Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/05 6:51 a.m.•4 views

Multiple vulnerabilities in F-RevoCRM

Overview F-RevoCRM provided by ThinkingReed inc. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2023-41149 Cross-site scripting vulnerability CWE-79 - CVE-2023-41150 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA. JPCERT/...

9.8CVSS7.2AI score0.01261EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/04 4:41 a.m.•4 views

Multiple vulnerabilities in SHIRASAGI

Overview SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2023-36492 Stored cross-site scripting CWE-79 - CVE-2023-38569 Path traversal CWE-22 - CVE-2023-39448 CVE-2023-36492, CVE-2023-38569 Taiga Shirakura of Mits...

8.8CVSS7.3AI score0.0107EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/21 4:29 a.m.•4 views

Multiple vulnerabilities in LuxCal Web Calendar

Overview LuxCal Web Calendar provided by LuxSoft contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2023-39543 SQL injection CWE-89 - CVE-2023-39939 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated wit...

9.1CVSS7.9AI score0.00705EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/15 2:54 a.m.•4 views

Multiple vulnerabilities in ELECOM and LOGITEC network devices

Overview Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below. Hidden Functionality CWE-912 - CVE-2023-32626, CVE-2023-35991, CVE-2023-39445 Telnet service access restriction failure CWE-284 - CVE-2023-38132 Hidden Functionalit...

9.8CVSS7.6AI score0.01566EPSS
Exploits0References30
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/03 4:45 a.m.•4 views

OMRON CJ series and CS/CJ Series EtherNet/IT unit vulnerable to Denial-of-Service (DoS)

Overview Denial-of-service DoS vulnerability due to improper validation of specified type of input CWE-1287 issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit provided by OMRON Corporation. OMRON...

7.5CVSS6.8AI score0.00653EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/28 9:24 a.m.•4 views

Multiple vulnerabilities in Command Center RX (CCRX) of Kyocera Document Solutions MFPs and printers

Overview Command Center RX CCRX, a web interface for MFPs and printers provided by KYOCERA Document Solutions Inc., contains multiple vulnerabilities listed below. Path traversal CWE-22 - CVE-2023-34259 Path traversal CWE-22 - CVE-2023-34260 Observable response discrepancy CWE-204 - CVE-2023-3426...

7.5CVSS6.9AI score0.73354EPSS
Exploits4References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/12 7:15 a.m.•4 views

Multiple vulnerabilities in ELECOM and LOGITEC wireless LAN routers

Overview Multiple wireless LAN routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below. Command Injection on the web management page CWE-77 - CVE-2023-37566, CVE-2023-37568 Command Injection on a certain port of the web management page CWE-77 -...

9.8CVSS7.5AI score0.01764EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/14 5:47 a.m.•4 views

Security updates for multiple Trend Micro products for enterprises (June 2023)

Overview Trend Micro Incorporated has released security updates for multiple Trend Micro products for enterprises. For more details, refer to the information provided by the developer. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JV...

9.8CVSS7.8AI score0.68941EPSS
Exploits2References78
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/07 2:52 a.m.•4 views

Multiple vulnerabilities in KbDevice digital video recorders

Overview Multiple digital video recorders provided by KbDevice,Inc. contain multiple vulnerabilities listed below. Improper authentication CWE-287 - CVE-2023-30762 OS command injection CWE-78 - CVE-2023-30764 Hidden functionality CWE-912 - CVE-2023-30766 Yoshiki Mori, Ushimaru Hayato, Hiromu...

9.8CVSS8AI score0.01543EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/01 5:51 a.m.•4 views

"Jiyu Kukan Toku-Toku coupon" App vulnerable to improper server certificate verification

Overview "Jiyu Kukan Toku-Toku coupon" App provided by RUNSYSTEM CO.,LTD. is vulnerable to improper server certificate verification CWE-295. Ryo Nihonyanagi of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

6.5CVSS6.6AI score0.00281EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/24 2:40 a.m.•4 views

Cross-site Scripting Vulnerability in Hitachi Ops Center Analyzer

Overview A Cross-site Scripting Vulnerability exists in Hitachi Ops Center Analyzer. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.6CVSS6.5AI score0.00378EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/09 7:9 a.m.•4 views

Multiple vulnerabilities in SolarView Compact

Overview SolarView Compact provided by CONTEC CO.,LTD. contains multiple vulnerabilities listed below. Use of hard-coded credentials CWE-798 - CVE-2023-27512 OS command injection in the download page CWE-78 - CVE-2023-27514 Buffer overflow in the multiple setting pages CWE-120 - CVE-2023-27518 OS...

8.8CVSS8.7AI score0.01924EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/09 6:14 a.m.•4 views

WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" vulnerable to cross-site scripting

Overview WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" provided by Vektor,Inc. contain multiple cross-site scripting vulnerabilities CWE-79 listed below. Cross-site scripting vulnerability in Tag edit function - CVE-2023-27923 Cross-site scripting vulnerability in Post function ...

5.4CVSS6.3AI score0.00613EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/14 6:48 a.m.•4 views

JB Inquiry form vulnerable to exposure of private personal information to an unauthorized actor

Overview JB Inquiry form provided by Jubei Inc. contains an exposure of private personal information to an unauthorized actor vulnerability CWE-359. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

7.5CVSS6.6AI score0.00707EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/03/31 6:54 a.m.•4 views

Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210

Overview SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210 provided by Seiko Solutions Inc. contain multiple vulnerabilities listed below. Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2016-2183 Command injection CWE-77 - CVE-2022-36556 Unrestricted upload of file with...

9.8CVSS9.3AI score0.95707EPSS
Exploits7References40
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/03/31 6:54 a.m.•4 views

HAProxy vulnerable to HTTP request/response smuggling

Overview HAProxy's HTTP/3 implementation fails to block a malformed HTTP header field name, and when deployed in front of a server that incorrectly process this malformed header, it may be used to conduct an HTTP request/response smuggling attack CWE-444. Yuki Mogi of FFRI Security, Inc. reported...

7.3CVSS6.6AI score0.02942EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/03/24 5:35 a.m.•4 views

ELECOM WAB-MAT registers its windows service executable with an unquoted file path

Overview WAB-MAT provided by ELECOM CO.,LTD. is Access Point Management Tool for corporate users. WAB-MAT registers its windows service executable with an unquoted file path CWE-428. Tomohisa Hasegawa of Canon IT Solutions Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

8.2CVSS6.6AI score0.00198EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/03/08 6:12 a.m.•4 views

Multiple vulnerabilities in Buffalo network devices

Overview Multiple network devices provided by BUFFALO INC. contain multiple vulnerabilities listed below. Use of hard-coded credentials CWE-798 - CVE-2023-26588 Improper access control CWE-284 - CVE-2023-24544 Stored cross-site scripting CWE-79 - CVE-2023-24464 Impact An attacker may access the...

8.1CVSS6.3AI score0.03306EPSS
Exploits4References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/03/02 8:33 a.m.•4 views

Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service

Overview Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Uploading of a large number of files to fill up the file system on the...

9.8CVSS7.9AI score0.59585EPSS
Exploits0References20
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/03/01 6:57 a.m.•4 views

Multiple vulnerabilities in SS1 and Rakuraku PC Cloud

Overview SS1 is asset management software and Rakuraku PC Cloud is cloud-based asset management service. SS1 and Rakuraku PC Cloud Agent contain multiple vulnerabilities listed below. Improper Access Control CWE-284 - CVE-2023-22335 Path Traversal CWE-22 - CVE-2023-22336 Use of Hard-coded...

9.8CVSS7.8AI score0.01099EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/02/28 7:38 a.m.•4 views

Multiple cross-site scripting vulnerabilities in EC-CUBE

Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability in Contents Management CWE-79 - CVE-2023-22438 Cross-site scripting vulnerability in Authentication Key Settings CWE-79 - CVE-2023-25077 Cross-site...

5.4CVSS6.4AI score0.00692EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/02/28 6:0 a.m.•4 views

web2py development tool vulnerable to open redirect

Overview The admin development tool included in the web2py source code contains an open redirect vulnerability CWE-601. According to the developer, they do not recommend using the tool in operational environment or disclosing it on the Internet. Takuto Yoshikai of Aeye Security Lab reported this...

6.1CVSS6.8AI score0.02382EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/02/14 8:0 a.m.•4 views

Improper restriction of XML external entity reference (XXE) vulnerability in tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools

Overview tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools provided by FUJITSU LIMITED contain an improper restriction of XML external entity reference XXE vulnerability CWE-611. Toyama Taku and Sakaki Ryutaro of NEC Corporation reported this vulnerability to IPA. JPCERT/CC...

7.4CVSS6.8AI score0.00677EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/02/08 3:46 a.m.•4 views

Multiple vulnerabilities in JTEKT ELECTRONICS Screen Creator Advance 2

Overview Screen Creator Advance 2 provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below. Out-of-bound write CWE-787 - CVE-2023-22345 Out-of-bound read CWE-125 - CVE-2023-22346, CVE-2023-22347, CVE-2023-22349, CVE-2023-22350, CVE-2023-22353 Use-after-free CWE-416...

7.8CVSS7.6AI score0.00334EPSS
Exploits0References20
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/02/06 5:31 a.m.•4 views

Ichiran App vulnerable to improper server certificate verification

Overview Ichiran App developed by Betrend Corporation and provided by ICHIRAN INC. is vulnerable to improper server certificate verification CWE-295. Ryo Nihonyanagi of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

6.5CVSS6.5AI score0.00513EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/24 7:0 a.m.•4 views

pgAdmin 4 vulnerable to directory traversal

Overview PostgreSQL management tool pgAdmin 4 contains a directory traversal vulnerability CWE-22. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user ...

6.5CVSS6.6AI score0.08826EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/18 4:51 a.m.•4 views

File and Directory Permissions Vulnerability in Hitachi Tuning Manager

Overview A File and Directory Permissions Vulnerability CVE-2020-36611 exists in Hitachi Tuning Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

7.1CVSS6.8AI score0.0015EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/26 7:21 a.m.•4 views

Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service

Overview Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Privilege escalation and file deletion in Damage Cleanup Engine compone...

7.8CVSS7.1AI score0.00649EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/20 3:12 a.m.•4 views

Command injection vulnerability in SHARP Multifunctional Products (MFP)

Overview SHARP Multifunctional Products MFP contain a command injection vulnerability CWE-77, CVE-2022-45796. The OS layer is affected beyond the web application component, however treating the web application component as separate from the OS layer, 'Scope' is analyzed as 'S:C'. Sharp reported...

9.1CVSS7.5AI score0.03232EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/15 6:18 a.m.•4 views

Multiple vulnerabilities in DENSHI NYUSATSU CORE SYSTEM

Overview DENSHI NYUSATSU CORE SYSTEM provided by Japan Construction Information Center contains multiple vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2022-41993 Cross-site scripting vulnerability CWE-79 - CVE-2022-46287 Open redirect vulnerability CWE-601 -...

6.1CVSS6.4AI score0.00549EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/13 5:5 a.m.•4 views

Redmine vulnerable to cross-site scripting

Overview Redmine contains a cross-site scripting vulnerability CWE-79 caused by improper Textile processing. Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6AI score0.00429EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/02 5:57 a.m.•4 views

Multiple vulnerabilities in UNIMO Technology digital video recorders

Overview Multiple digital video recorders provided by UNIMO Technology Co., Ltd contain multiple vulnerabilities listed below. Improper Authentication CWE-287 - CVE-2022-44620 OS Command Injection CWE-78 - CVE-2022-44606 Hidden Functionality CWE-912 - CVE-2022-43464 The reporter states that attac...

8.8CVSS7.8AI score0.0147EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/11/28 6:40 a.m.•4 views

Multiple vulnerabilities in OMRON CX-Programmer

Overview CX-Programmer provided by Omron Corporation contains multiple vulnerabilities listed below. Use-after-free CWE-416 - CVE-2022-43508, CVE-2023-22277, CVE-2023-22317, CVE-2023-22314 Out-of-bounds Write CWE-787 - CVE-2022-43509 Stack-based Buffer Overflow CWE-121 - CVE-2022-43667 Michael...

7.8CVSS7.7AI score0.00268EPSS
Exploits0References18
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/11/21 9:25 a.m.•4 views

Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service

Overview Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Information disclosure due to Out-of-Bounds read vulnerabilities...

7.8CVSS7AI score0.00767EPSS
Exploits0References25
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/11/08 5:59 a.m.•4 views

Multiple vulnerabilities in WordPress

Overview WordPress contains multiple vulnerabilities listed below which are to the WordPress Post by Email Feature. Stored Cross-site scripting CWE-79 - CVE-2022-43497 Stored Cross-site scripting CWE-79 - CVE-2022-43500 Improper authentication CWE-287 - CVE-2022-43504 Toshitsugu Yoneyama of Mitsu...

6.1CVSS6.9AI score0.01404EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/10/25 6:10 a.m.•4 views

Multiple vulnerabilities in SHIRASAGI

Overview SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2022-43479 Stored Cross-site Scripting CWE-79 - CVE-2022-43499 SHIGA TAKUMA of BroadBand Security, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with th...

6.1CVSS6.6AI score0.00918EPSS
Exploits2References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/09/30 5:48 a.m.•4 views

BookStack vulnerable to cross-site scripting

Overview BookStack contains a cross-site scripting vulnerability CWE-79. Kenichi Okuno of Mitsui Bussan Secure Directions, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...

5.4CVSS6AI score0.00692EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/09/15 7:30 a.m.•4 views

Multiple vulnerabilities in EC-CUBE

Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple vulnerabilities listed below. Directory traversal vulnerability CWE-22 - CVE-2022-40199 DOM-based cross-site scripting vulnerability CWE-79 - CVE-2022-38975 Noriaki Iwasaki of Cyber Defense Institute, Inc. reported these...

5.4CVSS6.4AI score0.01056EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/08/24 6:58 a.m.•4 views

Movable Type XMLRPC API vulnerable to command injection

Overview Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability CWE-74. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. According...

9.8CVSS7.8AI score0.01854EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/07/25 5:30 a.m.•4 views

WordPress Plugin "Newsletter" vulnerable to cross-site scripting

Overview WordPress Plugin "Newsletter" provided by Stefano Lissa & The Newsletter Team contains a cross-site scripting vulnerability CWE-79. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

6.1CVSS6AI score0.01785EPSS
Exploits2References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/07/20 8:28 a.m.•4 views

Multiple vulnerabilities in Cybozu Office

Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-839CyVDB-2300CyVDB-3109 Browse restriction bypass vulnerability in Cabinet CWE-284 - CVE-2022-32283 CyVDB-1795 Operation restriction bypass vulnerability in Project CWE-285 - CVE-2022-32544...

6.5CVSS7AI score0.00759EPSS
Exploits0References30
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/07/14 6:59 a.m.•4 views

U-Boot squashfs filesystem implementation vulnerable to heap-based buffer overflow

Overview U-Boot is a boot loader for multiple platforms, and squashfs filesystem feature is provided since v2020.10-rc2 commit c5100613. squashfs filesystem implementation of U-Boot contains a heap-based buffer overflow vulnerability CWE-122 due to a defect in the metadata reading process...

7.8CVSS7.6AI score0.00516EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/06/23 5:21 a.m.•4 views

web2py vulnerable to open redirect

Overview web2py contains an open redirect vulnerability CWE-601. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When accessing a specially crafted URL, t...

6.1CVSS6.6AI score0.01443EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/06/15 8:47 a.m.•4 views

Growi vulnerable to weak password requirements

Overview GROWI provided by WESEEK, Inc. contains a weak password requirements vulnerability CWE-521, CVE-2022-1236. 418sec first reported this vulnerability to JPCERT/CC, then JPCERT/CC contacted WSEEK, Inc. as a coordinator. After the coordination between 418sec and WESEEK, Inc. was completed,...

6.5CVSS6.7AI score0.00535EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/06/15 3:28 a.m.•4 views

FreeBSD vulnerable to denial-of-service (DoS)

Overview FreeBSD contains a denial-of-service DoS vulnerability CWE-400 due to improper handling of TSopt on TCP connections. Impact A remote attacker may be able to cause a denial-of-service DoS condition. Solution Update the software Update the software to the latest version according to the...

7.5CVSS6.6AI score0.0073EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/06/01 4:39 a.m.•4 views

WordPress Plugin "Modern Events Calendar Lite" vulnerable to cross-site scripting

Overview WordPress Plugin "Modern Events Calendar Lite" provided by Webnus contains a stored cross-site scripting vulnerability CWE-79. Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

5.4CVSS5.9AI score0.00529EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/05/27 6:48 a.m.•4 views

Mobaoku-Auction & Flea Market App for iOS vulnerable to improper server certificate verification

Overview Mobaoku-Auction & Flea Market App for iOS provided by DeNA Co., Ltd. is vulnerable to improper server certificate verification CWE-295. Okazawa Yoshihiro reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

4.8CVSS6.4AI score0.00344EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/05/27 6:37 a.m.•4 views

Multiple vulnerabilities in Fuji Electric V-SFT, V-Server and V-Server Lite

Overview Multiple vulnerabilities listed below exist in the simulator module contained in the graphic editor "V-SFT" and the remote monitoring software "V-Server" and "V-Server Lite" provided by FUJI ELECTRIC CO., LTD. Out-of-bounds Read in V-SFT CWE-125 - CVE-2022-29506 Out-of-bounds Read in...

7.8CVSS7.5AI score0.00874EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/05/27 6:28 a.m.•4 views

Multiple vulnerabilities in CONTEC SolarView Compact

Overview SolarView Compact provided by CONTEC CO., LTD. is PV Measurement System. SolarView Compact contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2022-29303 Improper validation of input values on the send test mail console of the product's web server may result...

10CVSS8AI score0.99273EPSS
Exploits20References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/05/24 6:27 a.m.•4 views

Trend Micro Password Manager vulnerable to privilege escalation

Overview Trend Micro Incorporated has released a security update for Trend Micro Password Manager. Trend Micro Incorporated reported the vulnerability to JPCERT/CC to notify users of the solutions through JVN. Impact A non-administrative user of the system where the affected product is installed...

7.8CVSS7.1AI score0.00422EPSS
Exploits0References5
Total number of security vulnerabilities5000