Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/13 6:19 a.m.•5 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-3167 Improper handling of data in Mail CWE-231 - CVE-2024-31397 CyVDB-3221 Improper restriction on the output of some API CWE-201 - CVE-2024-31398 CyVDB-3238 Excessive resource consumption in Mai...

9CVSS6.4AI score0.00504EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/08 4:44 a.m.•5 views

Multiple vulnerabilities in WordPress Plugin "Ninja Forms"

Overview WordPress Plugin "Ninja Forms" provided by Saturday Drive contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2024-25572 Stored cross-site scripting in submit processing CWE-79 - CVE-2024-26019 Stored cross-site scripting in custom fields for labels...

8.8CVSS6.2AI score0.00532EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/02 9:3 a.m.•5 views

FURUNO SYSTEMS Managed Switch ACERA 9010 running in non MS mode with the initial configuration has no password

Overview In the initial configuration of Managed Switch ACERA 9010 provided by FURUNO Systems Co., Ltd., the password is empty CWE-258 and the remote access service is enabled. The products are affected only when running in non MS mode with the initial configuration. FURUNO SYSTEMS Co.,Ltd...

8.8CVSS6.8AI score0.00298EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/01 3:31 a.m.•5 views

Multiple vulnerabilities in KEYENCE KV STUDIO, KV REPLAY VIEWER, and VT5-WX15/WX12

Overview KV STUDIO, KV REPLAY VIEWER, and VT5-WX15/WX12 provided by KEYENCE CORPORATION contain multiple vulnerabilities listed below. Out-of-bounds write CWE-787 - CVE-2024-29218 Out-of-bounds read CWE-125 - CVE-2024-29219 Michael Heinzl reported these vulnerabilities to JPCERT/CC. JPCERT/CC...

8.8CVSS7.3AI score0.00848EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/26 7:7 a.m.•5 views

ffBull vulnerable to OS command injection

Overview ffBull according to the original report submitted by the reporter provided by Fortunefield is a bulletin board system BBS. ffBull contains an OS command injection vulnerability CWE-78. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on...

9.8CVSS7.9AI score0.01284EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/25 9:16 a.m.•5 views

BUFFALO LinkStation 200 series vulnerable to arbitrary code execution

Overview LinkStation 200 series provided by BUFFALO INC. is a network attached storage NAS. LinkStation 200 series contains an arbitrary code execution vulnerability CWE-354, CVE-2023-51073 due to insufficient verification of data authenticity during firmware update. BUFFALO INC. reported this...

8.1CVSS7.8AI score0.01312EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/18 5:8 a.m.•5 views

Multiple vulnerabilities in FitNesse

Overview FitNesse contains multiple vulnerabilities listed below. Multiple cross-site scripting CWE-79 - CVE-2024-23604, CVE-2024-28128 Improper restriction of XML external entity references CWE-611 -CVE-2024-28039 OS command injection CWE-78 - CVE-2024-28125 CVE-2024-23604, CVE-2024-28039,...

9.8CVSS6.9AI score0.00992EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/24 4:53 a.m.•5 views

Oracle WebLogic Server vulnerable to HTTP header injection

Overview Oracle WebLogic Server provided by Oracle contains an HTTP header injection vulnerability CWE-113. Professional Service Department of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...

8.6CVSS6.5AI score0.00503EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/15 9:27 a.m.•5 views

Multiple vulnerabilities in ELECOM and LOGITEC routers

Overview Multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2023-43752 Inadequate Encryption Strength CWE-326 - CVE-2023-43757 CVE-2023-43752 Chuya Hayakawa of 00One, Inc. reported this vulnerabilit...

8CVSS7.5AI score0.00999EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/02 8:21 a.m.•5 views

FUJIFILM Business Innovation Corp. and Xerox Corporation MFPs export Address Books with insufficient encryption strength

Overview Multiple MFPs multifunction printers provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient CWE-1391. Kunal Thakrar and Ceri Coburn of Pen Test...

5.9CVSS6.6AI score0.0035EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/02 3:14 a.m.•5 views

Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer

Overview Multiple vulnerabilities have been found in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official...

8.6CVSS7AI score0.0028EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/26 2:30 a.m.•5 views

Trend Micro Mobile Security vulnerable to cross-site scripting

Overview Trend Micro Incorporated has released a security update for Trend Micro Mobile Security. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A cross-site scripting attack may be conducted if a user who is logged in to the...

6.1CVSS6.1AI score0.01798EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/05 5:55 a.m.•5 views

Multiple vulnerabilities in CGIs of PMailServer and PMailServer2

Overview CGIs included with PMailServer and PMailServer2 provided by A.K.I Software contain multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-39223 Insufficient verification vulnerability in Broadcast Mail CGI pmc.exe CWE-434 - CVE-2023-39933...

7.5CVSS6.7AI score0.00975EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/10 7:4 a.m.•5 views

Multiple server-side request forgery vulnerabilities in Trend Micro Apex Central (July 2023)

Overview Trend Micro Apex Central is vulnerable to multiple server-side request forgeries. Trend Micro Incorporated has released Patch 5 build 6481 for Trend Micro Apex Central. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact...

5.4CVSS7.1AI score0.00358EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/03 6:7 a.m.•5 views

Multiple vulnerabilities in SoftEther VPN and PacketiX VPN

Overview SoftEther VPN provided by University of Tsukuba SoftEther VPN Project and PacketiX VPN provided by SoftEther Corporation contain multiple vulnerabilities listed below in VPN Client function, and Dynamic DNS Client function included in the VPN server. Heap-based buffer overflow CWE-122 -...

9CVSS8AI score0.01543EPSS
Exploits6References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/30 2:49 a.m.•5 views

Null pointer dereference vulnerability in multiple printers and MFPs which implement BROTHER debut web server

Overview Multiple printers and MFPs multifunction printers which implement Brother debut web server contain a null pointer dereference vulnerability CWE-476, CVE-2023-29984. Darren Johnson directly reported this vulnerability to BROTHER INDUSTRIES, LTD. and FUJIFILM Business Innovation Corp., and...

7.5CVSS6.7AI score0.00942EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/27 7:50 a.m.•5 views

Multiple vulnerabilities in WAVLINK WL-WN531AX2

Overview WL-WN531AX2 provided by WAVLINK contains multiple vulnerabilities listed below. Client-side enforcement of server-side security CWE-602 - CVE-2023-32612 Exposure of resource to wrong sphere CWE-668 - CVE-2023-32613 Improper authentication CWE-287 - CVE-2023-32620 Unrestricted upload of...

8.1CVSS7.5AI score0.00734EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/31 6:34 a.m.•5 views

DataSpider Servista uses a hard-coded cryptographic key

Overview DataSpider Servista provided by SAISON INFORMATION SYSTEMS CO.,LTD. is a data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and ScriptRunner for Amazo...

8.8CVSS6.8AI score0.00812EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/19 6:21 a.m.•5 views

Multiple vulnerabilities in T&D and ESPEC MIC data logger products

Overview Multiple data logger products provided by T Corporation and ESPEC MIC CORP. contain multiple vulnerabilities listed below. Client-side enforcement of server-side security CWE-602 - CVE-2023-22654 Improper authentication CWE-287 - CVE-2023-27388 Missing authentication for critical functio...

9.8CVSS6.9AI score0.01252EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/17 6:9 a.m.•5 views

OS command injection vulnerability in Inaba Denki Sangyo Wi-Fi AP UNIT

Overview Wi-Fi AP UNIT provided by Inaba Denki Sangyo Co., Ltd. contains an OS command injection vulnerability CWE-78. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An arbitrary OS command may be executed by an authenticat...

7.2CVSS7.5AI score0.0088EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/25 5:31 a.m.•5 views

Heap-based buffer overflow vulnerability in OMRON CX-Drive

Overview CX-Drive provided by OMRON Corporation contains a heap-based buffer overflow vulnerability CWE-122, CVE-2023-27385. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact By having a user open a specially crafted SDD file, arbitrary code...

7.8CVSS7.5AI score0.00226EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/19 5:6 a.m.•5 views

EC-CUBE plugin "NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series)" vulnerable to authentication bypass

Overview EC-CUBE plugin "NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series" provided by NE Inc. contains an authentication bypass vulnerability CWE-287. TSUKADA Nobuhisa of Seasoft reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.3CVSS6.8AI score0.007EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/18 4:58 a.m.•5 views

Security Issues in FINS protocol

Overview FINS Factory Interface Network Service is a message communication protocol, which is designed to be used in closed FA Factory Automation networks, and is used in FA networks composed of Omron products. FINS commands enable to read/write information, conduct various operations and set the...

9.8CVSS7.3AI score0.01385EPSS
Exploits1References15
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/04 6:22 a.m.•5 views

Improper restriction of XML external entity references (XXE) in National land numerical information data conversion tool

Overview National land numerical information data conversion tool provided by MLIT improperly restricts XML external entity references XXE CWE-611. Taku Toyama and Kohei Matsumoto of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

5.5CVSS6.8AI score0.00226EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/03/22 4:41 a.m.•5 views

Multiple vulnerabilities in Contec CONPROSYS IoT Gateway products

Overview CONPROSYS IoT Gateway products provided by Contec CO.,LTD. contain multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2023-27917 Network Maintenance page validates input values improperly, resulting in OS command injection. Inadequate Encryption Strength CWE-326 -...

8.8CVSS8.2AI score0.01929EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/02/28 6:0 a.m.•5 views

web2py development tool vulnerable to open redirect

Overview The admin development tool included in the web2py source code contains an open redirect vulnerability CWE-601. According to the developer, they do not recommend using the tool in operational environment or disclosing it on the Internet. Takuto Yoshikai of Aeye Security Lab reported this...

6.1CVSS6.8AI score0.02382EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/02/14 8:0 a.m.•5 views

The installers of ELECOM Camera Assistant and QuickFileDealer may insecurely load Dynamic Link Libraries

Overview The installers of ELECOM Camera Assistant and QuickFileDealer provided by ELECOM CO.,LTD. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Tomohisa Hasegawa of Canon IT Solutions Inc. reported this vulnerability to IPA...

7.8CVSS7AI score0.00204EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/02/06 5:31 a.m.•5 views

Ichiran App vulnerable to improper server certificate verification

Overview Ichiran App developed by Betrend Corporation and provided by ICHIRAN INC. is vulnerable to improper server certificate verification CWE-295. Ryo Nihonyanagi of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

6.5CVSS6.5AI score0.00513EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/11/21 6:31 a.m.•5 views

Typora fails to properly neutralize JavaScript code.

Overview Typora fails to properly neutralize JavaScript code CWE-116. Eiji Mori of Flatt Security Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Opening a file with the affected product may lead to...

6.1CVSS6.8AI score0.00357EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/10/20 7:18 a.m.•5 views

Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service

Overview Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Privilege escalation due to a Time-of-check Time-of-use TOCTOU Race...

9.1CVSS7.2AI score0.00971EPSS
Exploits0References20
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/10/13 8:27 a.m.•5 views

Multiple vulnerabilities in SVMPC1 and SVMPC2

Overview SVMPC1 and SVMPC2 provided by Daikin Holdings Singapore Pte Ltd. contain multiple vulnerabilities listed below. Use of hard-coded password CWE-259 - CVE-2022-41653 Improper access control CWE-284 - CVE-2022-38355 Impact Exploiting these vulnerabilities may allow an attacker on the same L...

9.8CVSS7.1AI score0.00697EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/10/07 5:30 a.m.•5 views

Growi vulnerable to improper access control

Overview GROWI provided by WESEEK, Inc. contains an improper access control vulnerability CWE-284. Kenta Yamamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A us...

6.5CVSS6.6AI score0.00782EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/10/06 4:5 a.m.•5 views

IPFire WebUI vulnerable to cross-site scripting

Overview The web user interface of IPFire provided by IPFire Project contains multiple stored cross-site scripting vulnerabilities CWE-79. This analysis assumes a scenario where one administrative user prepares malicious content, and then another administrative user accesses this content, resulti...

4.8CVSS6AI score0.00681EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/08/23 5:31 a.m.•5 views

UNIMO Technology digital video recorders vulnerable to missing authentication for critical functions

Overview Multiple digital video recorders provided by UNIMO Technology Co., Ltd do not perform authentication for some critical functions CWE-306 in the device management web interface. The reporter states that attacks exploiting this vulnerability have been observed. Yoshiki Mori, Ushimaru Hayat...

9.8CVSS7.2AI score0.01249EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/06/01 7:12 a.m.•5 views

T&D Data Server and THERMO RECORDER DATA SERVER contain a directory traversal vulnerability.

Overview T Data Server and THERMO RECORDER DATA SERVER provided by T Corporation contain a directory traversal vulnerability CWE-22. Shun Asai of FiveDrive, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

7.5CVSS6.7AI score0.03234EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/04/15 4:15 a.m.•5 views

WordPress Plugin "MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership" vulnerable to cross-site request forgery

Overview WordPress Plugin "MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership" provided by VideoWhisper contains a cross-site request forgery vulnerability CWE-352. Kosuke Sakai reported and coordinated with the developer to fix this vulnerability. After coordination was...

8.8CVSS6.8AI score0.00781EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/04/07 7:58 a.m.•5 views

Trend Micro Antivirus for Mac vulnerable to privilege escalation

Overview Trend Micro Incorporated has released a security update for Trend Micro Antivirus for Mac. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A user who can log in to the system where the affected product is installed may...

8.5CVSS7.1AI score0.01187EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/03/30 5:0 a.m.•5 views

AttacheCase may insecurely load Dynamic Link Libraries

Overview AttacheCase may insecurely load Dynamic Link Libraries. AttacheCase is an open source file encryption software provided by HiBARA Software. AttacheCase contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Taizoh Tsukamoto of...

7.8CVSS6.9AI score0.00362EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/03/08 6:56 a.m.•5 views

Multiple vulnerabilities in OMRON CX-Programmer

Overview CX-Programmer provided by OMRON Corporation contains multiple vulnerabilities listed below. Out-of-bounds Write CWE-787 - CVE-2022-21124 Use After Free CWE-416 - CVE-2022-25230 Use After Free CWE-416 - CVE-2022-25325 Out-of-bounds Read CWE-125 - CVE-2022-21219 Out-of-bounds Write CWE-787...

7.8CVSS7.5AI score0.01456EPSS
Exploits0References15
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/03/03 5:42 a.m.•5 views

Multiple vulnerabilities in Trend Micro ServerProtect

Overview Trend Micro Incorporated has released security updates for ServerProtect. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Remote control execution due to insufficiently protected static credentials Denial-of-servic...

9.8CVSS8.3AI score0.04872EPSS
Exploits2References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/03/03 5:32 a.m.•5 views

Norton Security for Mac improperly processes ICMP packets

Overview Norton Security for Mac provided by NortonLifeLock Inc. is antivirus software. Norton Security for Mac improperly processes ICMP packets, which may result in OS to crash CWE-20. Yuki Meguro of Tohoku Information Systems Company, Incorporated reported this vulnerability to IPA. JPCERT/CC...

7.1CVSS6.5AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/02/22 5:22 a.m.•5 views

EC-CUBE improperly handles HTTP Host header values

Overview EC-CUBE provided by EC-CUBE CO.,LTD. improperly handles HTTP Host header values CWE-913. EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LTD. coordinated under the Information Security Early Warning...

5.3CVSS6.7AI score0.01138EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/02/08 7:13 a.m.•5 views

Multiple vulnerabilities in multiple ELECOM LAN routers

Overview Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Hidden functionality CWE-912 - CVE-2022-21173 Cross-site scripting CWE-79 - CVE-2022-21799 CVE-2022-21173 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this...

8.8CVSS6.8AI score0.00447EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/01/12 6:37 a.m.•5 views

Jimoty App for Android uses a hard-coded API key for an external service

Overview Jimoty App for Android provided by Jimoty, Inc. uses a hard-coded API key for an external service CWE-798. Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact API key for...

4CVSS6.5AI score0.00203EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/12/28 2:51 a.m.•5 views

Multiple vulnerabilities in KONICA MINOLTA MFPs and printing systems

Overview Multi-function printers MFP and printing systems provided by KONICA MINOLTA, INC. contain multiple vulnerabilities listed below. Incorrect authorization CWE-863 - CVE-2021-20868 Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2021-20869 Improper handling of...

6.8CVSS7.2AI score0.00532EPSS
Exploits0References16
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/12/09 4:43 a.m.•5 views

Multiple vulnerabilities in Trend Micro Security 2021 family (Consumer)

Overview Trend Micro Incorporated has released security updates for Trend Micro Security 2021 family Consumer. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Maximum Security 2021 A user who can log in to the system where...

7.8CVSS7.2AI score0.00301EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/12/02 8:16 a.m.•5 views

Multiple vulnerabilities in multiple ELECOM routers

Overview Multiple routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Improper access control leading to unauthorized activation of telnet service CWE-284 - CVE-2021-20862 OS command injection CWE-78 - CVE-2021-20863 Improper access control leading to unauthorized...

8.8CVSS8.4AI score0.00862EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/11/30 7:23 a.m.•5 views

Multiple vulnerabilities in multiple ELECOM LAN routers

Overview Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Buffer overflow CWE-121 - CVE-2021-20852 OS command injection CWE-78 - CVE-2021-20853, CVE-2021-20854 Cross-site scripting CWE-79 - CVE-2021-20855, CVE-2021-20856 Cross-site scripting...

8.8CVSS7.7AI score0.00585EPSS
Exploits0References29
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/11/29 4:52 a.m.•5 views

Trend Micro Antivirus for MAC vulnerable to improper access controls

Overview Trend Micro Incorporated has released a security update for Trend Micro Antivirus for MAC. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A user who can login to the system where the affected product is installed may...

7.8CVSS7.2AI score0.00322EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/11/26 5:59 a.m.•5 views

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2021-41243 Arbitrary code upload vulnerability in Database restore CWE-434 - CVE-2021-41279 CVE-2021-41243 Akagi Yusuke of NTT-ME CORPORATION reported this...

9.1CVSS8AI score0.02174EPSS
Exploits0References8
Total number of security vulnerabilities5000