Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/09 12:0 a.m.110 views

JVN#67456944: Multiple vulnerabilities in multiple Aterm products

Multiple Aterm products provided by NEC Corporation contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2021-20680 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score...

10CVSS9AI score0.99975EPSS
Exploits6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/05/17 12:0 a.m.110 views

JVN#91151862: Multiple Microsoft Windows applications and installers may insecurely load Dynamic Link Libraries

Multiple Windows applications and installers provided by Microsoft contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the same directory where applications and/or installers reside CWE-427. Microsoft states that the root cause of this...

7.8CVSS7.8AI score0.0513EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/09 12:0 a.m.108 views

JVN#29739718: Multiple vulnerabilities in Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP

Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP provided by NEC Corporation contain multiple vulnerabilities listed below. Aterm WF1200CR, Aterm WG1200CR, and Aterm WG2600HS OS Command Injection CWE-78 - CVE-2021-20708 Version| Vector| Score ---|---|--- CVSS v3|...

10CVSS7.2AI score0.01359EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/04 12:0 a.m.108 views

JVN#95996423: MFC-J960DWN vulnerable to cross-site request forgery

MFC-J960DWN provided by BROTHER INDUSTRIES, LTD. is a MultiFunction Printer. MFC-J960DWN contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page, unintended operations such as changing settings of the device may be performed. Solution Apply a Workaroun...

8.8CVSS8.6AI score0.00722EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/09 12:0 a.m.107 views

JVN#68971465: voidtools "Everything" vulnerable to HTTP header injection

The HTTP server of Everything provided by voidtools contains an HTTP header injection vulnerability CWE-644. Impact On the web browser of a user who accessed a website which uses the product, an arbitrary script may be executed or the displayed page may be altered. Solution Update the application...

6.1CVSS6.3AI score0.01118EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/04/25 12:0 a.m.107 views

JVN#58849431: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Cross-site scripting in the additional processing of Customize Item function CWE-79 - CVE-2019-5928 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS...

9.8CVSS7.4AI score0.02138EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/12/19 12:0 a.m.107 views

JVN#99810718: Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway

Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. Improper access control CWE-284 - CVE-2018-16197 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 6.3 CVSS v2|...

8.8CVSS8.1AI score0.00788EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/07/08 12:0 a.m.105 views

JVN#93167107: Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of Java object

Android App "Mercari" Japan version provided by Mercari, Inc. contains vulnerability which may allow arbitrary Java method execution CWE-749 due to inadequate restrictions on addJavascriptInterface of WebView class. Impact An arbitrary method of a Java object may be executed by a remote attacker...

8.1CVSS8.1AI score0.01996EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/25 12:0 a.m.105 views

JVN#59552136: Cybozu Desktop for Windows vulenerable to arbitrary code execution

Cybozu Desktop for Windows provided by Cybozu, Inc. contains an arbitrary code execution vulnerability due to the improper data processing when applying the software update. Impact A remote attacker may excecute arbitrary code through an attack, such as a man-in-the-middle MITM, subdomain takeove...

9.8CVSS9.7AI score0.02932EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/02/28 12:0 a.m.105 views

JVN#97656108: WordPress plugin "Smart Forms" vulnerable to cross-site request forgery

The WordPress plugin "Smart Forms" provided by RedNao contains a cross-site request forgery vulnerability CWE-352. Impact Unintended operations may be performed if a user logs into the WordPress administration screen and browses a malicious page. Those operations may include generating new forms,...

8.8CVSS8.6AI score0.0116EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/22 12:0 a.m.105 views

JVN#67954465: Installer of Photo Collection PC Software provided by NTT DOCOMO, INC. may insecurely load Dynamic Link Libraries and invoke executable files

Photo Collection PC Software provided by NTT DOCOMO, INC. contains an issue with the search paths for DLL/executable files, which may lead to insecurely loading Dynamic Link Libraries and invoking executable files CWE-427. Impact This vulnerability can be exploited when the following condition is...

9.3CVSS7.8AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/08 12:0 a.m.105 views

JVN#81659403: Installer of Qua station connection tool for Windows may insecurely load Dynamic Link Libraries

Qua station provided KDDI CORPORATION is a 4G LTE photostrage. Qua station connection tool is used to view data saved on Qua station from a PC and/or save data on a PC. Installer of Qua station connection tool for Windows contains an issue with the DLL search path, which may lead to insecurely...

9.3CVSS7.6AI score0.01238EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/11 12:0 a.m.105 views

JVN#81676004: Installers of Mozilla Firefox and Thunderbird for Windows may insecurely load Dynamic Link Libraries

Installers of Mozilla Firefox and Thunderbird for Windows provided by Mozilla Foundation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer...

7.8CVSS8.6AI score0.01407EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/03/03 12:0 a.m.104 views

JVN#19666251: Multiple vulnerabilities in OpenBlocks IoT VX2

OpenBlocks IoT VX2 provided by Plat'Home Co., Ltd. contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2020-5535 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2| AV:A/AC:L/Au:N/C:P/I:P/A:P| Base Score:...

8.8CVSS9.5AI score0.00855EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/12/22 12:0 a.m.104 views

JVN#60695371: The installer of Music Center for PC may insecurely load Dynamic Link Libraries

Music Center for PC provided by Sony Video & Sound Products Inc. is a file management tool. The installer of Music Center for PC contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privileg...

9.3CVSS7.7AI score0.01944EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/11 12:0 a.m.103 views

JVN#18056666: Installer of MagicConnect Client program may insecurely load Dynamic Link Libraries

Installer of MagicConnect Client program provided by NTT TechnoCross Corporation contains a vulnerability which may lead to insecurely loading Dynamic Link Libraries CWE-427 when a terminal is connected remotely using Remote desktop. Impact Arbitrary code may be executed with the privilege of the...

7.8CVSS7.8AI score0.00915EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/04 12:0 a.m.103 views

JVN#38752718: Multiple NEC Products vulnerable to authentication bypass

In Intelligent Platform Management Interface IPMI v1.5, Remote Management Control Protocol RMCP to access BMC through LAN is prescribed. Multiple NEC products which conduct RMCP access using IPMI over LAN contain an issue in implementations of the BMC firmware and when accessing BMC through RMCP...

9.8CVSS7.6AI score0.81802EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/01/17 12:0 a.m.101 views

JVN#37183636: Trend Micro Password Manager vulnerable to information disclosure

Password Manager provided by Trend Micro Incorporated generates a key pair and a root certificate on product installation. The generated private key is not properly protected and any non-administrative user can retrieve the private key CWE-200. Impact A malicious user who obtains the private key...

5.5CVSS5.2AI score0.00472EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/09/08 12:0 a.m.101 views

JVN#00719891: Multiple vulnerabilities in CG-WLR300NM

CG-WLR300NM provided by Corega Inc. is a wireless LAN router. CG-WLR300NM contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2017-10813 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2|...

7.7CVSS7.7AI score0.00823EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/03 12:0 a.m.100 views

JVN#17788774: Installer of Baidu IME may insecurely load Dynamic Link Libraries

Installer of Baidu IME contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer Use the latest installer according...

9.3CVSS7.7AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/12 12:0 a.m.100 views

JVN#02852421: Installer of Yahoo! Toolbar (for Internet explorer) may insecurely load Dynamic Link Libraries

Installer of Yahoo! Toolbar for Internet explorer contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the Latest Installer Use the...

9.3CVSS7.7AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/20 12:0 a.m.100 views

JVN#20573662: Multiple vulnerabilities in Cybozu Office

Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-839CyVDB-2300CyVDB-3109 Browse restriction bypass vulnerability in Cabinet CWE-284 - CVE-2022-32283 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N| Base Score: 4....

6.5CVSS5.7AI score0.00759EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/16 12:0 a.m.99 views

JVN#73897863: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1584CyVDB-2670 Operation restriction bypass vulnerability in Bulletin CWE-285 - CVE-2022-28718 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N| Base Score: 4.3 CVS...

8.1CVSS6AI score0.01049EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/02/25 12:0 a.m.99 views

JVN#15697526: Privilege escalation vulnerability in multiple RICOH printer drivers

Multiple RICOH printer drivers contain a privilege escalation vulnerability. Impact If a user who can login to the computer where the affected printer driver is installed uses the specially crafted printer driver, that may result in administrative privileges being taken by privilege escalation...

7.8CVSS7.6AI score0.04566EPSS
Exploits8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/10/28 12:0 a.m.99 views

JVN#45633549: Library Information Management System LIMEDIO vulnerable to open redirect

Library Information Management System LIMEDIO provided by RICOH COMPANY, LTD. contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solutio...

6.1CVSS6.2AI score0.00851EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/09 12:0 a.m.99 views

JVN#65268217: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. SQL injection in the application "Address" CWE-89 - CVE-2018-0530 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N| Base Score: 6.5 CVSS v2| AV:N/AC:L/Au:S/C:P/I:N/A:N|...

8.8CVSS5.9AI score0.01422EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/04 12:0 a.m.99 views

JVN#39819446: WordPress plugin "Responsive Lightbox" vulnerable to cross-site scripting

The WordPress plugin "Responsive Lightbox" provided by dFactory contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

6.1CVSS6AI score0.0145EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/18 12:0 a.m.98 views

JVN#18641169: Installer and self-extracting archive containing the installer of TDB CA TypeA use software may insecurely load Dynamic Link Libraries

TDB CA TypeA use software provided by Teikoku Databank, Ltd. is a software which provides environment for using system and management function of TDB electronic authentication service TypeA. The installer and the self-extracting archive containing the installer of TDB CA TypeA use software contai...

9.3CVSS7.9AI score0.00912EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/16 12:0 a.m.97 views

JVN#58774946: FileZen vulnerable to OS command injection

FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains an OS command injection vulnerability CWE-78. Impact A remote attacker who obtained the administrative account of this product may execute an arbitrary OS...

9CVSS7.3AI score0.0397EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/12/25 12:0 a.m.97 views

JVN#27052429: WordPress plugin "Google XML Sitemaps" vulnerable to cross-site scripting

The WordPress plugin "Google XML Sitemaps" provided by Arne Brachhold contains a stored cross-site scripting vulnerability CWE-79. Impact In the case where multiple administrators manage the WordPress site with the affected plugin, an administrator with malicious intent may embed an arbitrary...

4.8CVSS4.8AI score0.00678EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/11/29 12:0 a.m.97 views

JVN#36895151: Panasonic applications register unquoted service paths

Some pre-installed applications on Panasonic PCs register Windows services with unquoted file paths CWE-428. Impact If a malicious executable is placed on a certain path, it may be executed with the elevated privilege. Solution Update the Software Apply "Remediate Service Path Vulnerability...

7.8CVSS7.4AI score0.01329EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/03/16 12:0 a.m.95 views

JVN#21234459: Multiple vulnerabilities in KINGSOFT "WPS Office" and "KINGSOFT Internet Security"

"WPS Office" and "KINGSOFT Internet Security" provided by KINGSOFT JAPAN, INC. contain multiple vulnerabilities listed below. Stack-based buffer overflow CWE-121 - CVE-2022-25949 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

7.8CVSS7.2AI score0.00916EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/29 12:0 a.m.94 views

JVN#69304877: Multiple vulnerabilities in CLUSTERPRO X and EXPRESSCLUSTER X

CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain multiple vulnerabilities listed below. Buffer overflow in the Disk Agent CWE-119 - CVE-2021-20700、CVE-2021-20701 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2|...

9.8CVSS9.4AI score0.02131EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/05 12:0 a.m.94 views

JVN#68418039: The installers of E START products may insecurely load Dynamic Link Libraries

The installers of E START products by GMO INSIGHT Inc. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the folder specified by the TEMP environment variable or where the installer resides CWE-427, CVE-2015-9267, and CVE-2015-9268. Impact...

9.3CVSS6.4AI score0.01525EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/03/24 12:0 a.m.94 views

JVN#58176087: Cute News vulnerable to PHP code execution

Cute News provided by CutePHP.com is a system to manage news. Cute News contains a PHP code execution vulnerability CWE-94. Impact A user who can login to CuteNews may execute arbitrary PHP code. Solution Consider stop using Cute News 2.1.2 Since the developer was unreachable, existence of any...

9CVSS9AI score0.0205EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/02/19 12:0 a.m.93 views

JVN#49410695: Multiple vulnerabilities in Aterm WG2600HS

Aterm WG2600HS provided by NEC Corporation contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2020-5533 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score: 2.6 OS...

8CVSS7.5AI score0.0087EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/01/10 12:0 a.m.93 views

JVN#07375820: Junos OS vulnerable to directory traversal

Junos OS contains a directory traversal vulnerability CWE-22. Impact Files on the server may be viewed or deleted by an authenticated J-web user. According to the developer, this issue does not affect system files that can be accessed only by root user. Solution Update the Software Update the...

8.1CVSS6.5AI score0.00931EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/11/07 12:0 a.m.92 views

JVN#41566067: Rakuma App vulnerable to authentication information disclosure

Rakuma App provided by Rakuten, Inc. contains an authentication information disclosure vulnerability CWE-200. Impact If a malicious application created by the third party with a purpose to attack a Rakuma user is installed in the Rakuma user's mobile device, it may obtain Rakuma user's...

6.5CVSS6.1AI score0.02039EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/12/10 12:0 a.m.92 views

JVN#23161885: Multiple vulnerabilities in Cybozu Remote Service

Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Upload of arbitrary files in logo setting screen CWE-434 - CVE-2018-16169 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

8.8CVSS7.8AI score0.01857EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/20 12:0 a.m.92 views

JVN#24348065: Multiple vulnerabilities in HOME SPOT CUBE2

HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains multiple vulnerabilities listed below. OS command injection in Clock Settings CWE-78 - CVE-2017-2183 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score...

8.8CVSS9.2AI score0.01087EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/19 12:0 a.m.91 views

JVN#96646182: Panasonic Video Insight VMS vulnerable to arbitrary code execution

Video Insight VMS provided by Panasonic Corporation contains an arbitrary code execution vulnerability CWE-94. Impact An arbitrary code may be executed by a remote attacker. Solution Update the software Update the software to the latest version according to the information provided by the...

9.8CVSS9.7AI score0.01717EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/12/21 12:0 a.m.91 views

JVN#69812763: cordova-plugin-ionic-webview vulnerable to path traversal

cordova-plugin-ionic-webview provided by npm, Inc. contains a path traversal vulnerability CWE-22 . Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device. As a result, contents of the file may be disclosed. Solution Recreate iOS application...

8.6CVSS8.3AI score0.03305EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/02/10 12:0 a.m.90 views

JVN#34535327: HtmlUnit vulenerable to arbitrary code execution

HtmlUnit is a Java-based library which provides web browser functionality to Java programs, and it supports JavaScript evaluation with embedded Mozilla Rhino engine. Mozilla Rhino engine offers a feature to make Java objects available from JavaScript. HtmlUnit initializes Rhino engine improperly,...

8.1CVSS8AI score0.04719EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/01/10 12:0 a.m.90 views

JVN#21753370: Junos OS vulnerable to cross-site scripting

Junos OS contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's J-Web screen. Solution Update the Software Update the software to the latest version according to the information provided by the developer. Apply a Workaround Applying...

7.5CVSS6.6AI score0.00881EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/07/29 12:0 a.m.89 views

JVN#40400577: TOYOTA MOTOR's Global TechStream vulnerable to buffer overflow

Global TechStream GTS is a diagnostic tool that Toyota Motor Corporation provides for Toyota dealers technicians and independent repairers to utilize. Global TechStream GTS contains a buffer overflow vulnerability CWE-121. Impact An attacker may execute arbitrary code or cause a denial of service...

9.3CVSS8.2AI score0.01369EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/26 12:0 a.m.89 views

JVN#97144273: Multiple vulnerabilities in WXR-1900DHP2

WXR-1900DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. Missing Authentication for Critical Function CWE-306 - CVE-2018-0521 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score:...

8.8CVSS9.1AI score0.01364EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/07 12:0 a.m.89 views

JVN#21369452: Installers of Lhaz and Lhaz+, and Self-Extracting Archives created by Lhaz or Lhaz+ may insecurely load Dynamic Link Libraries

Lhaz and Lhaz+ provided by Chitora soft contain the following vulnerabilities. Installers of Lhaz and Lhaz+ insecurely load Dynamic Link Libraries CWE-427 - CVE-2017-2246, CVE-2017-2248 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H| Base Score: 7.8 CVSS...

9.3CVSS7.7AI score0.01059EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/07/19 12:0 a.m.89 views

JVN#38787103: JBoss RichFaces vulnerable to remote code execution

JBoss RichFaces is a framework for integrating Ajax into web applications. JBoss RichFaces applications contain a deserialization interface where end users may provide input. This interface may deserialize untrusted data, which may lead to arbitrary code execution. Impact When specially crafted...

7.5CVSS9.6AI score0.12662EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/12/08 12:0 a.m.89 views

JVN#49083120 Active! mail 2003 cross-site scripting vulnerability

Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provide...

4.3CVSS5.9AI score0.01065EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/29 12:0 a.m.88 views

JVN#55497111: Multiple vulnerabilities in Cybozu Garoon

Cybozu, Inc. has released security updates for Cybozu Garoon. CyVDB-2083 Vulnerability in Single sign-on settings to avoid viewing and operation privileges - CVE-2020-5580 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N| Base Score: 8.5 CVSS v2|...

8.1CVSS6AI score0.018EPSS
Exploits0
Total number of security vulnerabilities5000