browser for Android devices. Yahoo! Browser contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Update the software Update t...

4.3CVSS6.1AI score0.01204EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/10/31 12:0 a.m.47 views

JVN#56667137: Multiple SKYARC System Co., Ltd. products vulnerable to cross-site request forgery

MTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged into MTCMS or a Movable Type implementation with any of the plugins from "Products Affected" running, information...

6.8CVSS6.4AI score0.00586EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/03/10 12:0 a.m.47 views

JVN#81294135: IBM Tivoli vulnerable to denial-of-service (DoS)

IBM Tivoli contains a denial-of-service DoS vulnerability due to an issue in Java Runtime Environment JRE. Impact A remote attacker may cause a denial-of-service DoS. Solution Apply a patch Apply the appropriate patch according to the information provided by the developer. Products Affected A wid...

5CVSS8.6AI score0.2349EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/02/23 12:0 a.m.47 views

JVN#38362957: Lunascape may insecurely load executable files

Lunascape is a web browser. Lunascape loads certain executables when using the "script" function. Lunascape contain an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution Upda...

6.2CVSS7.2AI score0.00285EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/02/02 12:0 a.m.47 views

JVN#33880169: Opera may insecurely load executable files

Opera loads certain executables .exe when opening the folder where downloaded contents are stored. Opera contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of running the application. Solution Update...

7.6CVSS6.9AI score0.04513EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/09/26 12:0 a.m.47 views

JVN#54824688 phpMyAdmin cross-site scripting vulnerability

phpMyAdmin provided by The phpMyAdmin Project is software to handle the administration of MySQL over the web browser. phpMyAdmin contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. According to the developer, Microsoft Internet...

4.3CVSS5.3AI score0.01865EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/09/05 12:0 a.m.47 views

JVN#62868899 7-ZIP32.DLL buffer overflow vulnerability

7-ZIP32.DLL is an open source library for compression and decompression supporting 7z, zip, and some other format files. 7-ZIP32.DLL is based on "Integrated Archiver API Specification", and called from the compression/decompression software. 7-ZIP32.DLL contains a buffer overflow vulnerability. I...

6.8CVSS7.8AI score0.05556EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/06/18 12:0 a.m.47 views

JVN#95019167 Internet Explorer vulnerable in handling MHTML protocol

When Internet Explorer accesses a website using MHTML MIME Encapsulation of Aggregate HTML, Internet Explorer processes the contents as MHTML data, ignoring their actual content types, and it does not properly handle the Content-Disposition header field. This could cause a dialog box not to be...

4.3CVSS6.1AI score0.2504EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/04/03 12:0 a.m.46 views

JVN#59547048: WinRAR vulnerable to the symbolic link based "Mark of the Web" check bypass

WinRAR provided by RARLAB contains a vulnerability that bypasses the "Mark of the Web" CWE-356 security warning function for files when opening a symbolic link that points to an executable file. In the initial Windows configuration, only administrators have the privilege to create symbolic links...

6.8CVSS7.5AI score0.01233EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/01/16 12:0 a.m.46 views

JVN#63383723: Drupal vulnerable to improper handling of structural elements

Drupal provided by Drupal.org contains an improper handling of structural elements vulnerability CWE-237. Impact An attacker may be able to cause a denial-of-service DoS condition. Solution Update the Software Update the software to the latest version 10 series according to the information provid...

7.5CVSS7.2AI score0.00791EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/10/18 12:0 a.m.46 views

JVN#95981460: Improper restriction of XML external entity references (XXE) in Proself

Proself provided by North Grid Corporation improperly restricts XML external entity references XXE CWE-611. The developer states that attacks exploiting this vulnerability have been observed. Impact By processing a specially crafted request containing malformed XML data, arbitrary files on the...

7.5CVSS7.7AI score0.03542EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/10/06 12:0 a.m.46 views

JVN#15808274: e-Gov Client Application fails to restrict custom URL schemes properly

e-Gov Client Application is installed, a Custom URL Scheme is configured on the system to enable invoking the product through a web browser. This custom URL contains the information about the website which the product should access, and a crafted URL may direct the application to access an...

4.3CVSS4.5AI score0.00355EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/05/15 12:0 a.m.46 views

JVN#01093915: Multiple vulnerabilities in WordPress Plugin "MW WP Form" and "Snow Monkey Forms"

WordPress Plugin "MW WP Form" and "Snow Monkey Forms" provided by Monkey Wrench Inc. contain multiple vulnerabilities listed below. Directory traversal CWE-22 - CVE-2023-28408 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L| Base Score: 7.2 CVSS v2|...

9.8CVSS9.8AI score0.02021EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/12/21 12:0 a.m.46 views

JVN#43561812: +Message App improper handling of Unicode control characters

+Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links CWE-451. Impact A spoofed URL may be displayed and phishing attacks may be...

5.4CVSS5.1AI score0.00488EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/05 8:44 a.m.46 views

Multiple vulnerabilities in Buffalo network devices

Overview Multiple network devices provided by Buffalo Inc. contain multiple vulnerabilities listed below. Hidden Functionality CWE-912 - CVE-2022-39044 Use of Hard-coded Credentials CWE-798 - CVE-2022-34840 Authentication Bypass CWE-288 - CVE-2022-4096 Chuya Hayakawa of 00One, Inc. reported these...

8.8CVSS7.7AI score0.01435EPSS
Exploits1References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/07 12:0 a.m.46 views

JVN#95898697: Multiple ESET products for macOS vulnerable to improper server certificate verification

Multiple ESET products for macOS are vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to alter the data received by the affected products. Solution Update the software Update the software to the latest version according to the...

5.9CVSS5.4AI score0.0166EPSS
Exploits4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/25 12:0 a.m.46 views

JVN#70100915: Multiple vulnerabilities in TransmitMail

TransmitMail is a PHP based mail form system. TransmitMail contains multiple vulnerabilities listed below. Directory traversal vulnerability due to the improper validation of external input values CWE-22 - CVE-2022-22146 Version| Vector| Score ---|---|--- CVSS v3|...

7.5CVSS7.1AI score0.02001EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/19 12:0 a.m.46 views

JVN#64806328: Canon laser printers and small office multifunctional printers vulnerable to cross-site scripting

Multiple Canon laser printers and small office multifunctional printers contain a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the product settings screen. Solution Update the firmware Update the...

4.8CVSS4.9AI score0.00842EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/11/24 12:0 a.m.46 views

JVN#27806339: NETGEAR GS108Ev3 vulnerable to cross-site request forgery

GS108Ev3 switching hub provided by NETGEAR contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in to the management screen of the device, the product's settings may be changed without the user's intention or consent. Solution Update th...

6.5CVSS6.4AI score0.00628EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/11/05 12:0 a.m.46 views

JVN#00414047: Studyplus App uses a hard-coded API key for an external service

Studyplus App provided by Studyplus Inc. uses a hard-coded API key for an external service CWE-798. Impact API key for an external service may be obtained by analyzing data in the app. Note that a user is not directly affected by this vulnerability. Solution Update the Application Update the...

5.5CVSS5.2AI score0.00271EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/24 12:0 a.m.46 views

JVN#40039627: Chrome Extension for e-Tax Reception System vulnerable to arbitrary command execution

Chrome Extension for e-Tax Reception System provided by National Tax Agency is an extension to use the e-Tax Reception System on Google Chrome and/or Chromium-based versions of Microsoft Edge. When a user runs a Chrome Extension for e-Tax Reception System, a specially crafted parameter by an...

8.8CVSS8.7AI score0.01587EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/13 12:0 a.m.46 views

JVN#85056623: Installer of SoundEngine Free may insecurely load Dynamic Link Libraries

Installer of SoundEngine Free contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer Use the latest installer...

9.3CVSS7.7AI score0.01119EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 12:0 a.m.46 views

JVN#87226910: WebProxy vulnerable to directory traversal

WebProxy provided by LunarNight Laboratory is software for creating a proxy server. WebProxy contains a directory traversal vulnerability CWE-22 due to a flaw in processing certain requests. Impact A remote attacker may create an arbitrary file on the server where the product is running. Solution...

7.5CVSS7.4AI score0.02344EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/25 5:50 a.m.46 views

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2017-10842 Arbitary files may be deleted - CVE-2017-10843 Arbitary PHP code execution - CVE-2017-10844 Shoji Baba reported the vulnerabilities to IPA. JPCERT/CC...

9.8CVSS8.9AI score0.01766EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/09 12:0 a.m.46 views

JVN#67305782: Installer of CASL II simulator(self-extract format) may insecurely load Dynamic Link Libraries

Installer of CASL II simulatorself-extract format provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoking t...

7.8CVSS7.7AI score0.00911EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/06 12:0 a.m.46 views

JVN#01404851: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Impact When accessing a specially crafted URL, an arbitrary code may...

8.8CVSS8.9AI score0.01507EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/10 12:0 a.m.46 views

JVN#87770873: CS-Cart Japanese Edition vulnerable to cross-site request forgery

​CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition contains a cross-site request forgery CWE-352 vulnerability. Impact If a consumer views a malicious page while logged in, an unintended item may be purchased. Solution Update the Software Update to the latest...

8.8CVSS8.7AI score0.01031EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/12/22 5:26 a.m.46 views

BlueZ userland utilities vulnerable to buffer overflow

Overview BlueZ provides a Bluetooth protocol stack for Linux kernel and userland utilities. parseline function used in some userland utilities contains a buffer overflow vulnerability. Hiroki MATSUKUMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with...

7.8CVSS7.4AI score0.00556EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/12/12 12:0 a.m.46 views

JVN#16781735: Multiple access restriction bypass vulnerabilities in Cybozu Dezie

Cybozu Dezie contains multiple access restriction bypass vulnerabilities listed below. Access restriction bypass to download DBM files - CVE-2016-7832 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 5.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:N/A:N| Bas...

7.5CVSS6.6AI score0.01804EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/04/22 12:0 a.m.46 views

JVN#00324715: Electron may insecurely load Node modules

Electron is a software framework for developing cross-platformm desktop applications with web technologies, such as HTML, CSS, JavaScript with Chromium and Node.js. Electron is used in applications such as Atom editor, Microsoft Visual Studio Code, etc.. Electron contains a flaw where the search...

7.8CVSS7.5AI score0.00431EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/01/15 12:0 a.m.46 views

JVN#45928828: H2O vulnerable to HTTP header injection

H2O is an open source web server software. H2O contains an HTTP header injection vulnerability. Impact An HTTP response splitting attack may result in arbitrary cookie values. Solution Update the Software Update to the latest version according to the information provided by the developer. Product...

4.3CVSS4.2AI score0.01459EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/12/25 12:0 a.m.46 views

JVN#51250073: CG-WLNCM4G may behave as an open resolver

CG-WLNCM4G provided by Corega Inc is a network camera. CG-WLNCM4G contains an issue where it may behave as an open resolver. Impact The device may be leveraged for use in a DNS amplification attack and unknowingly become a part of a DDoS attack. Solution Do not use CG-WLNCM4G As of December 25,...

5.8CVSS5.5AI score0.01599EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/07/15 12:0 a.m.46 views

JVN#42024228: Cybozu Garoon CGI vulnerable to remote command execution

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon CGI contains a remote command execution vulnerability. Impact An arbitrary command may be executed on the server where Cybozu Garoon resides. Solution Update the Software Update to the latest version according to the information...

10CVSS6.6AI score0.0324EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/06/25 12:0 a.m.46 views

JVN#36259412: Web Kyukincho vulnerable to cross-site request forgery

Web Kyukincho provided by Intercom, Inc. is a software that digitizes and distributes a pay statement and others. Web Kyukincho contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Update the...

6.8CVSS6.2AI score0.00636EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/09/25 12:0 a.m.46 views

JVN#93344001: ATOK for Android issue in the access permissions for the learning information file

ATOK for Android provided by JUST Systems contains an issue where another application may access the learning information file which stores user input strings. Impact If a user of the affected product uses other malicious Android application, the learning information file may be obtained. Solutio...

4.3CVSS6AI score0.01204EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/09/07 12:0 a.m.46 views

JVN#59652356: Cybozu KUNAI for Android vulnerable in the WebView class

Cybozu KUNAI is a mobile client software for using Cybozu. Cybozu KUNAI for Android contains a vulnerability in the WebView class. Impact When there is a malicious file in the user's Android device, clicking a file:// hyperlink may lead to the malicious file being opened and information managed b...

4.3CVSS6.2AI score0.01191EPSS
Exploits0
Total number of security vulnerabilities5000