Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/25 12:0 a.m.43 views

JVN#87895771: Cybozu Remote Service vulnerable to Uncontrolled Resource Consumption

Cybozu Remote Service provided by Cybozu, Inc. is vulnerable to uncontrolled resource consumption CWE-400. Impact A logged-in user may consume huge storage space, resulting to a denial-of-service DoS condition. Solution Update the Software Update to the latest version according to the information...

7.5CVSS7.5AI score0.00854EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/11 12:0 a.m.43 views

JVN#60037444: Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries

Installer of Trend Micro Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use...

7.8CVSS7.7AI score0.00279EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/07 12:0 a.m.43 views

JVN#95898697: Multiple ESET products for macOS vulnerable to improper server certificate verification

Multiple ESET products for macOS are vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to alter the data received by the affected products. Solution Update the software Update the software to the latest version according to the...

5.9CVSS5.4AI score0.0166EPSS
Exploits4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/13 12:0 a.m.43 views

JVN#19826500: PASSWORD MANAGER "MIRUPASS" PW10 / PW20 missing encryption

PASSWORD MANAGER "MIRUPASS" PW10 / PW20 provided by KING JIM CO.,LTD. contain a missing encryption vulnerability CWE-311. Impact A user who can physically access the products may obtain the stored passwords. Solution Stop using the products The developer states that the products are no longer...

4.6CVSS4.6AI score0.00107EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/08/27 12:0 a.m.43 views

JVN#40725650: Multiple vulnerabilities in XOOPS module "XooNIps"

XOOPS module "XooNIps" contains multiple vulnerabilities listed below. SQL injectionCWE-89 - CVE-2020-5624 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 7.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5 Cross-site Scripting CWE-79 -...

9.8CVSS7.2AI score0.01405EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/07/09 12:0 a.m.43 views

JVN#55657988: SHIRASAGI vulnerable to open redirect

SHIRASAGI provided by SHIRASAGI Project contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the...

6.1CVSS6.1AI score0.01204EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/05/09 12:0 a.m.43 views

JVN#33901663: RT-AC87U vulnerable to cross-site scripting

RT-AC87U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC87U contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Apply the firmware update according to the information provided by the...

6.1CVSS6.1AI score0.00899EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/13 12:0 a.m.43 views

JVN#04564808: Installer of ”FLET'S Azukeru Backup Tool” may insecurely load Dynamic Link Libraries

"FLET'S Azukeru Backup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION is software to automatically back up files in the user's computer to "FLET'S Azukeru" service. Installer of "FLET'S Azukeru Backup Tool" contains an issue with the DLL search path, which may lead to insecurel...

7.8CVSS7.7AI score0.00928EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/05/16 12:0 a.m.43 views

JVN#81820501: FlashAir do not set credential information in PhotoShare

FlashAirTM by Toshiba Corporation is an SDHC memory card which provides wireless LAN access functions. FlashAirTM PhotoShare function enables to share the image data in a certain folder with other users as it switches the original wireless LAN connection set by FlashAirTM default to the wireless...

4.3CVSS4.6AI score0.00608EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/20 12:0 a.m.43 views

JVN#54268888: Multiple JustSystems products including Hanako may insecurely load Dynamic Link Libraries

Hanako and multiple software suites containing Hanako provided by JustSystems Corporation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privileges of the user running the application. Solution...

7.8CVSS7.7AI score0.01173EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/08/22 12:0 a.m.43 views

JVN#83568336: Cybozu Garoon vulnerable to SQL injection

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability in the "Messages" function. Impact An authenticated attacker may obtain or alter information stored in the database. Solution Update the Software Update to the latest version according to t...

8.8CVSS8.8AI score0.01537EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/08/16 12:0 a.m.43 views

JVN#04125292: Cybozu Mailwise contains issue in preventing clickjacking attacks

Cybozu Mailwise contains multiple pages for editing/sending bulk emails. Some of these pages fail to protect against clickjacking attacks. Impact If a user views a malicious page while logged in, the user may be tricked into conducting unintended operations. Solution Update the Software Update to...

4.3CVSS4.8AI score0.01481EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/06/27 12:0 a.m.43 views

JVN#39594409: DMM Movie Player App fails to verify SSL server certificates

DMM Movie Player App provided by DMM.com Labo Co.,Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by...

5.9CVSS5.5AI score0.00712EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/04/26 12:0 a.m.43 views

JVN#63384827: Multiple shiro8 Co., Ltd. freearea_ addition_plugins for EC-CUBE vulnerable to cross-site scripting

EC-CUBE plugin "categoryfreearea additionplugin" and "itemdetailfreearea additionplugin" provided by shiro8 Co., Ltd. contain a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Software Update to the...

6.1CVSS6AI score0.0102EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/04/13 12:0 a.m.43 views

JVN#00272277: Tokyo Star bank App fails to verify SSL server certificates

Tokyo Star bank App provided by The Tokyo Star Bank, Limited fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided...

5.9CVSS5.3AI score0.00989EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/02/19 12:0 a.m.43 views

JVN#78383854: Internet Explorer cross-domain policy bypass

Internet Explorer contains an information disclosure vulnerability due to a flaw in handling cross-domain policies. Impact When a specially crafted content is opened, cross-domain policies may be bypassed and then information of the URL that the user is accessing may be obtained by an attacker...

9.3CVSS8.1AI score0.19238EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/12/03 12:0 a.m.43 views

JVN#55545372: EC-CUBE plugin BbAdminViewsControl vulnerable to SQL injection

BbAdminViewsControl from BOKUBLOCK CO., LTD. is an EC-CUBE plugin. BbAdminViewsControl contains an SQL injection vulnerability CWE-89. Impact A logged in attacker may execute SQL statements. According to the developer, this vulnerability affects availability of the server that EC-CUBE resides, bu...

4.3CVSS5.1AI score0.0107EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/09/16 12:0 a.m.43 views

JVN#73346595: applican vulnerable to URL whitelist bypass

applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican provides a whitelisting function whitelist.xml to limit the URLs that applications can access. However, if the application is launched using the URL-scheme, the access...

6.8CVSS6.2AI score0.01093EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/09/01 12:0 a.m.43 views

JVN#77193915: Twit BBS vulnerable to cross-site scripting

Twit BBS provided by LEMON-S PHP contains a persistent cross-site scripting CWE-79 vulnerability due to the processing of imagetitle parameter in index.php. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Twit BBS Twit BBS is no longer being developed or...

4.3CVSS6.1AI score0.0095EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/07/24 12:0 a.m.43 views

JVN#97971874: Welcart vulnerable to cross-site scripting

Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site scripting CWE-79 vulnerability due to the processing of uscesreferer parameter in admin.php. Impact If a user views a malicious page while logged into WordPress with this plugin...

4.3CVSS5.8AI score0.02033EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/02/05 12:0 a.m.43 views

JVN#17480391: shiromuku(u1)GUESTBOOK vulnerable to cross-site scripting

shiromukuu1GUESTBOOK from Perl CGI's By Mrs. Shiromuku is a bulletin board software. shiromukuu1GUESTBOOK contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the...

4.3CVSS5.9AI score0.00931EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/07/29 12:0 a.m.43 views

JVN#94592501: Multiple I-O DATA IP Cameras vulnerable to authentication bypass

Multiple IP Cameras provided by I-O DATA contain an authentication bypass vulnerability. Impact An attacker who can access the product may be able to gain access to configuration and credential information. As a result, the attacker may take control of the product. Solution Apply an update Update...

6.4CVSS6.9AI score0.02199EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/07/15 12:0 a.m.43 views

JVN#31082531: Cybozu Garoon 3 API access restriction bypass vulnerability

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability CWE-264 when using Garoon APIs. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code. Solution Update the Software Update to the latest version...

7.5CVSS7.1AI score0.02643EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/06/13 12:0 a.m.43 views

JVN#10724763: SEIL Series routers vulnerable to denial-of-service (DoS)

The PPP Access Concentrator PPPAC in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing certain packets. CWE-119 Impact By receiving a specially crafted TCP packet, a session established using PPPAC may be...

5CVSS6.4AI score0.02139EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/01/10 12:0 a.m.43 views

JVN#51285738: tetra filer vulnerable to directory traversal

tetra filer provided by Yuichiro Okuyama contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has...

5.8CVSS6.6AI score0.01249EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/07/26 12:0 a.m.43 views

JVN#25280162: WordPress vulnerable to cross-site scripting

WordPress contains a cross-site scripting vulnerability due to an issue in the SWFUpload library. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the latest version according to the information provided by the developer. Products Affected...

10CVSS5.4AI score0.0868EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/05/31 12:0 a.m.43 views

JVN#85812843: FileMaker Pro fails to verify SSL server certificates

FileMaker Pro contains a function to encrypt communications with the FileMaker Server. FileMaker Pro fails to verify the SSL server certificate. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Upgrade the software Upgrade to the latest...

5.8CVSS5.8AI score0.00521EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/03/18 12:0 a.m.43 views

JVN#52492830: VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability

The SSH server IPSSH implementation in VxWorks contains a denial-of-service vulnerability due to an issue in processing pty requests. Impact Receiving a specially crafted pty request packet may cause SSH access to be unavailable until the next reboot. Solution Apply a patch Apply the appropriate...

6.8CVSS6.1AI score0.02176EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/01/22 12:0 a.m.43 views

JVN#99681273: myu-s / PHP WeblogSystem by netmania vulnerable to cross-site scripting

myu-s and PHP WeblogSystem by netmania provided by FLUGELz contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest product released on Feb.16, 2012 or a fixed myu-s according to the...

4.3CVSS6AI score0.01161EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/09/20 12:0 a.m.43 views

JVN#50701493: Email Anti-virus (formerly WebShield SMTP) vulnerable to denial-of-service

Email Anti-virus formerly WebShield SMTP provided by McAfee Co., Ltd. is an anti-virus package that scans emails. Email Anti-virus formerly WebShield SMTP contains a denial-of-service DoS vulnerability. Impact An attacker may be able to cause a denial-of-service DoS. Solution Do not use Email...

7.8CVSS6.1AI score0.01895EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/09/13 12:0 a.m.43 views

JVN#03015214: KUNAI Browser for Remote Service beta vulnerable in the WebView class

KUNAI Browser for Remote Service beta is an Android browser software for using Cybozu. KUNAI Browser for Remote Service beta contains a vulnerability in the WebView class. Impact When there is a malicious file in the user's Android device, clicking a file:// hyperlink may lead to the malicious fi...

4.3CVSS6.3AI score0.01191EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/08/17 12:0 a.m.43 views

JVN#92038939: mixi for Android information management vulnerability

mixi for Android provided by mixi, Inc. contains an issue which stores friends' comments on a SD card, therefore other applications can access this information directly from the SD card. Impact If a user of the affected product uses a malicious Android application, friends' comments may be...

4.3CVSS6.4AI score0.01066EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/07/24 12:0 a.m.43 views

JVN#88643450: Sleipnir Mobile for Android vulnerable in the WebView class

Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution...

5CVSS6.2AI score0.01918EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/03/07 12:0 a.m.43 views

JVN#73162541: OTRS vulnerable to OS command injection

OTRS provided by the OTRS Project is a ticket management system. OTRS contains an OS command injection vulnerability. Impact An arbitrary OS command may be executed with the privileges of OTRS on the server where it is installed. Solution Update the software Update to the latest version according...

7.5CVSS6.8AI score0.03001EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/01/18 12:0 a.m.43 views

JVN#09115481: Cross-site scripting vulnerability in multiple Rocomotion products

Multiple products P board etc. provided by Rocomotion contain a cross-site scripting vulnerablility. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. This issue h...

4.3CVSS6AI score0.01516EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/12/08 12:0 a.m.43 views

JVN#62736872: Vulnerability in Epson printer driver installer where access permissions are changed

When printer drivers provided by Epson are installed, the access permissions for the folder that contains program files C:\Program Files are changed. As a result, users that do not have permission to access that folder can gain access to that folder. Impact A user that does not have permission to...

4.6CVSS6.5AI score0.00311EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/10/18 12:0 a.m.43 views

JVN#50133036: Cross-site Request Forgery Vulnerability in Oracle iPlanet Web Server

Oracle iPlanet Web Server formerly Sun Java System Web Server is a web server. Oracle iPlanet Web Server contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged into the Oracle iPlanet Web Server management console, an arbitrary instance may be...

5.8CVSS5.9AI score0.02371EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/08/12 12:0 a.m.43 views

JVN#66077895 Virus Security and Virus Security ZERO denial of service (DoS) vulnerability

Virus Security and Virus Security ZERO are anti-virus software provided by SOURCENEXT CORPORATION. Virus Security and Virus Security ZERO contain a denial of service DoS vulnerability as they do not properly handle malicious compressed files when scanning. Impact The software may not function aft...

10CVSS6.5AI score0.02566EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/02/05 12:0 a.m.42 views

JVN#66673020: Multiple vulnerabilities in Defense Platform Home Edition

Defense Platform Home Edition provided by Humming Heads Inc. contains multiple vulnerabilities listed below. Improper handling of message in specific process CWE-422 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Base Score 8.8 CVE-2025-20094 Execution with unnecessary privileges CWE-250...

8.8CVSS7.4AI score0.00189EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/04/18 12:0 a.m.42 views

JVN#50132400: Multiple vulnerabilities in WordPress Plugin "Forminator"

WordPress Plugin "Forminator" provided by WPMU DEV contains multiple vulnerabilities listed below. Unrestricted upload of file with dangerous type CWE-434 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8 CVE-2024-28890 SQL injection CWE-89 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H...

7.2CVSS6.5AI score0.30361EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/27 12:0 a.m.42 views

JVN#51098626: Multiple vulnerabilities in WordPress Plugin "Survey Maker"

WordPress Plugin "Survey Maker" provided by AYS Pro Plugins contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2023-34423 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

6.1CVSS5.8AI score0.00356EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/06 12:0 a.m.42 views

JVN#82749078: Multiple vulnerabilities in printers and scanners which implement BROTHER Web Based Management

Multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities listed below. Improper Authentication CWE-287 - CVE-2024-21824 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N| Base...

6.1CVSS6.7AI score0.00345EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/19 12:0 a.m.42 views

JVN#10921428: Lemon8 App fails to restrict access permissions

Lemon8 by ByteDance K.K. provides the function to access a requested URL using Custom URL Scheme/DeepLink. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an arbitrar...

6.5CVSS6.2AI score0.00858EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/02 12:0 a.m.42 views

JVN#76024879: PowerCMS XMLRPC API vulnerable to command injection

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability CWE-74. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. According to the developer,...

9.8CVSS9.7AI score0.01676EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/29 12:0 a.m.42 views

JVN#17625382: Multiple vulnerabilities in Nintendo Wi-Fi Network Adaptor WAP-001

Nintendo Wi-Fi Network Adaptor provided by Nintendo Co.,Ltd. contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2022-36381 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:P/I:P/A:P|...

7.2CVSS7.9AI score0.0146EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/17 12:0 a.m.42 views

JVN#93667442: Gitlab vulnerable to server-side request forgery

Gitlab contains a server-side request forgery vulnerability CWE-918 through the Project Import feature. Impact The vulnerability allows an attacker to make arbitrary HTTP/HTTPS or git requests inside a GitLab instance's network. Solution Update the software Update the software to the latest versi...

8.1CVSS6.3AI score0.00828EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/27 12:0 a.m.42 views

JVN#13878856: Mobaoku-Auction & Flea Market App for iOS vulnerable to improper server certificate verification

Mobaoku-Auction & Flea Market App for iOS provided by DeNA Co., Ltd. is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the application Update the application to the...

4.3CVSS3.8AI score0.00344EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/03/03 12:0 a.m.42 views

JVN#89524240: MarkText vulnerable to cross-site scripting

MarkText is a Markdown editor. MarkText contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the PC of the user using the product. Solution Update the Software Update the software to the latest version according to the information provided by the...

5.4CVSS5.3AI score0.00526EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/26 12:0 a.m.42 views

JVN#81376414: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2021-41243 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2| AV:N/AC:L/Au:S/C:C/I:C/A:C| Base Score: 9.0...

9.1CVSS8.9AI score0.02174EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/29 12:0 a.m.42 views

JVN#60553023: ESET Cyber Security and ESET Endpoint series vulnerable to denial-of-service (DoS)

ESET Cyber Security and ESET Endpoint series are antivirus software. ESET Cyber Security and ESET Endpoint series for macOS contain a denial-of-service DoS vulnerability CWE-404. Impact If it is exploited, an attacker may cause a denial-of-service DoS to stop the applications and all daemons of t...

5.5CVSS5.3AI score0.00219EPSS
Exploits0
Total number of security vulnerabilities5000