Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/04 12:0 a.m.•6 views

JVN#94806805: WordPress Plugin "Activity Log WinterLock" vulnerable to cross-site request forgery

WordPress Plugin "Activity Log WinterLock" provided by SWIT contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, the log data may be deleted. Solution Update the plugin Update the plugin according to the information provided by the...

4.3CVSS6.7AI score0.00164EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/28 8:33 a.m.•6 views

Multiple vulnerabilities in Sharp and Toshiba Tec MFPs

Overview MFPs multifunction printers provided by Sharp and Toshiba Tec Corporation contain multiple vulnerabilites listed below. Out-of-bounds Read CWE-125 CVE-2024-42420 Out-of-bounds read vulnerabilities coming from improper processing of keyword search input and improper processing of SOAP...

9.8CVSS6AI score0.00729EPSS
Exploits0References18
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/21 8:37 a.m.•6 views

Multiple vulnerabilities in LogonTracer

Overview LogonTracer provided by JPCERT Coordination Center is a tool to investigate malicious Windows logon by visualizing and analyzing Windows event log. LogonTracer contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2018-16165 CVSS v3...

10CVSS7.6AI score0.74745EPSS
Exploits3References15
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/05 4:46 a.m.•6 views

Multiple vulnerabilities in ZEXELON ZWX-2000CSW2-HN

Overview ZWX-2000CSW2-HN provided by ZEXELON CO., LTD. is a high-speed coaxial modem with wireless LAN functions. ZWX-2000CSW2-HN contains multiple vulnerabilities listed below. Use of hard-coded credentials CWE-798 - CVE-2024-39838 Incorrect permission assignment for critical resource CWE-732 -...

8.8CVSS6.8AI score0.00332EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/29 6:28 a.m.•6 views

Multiple vulnerabilities in SKYSEA Client View

Overview SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains multiple vulnerabilities listed below. Improper access control in the specific process CWE-266 - CVE-2024-41139 Origin validation error in shared memory data exchanges CWE-3...

7.8CVSS7.5AI score0.00501EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/03 6:32 a.m.•6 views

Multiple vulnerabilities in UNIVERSAL PASSPORT RX

Overview UNIVERSAL PASSPORT RX provided by Japan System Techniques Co., Ltd. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2023-42427 Dependency on vulnerable third-party component CWE-1395 Known vulnerability in Primefaces library used in the product Cross-sit...

6.5CVSS7.3AI score0.00289EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/06 4:53 a.m.•6 views

Toyoko Inn official App vulnerable to improper server certificate verification

Overview Toyoko Inn official App provided by Toyoko Inn IT Solution Co., Ltd. is vulnerable to improper server certificate verification CWE-295. Ryo Nihonyanagi of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

4.8CVSS6.5AI score0.00224EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/24 4:46 a.m.•6 views

"Mercari" App for Android fails to restrict custom URL schemes properly

Overview "Mercari" App for Android by Mercari, Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Shiga Takuma of BroadBand Security Inc...

6.1CVSS6.7AI score0.00385EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/07 4:47 a.m.•6 views

EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution

Overview EC-CUBE 3 series and 4 series provided by EC-CUBE CO.,LTD. contain an arbitrary code execution vulnerability CWE-94 due to improper settings of the product's template engine "Twig". Takeshi Miura of N.F.Laboratories Inc. reported this vulnerability to EC-CUBE CO.,LTD. EC-CUBE CO.,LTD. In...

7.2CVSS7.6AI score0.01582EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/31 4:43 a.m.•6 views

Cybozu Remote Service vulnerable to uncontrolled resource consumption

Overview Cybozu Remote Service provided by Cybozu, Inc. is vulnerable to uncontrolled resource consumption CWE-400. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact Certain operations performed by a logged-in user may lead to huge storage...

6.5CVSS6.6AI score0.00616EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/27 5:44 a.m.•6 views

Multiple vulnerabilities in Panasonic KW Watcher

Overview KW Watcher provided by Panasonic contains multiple vulnerabilities listed below. Improper restriction of operations within the bounds of a memory buffer CWE-119 - CVE-2023-3471 Use after free CWE-416 - CVE-2023-3472 Michael Heinzl reported these vulnerabilities to Panasonic and...

8.6CVSS7.5AI score0.00419EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/27 4:49 a.m.•6 views

Shihonkanri Plus vulnerable to relative path traversal

Overview Shihonkanri Plus provided by EKAKIN contains a relative path traversal vulnerability CWE-23. Shimizu Yutaro of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attack...

7.8CVSS7.4AI score0.00318EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/09 6:18 a.m.•6 views

Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT

Overview Wi-Fi AP UNIT provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below. Missing authentication for critical function CWE-306 - CVE-2023-31196 OS command injection CWE-78 - CVE-2023-31198 OS command injection CWE-78 - CVE-2023-28392 MASAHIRO IIDA of LAC Co.,...

7.5CVSS7.8AI score0.01476EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/03/27 4:39 a.m.•6 views

baserCMS vulnerable to arbitrary file uploads

Overview baserCMS provided by baserCMS Users Community allows an authenticated user to upload arbitrary files CWE-434. Taisei Inoue of GMO Cybersecurity by Ierae, Inc. and Yusuke Akagi of Mitsui Bussan Secure Directions, Inc., Shiga Takuma of BroadBand Security, Inc. reported this vulnerability t...

9.8CVSS7AI score0.01089EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/03/08 6:9 a.m.•6 views

Multiple vulnerabilities in SEIKO EPSON printers/network interface Web Config

Overview Web Config for printers/network interface provided by SEIKO EPSON CORPORATION contains multiple vulnerabilities listed below. Stored cross-site Scripting CWE-79 - CVE-2023-23572 Cross-Site Request Forgery CWE-352 - CVE-2023-27520 Takaya Noma, Yudai Morii, Hiroki Yasui, Takayuki Sasaki, a...

6.5CVSS6.2AI score0.00499EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/07/04 5:17 a.m.•6 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-2909 Operation restriction bypass in multiple applications CWE-285 - CVE-2022-30602 CyVDB-3042 Information disclosure in multiple applications CWE-200 - CVE-2022-29512 CyVDB-3111 Improper input...

8.1CVSS6.5AI score0.01049EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/01/25 4:35 a.m.•6 views

Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux

Overview Deep Security and Cloud One - Workload Security Agent for Linux provided by Trend Micro Incorporated contain multiple vulnerabilities listed below. Directory Traversal CWE-22 - CVE-2022-23119 Code Injection CWE-94 - CVE-2022-23120 As of 2022 January 24, a Proof-of-Concept PoC code...

7.8CVSS7.8AI score0.2225EPSS
Exploits2References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/01/24 5:7 a.m.•6 views

GROWI vulnerable to authorization bypass through user-controlled key

Overview GROWI provided by WESEEK, Inc. contains an authorization bypass through user-controlled key vulnerability CWE-639, CVE-2021-3852. huntr first reported this vulnerability to JPCERT/CC, then JPCERT/CC contacted WSEEK, Inc. as an intermediator. After the coordination between huntr and WESEE...

7.5CVSS7.2AI score0.00808EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/10/01 5:42 a.m.•6 views

Trend Micro ServerProtect family vulnerable to authentication bypass

Overview Trend Micro Incorporated has released security updates for ServerProtect family. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A remote attacker may bypass authentication for the products. For more information, refer...

10CVSS7AI score0.09019EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/09/28 6:18 a.m.•6 views

SNKRDUNK Market Place App for iOS vulnerable to improper server certificate verification

Overview SNKRDUNK Market Place App for iOS provided SODA, Inc. is vulnerable to improper server certificate verification CWE-295. Okazawa Yoshihiro of Cryptography Laboratory , Information and Communication Engineering ,Graduate School of Engineering , Tokyo Denki University reported this...

7.4CVSS6.5AI score0.0047EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/08/27 4:29 a.m.•6 views

baserCMS vulnerable to cross-site scripting

Overview baserCMS provided by baserCMS Users Community contains a cross-site scripting vulnerability CWE-79. Akagi Yusuke of NTT-ME CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

8.7CVSS6AI score0.00929EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/07/06 7:8 a.m.•6 views

Multiple vulnerabilities in Trend Micro Password Manager

Overview Trend Micro Incorporated has released a security update for Trend Micro Password Manager. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Privilege escalation and buffer overflow due to improper processing of integ...

9CVSS8.5AI score0.05232EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/06/30 5:32 a.m.•6 views

boastMachine vulnerable to cross-site scripting

Overview boastMachine provided by knadh contains a cross-site scripting vulnerability CWE-79. Daiki Fukumori reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the user's...

6.1CVSS6.2AI score0.0449EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/06/30 5:21 a.m.•6 views

IkaIka RSS Reader vulnerable to cross-site scripting

Overview IkaIka RSS Reader contains a cross-site scripting vulnerability CWE-79, due to the improper processing of RSS registration. LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a malicio...

6.1CVSS6.2AI score0.00788EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/04/20 3:25 a.m.•6 views

Trend Micro Password Manager may insecurely load Dynamic Link Libraries

Overview Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact...

7.8CVSS6.8AI score0.00469EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/01/04 5:37 a.m.•6 views

Multiple vulnerabilities in UNIVERGE SV9500/SV8500 series

Overview Remote system maintenance feature of UNIVERGE SV9500/SV8500 series' Web based remote maintenance console contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2020-5685 Incorrect Implementation of Authentication Algorithm CWE-303 - CVE-2020-5686 NEC Platforms,...

10CVSS7.7AI score0.01803EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/10/07 6:10 a.m.•6 views

Trend Micro Antivirus for Mac vulnerable to a privilege escalation

Overview Antivirus for Mac provided by Trend Micro Incorporated contain a symbolic link privilege escalation vulnerability CWE-61. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated unde...

7.8CVSS6.9AI score0.00621EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/02/14 6:34 a.m.•6 views

Security information for Hitachi Disk Array Systems

Overview A cross site scripting vulnerability exists in the SVPStorage Navigator of the Hitachi disk array system. Impact Regerding the impact df the vulnerablilty, please refer to the ventor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and...

6.2AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/01/28 6:59 a.m.•6 views

Android App "MyPallete" vulnerable to improper server certificate verification

Overview Android App "MyPallete" developed by NTT Data Corporation is used by several financial institutions as Android applications for their customers. "MyPallete" is vulnerable to improper server certificate verification CWE-295 and to improper host-matching validation CWE-297. Dai Nakamura of...

7.4CVSS6.6AI score0.01175EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/01/10 5:48 a.m.•6 views

Junos OS vulnerable to directory traversal

Overview Junos OS contains a directory traversal vulnerability CWE-22. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Files on the server may be...

8.1CVSS6.6AI score0.00931EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/10/18 5:18 a.m.•6 views

Vulnerability in Cosminexus HTTP Server and Hitachi Web Server

Overview A vulnerability CVE-2019-10092 exists in Cosminexus HTTP Server and Hitachi Web Server. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate...

6.1CVSS7.9AI score0.81466EPSS
Exploits4References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/09/19 8:59 a.m.•6 views

Multiple integer overflow vulnerabilities in LINE(Android)

Overview LINEAndroid provided by LINE Corporation contains multiple integer overflow vulnerabilities CWE-190 listed below. Integer overflow vulnerability in processing images using apng-drawable - CVE-2019-6007 Integer overflow vulnerability in processing images - CVE-2019-6010 LINE Corporation...

8.8CVSS7.5AI score0.02028EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/09/02 4:57 a.m.•6 views

Panasonic Video Insight VMS vulnerable to SQL injection

Overview Video Insight VMS provided by Panasonic Corporation is a video management suite for video security system. Vide Insight VMS contains a SQL injection vulnerability CWE-89. Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC...

8.8CVSS7.7AI score0.01522EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/18 6:16 a.m.•6 views

Installer of Adobe Creative Cloud Desktop Application may insecurely load Dynamic Link Libraries

Overview Installer of Creative Cloud Desktop Application provided by Adobe contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Tomohisa Hasegawa of Canon Marketing Japan Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wit...

7.8CVSS7AI score0.03279EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/14 5:53 a.m.•6 views

Multiple vulnerabilities in Aterm WF1200CR and Aterm WG1200CR

Overview Aterm WF1200CR and Aterm WG1200CR provided by NEC Corporation contain multiple vulnerabilities listed below. Information disclosure CWE-200 - CVE-2018-16192 Stored cross-site scripting CWE-79 - CVE-2018-16193 OS command injection CWE-78 - CVE-2018-16194 OS command injection in SOAP...

9CVSS6.6AI score0.01399EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/19 6:44 a.m.•6 views

Mizuho Bank Mizuho Direct App for Android fails to verify SSL server certificates

Overview Mizuho Bank Mizuho Direct App for Android fails to verify SSL server certificates. Mizuho Bank Mizuho Direct App for Android provided by Mizuho Bank, Ltd. fails to verify SSL server certificates CWE-295. Reo Yoshida reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the...

5.9CVSS6.6AI score0.00547EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/09/27 7:52 a.m.•6 views

+Message App fails to verify SSL server certificates

Overview +Message App fails to verify SSL server certificates. ma.la of LINE Corporation reported this vulnerability to the developer, and also to IPA in order to notify users of its solution through JVN. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnershi...

5.9CVSS6.5AI score0.00667EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/20 6:41 a.m.•6 views

DLL planting vulnerability in multiple Yayoi 17 Series products

Overview Multiple Yayoi 17 Series products provided by Yayoi Co., Ltd. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA. JPCERT/CC coordinate...

7.8CVSS7AI score0.0119EPSS
Exploits4References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/02/06 6:5 a.m.•6 views

The installer of Anshin net security for Windows may insecurely load Dynamic Link Libraries

Overview Anshin net security for Windows provided by KDDI CORPORATION is an Internet Security suite. The installer of Anshin net security for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab...

7.8CVSS6.8AI score0.00927EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/01/22 5:17 a.m.•6 views

The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" may insecurely load Dynamic Link Libraries

Overview The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Librarie...

9.3CVSS6.8AI score0.00912EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/11/28 2:26 a.m.•6 views

QND Advance/Standard vulnerable to directory traversal

Overview QND Advance/Standard provided by QualitySoft Corporation contains a directory traversal vulnerability. QND Advance/Standard provided by QualitySoft Corporation contains a directory traversal vulnerability CWE-22 in an administrative server due to the issue in processing input from an age...

9.4CVSS7AI score0.02323EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/25 6:2 a.m.•6 views

Installer of "Flets Azukeru for Windows Auto Backup Tool" may insecurely load Dynamic Link Libraries

Overview Installer of "Flets Azukeru for Windows Auto Backup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability...

9.3CVSS6.8AI score0.01059EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/18 4:41 a.m.•6 views

Installer and self-extracting archive containing the installer of TDB CA TypeA use software may insecurely load Dynamic Link Libraries

Overview TDB CA TypeA use software provided by Teikoku Databank, Ltd. is a software which provides environment for using system and management function of TDB electronic authentication service TypeA. The installer and the self-extracting archive containing the installer of TDB CA TypeA use softwa...

9.3CVSS7.1AI score0.00912EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/08 9:6 a.m.•6 views

WCR-1166DS vulnerable to OS command injection

Overview WCR-1166DS provided by BUFFALO INC.is a wireless LAN router. WCR-1166DS contains an OS command injection vulnerability CWE-78. Masashi Shiraishi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...

7.7CVSS7.5AI score0.00732EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/20 5:13 a.m.•6 views

Multiple vulnerabilities in multiple Buffalo wireless LAN routers

Overview WMR-433 and WMR-433W provided by BUFFALO INC. are wireless LAN routers. WMR-433 and WMR-433W contain multiple vulnerabilities listed below. Cross-site Request Forgery CWE-352 - CVE-2017-2273 Reflected Cross-site Scripting CWE-79 - CVE-2017-2274 Manabu Kobayashi reported this vulnerabilit...

8.8CVSS6.7AI score0.0085EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/20 5:12 a.m.•6 views

Multiple Buffalo wireless LAN access point devices do not properly perform authentication

Overview WAPM-1166D and WAPM-APG600H provided by BUFFALO INC. are wireless LAN access point devices. WAPM-1166D and WAPM-APG600H do not properly perform authentication CWE-287. SASABE Tetsuro of The University of Tokyo reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

10CVSS6.8AI score0.0402EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/19 6:7 a.m.•6 views

SONY Portable Wireless Server WG-C10 fails to restrict access permissions

Overview Portable Wireless Server WG-C10 provided by Sony Corporation fails to restrict access permissions CWE-284. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

9.1CVSS6.3AI score0.01075EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/14 4:38 a.m.•6 views

Self-Extracting Encrypted Files created by AttacheCase may insecurely load Dynamic Link Libraries

Overview AttacheCase is an open source file encryption software provided by HiBARA Software. It can also create self-extracting encrypted files. Self-extracting encrypted files created by AttacheCase contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link...

9.3CVSS6.8AI score0.0108EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/12 5:42 a.m.•6 views

Installer of Yahoo! Toolbar (for Internet explorer) may insecurely load Dynamic Link Libraries

Overview Installer of Yahoo! Toolbar for Internet explorer contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

9.3CVSS7.1AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/07 5:18 a.m.•6 views

Installers of Lhaz and Lhaz+, and Self-Extracting Archives created by Lhaz or Lhaz+ may insecurely load Dynamic Link Libraries

Overview Lhaz and Lhaz+ provided by Chitora soft contain the following vulnerabilities. Installers of Lhaz and Lhaz+ insecurely load Dynamic Link Libraries CWE-427 - CVE-2017-2246, CVE-2017-2248 Self-extracting archive files created by Lhaz or Lhaz+ insecurely load Dynamic Link Libraries CWE-427 ...

9.3CVSS7.1AI score0.01059EPSS
Exploits0References12
Total number of security vulnerabilities5000