5625 matches found
JVN#67456944: Multiple vulnerabilities in multiple Aterm products
Multiple Aterm products provided by NEC Corporation contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2021-20680 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score...
JVN#91151862: Multiple Microsoft Windows applications and installers may insecurely load Dynamic Link Libraries
Multiple Windows applications and installers provided by Microsoft contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the same directory where applications and/or installers reside CWE-427. Microsoft states that the root cause of this...
JVN#29739718: Multiple vulnerabilities in Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP
Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP provided by NEC Corporation contain multiple vulnerabilities listed below. Aterm WF1200CR, Aterm WG1200CR, and Aterm WG2600HS OS Command Injection CWE-78 - CVE-2021-20708 Version| Vector| Score ---|---|--- CVSS v3|...
JVN#95996423: MFC-J960DWN vulnerable to cross-site request forgery
MFC-J960DWN provided by BROTHER INDUSTRIES, LTD. is a MultiFunction Printer. MFC-J960DWN contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page, unintended operations such as changing settings of the device may be performed. Solution Apply a Workaroun...
JVN#68971465: voidtools "Everything" vulnerable to HTTP header injection
The HTTP server of Everything provided by voidtools contains an HTTP header injection vulnerability CWE-644. Impact On the web browser of a user who accessed a website which uses the product, an arbitrary script may be executed or the displayed page may be altered. Solution Update the application...
JVN#58849431: Multiple vulnerabilities in Cybozu Garoon
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Cross-site scripting in the additional processing of Customize Item function CWE-79 - CVE-2019-5928 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS...
JVN#99810718: Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway
Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. Improper access control CWE-284 - CVE-2018-16197 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 6.3 CVSS v2|...
JVN#93167107: Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of Java object
Android App "Mercari" Japan version provided by Mercari, Inc. contains vulnerability which may allow arbitrary Java method execution CWE-749 due to inadequate restrictions on addJavascriptInterface of WebView class. Impact An arbitrary method of a Java object may be executed by a remote attacker...
JVN#59552136: Cybozu Desktop for Windows vulenerable to arbitrary code execution
Cybozu Desktop for Windows provided by Cybozu, Inc. contains an arbitrary code execution vulnerability due to the improper data processing when applying the software update. Impact A remote attacker may excecute arbitrary code through an attack, such as a man-in-the-middle MITM, subdomain takeove...
JVN#97656108: WordPress plugin "Smart Forms" vulnerable to cross-site request forgery
The WordPress plugin "Smart Forms" provided by RedNao contains a cross-site request forgery vulnerability CWE-352. Impact Unintended operations may be performed if a user logs into the WordPress administration screen and browses a malicious page. Those operations may include generating new forms,...
JVN#67954465: Installer of Photo Collection PC Software provided by NTT DOCOMO, INC. may insecurely load Dynamic Link Libraries and invoke executable files
Photo Collection PC Software provided by NTT DOCOMO, INC. contains an issue with the search paths for DLL/executable files, which may lead to insecurely loading Dynamic Link Libraries and invoking executable files CWE-427. Impact This vulnerability can be exploited when the following condition is...
JVN#81659403: Installer of Qua station connection tool for Windows may insecurely load Dynamic Link Libraries
Qua station provided KDDI CORPORATION is a 4G LTE photostrage. Qua station connection tool is used to view data saved on Qua station from a PC and/or save data on a PC. Installer of Qua station connection tool for Windows contains an issue with the DLL search path, which may lead to insecurely...
JVN#81676004: Installers of Mozilla Firefox and Thunderbird for Windows may insecurely load Dynamic Link Libraries
Installers of Mozilla Firefox and Thunderbird for Windows provided by Mozilla Foundation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer...
JVN#19666251: Multiple vulnerabilities in OpenBlocks IoT VX2
OpenBlocks IoT VX2 provided by Plat'Home Co., Ltd. contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2020-5535 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2| AV:A/AC:L/Au:N/C:P/I:P/A:P| Base Score:...
JVN#60695371: The installer of Music Center for PC may insecurely load Dynamic Link Libraries
Music Center for PC provided by Sony Video & Sound Products Inc. is a file management tool. The installer of Music Center for PC contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privileg...
JVN#18056666: Installer of MagicConnect Client program may insecurely load Dynamic Link Libraries
Installer of MagicConnect Client program provided by NTT TechnoCross Corporation contains a vulnerability which may lead to insecurely loading Dynamic Link Libraries CWE-427 when a terminal is connected remotely using Remote desktop. Impact Arbitrary code may be executed with the privilege of the...
JVN#38752718: Multiple NEC Products vulnerable to authentication bypass
In Intelligent Platform Management Interface IPMI v1.5, Remote Management Control Protocol RMCP to access BMC through LAN is prescribed. Multiple NEC products which conduct RMCP access using IPMI over LAN contain an issue in implementations of the BMC firmware and when accessing BMC through RMCP...
JVN#37183636: Trend Micro Password Manager vulnerable to information disclosure
Password Manager provided by Trend Micro Incorporated generates a key pair and a root certificate on product installation. The generated private key is not properly protected and any non-administrative user can retrieve the private key CWE-200. Impact A malicious user who obtains the private key...
JVN#00719891: Multiple vulnerabilities in CG-WLR300NM
CG-WLR300NM provided by Corega Inc. is a wireless LAN router. CG-WLR300NM contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2017-10813 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2|...
JVN#17788774: Installer of Baidu IME may insecurely load Dynamic Link Libraries
Installer of Baidu IME contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer Use the latest installer according...
JVN#02852421: Installer of Yahoo! Toolbar (for Internet explorer) may insecurely load Dynamic Link Libraries
Installer of Yahoo! Toolbar for Internet explorer contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the Latest Installer Use the...
JVN#20573662: Multiple vulnerabilities in Cybozu Office
Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-839CyVDB-2300CyVDB-3109 Browse restriction bypass vulnerability in Cabinet CWE-284 - CVE-2022-32283 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N| Base Score: 4....
JVN#73897863: Multiple vulnerabilities in Cybozu Garoon
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1584CyVDB-2670 Operation restriction bypass vulnerability in Bulletin CWE-285 - CVE-2022-28718 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N| Base Score: 4.3 CVS...
JVN#15697526: Privilege escalation vulnerability in multiple RICOH printer drivers
Multiple RICOH printer drivers contain a privilege escalation vulnerability. Impact If a user who can login to the computer where the affected printer driver is installed uses the specially crafted printer driver, that may result in administrative privileges being taken by privilege escalation...
JVN#45633549: Library Information Management System LIMEDIO vulnerable to open redirect
Library Information Management System LIMEDIO provided by RICOH COMPANY, LTD. contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solutio...
JVN#65268217: Multiple vulnerabilities in Cybozu Garoon
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. SQL injection in the application "Address" CWE-89 - CVE-2018-0530 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N| Base Score: 6.5 CVSS v2| AV:N/AC:L/Au:S/C:P/I:N/A:N|...
JVN#39819446: WordPress plugin "Responsive Lightbox" vulnerable to cross-site scripting
The WordPress plugin "Responsive Lightbox" provided by dFactory contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...
JVN#18641169: Installer and self-extracting archive containing the installer of TDB CA TypeA use software may insecurely load Dynamic Link Libraries
TDB CA TypeA use software provided by Teikoku Databank, Ltd. is a software which provides environment for using system and management function of TDB electronic authentication service TypeA. The installer and the self-extracting archive containing the installer of TDB CA TypeA use software contai...
JVN#58774946: FileZen vulnerable to OS command injection
FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains an OS command injection vulnerability CWE-78. Impact A remote attacker who obtained the administrative account of this product may execute an arbitrary OS...
JVN#27052429: WordPress plugin "Google XML Sitemaps" vulnerable to cross-site scripting
The WordPress plugin "Google XML Sitemaps" provided by Arne Brachhold contains a stored cross-site scripting vulnerability CWE-79. Impact In the case where multiple administrators manage the WordPress site with the affected plugin, an administrator with malicious intent may embed an arbitrary...
JVN#36895151: Panasonic applications register unquoted service paths
Some pre-installed applications on Panasonic PCs register Windows services with unquoted file paths CWE-428. Impact If a malicious executable is placed on a certain path, it may be executed with the elevated privilege. Solution Update the Software Apply "Remediate Service Path Vulnerability...
JVN#21234459: Multiple vulnerabilities in KINGSOFT "WPS Office" and "KINGSOFT Internet Security"
"WPS Office" and "KINGSOFT Internet Security" provided by KINGSOFT JAPAN, INC. contain multiple vulnerabilities listed below. Stack-based buffer overflow CWE-121 - CVE-2022-25949 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...
JVN#69304877: Multiple vulnerabilities in CLUSTERPRO X and EXPRESSCLUSTER X
CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain multiple vulnerabilities listed below. Buffer overflow in the Disk Agent CWE-119 - CVE-2021-20700、CVE-2021-20701 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2|...
JVN#68418039: The installers of E START products may insecurely load Dynamic Link Libraries
The installers of E START products by GMO INSIGHT Inc. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the folder specified by the TEMP environment variable or where the installer resides CWE-427, CVE-2015-9267, and CVE-2015-9268. Impact...
JVN#58176087: Cute News vulnerable to PHP code execution
Cute News provided by CutePHP.com is a system to manage news. Cute News contains a PHP code execution vulnerability CWE-94. Impact A user who can login to CuteNews may execute arbitrary PHP code. Solution Consider stop using Cute News 2.1.2 Since the developer was unreachable, existence of any...
JVN#49410695: Multiple vulnerabilities in Aterm WG2600HS
Aterm WG2600HS provided by NEC Corporation contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2020-5533 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score: 2.6 OS...
JVN#07375820: Junos OS vulnerable to directory traversal
Junos OS contains a directory traversal vulnerability CWE-22. Impact Files on the server may be viewed or deleted by an authenticated J-web user. According to the developer, this issue does not affect system files that can be accessed only by root user. Solution Update the Software Update the...
JVN#41566067: Rakuma App vulnerable to authentication information disclosure
Rakuma App provided by Rakuten, Inc. contains an authentication information disclosure vulnerability CWE-200. Impact If a malicious application created by the third party with a purpose to attack a Rakuma user is installed in the Rakuma user's mobile device, it may obtain Rakuma user's...
JVN#23161885: Multiple vulnerabilities in Cybozu Remote Service
Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Upload of arbitrary files in logo setting screen CWE-434 - CVE-2018-16169 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...
JVN#24348065: Multiple vulnerabilities in HOME SPOT CUBE2
HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains multiple vulnerabilities listed below. OS command injection in Clock Settings CWE-78 - CVE-2017-2183 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score...
JVN#96646182: Panasonic Video Insight VMS vulnerable to arbitrary code execution
Video Insight VMS provided by Panasonic Corporation contains an arbitrary code execution vulnerability CWE-94. Impact An arbitrary code may be executed by a remote attacker. Solution Update the software Update the software to the latest version according to the information provided by the...
JVN#69812763: cordova-plugin-ionic-webview vulnerable to path traversal
cordova-plugin-ionic-webview provided by npm, Inc. contains a path traversal vulnerability CWE-22 . Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device. As a result, contents of the file may be disclosed. Solution Recreate iOS application...
JVN#34535327: HtmlUnit vulenerable to arbitrary code execution
HtmlUnit is a Java-based library which provides web browser functionality to Java programs, and it supports JavaScript evaluation with embedded Mozilla Rhino engine. Mozilla Rhino engine offers a feature to make Java objects available from JavaScript. HtmlUnit initializes Rhino engine improperly,...
JVN#21753370: Junos OS vulnerable to cross-site scripting
Junos OS contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's J-Web screen. Solution Update the Software Update the software to the latest version according to the information provided by the developer. Apply a Workaround Applying...
JVN#40400577: TOYOTA MOTOR's Global TechStream vulnerable to buffer overflow
Global TechStream GTS is a diagnostic tool that Toyota Motor Corporation provides for Toyota dealers technicians and independent repairers to utilize. Global TechStream GTS contains a buffer overflow vulnerability CWE-121. Impact An attacker may execute arbitrary code or cause a denial of service...
JVN#97144273: Multiple vulnerabilities in WXR-1900DHP2
WXR-1900DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. Missing Authentication for Critical Function CWE-306 - CVE-2018-0521 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score:...
JVN#21369452: Installers of Lhaz and Lhaz+, and Self-Extracting Archives created by Lhaz or Lhaz+ may insecurely load Dynamic Link Libraries
Lhaz and Lhaz+ provided by Chitora soft contain the following vulnerabilities. Installers of Lhaz and Lhaz+ insecurely load Dynamic Link Libraries CWE-427 - CVE-2017-2246, CVE-2017-2248 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H| Base Score: 7.8 CVSS...
JVN#38787103: JBoss RichFaces vulnerable to remote code execution
JBoss RichFaces is a framework for integrating Ajax into web applications. JBoss RichFaces applications contain a deserialization interface where end users may provide input. This interface may deserialize untrusted data, which may lead to arbitrary code execution. Impact When specially crafted...
JVN#49083120 Active! mail 2003 cross-site scripting vulnerability
Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provide...
JVN#55497111: Multiple vulnerabilities in Cybozu Garoon
Cybozu, Inc. has released security updates for Cybozu Garoon. CyVDB-2083 Vulnerability in Single sign-on settings to avoid viewing and operation privileges - CVE-2020-5580 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N| Base Score: 8.5 CVSS v2|...