Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/20 12:0 a.m.•39 views

JVN#18739672: WordPress plugin "Booking Calendar" vulnerable to directory traversal

The WordPress plugin "Booking Calendar" provided by wpdevelop contains a directory traversal vulnerability CWE-22. Impact A local file outside of the application on the server may be accessed by a remote attacker. Solution Update the Software Update to the latest version according to the...

5.3CVSS5.2AI score0.02397EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/19 12:0 a.m.•39 views

JVN#15222211: Cybozu Garoon vulnerable to cross-site request forgery

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, the user may be forced to log out. Solution Update the Software Update to the latest version according to the...

4.3CVSS4.9AI score0.01262EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/11 12:0 a.m.•39 views

JVN#25060672: Multiple Corega wireless LAN routers vulnerable to cross-site scripting

Multiple Corega wireless LAN routers contain a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Use CG-WLR300NX or CG-WFR600 CG-WLBARGMH and CG-WLBARGNL are no longer being supported, therefore fix for this vulnerability wil...

6.1CVSS6.1AI score0.01195EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/11 12:0 a.m.•39 views

JVN#92237169: CG-WLR300NX vulnerable to cross-site scripting

CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Update to the latest version of firmware according to the information...

4.8CVSS4.9AI score0.00765EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/01 12:0 a.m.•39 views

JVN#91002412: The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries

The installer of The Public Certification Service for Individuals "The JPKI user's software" provided by Japan Agency for Local Authority Information Systems J-LIS contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be...

9.3CVSS7.7AI score0.01829EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/01 12:0 a.m.•39 views

JVN#27260483: mobiGate App fails to verify SSL server certificates

mobiGate App provided by Nihon Unisys, Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by the...

5.9CVSS5.3AI score0.00642EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/26 12:0 a.m.•39 views

JVN#76780067: Installer of 7-Zip for Windows may insecurely load Dynamic Link Libraries

7-Zip for Windows is an open source compression and decompression software. The installer of 7-Zip for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoking the...

7.8CVSS7.7AI score0.01811EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/15 12:0 a.m.•39 views

JVN#94779084: H2O use of externally-controlled format string

H2O is an open source web server software. H2O uses externally-controlled format strings CWE-134 in the code which output error logs. Impact An unauthenticated remote attacker may cause a denial-of-service DoS condition. Solution Update the Software Update to the latest version according to the...

7.5CVSS7.5AI score0.01802EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/22 12:0 a.m.•39 views

JVN#67595539: Cybozu Garoon multiple cross-site scripting vulnerabilities

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains multiple cross-site scripting vulnerabilities. Cross-site scripting in the "Response request" function - CVE-2016-1214 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score:...

6.1CVSS6.5AI score0.01152EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/22 12:0 a.m.•39 views

JVN#67266823: Cybozu Garoon vulnerable to open redirect

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an open redirect vulnerability in the "Scheduler" function. Impact When accessing a specially crafted URL, a user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack...

6.1CVSS6.4AI score0.01331EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/18 12:0 a.m.•39 views

JVN#58455472: OSSEC Web UI vulnerable to cross-site scripting

OSSEC Web UI is a web interface for use with Open Source HIDS Security OSSEC. OSSEC Web UI contains a cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the...

6.1CVSS6.1AI score0.01286EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/18 12:0 a.m.•39 views

JVN#28386124: ClipBucket vulnerable to cross-site scripting

Clipbucket is open source video sharing script. ClipBucket contains a cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the vendor...

6.1CVSS6AI score0.01627EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/04 12:0 a.m.•39 views

JVN#06920277: Coordinate Plus App fails to verify SSL server certificates

Coordinate Plus App provided by Toshiba Corporation fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by th...

5.9CVSS5.3AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 12:0 a.m.•39 views

JVN#13794955: Source code of Old_GSI_Maps prior to January, 2015 vulnerable to directory traversal

kml2jsonp.php contained in source code of OldGSIMaps prior to January, 2015 provided by the Geospatial Information Authority of Japan GSI contains a directory traversal vulnerability CWE-22. Impact When the product is used in Windows, a remote attacker may obtain arbitrary files from the server...

7.5CVSS7.6AI score0.02181EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/05 12:0 a.m.•39 views

JVN#49476817: DX Library vulnerable to buffer overflow

DX Library is an open source library for creating Windows application. DX Library contains a buffer overflow vulnerability due to a flaw in processing an inner function CLvsprintf. Impact When processing a specially crafted string, an application built using DX Library may allow an arbitrary code...

7.8CVSS8AI score0.02217EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/02 12:0 a.m.•39 views

JVN#04281281: ISUCON5 qualifier portal web application (eventapp) vulnerable to OS command injection

ISUCON5 qualifier portal web application eventapp provided by ISUCON organizers contains an OS command injection CWE-78 vulnerability. Impact A logged in attacker may execute arbitrary OS commands on the server. Solution Update the Software Update to the latest version according to the informatio...

6.5CVSS7.5AI score0.02454EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/01 12:0 a.m.•39 views

JVN#49503705: Python for Windows may insecurely load dynamic libraries

Python for Windows contains an issue with the DLL search path, which may lead to insecurely loading a DLL called readline.pyd. Impact Arbitray code may be executed with the privileges of python.exe. Solution Apply a workaround Applying the following workaround will mitigate the effects of this...

7.2CVSS6.4AI score0.0059EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 12:0 a.m.•39 views

JVN#83862346: MEGAPHONE MUSIC vulnerable to URL whitelist bypass

MEGAPHONE MUSIC provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". MEGAPHONE MUSIC contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Impact Android version of this app may allow an...

6.8CVSS6.2AI score0.01503EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/12 12:0 a.m.•39 views

JVN#78240242: Photo Gallery CMS for PC, smartphone and feature phone (Free) vulnerable to cross-site request forgery

Photo Gallery CMS for PC, smartphone and feature phone Free provided by PHP Kobo contains a cross-site request forgery CWE-352 vulnerability in admin.php. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Software Replace admin.ph...

6.8CVSS6.3AI score0.00649EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/24 12:0 a.m.•39 views

JVN#10559378: Research Artisan Lite does not properly perform authentication

Research Artisan Lite provided by Research Artisan Project is an access analysis tool. Research Artisan Lite does not properly perform authentication CWE-592. Impact An attacker may perform operations in Research Artisan Lite without logging into the system. Solution Update the Software Update to...

5CVSS6.4AI score0.01344EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/14 12:0 a.m.•39 views

JVN#18957556: Cacti vulnerable to SQL injection

Cacti is a web application that graphs stored data collected from network devices. Cacti contains a SQL injection vulnerability due to a flaw in processing user input values for 'localgraphid' in graph.php. Impact Arbitrary SQL queries may be injected in the back-end database by a remote...

6.5CVSS6.5AI score0.01084EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/02/13 12:0 a.m.•39 views

JVN#48659722: Smartphone Passbook for Android information management vulnerability

Smartphone Passbook for Android contains an issue where user inputs are output into a log file. Impact Other android applications with permissions to read system log files may obtain information entered by a user. Solution Update the Software Update to the latest version according to the...

1.8CVSS6.2AI score0.00401EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/18 12:0 a.m.•39 views

JVN#76515134: WBS Gantt-Chart for JIRA vulnerable to cross-site scripting

WBS Gantt-Chart for JIRA provided by Ricksoft Inc. is an add-on for JIRA which provides WBS Work Breakdown Structure and Gantt-Chart features. WBS Gantt-Chart for JIRA contains a flaw in exporting data, which may lead to cross-site scripting CWE-79. Impact An arbitrary script may be executed on t...

4.3CVSS5.7AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/09 12:0 a.m.•39 views

JVN#89613370: i-HTTPD vulnerable to cross-site scripting

i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in generating a directory index page, which may lead to a cross-site scripting CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use i-HTTPD i-HTTPD is no longer being developed or maintained...

4.3CVSS5.8AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/04 12:0 a.m.•39 views

JVN#24909891: Kaku-San-Sei Million Arthur for Android information management vulnerability

Kaku-San-Sei Million Arthur provided by SQUARE ENIX CO., LTD. is a gaming application. Kaku-San-Sei Million Arthur for Android contains an information management vulnerability. Impact Android applications with permissions to read information stored on SD cards may obtain product credentials...

5CVSS6.2AI score0.00982EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/24 12:0 a.m.•39 views

JVN#05329568: Login rebuilder vulnerable to cross-site request forgery

Login rebuilder is a plugin for WordPress. Login rebuilder contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Update the Software Update to the latest version according to the information...

6.8CVSS6.1AI score0.01076EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/03/17 12:0 a.m.•39 views

JVN#16263849: Demaecan for Android. contains an issue where it fails to verify SSL server certificates

Demaecan for Android. contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...

5.8CVSS6.2AI score0.00587EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/20 12:0 a.m.•39 views

JVN#61077110: EC-CUBE vulnerable to information disclosure

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in processing the output of error logs, which may lead to information disclosure. Impact A user who visits the shopping site may view the information managed by the website owner...

4.3CVSS6AI score0.01309EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/10/04 12:0 a.m.•39 views

JVN#33788325: Accela BizSearch vulnerable to cross-site scripting

Accela BizSearch provided by Accela Technology Corporation is an enterprise search system. Accela BizSearch contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply a patch Apply the patch according to the information...

4.3CVSS6AI score0.01792EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/09/06 12:0 a.m.•39 views

JVN#72911629: VMware ESX and ESXi vulnerable to directory traversal

VMware ESX and ESXi contains a directory traversal vulnerability. Impact A remote attacker may delete arbitrary files on the host operating system. Solution Apply an Update Apply the latest update for the version of the software being used. Products Affected VMware ESXi 5.0 without patch...

9.4CVSS6.8AI score0.03687EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/05/31 12:0 a.m.•39 views

JVN#53579095: FileMaker Pro vulnerable to cross-site scripting

FileMaker Pro contains an "Instant Web Publishing" function. When this function is enabled, FileMaker Pro is vulnerable to cross-scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the software Upgrade to the latest version according to the informatio...

4.3CVSS6AI score0.01792EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/06/14 12:0 a.m.•39 views

JVN#90751882: Dolphin Browser vulnerable in the WebView class

Dolphin Browser is a web browser for Android devices. Dolphin Browser HD and Dolphin for Pad contain a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Upda...

4.3CVSS6.2AI score0.01066EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/02 12:0 a.m.•39 views

JVN#71435255: Multiple vulnerabilities in Phorum

Phorum is a message board software. Phorum contains cross-site request forgery and cross-site scripting vulnerabilities. Impact An arbitrary file may be uploaded or an arbitrary script may be executed on the web browser of a user that is logged in. Solution Update the software Update to the lates...

6.8CVSS5.8AI score0.01042EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/28 12:0 a.m.•39 views

JVN#36721438: Mozilla Firefox vulnerability in processing content-length header

Mozilla Firefox contains a vulnerability in the processing of content-length header. Impact When a malicious website is viewed, a script may be injected within a response from another domain. Solution Update the software Update to the latest version according to the information provided by the...

8.8CVSS8.5AI score0.01111EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/28 12:0 a.m.•39 views

JVN#74649877: Mozilla Firefox vulnerable to cross-site scripting

Mozilla Firefox contains a vulnerability in the rendering of Cascading Style Sheets CSS, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided ...

6.1CVSS5.8AI score0.00697EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/24 12:0 a.m.•39 views

JVN#55508059: Cybozu Office vulnerable to cross-site scripting

Cybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability due to issues contained in the address book and user list functions. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Update the software Update to the late...

4.3CVSS5.8AI score0.01263EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/10 12:0 a.m.•39 views

JVN#09206238: Java Web Start may insecurely load settings files

Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the file search path, which may insecurely load settings files. Impact An attacker may execute arbitrary code with t...

7.6CVSS8.7AI score0.02437EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/10 12:0 a.m.•39 views

JVN#37878530: EC-CUBE vulnerable to cross-site request forgery

EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, information stored within EC-CUBE may be altered. Solution Update the Software Apply t...

5.8CVSS6AI score0.0061EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/04/11 12:0 a.m.•39 views

JVN#55714408: Multiple Yamaha routers vulnerable to denial-of-service (DoS)

Multiple routers provided by Yamaha contain a denial-of-service DoS vulnerability due to an issue in processing IP packets. Impact A remote attacker may cause a denial-of-service DoS. Solution Update the firmware Update to the latest version of firmware according to the information provided by th...

7.8CVSS6.4AI score0.01633EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/04/08 12:0 a.m.•39 views

JVN#11424086: Password Vault Web Access vulnerable to cross-site scripting

Password Vault Web Access PVWA is a module in the Privileged Identity Management Suite that allows access via a web portal. PVWA contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Apply a patch Apply t...

4.3CVSS5.8AI score0.01053EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/12/15 12:0 a.m.•39 views

JVN#33301529: Internet Explorer vulnerable to cross-site scripting

Microsoft Internet Explorer contains a vulnerability in handling specific ISO-2022-JP encoded characters, which may result in cross-site scripting. Impact An arbitrary script may be executed. Solution Update the Software Apply the latest update according to the information provided by Microsoft...

4.3CVSS5.7AI score0.13615EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/22 12:0 a.m.•39 views

JVN#50610528: Sleipnir and Grani may insecurely load dynamic libraries

Sleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani loads certain DLL's when HTML files are opened. Sleipnir and Grani contain an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact An attacker may execute arbitrary code with the...

6.9CVSS7.2AI score0.00287EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/11/19 12:0 a.m.•39 views

JVN#87341298 Redmine vulnerable to cross-site request forgery

Redmine is a project management software. Redmine contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged into Redmine, an arbitrary ticket may be deleted. Solution Update the Software Update to the latest version according to the information...

6.8CVSS6.2AI score0.00719EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/05/29 12:0 a.m.•39 views

JVN#70836284 IMG-BBS from MT312 vulnerable to cross-site scripting

IMG-BBS from MT312, is a web log system that supports posting picture files via email from a mobile phone. IMG-BBS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update the software to the latest...

4.3CVSS6AI score0.01033EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/04/27 12:0 a.m.•39 views

JVN#76370393 FORM2MAIL from CGI RESCUE allows unauthorized email transmission

FORM2MAIL from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. FORM2MAIL contains a vulnerability which allows unauthorized email transmission regardless of the configuration. Impact A remote attacker may send emails to arbitrary addresses. Solution Updat...

5CVSS6.3AI score0.01222EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/01/20 12:0 a.m.•39 views

JVN#93431860 Oracle WebLogic Server vulnerable to cross-site scripting

Oracle WebLogic Server is an application server based on Java Platform Enterprise Edition 5 JavaEE5. Oracle WebLogic Server contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest updates...

6.8CVSS5.8AI score0.01434EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/08/21 12:0 a.m.•39 views

JVN#53886050 Vulnerability in La!cooda WIZ and LacoodaST allowing an arbitrary PHP script execution

La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a vulnerability which may allow a malicious user to execute an arbitrary PHP script on the server. Impact If an arbitrary...

10CVSS6.9AI score0.0266EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/02/14 12:0 a.m.•39 views

JVN#14243645 Adobe JRun cross-site scripting vulnerability

Impact An arbitrary script may be executed on the browser of the administrator logged into Adobe JRun. In addition, if session information from a cookie is leaked, an remote attacker could possibly conduct session hijacking. Solution Products Affected Adobe JRun 4.0 ColdFusion MX 6.1 Enterprise...

4.3CVSS6.4AI score0.02786EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/04/26 12:0 a.m.•39 views

JVN#72225922 Apache Struts Validator allows to bypass input data validation

Impact Depending on the web application, an attacker may be able to manipulate unexpected operations by bypassing validation of input data. For example, unintended format data may be saved. Solution Products Affected Apache Struts 1.2.8 and earlier...

7.5CVSS7.4AI score0.06142EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/10/11 12:0 a.m.•39 views

JVN#23632449: OpenSSL version rollback vulnerability

Impact When performing communication through a path controlled by an attacker using OpenSSL, the attacker conducting a man-in-the-middle MITM attack can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0 to intercept or alter data...

5CVSS5.5AI score0.04866EPSS
Exploits0
Total number of security vulnerabilities5000