Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/30 12:0 a.m.80 views

JVN#45134765: Installer of PDF Digital Signature Plugin provided by the Ministry of Justice may insecurely load Dynamic Link Libraries

Installer of PDF Digital Signature Plugin provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use...

9.3CVSS7.7AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/12/15 12:0 a.m.79 views

JVN#96321933: Multiple vulnerabilities in DENSHI NYUSATSU CORE SYSTEM

DENSHI NYUSATSU CORE SYSTEM provided by Japan Construction Information Center contains multiple vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2022-41993 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS...

6.1CVSS6.6AI score0.00549EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/03/24 12:0 a.m.79 views

JVN#27951364: WL-Enq (WEB Enquete) vulnerable to OS command injection

WL-Enq WEB Enquete provided by WonderLink is a CGI to provide web enquete functions. WL-Enq WEB Enquete contains an OS command injection vulnerability CWE-78. Impact A remote attacker may execute arbitrary OS commands with the administrative privilege. Solution Consider stop using WL-Enq 1.12 Sin...

10CVSS10AI score0.02274EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/12/12 12:0 a.m.79 views

JVN#26847507: Multiple vulnerabilities in "Custom Body Class"

WordPress Plugin "Custom Body Class" provided by Andrei Lupu contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6029 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N|...

8.8CVSS7.5AI score0.00937EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/12/25 12:0 a.m.79 views

JVN#33677949: Installer of Mapping Tool may insecurely load Dynamic Link Libraries

Installer of Mapping Tool provided by Japan Atomic Energy Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...

7.8CVSS7.7AI score0.00985EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/12/18 12:0 a.m.79 views

JVN#84182676: Multiple vulnerabilities in H2O

H2O is an open source web server software. H2O contains multiple vulnerabilities listed below. A Denial-of-service DoS due to a flaw in processing HTTP/1 header CWE-20 - CVE-2017-10868 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L| Base Score: 5.3 CVSS...

7.5CVSS7.6AI score0.03636EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/25 12:0 a.m.79 views

JVN#11601216: Installer of "Security Kinou Mihariban" may insecurely load Dynamic Link Libraries

Installer of "Security Kinou Mihariban" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the...

9.3CVSS7.7AI score0.01059EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/10/18 12:0 a.m.79 views

JVN#63012325: The installer of e-Tax Software may insecurely load Dynamic Link Libraries

The installer of e-Tax Software provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact This vulnerability can be exploited when the following condition is met. If this vulnerability is exploited, arbitrary co...

7.8CVSS7.8AI score0.01534EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/11/14 12:0 a.m.79 views

JVN#91502163: Direct Web Remoting (DWR) vulnerable to XML external entity injection

Direct Web Remoting DWR is a Java framework for developing Ajax into web applications. DWR contains an XML external entity injection vulnerability CWE-611. Impact When an application uses a function to convert DOM data DOMConverter, JDOMConverter, DOM4JConverter or XOMConverter and a specially...

5CVSS6.6AI score0.02318EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/30 12:0 a.m.78 views

JVN#52694228: Multiple vulnerabilities in Cybozu Remote Service

Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-525 Cross-site request forgery vulnerability in the management screen CWE-352 - CVE-2021-20795 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N| Base Score:...

8.8CVSS7AI score0.01468EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/22 12:0 a.m.78 views

JVN#12737530: UNIVERGE Aspire series PBX vulnerable to denial-of-service (DoS)

Remote system maintenance feature of UNIVERGE Aspire series PBX contain an issue in handling commands, which may cause a denial-of-service DoS. Impact An attacker may cause system down and reboot of the products by sending a specially crafted command. Solution Update the Software Update to the...

3.5CVSS4AI score0.00919EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/08/23 12:0 a.m.78 views

JVN#17127920: Smart TV Box fails to restrict access permissions

Smart TV Box provided by KDDI CORPORATION enables access to Android Debug Bridge via port 5555/TCP of LAN side interface. When a cable television provider sets up Smart TV Box at an individual residence, direct access from outside to the LAN side interface of Smart TV Box is disabled. However if...

9.8CVSS9.3AI score0.02123EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/01/10 12:0 a.m.78 views

JVN#58010349: WordPress plugin "spam-byebye" vulnerable to cross-site scripting

The WordPress plugin "spam-byebye" contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who can access the setup page of the affected plugin. Solution Update the plugin Update the plugin according to the...

6.1CVSS6AI score0.00952EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/12/10 12:0 a.m.78 views

JVN#25385698: Cybozu Garoon access restriction bypass vulnerability

Single sign-on function of Cybozu Garoon provided by Cybozu, Inc. contains a restriction bypass vulnerability CWE-284. Impact An attacker who can access the product may bypass authentication of Single sign-on function and view the information which is available only for sign-on users. Solution...

7.5CVSS7.6AI score0.01392EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/12/06 12:0 a.m.78 views

JVN#89767228: Multiple vulnerabilities in multiple SEIKO EPSON printers and scanners

Multiple printers and scanners provided by SEIKO EPSON CORPORATION contain multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2018-0688 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N|...

8.8CVSS7.8AI score0.01642EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/09 12:0 a.m.78 views

JVN#15201064: Multiple vulnerabilities in CG-WGR1200

CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below. Buffer Overflow CWE-119 - CVE-2017-10852 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

8.8CVSS9.4AI score0.00868EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/10/16 12:0 a.m.78 views

JVN#23809730: GIGAPOD vulnerable to denial-of-service (DoS)

GIGAPOD file servers Appliance model and Software model from TripodWorks CO.,LTD. provide two web interfaces. First, a user web interface via ports 80/443, and a second, an administrative web interface via port 8001. The administrative web interface uses a version of the Apache HTTP server which...

7.8CVSS7.6AI score0.98945EPSS
Exploits17
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/18 12:0 a.m.77 views

JVN#21298724: Hitachi Virtual File Platform vulnerable to OS command injection

Hitachi Virtual File Platform provided by Hitachi contains an OS command injection vulnerability CWE-78 due to a flaw in processing parameters of the HTTP requests. Impact A remote attacker who can log in to the product may execute an arbitrary OS command with root privilege. Solution Update the...

9CVSS8.9AI score0.0311EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/21 12:0 a.m.77 views

JVN#53910556: Multiple cross-site scripting vulnerabilities in multiple PHP Factory products

Multiple products provided by PHP Factory contain multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability CWE-79 - CVE-2021-20723 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.7 CVSS v2|...

6.1CVSS6.6AI score0.00777EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/14 12:0 a.m.77 views

JVN#71263107: Multiple vulnerabilities in Cisco Small Business Series Wireless Access Points

Cisco Small Business Series Wireless Access Points provided by Cisco Systems, Inc. contain multiple vulnerabilities listed below. Improper access control CWE-284 - CVE-2021-1400 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

9CVSS8.6AI score0.02034EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/26 12:0 a.m.77 views

JVN#98115035: Android App "ELECOM File Manager" vulnerable to directory traversal

Android App "ELECOM File Manager" provided by ELECOM CO.,LTD. contains a directory traversal vulnerability CWE-22 due to a flaw in the processing of the filenames when extracting the compressed files. Impact A remote attacker may create an arbitrary file or overwrite an existing file in a directo...

9.1CVSS9.1AI score0.01871EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/03/24 12:0 a.m.77 views

JVN#77634892: mailform vulnerable to PHP code execution

mailform provided by keitai-site.net is a PHP script providing a mail form function to a website. mailform contains a PHP code execution vulnerability CWE-94 on the server where the product is running. Impact Arbitrary PHP code may be executed on the server where the product is running. Solution...

10CVSS9.7AI score0.02274EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/06/15 12:0 a.m.77 views

JVN#98975951: Chrome Extension "5000 trillion yen converter" vulnerable to cross-site scripting

Chrome Extension "5000 trillion yen converter" provided by Owen contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the extension Update the extension according to the information provided by the developer...

6.1CVSS6AI score0.00781EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/11/30 12:0 a.m.77 views

JVN#98295787: Multiple vulnerabilities in Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1

Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1 provided by Princeton Ltd. is a Wi-Fi storage. Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1 contains multiple vulnerabilities listed below. Improper Access Restriction CWE-284 - CVE-2017-10900 Version| Vector| Score ---|---|--- CVSS v3|...

10CVSS9.3AI score0.02553EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/06/19 12:0 a.m.77 views

JVN#51176027: Python SimpleHTTPServer vulnerable to cross-site scripting

The SimpleHTTPServer in Python contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's Internet Explorer. According to the developer, this issue exists only when using Internet Explorer 7. Solution Update the software Update to the latest version...

2.6CVSS6.1AI score0.03213EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/15 12:0 a.m.76 views

JVN#57524494: Multiple cross-site scripting vulnerabilities in multiple EC-CUBE plugins provided by EC-CUBE

Multiple EC-CUBE plugins provided by EC-CUBE CO.,LTD. contain multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20742 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L| Base Score: 7.1 CVSS v2|...

6.1CVSS6.5AI score0.00757EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/14 12:0 a.m.76 views

JVN#38034268: あすけん App for Android fails to restrict custom URL schemes properly

あすけん App for Android by asken Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an arbitra...

6.1CVSS6.2AI score0.00821EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/14 12:0 a.m.76 views

JVN#35906450: Multiple vulnerabilities in acmailer

acmailer provided by Seeds Co.,Ltd. contains multiple vulnerabilities listed below. Improper Access Control CWE-284 - CVE-2021-20617 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5...

10CVSS10AI score0.07871EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/02/25 12:0 a.m.76 views

JVN#52962201: Multiple vulnerabilities in RICOH printers

Multiple RICOH printers contain multiple vulnerabilities listed below. Information Disclosure CWE-200 - CVE-CVE-2019-14301 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N| Base Score: 6.5 CVSS v2| AV:A/AC:L/Au:N/C:P/I:N/A:N| Base Score: 3.3 Improper Access...

8.8CVSS7.9AI score0.01409EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/12/02 12:0 a.m.76 views

JVN#49068796: Multiple MOTEX products vulnerable to privilege escalation

LanScope Cat and LanScope An provided by MOTEX Inc. contain a privilege escalation vulnerability. Impact An user who can login to the PC where the vulnerable product is installed may obtain unauthorized privileges and execute arbitrary code. Solution Update the Software Update to the latest versi...

7.8CVSS8AI score0.00419EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/27 12:0 a.m.76 views

JVN#61081552: WordPress plugin "PixelYourSite" vulnerable to cross-site scripting

The WordPress plugin "PixelYourSite" provided by Minimal Work SRL contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

5.4CVSS5.3AI score0.00766EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/12/25 12:0 a.m.76 views

JVN#45494523: MQTT.js issue in handling PUBLISH packets

MQTT.js is a client library for MQTT. MQTT.js contains an issue in handling PUBLISH packets sent from an MQTT Broker. Impact Receiving a large number of packets from an MQTT broker may result in a denial-of-service DoS condition. Solution Update MQTT.js and rebuild the application Developers of...

6.5CVSS6.3AI score0.02214EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/11/01 12:0 a.m.76 views

JVN#79546124: OpenAM (Open Source Edition) vulnerable to authentication bypass

OpenAM Open Source Edition contains an authentication bypass vulnerability. Impact A user may bypass login authentication and access contents for which permissions are not granted. Solution Apply the Patch Patch for this vulnerabiity has been released by Open Source Solution Technology Corporatio...

8.1CVSS8.2AI score0.02625EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/07 12:0 a.m.76 views

JVN#21627267: Microsoft IME may insecurely load Dynamic Link Libraries

Microsoft IME, bundled with Microsoft Windows, contains an issue in loading DLLs. When some application programs are invoked, they may initiate Microsoft IME. This IME, when initiated, checks a certain registry key for a file path to a DLL file and loads it. This registry key does not exist by...

7.8CVSS8.1AI score0.02181EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/14 12:0 a.m.75 views

JVN#95457785: Multiple vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. NoSQL injection CWE-943 - CVE-2021-20736 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 7.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5 Improper...

9.1CVSS7.7AI score0.01307EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/11/19 12:0 a.m.75 views

JVN#90729322: Hibernate ORM vulnerable to SQL injection

Hibernate ORM is an ORM framework for Java. Hibernate ORM can be configured hibernate.usesqlcomments to true, which is false by default to add comments to generated SQL statements, aimed at debugging purpose. When hibernate.usesqlcomments is configured to true, malicious input may produce...

7.4CVSS7.5AI score0.02907EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/03/02 12:0 a.m.75 views

JVN#73472345: GRANDIT vulnerable to session management

GRANDIT provided by GRANDIT CORPORATION contains a vulnerability in session management CWE-639. Impact A user who can access to the product may impersonate an arbitrary user. As a result, information may be altered or disclosed. Solution Apply the Patch Apply the appropriate patch according to th...

6.5CVSS6.4AI score0.00842EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/02/14 12:0 a.m.75 views

JVN#02921757: Multiple Trend Micro products vulnerable to denial-of-service (DoS)

Premium Security 2019 for Windows, Maximum Security 2019 for Windows, Internet Security 2019 for Windows, and Antivirus+ Security 2019 for Windows provided by Trend Micro Incorporated contain a denial-of-service DoS vulnerability CWE-400. Impact An attacker may disable Premium Security 2019 for...

4.7CVSS4.6AI score0.00365EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/11/14 12:0 a.m.75 views

JVN#18420340: Multiple vulnerabilities in BOOK WALKER for Windows/Mac

BOOK WALKER for Windows/Mac provided by BOOK WALKER Co.,Ltd. are applications to view e-books. Installer of BOOK WALKER for Windows contains a vulnerabirity, which may lead to insecurely loading Dynamic Link Libraries. Also BOOK WALKER for Windows/Mac contain a vulnerability which may lead to...

9.3CVSS6AI score0.01059EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/11/06 12:0 a.m.75 views

JVN#23367475: Wi-Fi STATION L-02F vulnerable to buffer overflow

Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a buffer overflow vulnerability CWE-121. Impact Receiving crafted packets sent by a remote attacker may cause a buffer overflow condition. As a result, the attacker may execute arbitrary code with the root previlege. Solution Apply an Upda...

10CVSS9.9AI score0.0231EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/25 12:0 a.m.75 views

JVN#36303528: Installer and self-extracting archive containing the installer of "Security Setup Tool" may insecurely load Dynamic Link Libraries

The installer and the self-extracting archive containing the installer of "Security Setup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be...

9.3CVSS7.7AI score0.01059EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/25 12:0 a.m.75 views

JVN#14926025: Installer of ”Flets Install Tool” may insecurely load Dynamic Link Libraries

Installer of "Flets Install Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installe...

9.3CVSS7.6AI score0.01059EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/07/22 12:0 a.m.75 views

JVN#65273415: Android OS issue where it is affected by the CRIME attack

The TLS protocol contains a function that compresses data for communications between the client and server. This function does not properly obfuscate the length of the unencrypted data. When this function is enabled on both the client and server, it results in a vulnerability where plaintext HTTP...

2.6CVSS5.2AI score0.04266EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/09 12:0 a.m.74 views

JVN#96561229: Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM

FUJITSU Network IPCOM provided by FUJITSU LIMITED is an integrated network appliance. Operation management interface used to operate FUJITSU Network IPCOM contains multiple vulnerabilities listed below. OS command injection in the web console CWE-78 - CVE-2022-29516 Version| Vector| Score...

10CVSS10AI score0.74513EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/14 12:0 a.m.74 views

JVN#34364599: Optical BB unit E-WMTA2.3 vulnerable to cross-site request forgery

Optical BB unit E-WMTA2.3 provided by SoftBank contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the firmware According to the developer, the fixed firmware for this...

8.8CVSS8.7AI score0.00551EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/03/24 12:0 a.m.74 views

JVN#85942151: mailform vulnerable to cross-site scripting

mailform provided by keitai-site.net is a PHP script providing mail form functions to a website. mailform contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of an administrator who is accessing a website using mailform...

6.1CVSS6AI score0.00773EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/12/07 12:0 a.m.74 views

JVN#32155106: Multiple vulnerabilities in i-FILTER

i-FILTER provided by Digital Arts Inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2018-16180 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 HTTP...

6.1CVSS6.9AI score0.00833EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/12 12:0 a.m.74 views

JVN#92220486: The installer of PhishWall Client Internet Explorer edition may insecurely load Dynamic Link Libraries

PhishWall Client Internet Explorer edition provided by SecureBrain Corporation is anti-phishing and anti-MITB software. The installer of PhishWall Client Internet Explorer edition contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427...

9.3CVSS7.7AI score0.01119EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/30 12:0 a.m.74 views

JVN#01161596: Safari vulnerable to script injection

Safari provided by Apple Inc. contains a script injection vulnerability CWE-81 in the processing of displaying an error page when it fails to verify server certificates. In an error page Safari displays when it fails to verify server certificates, a domain name of the website accessed is output...

6.1CVSS7AI score0.01161EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/11/02 12:0 a.m.74 views

JVN#97243511: Installer of ”Flets Easy Setup Tool" may insecurely load Dynamic Link Libraries

Installer of "Flets Easy Setup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the...

7.8CVSS7.7AI score0.00911EPSS
Exploits0
Total number of security vulnerabilities5000