Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/06/24 12:0 a.m.40 views

JVN#61578437: WordPress plugin "Welcart e-Commerce" vulnerable to session management

WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a vulnerability in session management. Impact A remote attacker who knows a user's e-mail address may log in with the user privilege. As a result, arbitrary operations may be conducted. Solution Update the Software Update to t...

6.5CVSS6.4AI score0.01772EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/05/30 12:0 a.m.40 views

JVN#25765762: Cybozu Garoon vulnerable to information disclosure

Cybozu Garoon is a groupware. Cybozu Garoon contains an information disclosure vulnerability in the mail function. Impact By sending a specially crafted email, an attacker may be convinced that the user read the email. Solution Update the Software Update to the latest version according to the...

7.5CVSS7.2AI score0.01552EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/05/24 12:0 a.m.40 views

JVN#85112513: php-contact-form vulnerable to cross-site scripting

php-contact-form provided by Kobe Beauty Co., Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products...

6.1CVSS6AI score0.01633EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/04/25 12:0 a.m.40 views

JVN#91816422: kintone mobile for Android fails to verify SSL server certificates

kintone mobile for Android provided by Cybozu, Inc. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...

5.9CVSS5.5AI score0.00928EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/04/06 12:0 a.m.40 views

JVN#26627848: baserCMS plugin "Menubook Plugin" multiple vulnerabilities

baserCMS plugin "Menubook Plugin" contains multiple vulnerabilities: Cross-site scripting CWE-79 - CVE-2016-1169 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:L/Au:S/C:N/I:P/A:N| Base Score: 4.0 Cross-site request forger...

8.8CVSS7.4AI score0.01009EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/09/30 12:0 a.m.40 views

JVN#66984217: MATCHA INVOICE vulnerable to code injection

MATCHA INVOICE provided by ICZ Corporation is a web-based billing management software. MATCHA INVOICE contains a code injection CWE-94 vulnerability due to a flaw when configuring the database during installation. Impact An unauthenticated attacker who can execute the installer may execute...

6.8CVSS7.4AI score0.01321EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/07/15 12:0 a.m.40 views

JVN#64051989: acmailer vulnerable to directory traversal

acmailer provided by Seeds Co.,Ltd. contains a directory traversal CWE-22 vulnerability. Impact An authenticated attacker may delete files on the server. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected acmailer...

5.5CVSS6AI score0.01575EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/07/10 12:0 a.m.40 views

JVN#22546110: LINE@ vulnerable to script injection

LINE@ provided by LINE Corporation is an application used to communicate with others. LINE@ is vulnerable to MITM man-in-the-middle attacks since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle attacker...

5.9CVSS5.3AI score0.0018EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/25 12:0 a.m.40 views

JVN#25336719: namshi/jose fails to verify token signatures

namshi/jose is a PHP library for handling JSON Web Tokens JWT. namshi/jose contains a vulnerability in processing JWT headers where it fails to verify token signatures. Impact Specially crafted tokens may be validated as token data with valid signatures. Solution Update the Software Update to the...

5CVSS6.1AI score0.01385EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/23 12:0 a.m.40 views

JVN#19578958: Symfony vulnerable to code injection

Symfony is an open source web application framework provided by SensioLabs. Symfony contains a code injection vulnerability. Applications with ESI support enabled and using the Symfony built-in reverse proxy the HttpCache class are affected. Impact Arbitrary PHP code may be executed on the server...

6.8CVSS6.4AI score0.01365EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/01/23 12:0 a.m.40 views

JVN#94502417: shiromuku(bu2)BBS vulnerable to arbitrary file creation

shiromukubu2BBS from Perl CGI's By Mrs. Shiromuku is a bulletin board software. shiromukubu2BBS contains a vulnerability that may allow a remote attacker to create arbitrary files. Impact A remote attacker creating arbitrary files may result in arbitrary code execution on the server. Solution...

7.5CVSS7.1AI score0.02622EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/11/13 12:0 a.m.41 views

JVN#16318793: Ichitaro series vulnerable to arbitrary code execution

The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. For more information, please refer to the developer's website. Impact When a user opens a specially crafted file, arbitrary code may be executed. Solution...

10CVSS6.8AI score0.05335EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/02/26 12:0 a.m.40 views

JVN#26393529: Cybozu Garoon vulnerable to directory traversal

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the process of downloading files. Impact A user who can log in to the product may obtain files on the server. Solution For Cybozu Garoon 3.7: Apply the Patch Apply the appropriate...

4CVSS6.2AI score0.01488EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/01/28 12:0 a.m.40 views

JVN#91153528: Multiple SQL injection vulnerabilities in Cybozu Garoon

Cybozu Garoon contains issues in the process of page navigation link and input through API, which may result in SQL injection. Impact A user who can log in to the system may obtain or alter data in the database. Solution Apply the Patch Apply the appropriate patch according to the information...

6.5CVSS6.4AI score0.0104EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/12/03 12:0 a.m.40 views

JVN#84221103: Cybozu Garoon vulnerable to mail header injection

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a mail header injection vulnerability in the Phone Messages function. Impact If the function that forwards Phone Messages to an email address is configured, the header of the email to be forwarded may be altered. Solutio...

3.5CVSS6.5AI score0.00962EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/11/12 12:0 a.m.40 views

JVN#44999463: Ichitaro series vulnerable to arbitrary code execution

The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. For more information, please refer to the developer's website. Impact When a user opens a specially crafted file, arbitrary code may be executed. Solution...

9.3CVSS7AI score0.04587EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/06/27 12:0 a.m.40 views

JVN#34900750: EC-CUBE vulnerable to code injection

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a code injection vulnerability. Impact Arbitrary PHP code may be executed with the privilege of the application on the server where it resides. Solution Apply the update or patch Apply the updat...

7.5CVSS6.9AI score0.04285EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/03/19 12:0 a.m.40 views

JVN#59503133: Multiple NEC mobile routers vulnerable to cross-site request forgery

Multiple mobile routers provided by NEC contain a vulnerability in web-based management utility, which may result in a cross-site request forgery. Impact If a user views a malicious page while logged in, settings of the product may be initialized, or the product may be rebooted. Solution Update t...

6.8CVSS6.3AI score0.00984EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/12/06 12:0 a.m.40 views

JVN#68830017: KENT-WEB ACCESS REPORT vulnerable to cross-site scripting

ACCESS REPORT provided by KENT-WEB is a software to analyze web access logs. ACCESS REPORT contains an issue in the processing of access logs, which may lead to a cross-site scripting vulnerability. Note that this vulnerability is different from JVN23563149. Impact An arbitrary script may be...

4.3CVSS5.9AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/09/27 12:0 a.m.40 views

JVN#42014489: Trend Micro Control Manager vulnerable to SQL injection

Trend Micro Control Manager contains a vulnerability in the ad hoc query module, which may result in SQL injection. Impact An arbitrary SQL command may be executed in the backend database the product is referencing. Solution Apply a patch Apply the appropriate patch according to the information...

7.5CVSS6.6AI score0.06089EPSS
Exploits5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/07/06 12:0 a.m.40 views

JVN#79111101: Movable Type plugin MT4i vulnerable to cross-site scripting

MT4i is a Movable Type plugin. MT4i contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN80835745. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the informati...

4.3CVSS5.7AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/03/19 12:0 a.m.40 views

JVN#83459967: Janetter vulnerable to cross-site request forgery

Janetter is a client software for using Twitter. Janetter contains a cross-site request forgery vulnerability. Impact When a malicious page is opened with a web browser while Janetter is being used, the user may be impersonated to post tweets, upload local image files, and OS commands may be...

6.8CVSS6.5AI score0.00814EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/10/31 12:0 a.m.40 views

JVN#41032068: Multiple SKYARC System Co., Ltd. products fail to restrict access permissions

MTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain an issue where access permissions are not restricted. Impact A user without the appropriate privileges may alter settings and files. Solution Apply an update Update to the latest version according to the informati...

5.5CVSS6.4AI score0.01117EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/09/02 12:0 a.m.40 views

JVN#30221194: Sage vulnerable to arbitrary script execution

Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Impact An arbitrary script embedded in an RSS/Atom feed may be executed on the user's Mozilla...

4.3CVSS9.3AI score0.00845EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/08/26 12:0 a.m.40 views

JVN#02134508: WebsiteBaker vulnerable to cross-site scripting

WebsiteBaker is a content management system CMS. WebsiteBaker contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the software Upgrade to Lepton CMS according to the information provided by the developer. Products...

4.3CVSS5.8AI score0.00845EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/07/28 12:0 a.m.40 views

JVN#70984231: Mozilla Firefox vulnerable to denial-of-service (DoS)

Mozilla Firefox contains an issue in the validation of certificates, leading to a denial-of-service DoS vulnerability. Impact When accessing a HTTPS site with a specially crafted Certificate Authority CA certificate imported, a denial-of-service DoS may occur. Solution Update the Software Update ...

6.5CVSS6.2AI score0.00562EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/01/26 12:0 a.m.40 views

JVN#54092716: MODx Evolution vulnerable to SQL injection

MODx provided by the MODx CMS Project is a Content Management System CMS software. MODx Evolution contains SQL injection vulnerability. Impact A remote attacker may execute arbitrary PHP code as a result of SQL injection. Solution Update the software Update to the latest version according to the...

7.5CVSS8.2AI score0.01725EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/08/20 12:0 a.m.40 views

JVN#91740962: Winny vulnerable to buffer overflow

Winny is a P2P file sharing software. Winny contains a buffer overflow vulnerability. This vulnerability is different from JVN21471805 and JVN74294680. Impact A remote attacker may be able to execute arbitary code. Solution Do not use Winny Please discontinue use of Winny. Products Affected Winny...

7.5CVSS7.2AI score0.03372EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/04/07 12:0 a.m.40 views

JVN#49467403 Internet Explorer information disclosure vulnerability

Internet Explorer contains an issue when handling content using specific encoding strings that may lead to an information disclosure vulnerability. Impact When a user opens specially crafted web page, an attacker may be able to obtain sensitive information. Solution Update the software Apply the...

6.5CVSS5.7AI score0.29229EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/01/12 12:0 a.m.40 views

JVN#22247093 WebCalenderC3 vulnerable to directory traversal

WebCalenderC3 from C3 Corp. is a calender software. WebCalenderC3 contains a directory traversal vulnerability. Impact A remote attacker could view an arbitrary file on the server. Solution Update the Software Update to the latest version according to the information provided by the developer...

5CVSS6.5AI score0.01564EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/04/24 12:0 a.m.40 views

JVN#97248625 Movable Type cross-site scripting vulnerability

Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is a different vulnerability than past reports on JVN. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest versio...

4.3CVSS5.7AI score0.01263EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/01/28 12:0 a.m.40 views

JVN#88575577 Multiple Yamaha routers vulnerable to cross-site request forgery

Multiple Yamaha routers provide a web-based interface for users to configure the settings of the routers. The web interface is vulnerable to cross-site request forgery. Impact If the administrator views a malicious website while logged onto the web interface, the password and other configuration...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/08/02 12:0 a.m.40 views

JVN#16018033 Safari URL spoofing vulnerability

Apple's Safari is a web browser installed as default with Mac OS X. There is a problem in Safari where URLs displayed in the address bar could be spoofed to deceive Safari users. This could be conducted by using Unicode characters that look alike to ASCII characters as URL strings. Impact As it i...

4.3CVSS6.3AI score0.02444EPSS
Exploits3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/01/05 12:0 a.m.40 views

JVN#65500885 Serene Bach cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Also, session information or credential information kept in a cookie could be leaked. Solution Products Affected Serene Bach ver 2.05R and earlier Serene Bach ver 2.08D and earlier sb 1.13D and earlier sb 1.18R and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/06/14 12:0 a.m.40 views

JVN#74969119 Microsoft Internet Explorer address bar spoofing vulnerability

Impact An user could be navigated to visit an untrusted malicous website even though the user intends to visit a trusted website. Therefore an attacker could possibly conduct a physing attack. Solution Products Affected Microsoft Internet Explorer For more information, refer to the vendor's websi...

4.3CVSS6.2AI score0.19154EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2005/12/15 12:0 a.m.40 views

JVN#06045169 mod_imap cross-site scripting vulnerability

Impact A remote attacker could execute a malicious script on the web browser of a user who accessed a web page where modimap or modimagemap is used. Solution Products Affected For more information, refer to the vendor's website...

4.3CVSS9.4AI score0.73692EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/04/16 12:0 a.m.39 views

JVN#23835228: Proscend Communications M330-W and M330-W5 vulnerable to OS command injection

M330-W and M330-W5 provided by Proscend Communications Inc. are LTE Industrial Cellular Routers. M330-W and M330-W5 contain an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed by an attacker who has access to the product. Solution Update the firmware The...

9.8CVSS8.3AI score0.02311EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/25 12:0 a.m.39 views

JVN#46874970: 0ch BBS Script (0ch) vulnerable to cross-site scripting

0ch BBS Script 0ch according to the original report submitted by the reporter provided by Zerochannel according to the original report submitted by the reporter is bulletin board software. 0ch BBS Script 0ch contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be...

6.1CVSS6AI score0.00313EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/06 12:0 a.m.39 views

JVN#34328023: FUJIFILM Business Innovation Corp. printers vulnerable to cross-site request forgery

Multiple printers provided by FUJIFILM Business Innovation Corp. contain a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logging in, the user information may be altered. In the case the user is an administrator, the settings such as the...

6.3CVSS6.2AI score0.00201EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/11/17 12:0 a.m.39 views

JVN#13618065: Redmine vulnerable to cross-site scripting

Redmine contains a cross-site scripting vulnerability CWE-79 due to improper character string processing. Impact An arbitrary script may be executed on the web browser of the user who is using the product. Solution Update the Software Update the software to the latest version according to the...

6.1CVSS6AI score0.00397EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/10/30 12:0 a.m.39 views

JVN#48057522: Inkdrop vulnerable to code injection

Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains a code injection vulnerability CWE-94. Impact If a specially crafted markdown file is opened using the product, arbitrary code may be executed. Solution Update the Software The developer states that Inkdrop has an...

7.8CVSS7.8AI score0.00288EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/05/08 12:0 a.m.39 views

JVN#13306058: JINS MEME CORE uses a hard-coded cryptographic key

JINS MEME CORE provided by JINS Inc. is a nose pad type sensor attached to a glass frame. JINS MEME CORE uses a hard-coded cryptographic key CWE-321. Impact A network-adjacent attacker may decrypt data acquired by a sensor of the affected product. Solution Update the firmware Update the firmware ...

6.5CVSS6.4AI score0.00279EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/12/19 12:0 a.m.39 views

JVN#13075438: Corel Roxio Creator LJB starts a program with an unquoted file path

Roxio Creator LJB provided by Corel Corporation starts another program with an unquoted file path CWE-428. Impact Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of t...

6.7CVSS6.4AI score0.00431EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/27 12:0 a.m.39 views

JVN#40907489: "Hulu / フールー" App for Android uses a hard-coded API key for an external service

"Hulu / フールー" App for Android provided by HJ Holdings, Inc. uses a hard-coded API key for an external service CWE-798. Impact The hard-coded API key may be retrieved via reverse-engineering the application binary. Note that the application users are not directly affected by this vulnerability...

7.5CVSS7.5AI score0.00575EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/15 12:0 a.m.39 views

JVN#79254445: Multiple ETUNA EC-CUBE plugins vulnerable to cross-site scripting

Multiple EC-CUBE plugins provided by ETUNA contain a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE. As of 2021 June 15, an attack exploting this vulnerability has been observed in the wild. Impact...

6.1CVSS6.1AI score0.01121EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 12:0 a.m.39 views

JVN#68244135: rNote vulnerable to cross-site scripting

rNote provided by Woody Rinn is software to create a blog. rNote contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing an website that uses rNote. Solution Consider stop using rNote 0.9.7.5 Since the...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/11/26 12:0 a.m.39 views

JVN#26838191: WordPress Plugin "WP Spell Check" vulnerable to cross-site request forgery

WordPress Plugin "WP Spell Check" provided by WP Spell Check contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the information...

8.8CVSS8.6AI score0.00678EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/01/24 12:0 a.m.39 views

JVN#98505783: HOUSE GATE App for iOS vulnerable to directory traversal

HOUSE GATE App for iOS provided by HOUSE GATE inc. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device. As a...

8.6CVSS7.7AI score0.03305EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/11/16 12:0 a.m.39 views

JVN#76382932: Robotic appliance COCOROBO vulnerable to session management

Robotic appliance COCOROBO provided by Sharp Corporation is a robot with cleaning function. Robotic appliance COCOROBO contains a vulnerability in session management CWE-639. Impact An attacker on the same LAN may impersonate a user to accessing product. As a result, there is a possibility that a...

4.6CVSS4.7AI score0.00421EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/13 12:0 a.m.39 views

JVN#94771799: Installer of QuickTime for Windows may insecurely load Dynamic Link Libraries

Installer of QuickTime for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Do not use Installer of QuickTime for Windows T...

7.8CVSS7.7AI score0.00733EPSS
Exploits0
Total number of security vulnerabilities5000