Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/19 12:0 a.m.357 views

JVN#37417423: Multiple vulnerabilities in SolarView Compact

SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below. Exposure of information through directory listing CWE-548 - CVE-2021-20656 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N| Base Score: 3.5 CVSS v2|...

10CVSS8.9AI score0.7332EPSS
Exploits22
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/11/20 12:0 a.m.313 views

JVN#65082538: Multiple vulnerabilities in Panasonic BN-SDWBP3

BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below. Improper Authentication CWE-287 - CVE-2018-0676 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score:...

8.8CVSS7.9AI score0.0112EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/03 12:0 a.m.312 views

JVN#43534286: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Improper access restriction CWE-284 - CVE-2017-2144 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L| Base Score: 5.4 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:P| Base Score: 4.0...

5.8CVSS5.8AI score0.00851EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/21 12:0 a.m.311 views

JVN#13555032: Multiple vulnerabilities in VAIO Update

VAIO Update provided by Sony Corporation contains multiple vulnerabilities listed below. Improper authorization process CWE-285 - CVE-2019-5981 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H| Base Score: 7.8 CVSS v2| AV:N/AC:M/Au:N/C:P/I:P/A:P| Base Score...

7.8CVSS7.8AI score0.00944EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/07/02 12:0 a.m.267 views

JVN#63895206: Multiple vulnerabilities in Calsos CSDX and CSDJ series products

Calsos CSDX and CSDJ series products provided by NEC Platforms, Ltd. contain multiple vulnerabilities listed below. Access Restriction Bypass CWE-284 - CVE-2018-0613 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

8.8CVSS7.3AI score0.01078EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/07/02 12:0 a.m.254 views

JVN#13415512: Cybozu Garoon vulnerable to SQL injection

Cybozu Garoon provided by Cybozu, Inc. contains an SQL injection vulnerability CWE-89 in application "Notifications". Impact A remote authenticated attacker may execute an arbitrary SQL command. Solution Update the Software Update to the latest version according to the information provided by the...

8.8CVSS8.7AI score0.01153EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/13 12:0 a.m.253 views

JVN#89046645: A map plugin for Minecraft server "Dynmap" fails to restrict access permissions

A map plugin for Minecraft server "Dynmap" fails to restrict access permissions CWE-284. Impact Under the circumstance where a user is required to login Dynmap, a remote attacker may bypass the login authentication and be able to see a map image that requires authentication. Solution Update the...

5.3CVSS5.3AI score0.01595EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/07 12:0 a.m.242 views

JVN#29188908: Joruri CMS 2017 vulnerable to cross-site scripting

Joruri CMS 2017 provided by SiteBridge Inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affect...

6.1CVSS6.1AI score0.0104EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/07 12:0 a.m.241 views

JVN#84876282: Multiple vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Cross-site request forgery vulnerability in the process of updating user's "Basic Info" CWE-352 - CVE-2019-5968 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N| Base Score: 4.3...

8.8CVSS7.4AI score0.01133EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/03/15 12:0 a.m.241 views

JVN#06527859: KinagaCMS vulnerable to cross-site scripting

KinagaCMS is an opensource Contents Management System CMS. KinagaCMS uses the old version of Bootstrap thus inherits multiple cross-site scripting vulnerabilities CWE-79: CVE-2018-14040, CVE-2018-14041, CVE-2019-8331 existed in Bootstrap. Impact The information on the system may be obtained or...

6.1CVSS6.7AI score0.1686EPSS
Exploits3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/24 12:0 a.m.239 views

JVN#66542874: Multiple cross-site scripting vulnerabilities in Movable Type

Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability in Role authority setting screen CWE-79 - CVE-2021-20663 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base...

6.1CVSS6.4AI score0.0081EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/07 12:0 a.m.239 views

JVN#58052567: Multiple vulnerabilities in Joruri Mail

Joruri Mail provided by SiteBridge Inc. contains multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2019-5965 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score: 2.6 Session...

6.1CVSS6.5AI score0.01133EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/01/18 12:0 a.m.239 views

JVN#91881278: Documents Pro (formerly Files HD) vulnerable to cross-site scripting

Documents Pro provided by Olive Toast Software Ltd. is a document viewer for iOS devices. Documents Pro contains a cross-site scripting vulnerability. Impact When a user uses Documents Pro through a web browser, an arbitrary script may be executed on the user's web browser. Solution Update the...

4.3CVSS5.8AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 12:0 a.m.221 views

JVN#37179202: Yomi-Search vulnerable to cross-site scripting

Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing a website that uses Yomi-Search. Solution Consider stop using...

6.1CVSS6.1AI score0.00756EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/07/05 12:0 a.m.221 views

JVN#37230341: Multiple vulnerabilities in Access analysis CGI An-Analyzer

Access analysis CGI An-Analyzer provided by ANGLERSNET Co,.Ltd. contains multiple vulnerabilities listed below. OS command injection in the Management Page CWE-78 - CVE-2019-5987 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L| Base Score: 6.3 CVSS v2|...

9CVSS7.8AI score0.02497EPSS
Exploits3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/03/31 12:0 a.m.220 views

JVN#75615300: All in One SEO Pack information management vulnerability

All in One SEO Pack is a WordPress plugin. All in One SEO Pack automatically adds a meta tag "Meta Description" to a page using some part of its contents, and this behavior is enabled in the initial configuration. Meta Description can be added even when a page is password-protected, therefore som...

5CVSS6.1AI score0.03029EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 12:0 a.m.219 views

JVN#83042295: Yomi-Search vulnerable to cross-site scripting

Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing a website that uses Yomi-Search. Solution Consider stop using...

6.1CVSS6.1AI score0.00756EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/08 12:0 a.m.217 views

JVN#74871939: WSR-300HP vulnerable to arbitrary code execution

WSR-300HP provided by BUFFALO INC. is a wireless LAN router. WSR-300HP contains an arbitrary code execution vulnerability. Impact By executing a specially crafted request prepared by a remote attacker, arbitrary code may be executed. Solution Update the Firmware Apply the firmware update accordin...

10CVSS9.4AI score0.99975EPSS
Exploits6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/07/18 12:0 a.m.213 views

JVN#92510087: WordPress Plugin "Category Specific RSS feed Subscription" vulnerable to cross-site request forgery

WordPress Plugin "Category Specific RSS feed Subscription" provided by Tips and Tricks HQ contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin...

8.8CVSS8.6AI score0.00846EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/17 12:0 a.m.208 views

JVN#31406910: WordPress Plugin "Related YouTube Videos" vulnerable to cross-site request forgery

WordPress Plugin "Related YouTube Videos" provided by Chris Doerr contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the information...

8.8CVSS8.6AI score0.01017EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/31 12:0 a.m.202 views

JVN#88962935: Multiple vulnerabilities in WordPress Plugin "Zoho SalesIQ"

WordPress Plugin "Zoho SalesIQ" provided by Zoho SalesIQ Team contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-5962 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N|...

8.8CVSS7.4AI score0.01587EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/24 12:0 a.m.200 views

JVN#49575131: WordPress Plugin ”HTML5 Maps” vulnerable to cross-site request forgery

WordPress Plugin ”HTML5 Maps” provided by Fla-Shop.com contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the information provided b...

8.8CVSS8.5AI score0.01008EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/09/02 12:0 a.m.197 views

JVN#93833849: Panasonic Video Insight VMS vulnerable to SQL injection

Video Insight VMS provided by Panasonic Corporation is a video management suite for video security system. Vide Insight VMS contains a SQL injection vulnerability CWE-89. Impact A logged in user may execute an arbitrary SQL statement to the database. Solution Update the software Update the softwa...

8.8CVSS9AI score0.01522EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/05/17 12:0 a.m.197 views

JVN#72748502: Self-Extracting Archive files created by IExpress may insecurely load Dynamic Link Libraries

Self-extracting archive files created by IExpress provided Microsoft contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Microsoft states that the root cause of this vulnerability is "Application Directory App Dir DLL planting" and attac...

9.3CVSS7.6AI score0.09044EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/24 12:0 a.m.196 views

JVN#29933378: WordPress Plugin "Custom CSS Pro" vulnerable to cross-site request forgery

WordPress Plugin "Custom CSS Pro" provided by WaspThemes contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the information provided...

8.8CVSS8.5AI score0.01008EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/10 12:0 a.m.195 views

JVN#95685939: Multiple vulnerabilities in WordPress Plugin "Attendance Manager"

WordPress Plugin "Attendance Manager" provided by SUKIMALAB.COM contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2019-5970 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

8.8CVSS7.5AI score0.01596EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/25 12:0 a.m.188 views

JVN#78151490: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2017-10842 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 7.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5...

9.8CVSS9.2AI score0.01766EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/06/28 12:0 a.m.185 views

JVN#00846677: Mailman vulnerable to cross-site scripting

Mailman provided by GNU Mailman contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected...

5.4CVSS5.7AI score0.02048EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/10/28 12:0 a.m.185 views

JVN#55667175: QNAP QTS vulnerable to OS command injection

QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a flaw in the GNU Bash shell, which may result in an OS command injection vulnerability CWE-78. Impact A malicious attacker may be able to execute arbitrary command at the privilege level of the calling application. Solution Update...

10CVSS8.4AI score0.99999EPSS
Exploits157
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/12 12:0 a.m.184 views

JVN#80925867: WordPress Plugin "Contest Gallery” vulnerable to cross-site request forgery

WordPress Plugin "Contest Gallery” provided by Contest-Gallery contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the information...

8.8CVSS8.5AI score0.01036EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/04/03 12:0 a.m.183 views

JVN#25261088: GNU Wget vulnerable to buffer overflow

GNU Wget contains a buffer overflow vulnerability CWE-119. Impact An attacker may be able to cause a denial-of-service DoS or may execute an arbitrary code. Solution Apply the update Update GNU Wget according to the information provided by the developer. Products Affected GNU Wget 1.20.1 and earl...

9.8CVSS9.7AI score0.05751EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/07/16 12:0 a.m.181 views

JVN#62618482: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. DOM-based cross-site scripting in the application "Portal" CWE-79 - CVE-2019-5975 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.4 CVSS v2|...

6.1CVSS5.7AI score0.01161EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 12:0 a.m.180 views

JVN#94705238: Yomi-Search vulnerable to cross-site scripting

Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the user's web browser. Impact An arbitrary script may be executed on the web browser of the user who is...

6.1CVSS6.2AI score0.00756EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/03/19 12:0 a.m.180 views

JVN#60497148: "an" App for iOS vulnerable to directory traversal

"an" App for iOS provided by PERSOL CAREER CO., LTD. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device. As a...

8.6CVSS7.7AI score0.03305EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/08 12:0 a.m.179 views

JVN#09409909: Multiple vulnerabilities in WordPress

WordPress contains multiple vulnerabilities listed below which are to the WordPress Post by Email Feature. Stored Cross-site scripting CWE-79 - CVE-2022-43497 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

6.1CVSS6.7AI score0.01404EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/12 12:0 a.m.179 views

JVN#47497535: M-System DL8 contains multiple vulnerabilities

DL8 provided by M-System contains the following vulnerabilities: Denial-of-Service CWE-400 - CVE-2021-20675 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H| Base Score: 6.5 CVSS v2| AV:N/AC:L/Au:S/C:N/I:N/A:C| Base Score: 6.8 Improper Access Control CWE-28...

6.8CVSS5AI score0.01333EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/10 12:0 a.m.178 views

JVN#69903953: Electronic reception and examination of application for radio licenses Offline may insecurely load Dynamic Link Libraries

Electronic reception and examination of application for radio licenses Offline contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privileges of the running software. Solution Update the...

7.8CVSS7.7AI score0.00944EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/22 12:0 a.m.175 views

JVN#93799513: WordPress plugin "Fudousan plugin" series vulnerable to cross-site scripting

Some of WordPress plugin "Fudousan plugin" series provided by nendeb contain a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who accessed the site using the product. Solution Update the plugin Update the plugin according to th...

5.4CVSS5.2AI score0.00989EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/10 12:0 a.m.175 views

JVN#96988995: Multiple vulnerabilities in WordPress Plugin "Online Lesson Booking"

WordPress Plugin "Online Lesson Booking" provided by SUKIMALAB.COM contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2019-5972 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

8.8CVSS7.9AI score0.01596EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/19 12:0 a.m.173 views

JVN#88804335: WordPress Plugin "Personalized WooCommerce Cart Page” vulnerable to cross-site request forgery

WordPress Plugin "Personalized WooCommerce Cart Page” provided by N-MEDIA contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the...

8.8CVSS8.5AI score0.01047EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/13 12:0 a.m.172 views

JVN#34232719: Multiple vulnerabilities in KonaWiki2

KonaWiki2 provided by kujirahand contains multiple vulnerabilites listed below. SQL Injection CWE-89 - CVE-2021-20720 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 7.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5 Unrestricted upload...

9.8CVSS9.9AI score0.01522EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/01/31 12:0 a.m.172 views

JVN#83826673: The installers of UNLHA32.DLL, UNARJ32.DLL and LHMelting may insecurely load Dynamic Link Libraries

The installers of UNLHA32.DLL, UNARJ32.DLL and LHMelting provided by Micco use the old version of Self-Extracting Archives created by UNLHA32.DLL. They contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427, CVE-2018-16189. Impact Arbitrary...

7.8CVSS7.5AI score0.00944EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/10 12:0 a.m.170 views

JVN#91361851: Installer of Electronic reception and examination of application for radio licenses Online may insecurely load Dynamic Link Libraries

Installer of Electronic reception and examination of application for radio licenses Online contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer...

7.8CVSS7.7AI score0.00944EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/24 12:0 a.m.169 views

JVN#57806517: Android App "Tootdon for Mastodon" fails to verify SSL server certificates

Android App "Tootdon for Mastodon" provided by Tsukurito, Inc. fails to verify SSL server certificates CWE-295. Impact A man-in-the-middle attack may allow an attacker to obtain and/or alter a content of communication. Solution Update the Application Update to the latest version according to the...

7.4CVSS7.1AI score0.00643EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/02/05 12:0 a.m.167 views

JVN#63860183: POWER EGG vulnerability where EL expression may be executed

POWER EGG provided by D-CIRCLE inc. is an integrated collaboration tool. POWER EGG contains a vulnerability where an arbitray EL expression may be executed CWE-20. Impact A remote attacker may execute an arbitrary EL expression from the server where the product is running. As a result, an arbitra...

9.8CVSS9.7AI score0.01479EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/09/19 12:0 a.m.167 views

JVN#97845465: Multiple integer overflow vulnerabilities in LINE(Android)

LINEAndroid provided by LINE Corporation contains multiple integer overflow vulnerabilities CWE-190 listed below. Integer overflow vulnerability in processing images using apng-drawable - CVE-2019-6007 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L| Base...

8.8CVSS8.9AI score0.02028EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/07/31 12:0 a.m.165 views

JVN#94889214: Central Dogma vulnerable to cross-site scripting

Central Dogma provided by LINE Corporation contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affecte...

6.1CVSS6AI score0.0115EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/01/31 12:0 a.m.165 views

JVN#52168232: UNLHA32.DLL, UNARJ32.DLL, LHMelting and LMLzh32.DLL may insecurely load Dynamic Link Libraries

UNLHA32.DLL, UNARJ32.DLL, LHMelting and LMLzh32.DLL provided by Micco contain vulnerabilities listed below. Self-Extracting Archives created by UNLHA32.DLL may insecurely load Dynamic Link Libraries CWE-427 - CVE-2018-16189 Version| Vector| Score ---|---|--- CVSS v3|...

7.8CVSS7.9AI score0.00944EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/26 12:0 a.m.164 views

JVN#47580234: Multiple vulnerabilities in multiple ELECOM products

Multiple products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Improper Access Control CWE-284 - CVE-2021-20643 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N| Base Score: 5.3 CVSS v2| AV:N/AC:L/Au:N/C:N/I:P/A:N| Base Score:...

10CVSS7.8AI score0.99975EPSS
Exploits6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/22 12:0 a.m.164 views

JVN#71498764: Apache Camel vulnerable to XML external entity injection (XXE)

Apache Camel provided by The Apache Software Foundation contains an XML external entity injection XXE vulnerability CWE-611 due to using an outdated vulnerable JSON-lib library. Impact By processing a specially crafted request, an arbitrary file on the server may be read. Solution Update the...

7.5CVSS7.6AI score0.08463EPSS
Exploits0
Total number of security vulnerabilities5000