Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/09/19 12:0 a.m.•45 views

JVN#27443259: Internet Explorer vulnerable to arbitrary code execution

Internet Explorer contains a vulnerability that may allow arbitrary code execution. According to Microsoft, targeted attacks that attempt to exploit this vulnerability have been confirmed but are limited. Impact If a user views a specially crafted web page, an arbitrary code may be executed...

9.3CVSS9AI score0.8593EPSS
Exploits18
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/08/21 12:0 a.m.•45 views

JVN#24713981: PHP OpenID Library vulnerable to XML external entity injection

The PHP OpenID Library contains an XML external entity injection vulnerability. Impact When processing specially crafted XRDS data, information on the server may be disclosed or server resources may be consumed excessively. Solution Apply a Patch The source code in the repository has been fixed...

7.5CVSS6.3AI score0.02997EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/11/02 12:0 a.m.•45 views

JVN#39563771: Pebble vulnerable to HTTP header injection

Pebble is an open source weblog system. Pebble contains an HTTP header injection vulnerability. Impact Forged information may be displayed on the user's web browser, arbitrary scripts may be executed or arbitrary values may be set for cookies. Solution Update the software Update to the latest...

4.3CVSS6.7AI score0.01168EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/07/30 12:0 a.m.•45 views

JVN#51769987: Yahoo! Toolbar (for Chrome, Safari) vulnerable to toolbar alteration

Yahoo! Toolbar for Chrome, Safari contains a vulnerability where the toolbar may be altered when visiting a specially crafted web page. Impact A remote attacker may alter the toolbar. As a result, keywords entered in the toolbar may be leaked to a third party. Solution Update the software Update ...

5.8CVSS6.1AI score0.01276EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/13 12:0 a.m.•45 views

JVN#93406632: Redmine vulnerable to cross-site scripting

Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affecte...

4.3CVSS5.5AI score0.01822EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/15 12:0 a.m.•45 views

JVN#05255562: Multiple vulnerabilities in products that use the Preboot Execution Environment (PXE) SDK

Products that use the PXE SDK sample code provided by Intel contain directory traversal and buffer overflow vulnerabilities. Impact Information stored by the product using the PXE SDK sample code may be viewed, or arbitrary code may be executed. Solution Update the software Update according to th...

10CVSS2.4AI score0.05531EPSS
Exploits4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/28 12:0 a.m.•45 views

JVN#72640744: Multiple D-Link products vulnerable to buffer overflow

Multiple D-Link products contain a buffer overflow vulnerability due to a SSH implementation issue. Impact A remote attacker may cause a denial of service DoS or execute arbitrary code. Solution Update the Firmware Update to the latest version of firmware according to the information provided by...

10CVSS7.8AI score0.05465EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/01/21 12:0 a.m.•45 views

JVN#26605630: Cisco Linksys WRT54GC vulnerable to buffer overflow

Cisco Linksys WRT54GC provided by Cisco Systems is a network router. Cisco Linksys WRT54GC contains a buffer overflow vulnerability. Impact When processing a specially crafted HTTP request, the router may crash resulting in a denial-of-service DoS. Solution Update the software Update to the lates...

7.8CVSS6.8AI score0.02151EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/04/27 12:0 a.m.•45 views

JVN#36982346 MiniBBS22 from CGI RESCUE allows unauthorized email transmission

MiniBBS22 is a message board script provided by CGI RESCUE. MiniBBS22 contains a vulnerability which allows unauthorized email transmission regardless of the configuration. Impact A remote attacker may send any email to an arbitrary address. Solution Update the software Update to the latest versi...

5CVSS6.4AI score0.01173EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/12/19 12:0 a.m.•45 views

JVN#50327700 PHP vulnerable to cross-site scripting

PHP is an open source scripting language that is especially suited for Web development. PHP contains a cross-site scripting vulnerability as it does not properly handle errors. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest upda...

2.6CVSS8.9AI score0.01859EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/31 6:53 a.m.•44 views

Security information for Hitachi Disk Array Systems

Overview A vulnerability exists in the management software Storage Navigator of Hitachi Disk Array Systems that involves remote code execution vulnerability. CVE-2025-1978 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor...

9.8CVSS6.5AI score0.00547EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/31 12:0 a.m.•44 views

JVN#94132951: Cybozu Remote Service vulnerable to uncontrolled resource consumption

Cybozu Remote Service provided by Cybozu, Inc. is vulnerable to uncontrolled resource consumption CWE-400. Impact Certain operations performed by a logged-in user may lead to huge storage space consumption or significantly delayed communication. Solution Update the Software Update the software to...

6.5CVSS6.4AI score0.00616EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/03/08 12:0 a.m.•45 views

JVN#82424996: Multiple vulnerabilities in SEIKO EPSON printers/network interface Web Config

Web Config for printers/network interface provided by SEIKO EPSON CORPORATION contains multiple vulnerabilities listed below. Stored cross-site Scripting CWE-79 - CVE-2023-23572 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.8 CVSS v2|...

6.5CVSS6.5AI score0.00499EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/05 12:0 a.m.•44 views

JVN#16765254: Multiple code injection vulnerabilities in ruby-git

ruby-git is a Ruby library that can be used to create, read and operate Git repositories. ruby-git contains multiple code injection vulnerabilities CWE-94. Impact If a repository containing a specially crafted filename is loaded to the product, an arbitrary ruby code may be executed. Solution...

8.8CVSS8.1AI score0.0136EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/10/11 12:0 a.m.•44 views

JVN#40620121: The installer of Sony Content Transfer may insecurely load Dynamic Link Libraries

The installer of Content Transfer for Windows provided by Sony Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privileges of the installer. Solution Do not execute the...

7.8CVSS7.8AI score0.00204EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/02/17 12:0 a.m.•44 views

JVN#00095004: Multiple vulnerabilities in phpUploader

phpUploader provided by Dojin Club MICMNIS contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2022-24435 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 SQ...

7.5CVSS7.1AI score0.01664EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/12/20 12:0 a.m.•44 views

JVN#79798166: Multiple vulnerabilities in GroupSession

GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2021-20874 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N| Base Score: 7.5 CVSS v2|...

7.5CVSS7AI score0.01296EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/12/02 12:0 a.m.•44 views

JVN#09136401: Multiple missing authorization vulnerabilities in WordPress Plugin "Advanced Custom Fields"

WordPress Plugin "Advanced Custom Fields" provided by Delicious Brains contains multiple missing authorization vulnerabilities listed below. Missing authorization related to database browsing CWE-862 - CVE-2021-20865 Version| Vector| Score ---|---|--- CVSS v3|...

7.5CVSS6.9AI score0.02462EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/09/16 12:0 a.m.•44 views

JVN#23406150: EC-CUBE plugin "Order Status Batch Change Plug-in" vulnerable to cross-site scripting

EC-CUBE plugin "Order Status Batch Change Plug-in" provided by ActiveFusions Co., Ltd. contains a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by conducting a specific operation on the management page of EC-CUBE. Impact If a remote attacker injects a specially...

6.1CVSS6.1AI score0.00773EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/12 12:0 a.m.•44 views

JVN#44764844: MELSEC iQ-R Series CPU Modules vulnerable to uncontrolled resource consumption

MELSEC iQ-R series CPU modules provided by Mitsubishi Electric Corporation contain an uncontrolled resource consumption vulnerability CWE-400. According to the developer, in case of "To Use or Not to Use Web Server Settings" in the parameter of CPU modules are set to "Not Use", this issue does no...

7.5CVSS7.5AI score0.08397EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/08/26 12:0 a.m.•44 views

JVN#77402327: NITORI App fails to restrict access permissions

NITORI App provided by Nitori Holdings Co., Ltd. implements the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute the access...

6.1CVSS6.2AI score0.00842EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/02/20 12:0 a.m.•44 views

JVN#75453852: LINE for iOS fails to verify SSL server certificates

LINE for iOS provided by LINE Corporation fails to verify SSL server certificates due to the vulnerability existed in the Third Party SDK which is incorporated in the application. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. According to the...

5.9CVSS5.4AI score0.00603EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/17 12:0 a.m.•44 views

JVN#71104430: Installer of Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program may insecurely load Dynamic Link Libraries

Installer of Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege...

9.3CVSS7.6AI score0.01061EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/16 12:0 a.m.•44 views

JVN#96165722: WordPress plugin "WP Booking System" vulnerable to cross-site scripting

The WordPress plugin "WP Booking System" provided by WP Booking System contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user who logged-in as an administrator. Solution Update the plugin Update the plugin according to...

6.1CVSS6.1AI score0.01379EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/19 12:0 a.m.•44 views

JVN#86171513: SEIL Series routers vulnerable to denial-of-service (DoS)

The DNS forwarder, the PPP Access Concentrator L2TP and the MeasureiPerf server function in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to a flaw in processing certain packets. Impact Receiving a specially crafted packet may...

7.5CVSS7.4AI score0.01545EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/13 12:0 a.m.•44 views

JVN#62392065: WordPress plugin "WP Statistics" vulnerable to cross-site scripting

The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability CWE-79 in multiple pages due to a flaw in processing HTTP Referer headers. Impact An arbitrary script may be executed on the web browser of a user accessing the page generated by th...

6.1CVSS6AI score0.02603EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/16 12:0 a.m.•44 views

JVN#64800312: Splunk Enterprise and Splunk Light vulnerable to open redirect

Splunk Enterprise and Splunk Light contain an open redirect vulnerability. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the latest version...

6.1CVSS6.2AI score0.01432EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/12 12:0 a.m.•44 views

JVN#22978346: WN-G300R Series vulnerable to cross-site scripting

WN-G300R Series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R Series contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Apply the appropriate firmware update provide...

5.4CVSS5.3AI score0.00802EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/04 12:0 a.m.•44 views

JVN#88408929: Apache Struts vulnerable to cross-site scripting

Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Apache Struts is vulnerable to cross-site scripting when JSP files can be accessed directly. Impact An arbitrary script may be executed on the user's Internet Explorer when the...

6.1CVSS6.2AI score0.05618EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/10 12:0 a.m.•44 views

JVN#67540183: Simple Oekaki BBS vulnerable to cross-site scripting

Simple Oekaki BBS provided by LEMON-S PHP contains a persistent cross-site scripting CWE-79 vulnerability due to the processing of oekakis parameter in index.php. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version...

4.3CVSS5.9AI score0.01171EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/18 12:0 a.m.•44 views

JVN#22440986: Multiple Allied Telesis products vulnerable to buffer overflow

AR Router Series and Alliedware switches provided by Allied Telesis Group contain a buffer overflow vulnerability CWE-788 due to a flaw when processing a POST method. Impact Arbitrary code may be executed when processing a specially crafted HTTP request. Solution Update the Firmware Update to the...

10CVSS7AI score0.06131EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/02 12:0 a.m.•44 views

JVN#71762315: LG Electronics mobile access routers lack access restrictions

LG Electronics mobile access routers provided by NTT DOCOMO, INC. lack access restrictions in the web administration interface. Impact An attacker that can access the device may bypass authentication and obtain information stored on the device. Solution Apply an Update Apply the update according ...

5CVSS6.4AI score0.01354EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/24 12:0 a.m.•44 views

JVN#13154935: VMware ESX and ESXi may allow access to arbitrary files

VMware ESX and ESXi contain a vulnerability in the handling of Virtual Machine file descriptors, which may allow access to arbitrary ESX and ESXi files. Impact Users that have privileges to execute "Add New Disk" or "Add Existing Disk" in vCenter Server may obtain read and write access to arbitra...

4.4CVSS6.3AI score0.00353EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/17 12:0 a.m.•44 views

JVN#53768697: Android OS vulnerable to arbitrary Java method execution

Android OS contains a vulnerability where an arbitrary Java method may be executed. Impact When viewing a specially crafted page using the standard Android browser or an other application that uses the WebView class, Android OS may be rebooted or arbitrary code may be executed without intent from...

9.3CVSS6.4AI score0.42623EPSS
Exploits6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/12/21 12:0 a.m.•44 views

JVN#33159152: Loctouch for Android information management vulnerability

Loctouch provided by NHN Japan, is an application that logs location information. Loctouch for Android contains an information management vulnerability. Impact Android applications with permission to read system log files may obtain log information stored by the product that are intended to be...

2.6CVSS6AI score0.00992EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/10/26 12:0 a.m.•44 views

JVN#00322303: Tokyo BBS vulnerable to cross-site scripting

Tokyo BBS provided by Come on Girls Interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply a patch Apply the patch according to the information provided by the developer. The developer is no longer distributing...

4.3CVSS5.8AI score0.01808EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/08/30 12:0 a.m.•44 views

JVN#51615542: Adobe Reader fails to properly handle signatures

Adobe Reader contains an issue where it may fail to properly verify RSA signatures. Impact An attacker may be able to forge an RSA signature on a PDF document. Solution Update the software Update to the latest version according to the information provided by the developer. Note that this issue wa...

4.3CVSS7AI score0.04894EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/09 12:0 a.m.•44 views

JVN#94002296: FFFTP may insecurely load executable files

FFFTP contains an issue when loading files, which may insecurely load executables or other files. This vulnerability is different from JVN62336482. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution Update the software Update to the latest versio...

9.3CVSS7.2AI score0.02192EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/10 12:0 a.m.•44 views

JVN#80404511: Windows URL Protocol Handler may insecurely load executable files

Windows URL Protocol Handler loads a specified executable for each protocol. Windows URL Protocol Handler contains an issue with the file search path, which may insecurely load executable files. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution...

9.3CVSS6.8AI score0.3434EPSS
Exploits5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/03/04 12:0 a.m.•44 views

JVN#26301278: IBM WebSphere Application Server vulnerable to denial-of-service (DoS)

IBM WebSphere Application Server contains a denial-of-service DoS vulnerability due to an issue in Java Runtime Environment JRE. Impact A remote attacker may cause a denial-of-service DoS. Solution Apply a patch Apply the appropriate patch according to the information provided by the developer...

5CVSS9.1AI score0.2349EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/09/20 12:0 a.m.•44 views

JVN#40940493 Webmin and Usermin authentication bypass vulnerability

Impact A remote attacker could bypass Webmin and Usermin's authentication, and execute an arbitrary command with root privileges. Solution Products Affected Webmin Version 1.200 - 1.220 Usermin Version 1.130 - 1.160...

7.5CVSS6.9AI score0.04127EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/27 8:18 a.m.•43 views

Multiple vulnerabilities in BUFFALO Wi-Fi routers

Overview Wi-Fi router products provided by BUFFALO INC. contain multiple vulnerabilities listed below. Dependency on vulnerable third-party component CWE-1395 - This issue is caused by a vulnerability in minihttpd CVE-2015-1548. OS command injection CWE-78 - CVE-2026-27650 Code injection CWE-94 -...

9.8CVSS7.3AI score0.01335EPSS
Exploits1References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/15 12:0 a.m.•44 views

JVN#58236836: Multiple vulnerabilities in BUFFALO wireless LAN routers

Multiple wireless LAN routers provided by BUFFALO INC. contain multiple vulnerabilities listed below. Plaintext storage of a password CWE-256 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-23486 OS Command Injection CWE-78 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base...

9.8CVSS6.7AI score0.00561EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/20 12:0 a.m.•43 views

JVN#90560760: Multiple vulnerabilities in WordPress Plugin "TS Webfonts for SAKURA"

WordPress Plugin "TS Webfonts for SAKURA" provided by SAKURA internet Inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2023-32624 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

6.1CVSS5.9AI score0.00482EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/20 12:0 a.m.•43 views

JVN#70502982: SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)

Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service ReDoS vulnerability CWE-1333. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Update the Software Update the software to the latest version according to the information...

7.5CVSS7.4AI score0.01253EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/11/25 12:0 a.m.•43 views

JVN#87895771: Cybozu Remote Service vulnerable to Uncontrolled Resource Consumption

Cybozu Remote Service provided by Cybozu, Inc. is vulnerable to uncontrolled resource consumption CWE-400. Impact A logged-in user may consume huge storage space, resulting to a denial-of-service DoS condition. Solution Update the Software Update to the latest version according to the information...

7.5CVSS7.5AI score0.00854EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/05/11 12:0 a.m.•43 views

JVN#60037444: Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries

Installer of Trend Micro Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use...

7.8CVSS7.7AI score0.00279EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/02/07 12:0 a.m.•43 views

JVN#95898697: Multiple ESET products for macOS vulnerable to improper server certificate verification

Multiple ESET products for macOS are vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to alter the data received by the affected products. Solution Update the software Update the software to the latest version according to the...

5.9CVSS5.4AI score0.0166EPSS
Exploits4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/01/13 12:0 a.m.•43 views

JVN#19826500: PASSWORD MANAGER "MIRUPASS" PW10 / PW20 missing encryption

PASSWORD MANAGER "MIRUPASS" PW10 / PW20 provided by KING JIM CO.,LTD. contain a missing encryption vulnerability CWE-311. Impact A user who can physically access the products may obtain the stored passwords. Solution Stop using the products The developer states that the products are no longer...

4.6CVSS4.6AI score0.00107EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/08/27 12:0 a.m.•43 views

JVN#40725650: Multiple vulnerabilities in XOOPS module "XooNIps"

XOOPS module "XooNIps" contains multiple vulnerabilities listed below. SQL injectionCWE-89 - CVE-2020-5624 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 7.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5 Cross-site Scripting CWE-79 -...

9.8CVSS7.2AI score0.01405EPSS
Exploits0
Total number of security vulnerabilities5000