Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/10 12:0 a.m.164 views

JVN#87655507: CREATE SD official App for Android fails to restrict access permissions

CREATE SD official App for Android provided by CREATE S・D CO., LTD. implements the function to access a requested URL using an Intent. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an Intent from an arbitrary App and to access...

5.8CVSS5.6AI score0.01133EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/06/27 12:0 a.m.161 views

JVN#58362455: MemoCGI vulnerable to directory traversal

MemoCGI provided by ChamaNet contains a directory traversal vulnerability CWE-22. Impact A remote attacker may view files on the server. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected MemoCGI v2.1800 to v2.2200...

7.5CVSS7.5AI score0.0218EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/13 12:0 a.m.159 views

JVN#13076220: RFNTPS vulnerable to OS command injection

RFNTPS provided by NIPPON ANTENNA Co.,Ltd. is a terrestrial reception type NTP server. RFNTPS contains an OS command injection vulnerability CWE-78. Impact A user on the same LAN who can access the product may execute an arbitrary OS command with root privilege. Solution Update the Firmware Updat...

7.7CVSS6.8AI score0.0044EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/07/16 12:0 a.m.158 views

JVN#48981892: WordPress Plugin "WordPress Ultra Simple Paypal Shopping Cart" vulnerable to cross-site request forgery

WordPress Plugin "WordPress Ultra Simple Paypal Shopping Cart" provided by Mike Castro Demaria contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin...

8.8CVSS8.6AI score0.00853EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/11/27 12:0 a.m.157 views

JVN#55263945: Multiple vulnerabilities in RICOH Interactive Whiteboard

RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. Command injection CWE-94 - CVE-2018-16184 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2| AV:N/AC:L/AU:N/C:C/I:C/A:C| Bas...

10CVSS8AI score0.04317EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/09/13 12:0 a.m.149 views

JVN#11708203: Multiple buffer overflow vulnerabilities in multiple Ricoh printers and Multifunction Printers (MFPs)

Multiple printers and Multifunction Printers MFPs provided by RICOH COMPANY, LTD. contain multiple buffer overflows vulnerabilities listed below. Buffer overflow in parsing HTTP cookie header CWE-119 - CVE-2019-14300 Version| Vector| Score ---|---|--- CVSS v3|...

9.8CVSS9.8AI score0.0312EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/11/18 12:0 a.m.145 views

JVN#94245475: Movable Type Premium vulnerable to cross-site scripting

Movable Type Premium provided by Six Apart Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged-in user's web browser. Solution Update the software Update the software to the latest version according to the information provided by the...

5.4CVSS5.3AI score0.00585EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/09/10 12:0 a.m.145 views

JVN#74699196: SHIRASAGI vulnerable to open redirect

SHIRASAGI provided by SHIRASAGI Project contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the...

6.1CVSS6.1AI score0.0185EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/08/26 12:0 a.m.144 views

JVN#71877187: Cybozu Garoon vulnerable to SQL injection

Cybozu Garoon provided by Cybozu, Inc. contains an SQL injection vulnerability CWE-89 in the processing of Todo portlet. Impact A user who can login to the product may obtain or alter information stored in the database. Solution Apply the Patch Apply the patch according to the information provide...

7.6CVSS7.7AI score0.01208EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/02/27 12:0 a.m.143 views

JVN#56542712: Multiple vulnerabilities in Nablarch

Nablarch provided by TIS Inc. contains multiple vulnerabilities listed below. The vulnerability in the function of generic formatter by XXE attacks CWE-611 - CVE-2019-5918 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H| Base Score: 8.2 CVSS v2|...

9.1CVSS9.5AI score0.01863EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/02/27 12:0 a.m.143 views

JVN#88862608: Joyful Note vulnerability in handling files

Joyful Note from KENT-WEB is a bulletin board software that allows users to upload binary files such as image files. Joyful Note contains a vulnerability in handling files. Impact A remote attacker may create arbitrary files or delete existing files on the server. As a result, arbitrary code may ...

7.5CVSS6.9AI score0.02622EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/09/12 12:0 a.m.141 views

JVN#39383894: apng-drawable vulnerable to integer overflow

apng-drawable provided by LINE Corporation contains an integer overflow vulnerability CWE-190. Impact An attacker may cause a denial of service DoS condition or execute arbitrary code. Solution Update the Software The developer released apng-drawable that contains a fix for this vulnerability...

8.8CVSS9AI score0.02028EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/23 12:0 a.m.141 views

JVN#33652328: WordPress plugin "WP Open Graph" vulnerable to cross-site request forgery

WordPress plugin "WP Open Graph" provided by Custom4Web contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the information provided ...

8.8CVSS8.6AI score0.00555EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/02/18 12:0 a.m.139 views

JVN#50810870: Installer of Adobe Creative Cloud Desktop Application may insecurely load Dynamic Link Libraries

Installer of Creative Cloud Desktop Application provided by Adobe contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...

7.8CVSS7.7AI score0.03279EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/09 12:0 a.m.138 views

JVN#12969207: HPE Agentless Management registers unquoted service paths

HP Agentless Management provided by Hewlett Packard Enterprise registers some Windows services with unquoted file paths CWE-428. Impact When a registered Windows service path contains spaces and is unquoted, and a malicious executable is placed on a certain path, the executable may be executed wi...

6.7CVSS6.8AI score0.00237EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/17 12:0 a.m.138 views

JVN#41646618: Huawei EchoLife HG8045Q vulnerable to OS command injection

EchoLife HT8045Q provided by Huawei is an ONT Optical Network Terminal device. It is equipped with the command line interface for network operators' maintenance purpose, which is disabled by default. When the command line interface is enabled, operators can interact with a certain restricted set ...

6.9CVSS6.8AI score0.00347EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/02/28 12:0 a.m.137 views

JVN#79543573: The installer of Microsoft Teams may insecurely load Dynamic Link Libraries

The installer of Microsoft Teams contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Microsoft states that the root cause of this vulnerability is "Application Directory App Dir DLL planting" , thus there is no plan to release any...

7.8CVSS7.7AI score0.04605EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/03/05 12:0 a.m.135 views

JVN#40288903: Dradis Community Edition and Dradis Professional Edition vulnerable to cross-site scripting

Dradis Community Edition and Dradis Professional Edition provided by Security Roots Ltd contain a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest version of software according to the...

5.4CVSS5.3AI score0.0082EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/06/17 12:0 a.m.135 views

JVN#30962312: TERASOLUNA Server Framework for Java(Web) vulnerable to ClassLoader manipulation

TERASOLUNA Server Framework for JavaWeb provided by NTT DATA Corporation is a software framework for creating Java web applications. TERASOLUNA Server Framework for JavaWeb bundles Apache Struts 1.2.9, which contains a vulnerability where the ClassLoader may be manipulated CVE-2014-0114. Therefor...

7.5CVSS7.7AI score0.96121EPSS
Exploits4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/26 12:0 a.m.132 views

JVN#96783542: Multiple vulnerabilities in multiple LOGITEC products

Multiple products provided by LOGITEC CORPORATION contain multiple vulnerabilities listed below. Improper restriction of excessive authentication attempts CWE-307 - CVE-2021-20635 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 4.3 CVSS v2|...

7.7CVSS7.6AI score0.00993EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/10/11 12:0 a.m.132 views

JVN#14776551: Multiple vulnerabilities in WordPress Plugin "wpDataTables Lite"

WordPress Plugin "wpDataTables Lite" provided by TMS-Plugins contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6011 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N|...

7.2CVSS7.4AI score0.01447EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/19 12:0 a.m.131 views

JVN#20248858: WordPress Plugin "Paid Memberships Pro" vulnerable to SQL injection

WordPress Plugin "Paid Memberships Pro" contains an SQL injection vulnerability CWE-89. Impact An attacker who can access the administrative page of Paid Membership Pro may obtain and/or alter the information stored in the database. Solution Update the plugin Update the plugin according to the...

7.2CVSS7.1AI score0.0119EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/03/12 12:0 a.m.131 views

JVN#11622218: iChain Insurance Wallet App for iOS vulnerable to directory traversal

iChain Insurance Wallet App for iOS provided by iChain, Inc. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device...

8.6CVSS7.7AI score0.03305EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/10/07 12:0 a.m.129 views

JVN#59436681: Multiple vulnerabilities in EC-CUBE module "REMISE Payment module (2.11, 2.12 and 2.13)"

EC-CUBE module "REMISE Payment module 2.11, 2.12 and 2.13" provided by REMISE Corporation contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2019-6016 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

6.1CVSS6.1AI score0.01072EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/02/12 12:0 a.m.129 views

JVN#40439414: A vulnerability in V20 PRO L-01J that may cause a crash

V20 PRO L-01J provided by NTT DOCOMO, INC. is an Android smartphone. V20 PRO L-01J contains a flaw in processing connection using Wi-Fi CERTIFIED Passpoint which may result in the device to crash when Poasspoint is enabled. Impact If an attacker sets up a specially crafted Passpoint applied acces...

5.7CVSS5AI score0.00475EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/10/23 12:0 a.m.128 views

JVN#34634458: PowerCMS vulnerable to open redirect

PowerCMS provided by Alfasado Inc. contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update the software t...

6.1CVSS6.2AI score0.00851EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/04/01 12:0 a.m.127 views

JVN#01119243: API server used by JR East Japan train operation information push notification App for Android fails to restrict access permissions

JR East Japan train operation information push notification App for Android provided by East Japan Railway Company fails to restrict access permissions CWE-284. The application is no longer available/supported, and its service was ended in 2019 march 23. Impact A remote attacker may obtain or alt...

9.1CVSS9AI score0.01921EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/01/18 12:0 a.m.124 views

JVN#83655695: Multiple Dahua Technology products vulnerable to authentication bypass

Multiple products provided by Dahua Technology contain an authentication bypass vulnerability CWE-287. Impact The product's identity verification may be bypassed if a remote attacker sends specially crafted data packets. Solution Update the software Update the software to the latest version...

10CVSS9.4AI score0.99871EPSS
Exploits12
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/10/15 12:0 a.m.124 views

JVN#74530672: NetCommons3 vulnerable to cross-site scripting

NetCommons3 provided by The NetCommons Project contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...

6.1CVSS6AI score0.00781EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/11/28 12:0 a.m.123 views

JVN#25359688: EC-CUBE vulnerable to open redirect

EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted page, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a...

6.1CVSS6.1AI score0.01297EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/07/28 12:0 a.m.122 views

JVN#62161191: JavaFX WebEngine does not properly restrict Java method execution

JavaFX, GUI library for Java applications, is provided with OracleJDK 7 through 10. Since OracleJDK 11, JavaFX is separately maintained and developed by OpenJFX project under OpenJDK community. JavaFX WebEngine component is capable of web content rendering, and possible to be configured to allow...

6.8CVSS7.4AI score0.4136EPSS
Exploits8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/29 12:0 a.m.121 views

JVN#78745667: Multiples security updates for multiple Cybozu products

Cybozu, Inc. has released multiple security updates for multiple Cybozu products. CyVDB-2465 Credential Disclosure Vulnerability - CVE-2020-5572 CyVDB-2484 Credential Disclosure Vulnerability - CVE-2020-5573 Impact A user who can login to the product may obtain sensitive information registered in...

4.6CVSS4.6AI score0.00335EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/12/20 12:0 a.m.121 views

JVN#10377257: Multiple vulnerabilities in a-blog cms

a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2019-6033 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3...

6.1CVSS6.7AI score0.00781EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/12/21 12:0 a.m.121 views

JVN#13199224: PgpoolAdmin fails to restrict access permissions

PgpoolAdmin provided by PgPool Global Development Group fails to restrict access permissions CWE-264. Impact A remote attacker may bypass the login authentication and obtain the administrative privilege of the PostgreSQL database. Solution Update the Software Update to the latest version accordin...

9.8CVSS9.7AI score0.0172EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/10/07 12:0 a.m.120 views

JVN#95875796: Multiple OS command injection vulnerabilities in DBA-1510P

DBA-1510P provided by D-Link Japan K.K. contains multiple OS command injection vulnerabilities listed below. OS command injection vulnerability in Command Line Interface CLI CWE-78 - CVE-2019-6013 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score...

8.8CVSS7.8AI score0.01245EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/02/28 12:0 a.m.120 views

JVN#69181574: Windows 7 may insecurely load Dynamic Link Libraries

In standard DLL files provided by Windows 7, there are some DLL files read from the same directory where the program resides when executing the program CWE-427. Microsoft states that the root cause of this vulnerability is "Application Directory App Dir DLL planting" , thus there is no plan to...

7.8CVSS7.7AI score0.04605EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/02/20 12:0 a.m.120 views

JVN#05875753: azure-umqtt-c vulnerable to denial-of-service (DoS)

azure-umqtt-c contains a denial-of-service DoS vulnerability CWE-400. Impact An attacker may be able to cause a denial-of-service DoS. Solution Apply the update Update azure-umqtt-c according to the information provided by the developer. Products Affected azure-umqtt-c that was available through...

7.5CVSS7.3AI score0.2142EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/20 12:0 a.m.119 views

JVN#41119755: Movable Type XMLRPC API vulnerable to OS command injection

Movable Type XMLRPC API provided by Six Apart Ltd. contains an OS command injection vulnerability CWE-78. Sending a specially crafted message by POST method to Movavle Type XMLRPC API may allow arbitrary OS command execution. 【Updated on 2021 November 10】 As of 2021 November 10, a Proof-of-Concep...

9.8CVSS9.8AI score0.88144EPSS
Exploits11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/13 12:0 a.m.119 views

JVN#42031953: FileCapsule Deluxe Portable and Encrypted Files in Self-Decryption Format created by FileCapsule Deluxe Portable may insecurely load Dynamic Link Libraries

FileCapsule Deluxe Portable is a file encryption software. FileCapsule Deluxe Portable contains the following vulnerabilities. FileCapsule Deluxe Portable insecurely load Dynamic Link Libraries CWE-427 - CVE-2017-2265, CVE-2017-2267, CVE-2017-2269 Version| Vector| Score ---|---|--- CVSS v3|...

9.3CVSS7.6AI score0.01059EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/22 12:0 a.m.118 views

JVN#38248512: Multiple vulnerabilities in Aterm WF800HP, Aterm WG2600HP, and Aterm WG2600HP2

Aterm WF800HP, Aterm WG2600HP, and Aterm WG2600HP2 provided by NEC Corporation contain multiple vulnerabilities listed below. Aterm WF800HP: Cross-site Scripting CWE-79 - CVE-2021-20620 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS...

8.8CVSS7.4AI score0.02334EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/12/14 12:0 a.m.118 views

JVN#87535892: Multiple vulnerabilities in Aterm WF1200CR and Aterm WG1200CR

Aterm WF1200CR and Aterm WG1200CR provided by NEC Corporation contain multiple vulnerabilities listed below. Information disclosure CWE-200 - CVE-2018-16192 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 4.3 CVSS v2|...

9CVSS7.1AI score0.01399EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/05 12:0 a.m.117 views

JVN#40208370: XACK DNS vulnerable to denial-of-service (DoS)

XACK DNS is DNS server software provided by XACK, Inc. XACK DNS contains a denial-of-service DoS vulnerability due to an issue commonly referred to as NXNSAttack. Impact A remote attacker may be able to cause denial-of-service DoS conditions listed below. The performance of the recursive resolver...

8.6CVSS8AI score0.10593EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/08 12:0 a.m.117 views

JVN#05340005: WCR-1166DS vulnerable to OS command injection

WCR-1166DS provided by BUFFALO INC.is a wireless LAN router. WCR-1166DS contains an OS command injection vulnerability CWE-78. Impact A user who can access the administrative console of the device may execute an arbitrary OS command. Solution Update the Firmware Apply the firmware update accordin...

7.7CVSS6.9AI score0.00732EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/15 12:0 a.m.116 views

JVN#87164507: Calsos CSDJ fails to restrict access permissions

Calsos CSDJ provided by NEC Platforms, Ltd. fails to restrict access permissions CWE-264, which may lead to an unauthorized user being able to view the historical data without access privileges. Impact A user who can login to the product may obtain unauthorized historical data without access...

5.3CVSS5.1AI score0.01191EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/02/06 12:0 a.m.115 views

JVN#43193964: OpenAM (Open Source Edition) vulnerable to open redirect

OpenAM Open Source Edition contains an open redirect vulnerability. Impact When accessing a specially crafted page, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Apply the Patch Patch for this vulnerability has been...

6.1CVSS6.3AI score0.01099EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/04/27 12:0 a.m.114 views

JVN#35649781: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Authentication bypass in the API used to specify the fields CWE-287 - CVE-2020-5563 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 5.3 CVSS v2|...

7.5CVSS6.1AI score0.01434EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/07/10 12:0 a.m.114 views

JVN#75617741: Intel Dual Band Wireless-AC 8260 vulnerable to denial-of-service (DoS)

Intel Dual Band Wireless-AC 8260 contains a denial-of-service DoS vulnerability CWE-400. Impact An attacker may be able to cause a denial-of-service DoS. Solution Update the device driver Apply the appropriate device driver update according to the information provided by the developer. Products...

7.4CVSS8AI score0.0407EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/03/27 12:0 a.m.113 views

JVN#63981842: PowerAct Pro Master Agent for Windows fails to restrict acess permissions

PowerAct Pro Master Agent for Windows provided by OMRON SOCIAL SOLUTIONS Co.,Ltd. fails to restrict access permissions. Impact A user with an Windows general user acccount may alter or edit a file which the user does not have a permission to access. Solution Update the Software Update the softwar...

6.5CVSS4.1AI score0.01336EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/15 12:0 a.m.111 views

JVN#45797538: Multiple vulnerabilities in Cybozu Office

Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1657 Operational restrictions bypass vulnerability in Scheduler CWE-264 - CVE-2021-20624 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2|...

6.5CVSS5.9AI score0.0081EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/11/28 12:0 a.m.111 views

JVN#78422300: The installer of MARKET SPEED may insecurely load Dynamic Link Libraries

The installer of MARKET SPEED provided by Rakuten Securities, Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...

7.8CVSS7.7AI score0.00796EPSS
Exploits0
Total number of security vulnerabilities5000