Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/12 6:4 a.m.•5 views

Multiple vulnerabilities in Aterm HC100RC

Overview Aterm HC100RC provided by NEC Corporation contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2018-0634, CVE-2018-0635, CVE-2018-0636, CVE-2018-0637, CVE-2018-0638, CVE-2018-0639 Buffer Overflow CWE-119 - CVE-2018-0640, CVE-2018-0641 Taizoh Tsukamoto of Mits...

9CVSS7.5AI score0.018EPSS
Exploits0References20
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/06/12 5:44 a.m.•5 views

LINE for Windows may insecurely load Dynamic Link Libraries

Overview LINE for Windows provided by LINE Corporation specifies the path to read DLL when launching software. If a user launches LINE for Windows by clicking the specially crafted link prepared by a remote attacker, it may result in insecurely loading Dynamic Link Libraries CWE-427. LINE...

7.8CVSS6.9AI score0.00796EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/28 3:13 a.m.•5 views

Information Disclosure Vulnerability in Hitachi Automation Director

Overview An Information Disclosure Vulnerability was found in Hitachi Automation Director. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

3.5CVSS6.4AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/17 5:57 a.m.•5 views

Self-Extracting Archive files created by IExpress may insecurely load Dynamic Link Libraries

Overview Self-extracting archive files created by IExpress provided Microsoft contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Microsoft states that the root cause of this vulnerability is "Application Directory App Dir DLL planting"...

9.3CVSS7AI score0.09044EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/27 6:1 a.m.•5 views

WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" vulnerable to cross-site scripting

Overview The WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" provided by Webdados contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warni...

6.1CVSS5.9AI score0.01085EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/03/13 7:43 a.m.•5 views

QQQ SYSTEMS vulnerable to cross-site scripting

Overview QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. quiz.cgi of QQQ SYSTEMS contains a cross-site scripting vulnerability CWE-79. When a user accesses a malicious page and is redirected to a page created with the product, an arbitrary script may be executed on t...

6.1CVSS5.9AI score0.00746EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/02/06 6:5 a.m.•5 views

The installer of Anshin net security for Windows may insecurely load Dynamic Link Libraries

Overview Anshin net security for Windows provided by KDDI CORPORATION is an Internet Security suite. The installer of Anshin net security for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab...

7.8CVSS6.8AI score0.00927EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/01/22 5:17 a.m.•5 views

The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" may insecurely load Dynamic Link Libraries

Overview The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Librarie...

9.3CVSS6.8AI score0.00912EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/12/22 6:50 a.m.•5 views

The installer of Music Center for PC may insecurely load Dynamic Link Libraries

Overview Music Center for PC provided by Sony Video & Sound Products Inc. is a file management tool. The installer of Music Center for PC contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Note that this vulnerability is different from...

9.3CVSS6.9AI score0.01944EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/12/11 5:13 a.m.•5 views

Fluentd vulenrable to escape sequence injection

Overview Fluentd provided by Cloud Native Computing Foundation CNCF contains an escape sequence injection vulnerability. Fluentd is an open source data collector provided by Cloud Native Computing Foundation CNCF. The parse Filter Plugin for Fluentd contains an escape sequence injection...

10CVSS7.7AI score0.04581EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/12/01 7:17 a.m.•5 views

Multiple vulnerabilities in multiple Buffalo broadband routers

Overview BBR-4HG and BBR-4MG provided by BUFFALO INC. are wireless LAN routers. BBR-4HG and BBR-4MG contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2017-10896 Improper Input Validation CWE-20 - CVE-2017-10897 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions,...

6.1CVSS6.5AI score0.00713EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/11/30 6:50 a.m.•5 views

Movable Type plugin A-Member and A-Reserve vulnerable to SQL injection

Overview A-Member and A-Reserve provided by ARK-Web co., ltd. are plugins for Movable Type which provide functions to build a membership website or a reservation website. A-Member and A-Reserve contain SQL injection CWE-89 vulnerability due to the issue in processing cookie values. Yuuta Watanabe...

9.8CVSS7.4AI score0.01269EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/11/29 5:54 a.m.•5 views

StreamRelay.net.exe and sDNSProxy.exe vulnerable to denial-of-service (DoS)

Overview StreamRelay.net.exe and sDNSProxy.exe fail to properly process ICMP Port Unreachable message CWE-703. Tomoki Sanaki reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Tomoki Sanaki coordinated under the Information Security Early Warning...

7.5CVSS6.7AI score0.015EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/11/14 4:26 a.m.•5 views

WordPress plugin "TablePress" vulnerable to improper restriction of XML external entity (XXE) references

Overview The WordPress plugin "TablePress" is a plugin to create and manage tables on WordPress site. TablePress contains a vulnerability where XML external entity XXE references are not properly restricted CWE-611. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA...

5CVSS6.8AI score0.01058EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/11/01 6:36 a.m.•5 views

OpenAM (Open Source Edition) vulnerable to authentication bypass

Overview OpenAM Open Source Edition contains an authentication bypass vulnerability. Yasushi Iwakata of Open Source Solution Technology Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user may...

8.1CVSS6.8AI score0.02625EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/10/25 3:17 a.m.•5 views

Memory corruption vulnerability in Rakuraku Hagaki and Rakuraku Hagaki Select for Ichitaro

Overview Rakuraku Hagaki and Rakuraku Hagaki Select for Ichitaro contain a memory corruption vulnerability. Impact If a user opens a specially crafted Rakuraku Hagaki file or Rakuraku Hagaki Select for Ichitaro file, arbitrary code may be executed with the privilege of running the application...

7.8CVSS7.3AI score0.01312EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/30 6:10 a.m.•5 views

Installer of "Remote Support Tool (Enkaku Support Tool)" may insecurely load Dynamic Link Libraries

Overview Installer of "Remote Support Tool Enkaku Support Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili...

9.3CVSS6.8AI score0.01231EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/23 6:24 a.m.•5 views

The installer of the Ministry of Justice [The electronic authentication system based on the commercial registration system "The CRCA user's Software"] may insecurely load Dynamic Link Libraries

Overview The electronic authentication system based on the commercial registration system "The CRCA user's Software" provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. DigiGnome and BlackWingCat of...

9.3CVSS7.1AI score0.01456EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/17 8:29 a.m.•5 views

Installer of Shin Kikan Toukei Houkoku Data Nyuryokuyou Program may insecurely load Dynamic Link Libraries

Overview Installer of Shin Kikan Toukei Houkoku Data Nyuryokuyou Program provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this...

9.3CVSS6.8AI score0.01238EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/08 9:6 a.m.•5 views

WCR-1166DS vulnerable to OS command injection

Overview WCR-1166DS provided by BUFFALO INC.is a wireless LAN router. WCR-1166DS contains an OS command injection vulnerability CWE-78. Masashi Shiraishi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...

7.7CVSS7.5AI score0.00732EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/08 6:35 a.m.•5 views

Installer of Qua station connection tool for Windows may insecurely load Dynamic Link Libraries

Overview Qua station provided KDDI CORPORATION is a 4G LTE photostrage. Qua station connection tool is used to view data saved on Qua station from a PC and/or save data on a PC. Installer of Qua station connection tool for Windows contains an issue with the DLL search path, which may lead to...

9.3CVSS6.8AI score0.01238EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/27 6:38 a.m.•5 views

NFC Port Software remover may insecurely load Dynamic Link Libraries

Overview NFC Port Software remover provided by Sony Corporation is an application to remove NFC Port Software. NFC Port Software remover contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this...

9.3CVSS6.9AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/24 4:52 a.m.•5 views

Multiple cross-site scripting vulnerabilities in ScreenOS

Overview ScreenOS provided by Juniper Networks contains multiple cross-site scripting vulnerabilities. Toshitsugu Yoneyama and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

9.6CVSS6.3AI score0.01194EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/19 6:7 a.m.•5 views

Multiple vulnerabilities SONY Portable Wireless Server WG-C10

Overview Portable Wireless Server WG-C10 provided by Sony Corporation contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2017-2275 Buffer overflow CWE-119 - CVE-2017-2276 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...

9CVSS8.3AI score0.01933EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/13 5:35 a.m.•5 views

FileCapsule Deluxe Portable and Encrypted Files in Self-Decryption Format created by FileCapsule Deluxe Portable may insecurely load Dynamic Link Libraries

Overview FileCapsule Deluxe Portable is a file encryption software. FileCapsule Deluxe Portable contains the following vulnerabilities. FileCapsule Deluxe Portable insecurely load Dynamic Link Libraries CWE-427 - CVE-2017-2265, CVE-2017-2267, CVE-2017-2269 Encrypted files in self-decryption forma...

9.3CVSS6.9AI score0.01059EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/07 6:47 a.m.•5 views

Microsoft IME may insecurely load Dynamic Link Libraries

Overview Microsoft IME, bundled with Microsoft Windows, contains an issue in loading DLLs. When some application programs are invoked, they may initiate Microsoft IME. This IME, when initiated, checks a certain registry key for a file path to a DLL file and loads it. This registry key does not...

7.8CVSS7AI score0.02181EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/28 7:40 a.m.•5 views

Installer of Setup file of advance preparation for e-Tax software (WEB version) may insecurely load Dynamic Link Libraries

Overview Installer of Setup file of advance preparation for e-Tax software WEB version provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. BlackWingCat of Pink Flying Whale reported this vulnerability to IPA...

7.8CVSS7.2AI score0.01109EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/21 4:45 a.m.•5 views

HOME SPOT CUBE2 vulnerable to OS command injection in WebUI

Overview HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains OS command injection in WebUI. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

8.8CVSS7.5AI score0.00909EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/20 4:58 a.m.•5 views

WordPress plugin "Event Calendar WD" vulnerable to cross-site scripting

Overview The WordPress plugin "Event Calendar WD" provided by Web-Dorado contains a cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script ma...

6.1CVSS6AI score0.01466EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/13 5:50 a.m.•5 views

WordPress plugin "WP-Members" vulnerable to cross-site scripting

Overview The WordPress plugin "WP-Members" contains a cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on a logged in...

6.1CVSS6AI score0.01766EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/13 5:11 a.m.•5 views

Open redirect vulnerability in WordPress plugin "WordPress Download Manager"

Overview The WordPress plugin "WordPress Download Manager" provided by W3 Eden, Inc. contains an open redirect vulnerability CWE-601. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

6.1CVSS6.6AI score0.01476EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/09 6:48 a.m.•5 views

Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) may insecurely load Dynamic Link Libraries

Overview Installer of Denshinouhin Check System for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eili Masami of Tachibana Lab. and BlackWingCat of Pink Flying Whale...

7.8CVSS6.9AI score0.00911EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/06 2:19 a.m.•5 views

The installer of the Ministry of Justice [The electronic authentication system based on the commercial registration system "The CRCA user's Software"] may insecurely load Dynamic Link Libraries

Overview The electronic authentication system based on the commercial registration system "The CRCA user's Software" provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eili Masami of Tachibana Lab. reported...

8.8CVSS7.1AI score0.01356EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/25 5:14 a.m.•5 views

Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely load Dynamic Link Libraries

Overview Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eili Masami of Tachibana Lab. reported this vulnerability to IPA...

8.8CVSS7.2AI score0.01749EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/25 5:14 a.m.•5 views

Installers of the screensavers provided by JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE may insecurely load Dynamic Link Libraries

Overview Installers of the screensavers provided by JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated wit...

9.3CVSS7.3AI score0.01427EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/16 6:34 a.m.•5 views

FlashAir fails to restrict access permissions in PhotoShare

Overview FlashAir by Toshiba Corporation is an SDHC memory card which provides wireless LAN access functions. FlashAir PhotoShare function enables to share the selected data with other users as it switches the original wireless LAN connection set by FlashAir default to the wireless LAN connection...

3.5CVSS6.7AI score0.00447EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/25 4:36 a.m.•5 views

Installer of Vivaldi for Windows may insecurely load executable files

Overview The installer of Vivaldi for Windows contains an issue in the file search path when loading files, which may insecurely load executable files CWE-427. Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

7.8CVSS6.9AI score0.02516EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/20 5:48 a.m.•5 views

Hoozin Viewer vulnerable to buffer overflow

Overview Hoozin Viewer provided by ICON CORPORATION contains a buffer overflow vulnerability CWE-121. Touma Hatano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user views a malicious page, arbitrary...

8.8CVSS7.5AI score0.02547EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/28 5:21 a.m.•5 views

WBCE CMS vulnerable to directory traversal

Overview WBCE CMS provided by WBCE Team is an open-source Contents Management System CMS. WBCE CMS contains a directory traversal vulnerability CWE-22. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

8.6CVSS6.6AI score0.0351EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/11 4:46 a.m.•5 views

Cybozu Remote Service Manager fails to verify client certificates

Overview Remote Service Manager provided by Cybozu, Inc. is a software to access internal systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager fails to verify client certificates. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution...

4.9CVSS6.6AI score0.0045EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/08 2:33 a.m.•5 views

The Bank of Tokyo-Mitsubishi UFJ for Android vulnerable to SSL/TLS downgrade attack

Overview The Bank of Tokyo-Mitsubishi UFJ for Android may be exploited by SSL/TLS downgrade attack. The Bank of Tokyo-Mitsubishi UFJ for Android provided by The Bank of Tokyo-Mitsubishi UFJ, Ltd. tries to communicate with a server via TLS v1.2. However, when a response from the server indicates S...

4.3CVSS6.5AI score0.00816EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/07 5:44 a.m.•5 views

Sleipnir for Mac vulnerable to URL spoofing

Overview Sleipnir for Mac provided by Fenrir Inc. contains a URL spoofing vulnerability due to a flaw in the page transition. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.1CVSS6.5AI score0.00831EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/05 4:52 a.m.•5 views

SaAT Netizen fails to properly verify downloaded installation and update files

Overview SaAT Netizen contains a vulnerability where files downloaded for installation or an update are not properly verified. The SaAT Netizen installer and SaAT Netizen contain a vulnerability where downloaded files are not properly verified during the installation or update process...

8.1CVSS6.7AI score0.00572EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/02 5:43 a.m.•5 views

WNC01WH vulnerable to denial-of-service (DoS)

Overview WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a denial-of-service DoS vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.5CVSS6.5AI score0.0175EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/01 4:40 a.m.•5 views

The installers of multiple Japan Pension Service software may insecurely load Dynamic Link Libraries

Overview The installers of multiple Japan Pension Service software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer und...

7.8CVSS7.3AI score0.00956EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/28 4:47 a.m.•5 views

kintone mobile for Android fails to verify SSL server certificates

Overview kintone mobile for Android provided by Cybozu, Inc. fails to verify SSL server certificates in WebView. Note that this vulnerability is different from JVN91816422. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc...

5.9CVSS6.5AI score0.00728EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/25 4:54 a.m.•5 views

Simple keitai chat vulnerable to cross-site scripting

Overview Simple keitai chat provided by LEMON-S PHP contains reflected and stored cross-site scripting vulnerabilities CWE-79. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.1CVSS6.2AI score0.00872EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/07 5:11 a.m.•5 views

Cryptography API: Next Generation (CNG) vulnerable to denial-of-service (DoS)

Overview Cryptography API: Next Generation CNG contains an issue in BCryptDecrypt, which may result in a denial-of-service DoS. ASHINO, Yuki of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

4.3CVSS7AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 6:43 a.m.•5 views

"Project" function in Cybozu Office vulnerable vulnerable to operation restriction bypass

Overview Cybozu Office provided by Cybozu,Inc. contains an operation restriction bypass vulnerability in the "Project" function. Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/C...

4.3CVSS6.6AI score0.01183EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 6:17 a.m.•5 views

Docomo L-04D mobile WiFi router vulnerable to cross-site request forgery

Overview L-04D provided by NTT DOCOMO, INC. is a wireless WiFi router. L-04D contains a cross-site request forgery vulnerability in the the web management screen. Atsuo Sakurai of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

8.8CVSS6.5AI score0.00977EPSS
Exploits0References5
Total number of security vulnerabilities5000