Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/05/16 5:25 a.m.•4 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1584CyVDB-2670 Operation restriction bypass vulnerability in Bulletin CWE-285 - CVE-2022-28718 CyVDB-1865CyVDB-2692 Operation restriction bypass vulnerability in Workflow CWE-285 - CVE-2022-27661...

8.1CVSS6.6AI score0.01049EPSS
Exploits0References40
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/05/13 7:31 a.m.•4 views

EC-CUBE plugin "Easy Blog for EC-CUBE4" vulnerable to cross-site request forgery

Overview EC-CUBE plugin "Easy Blog for EC-CUBE4" provided by COREMOBILE Co. Ltd. contains a cross-site request forgery vulnerability CWE-352. Furukawa Natsumi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

4.3CVSS6.5AI score0.00431EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/05/11 6:21 a.m.•4 views

Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries

Overview Installer of Trend Micro Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA...

7.8CVSS7.1AI score0.00279EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/05/09 5:31 a.m.•4 views

Multiple vulnerabilities in multiple MEIKYO ELECTRIC products

Overview Multiple MEIKYO ELECTRIC products provided by MEIKYO ELECTRIC CO.,LTD. contain multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2022-27632 Cross-site scripting CWE-79 - CVE-2022-28717 Takayuki Sasaki of Yokohama National University reported these...

8.8CVSS6.6AI score0.0053EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/04/22 4:53 a.m.•4 views

Hammock AssetView missing authentication for critical functions

Overview AssetView provided by Hammock Corporation misses authentication for some critical functions CWE-306 on the managing server. Denis Faiustov, Ruslan Sayfiev of GMO Cyber Security by IERAE reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...

9.8CVSS7.9AI score0.04273EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/04/15 4:15 a.m.•4 views

WordPress Plugin "MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership" vulnerable to cross-site request forgery

Overview WordPress Plugin "MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership" provided by VideoWhisper contains a cross-site request forgery vulnerability CWE-352. Kosuke Sakai reported and coordinated with the developer to fix this vulnerability. After coordination was...

8.8CVSS6.8AI score0.00781EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/04/07 7:58 a.m.•4 views

Trend Micro Antivirus for Mac vulnerable to privilege escalation

Overview Trend Micro Incorporated has released a security update for Trend Micro Antivirus for Mac. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A user who can log in to the system where the affected product is installed may...

8.5CVSS7.1AI score0.01187EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/03/31 8:25 a.m.•4 views

Trend Micro Apex Central and Trend Micro Apex Central as a Service vulnerable to improper check for file contents

Overview Trend Micro Apex Central and Trend Micro Apex Central as a Service provided by Trend Micro Incorporated are vulnerable to improper check for file contents CWE-345, CVE-2022-26871. Trend Micro Incorporated states that attacks has been observed. Trend Micro Incorporated reported this...

9.8CVSS7.4AI score0.19633EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/03/30 6:23 a.m.•4 views

WordPress Plugin "Advanced Custom Fields" vulnerable to missing authorization

Overview WordPress Plugin "Advanced Custom Fields" provided by Delicious Brains contains a missing authorization vulnerability CWE-862. Keitaro Yamazaki of Ierae Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.5CVSS6.6AI score0.01437EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/03/30 5:0 a.m.•4 views

AttacheCase may insecurely load Dynamic Link Libraries

Overview AttacheCase may insecurely load Dynamic Link Libraries. AttacheCase is an open source file encryption software provided by HiBARA Software. AttacheCase contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Taizoh Tsukamoto of...

7.8CVSS6.9AI score0.00362EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/03/23 3:8 a.m.•4 views

Netcommunity OG410X and OG810X VoIP gateway/Hikari VoIP adapter for business offices vulnerable to OS command injection

Overview Netcommunity OG410X and OG810X series provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contain an OS command injection vulnerability CWE-78, CVE-2022-22986. Chuya Hayakawa of 00One, Inc. reported this vulnerability to NTT Eas...

8.8CVSS7.5AI score0.00709EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/03/03 5:40 a.m.•4 views

MarkText vulnerable to cross-site scripting

Overview MarkText is a Markdown editor. MarkText contains a cross-site scripting vulnerability CWE-79. Eiji Mori of Flatt Security Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may...

5.4CVSS6AI score0.00526EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/03/03 5:32 a.m.•4 views

Norton Security for Mac improperly processes ICMP packets

Overview Norton Security for Mac provided by NortonLifeLock Inc. is antivirus software. Norton Security for Mac improperly processes ICMP packets, which may result in OS to crash CWE-20. Yuki Meguro of Tohoku Information Systems Company, Incorporated reported this vulnerability to IPA. JPCERT/CC...

7.1CVSS6.5AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/02/22 5:22 a.m.•4 views

EC-CUBE improperly handles HTTP Host header values

Overview EC-CUBE provided by EC-CUBE CO.,LTD. improperly handles HTTP Host header values CWE-913. EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LTD. coordinated under the Information Security Early Warning...

5.3CVSS6.7AI score0.01138EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/02/18 6:55 a.m.•4 views

Multiple vulnerabilities in a-blog cms

Overview a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2022-24374 Cross-site scripting CWE-79 - CVE-2022-23916 Template injection CWE-1336 - CVE-2022-23810 Authentication bypass CWE-291 - CVE-2022-21142 CVE-2022-24374 iwama...

9.8CVSS7.2AI score0.01523EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/02/18 5:55 a.m.•4 views

Trend Micro Antivirus for MAC vulnerable to privilege escalation

Overview Trend Micro Incorporated has released a security update for Trend Micro Antivirus for MAC. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A user who can log in to the system where the affected product is installed may...

7.8CVSS6.7AI score0.00414EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/02/17 6:20 a.m.•4 views

Multiple vulnerabilities in phpUploader

Overview phpUploader provided by Dojin Club MICMNIS contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2022-24435 SQL Injection CWE-89 - CVE-2022-23986 Toyama Taku reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information...

7.5CVSS7.4AI score0.01664EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/02/07 5:18 a.m.•4 views

Multiple ESET products for macOS vulnerable to improper server certificate verification

Overview Multiple ESET products for macOS are vulnerable to improper server certificate verification CWE-295. KOBAYASHI Yasuyuki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may...

5.9CVSS6.5AI score0.0166EPSS
Exploits4References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/01/25 6:31 a.m.•4 views

Multiple vulnerabilities in TransmitMail

Overview TransmitMail is a PHP based mail form system. TransmitMail contains multiple vulnerabilities listed below. Directory traversal vulnerability due to the improper validation of external input values CWE-22 - CVE-2022-22146 Cross-site scripting CWE-79 - CVE-2022-21193 ishiyuriniwa reported...

7.5CVSS6.7AI score0.02001EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/12/17 7:57 a.m.•4 views

UNIVERGE DT Series vulnerable to missing encryption of sensitive data

Overview UNIVERGE IP Phone DT Series and PC tools for DT Series maintainers IP Phone Manager and Data Maintenance Tool provided by NEC Platforms, Ltd. contain a missing encryption vulnerability CWE-311. NEC Platforms, Ltd. reported this vulnerability to IPA to notify users of its solutions throug...

5.3CVSS6.5AI score0.01066EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/11/29 4:52 a.m.•4 views

Trend Micro Antivirus for MAC vulnerable to improper access controls

Overview Trend Micro Incorporated has released a security update for Trend Micro Antivirus for MAC. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A user who can login to the system where the affected product is installed may...

7.8CVSS7.2AI score0.00322EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/11/26 5:59 a.m.•4 views

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2021-41243 Arbitrary code upload vulnerability in Database restore CWE-434 - CVE-2021-41279 CVE-2021-41243 Akagi Yusuke of NTT-ME CORPORATION reported this...

9.1CVSS8AI score0.02174EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/11/11 6:9 a.m.•4 views

Multiple vulnerabilities in EC-CUBE 2 series

Overview EC-CUBE 2 series provided by EC-CUBE CO.,LTD. contains multiple vulnerabilities listed below. Improper access control in Management screen CWE-284 - CVE-2021-20841 Cross-site request forgery vulnerability in Management screen CWE-352 - CVE-2021-20842 EC-CUBE CO.,LTD. reported these...

6.5CVSS7.1AI score0.01276EPSS
Exploits2References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/10/29 6:22 a.m.•4 views

Multiple vulnerabilities in CLUSTERPRO X and EXPRESSCLUSTER X

Overview CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain multiple vulnerabilities listed below. Buffer overflow in the Disk Agent CWE-119 - CVE-2021-20700, CVE-2021-20701 Buffer overflow in the Transaction Server CWE-119 - CVE-2021-20702, CVE-2021-20703 Buffer overflow in th...

10CVSS8.1AI score0.02131EPSS
Exploits0References20
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/10/18 6:26 a.m.•4 views

OMRON CX-Supervisor vulnerable to out-of-bounds read

Overview CX-Supervisor provided by OMRON Corporation contains an out-of-bounds read vulnerability CWE-125, CVE-2021-20836. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If a user of the product has access to change system settings and...

6.5CVSS7.3AI score0.0078EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/10/18 5:58 a.m.•4 views

128 Technology Session Smart Router vulnerable to authentication bypass

Overview 128 Technology Session Smart Router provided by 128 Technology contains an authentication bypass vulnerability CWE-287. Genta Kataoka of IERAE SECURITY INC. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

9.8CVSS7.4AI score0.01666EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/09/03 7:10 a.m.•4 views

Trend Micro Security family vulnerable to improper handling of Directory Junction

Overview Trend Micro Incorporated has released security updates for Trend Micro Security family. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. Impact An attacker may obtain unauthorized privileges and cause a denial-of-service DoS...

6.6AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/08/24 5:30 a.m.•4 views

The installers of multiple Sony products may insecurely load Dynamic Link Libraries

Overview The installers of multiple Sony products contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Shogo Kumamaru of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

7.8CVSS7.2AI score0.00315EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/08/12 5:5 a.m.•4 views

Plone vulnerable to open redirect

Overview Plone provided by Plone Foundation contains an open redirect vulnerability CWE-601. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When accessin...

6.5CVSS6.6AI score0.01028EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/08/02 7:42 a.m.•4 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1782 Cross-site scripting vulnerability in Scheduler CWE-79 - CVE-2021-20753 CyVDB-2029 Improper input validation vulnerability in Workflow CWE-20 - CVE-2021-20754 CyVDB-2071 Viewing restrictions...

8CVSS6.5AI score0.00993EPSS
Exploits0References52
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/07/07 5:3 a.m.•4 views

Multiple vulnerabilities in Elecom routers

Overview Multiple routers provided by ELECOM CO.,LTD. contain information disclosure and OS command injection vulnerabilities. Multiple routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. WRC-1167FS-W, WRC-1167FS-B, WRC-1167FSA Information disclosure CWE-200 -...

8.8CVSS7.8AI score0.00512EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/07/06 5:11 a.m.•4 views

WordPress Plugin "WPCS - WordPress Currency Switcher" vulnerable to cross-site request forgery

Overview WordPress Plugin "WPCS - WordPress Currency Switcher" provided by realmag777 contains a cross-site request forgery vulnerability CWE-352. Mizuki Takagi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported and coordinated with...

8.8CVSS6.5AI score0.00866EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/07/05 5:28 a.m.•4 views

A-Stage SCT-40CM01SR and AT-40CM01SR vulnerable to authentication bypass

Overview SCT-40CM01SR and AT-40CM01SR provided by A-Stage Inc. are liquid crystal televisions. SCT-40CM01SR and AT-40CM01SR contain an authentication bypass vulnerability CWE-287. Shinnosuke Tokusho reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

9.8CVSS7.2AI score0.0129EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/06/16 7:18 a.m.•4 views

Multiple cross-site scripting vulnerabilities in multiple EC-CUBE plugins provided by EC-CUBE

Overview Multiple EC-CUBE plugins provided by EC-CUBE CO.,LTD. contain multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20742 Cross-site scripting vulnerability CWE-79 - CVE-2021-20743 Cross-site scripting vulnerability CWE-79 -...

7.1CVSS6.3AI score0.00757EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/06/15 7:9 a.m.•4 views

Multiple ETUNA EC-CUBE plugins vulnerable to cross-site scripting

Overview Multiple EC-CUBE plugins provided by ETUNA contain a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE. As of 2021 June 15, an attack exploting this vulnerability has been observed in the wil...

6.1CVSS5.9AI score0.01121EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/06/11 6:24 a.m.•4 views

WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting

Overview WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a stored cross-site scripting vulnerability CWE-79. Yu Iwama of Secure Sky Technology Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.1CVSS5.8AI score0.01044EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/06/03 5:5 a.m.•4 views

ATOM - Smart life App vulnerable to improper server certificate verification

Overview ATOM - Smart life App provided by ATOM tech Inc. is vulnerable to improper server certificate verification CWE-295. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.9CVSS6.6AI score0.00486EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/05/14 6:26 a.m.•4 views

Multiple vulnerabilities in Cisco Small Business Series Wireless Access Points

Overview Cisco Small Business Series Wireless Access Points provided by Cisco Systems, Inc. contain multiple vulnerabilities listed below. Improper access control CWE-284 - CVE-2021-1400 Command injection CWE-78 - CVE-2021-1401 Shuto Imai of LAC Co., Ltd. reported this vulnerability to IPA...

9CVSS7.4AI score0.02034EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/05/13 7:5 a.m.•4 views

Multiple vulnerabilities in KonaWiki2

Overview KonaWiki2 provided by kujirahand contains multiple vulnerabilites listed below. SQL Injection CWE-89 - CVE-2021-20720 Unrestricted upload of file with dangerous type CWE-434 - CVE-2021-20721 apple502j reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

9.8CVSS7.5AI score0.01522EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/04/27 8:12 a.m.•4 views

WordPress plugin "WP Fastest Cache" vulnerable to directory traversal

Overview WordPress plugin "WP Fastest Cache" provided by Emre Vona contains a directory traversal vulnerability CWE-22. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated on his own. After coordination was completed, this case was report...

6.5CVSS6.6AI score0.02625EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/03/25 9:6 a.m.•4 views

Yomi-Search vulnerable to cross-site scripting

Overview Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 22, 2021, it was judged that an...

6.1CVSS6.1AI score0.00756EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/03/25 8:43 a.m.•4 views

Kagemai vulnerable to cross-site scripting

Overview Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved...

6.1CVSS6AI score0.00756EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/03/15 6:56 a.m.•4 views

Multiple vulnerabilities in Cybozu Office

Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1657 Operational restrictions bypass vulnerability in Scheduler CWE-264 - CVE-2021-20624 CyVDB-1727 Operational restrictions bypass vulnerability in Bulletin Board CWE-264 - CVE-2021-20625...

6.5CVSS6.6AI score0.0081EPSS
Exploits0References29
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/03/12 6:59 a.m.•4 views

M-System DL8 contains multiple vulnerabilities

Overview DL8 provided by M-System contains the following vulnerabilities: Denial-of-Service CWE-400 - CVE-2021-20675 Improper Access Control CWE-284 - CVE-2021-20676 CVE-2021-20675 Takayuki Sasaki, Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC...

6.8CVSS6.5AI score0.01333EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/03/08 8:26 a.m.•4 views

Trend Micro Security (Consumer) vulnerable to code injection

Overview Trend Micro Security Consumer provided by Trend Micro Incorporated contains a code injection vulnerability CWE-94. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. Impact An attacker who obtained administrative privileges may...

7.2CVSS7.8AI score0.02491EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/02/19 7:44 a.m.•4 views

Multiple vulnerabilities in SolarView Compact

Overview SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below. Exposure of information through directory listing CWE-548 - CVE-2021-20656 Improper access control CWE-284 - CVE-2021-20657 OS command injection CWE-78 - CVE-2021-20658 Unrestricted upload of...

10CVSS8.3AI score0.73946EPSS
Exploits22References37
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/02/04 6:39 a.m.•4 views

Panasonic Video Insight VMS vulnerable to arbitrary code execution

Overview Video Insight VMS provided by Panasonic Corporation contains an arbitrary code execution vulnerability CWE-94 because unencrypted communication exists in the communication using non-well known ports. Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its...

10CVSS7.7AI score0.02815EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/01/26 7:26 a.m.•4 views

Multiple vulnerabilities in multiple LOGITEC products

Overview Multiple products provided by LOGITEC CORPORATION contain multiple vulnerabilities. Improper restriction of excessive authentication attempts CWE-307 - CVE-2021-20635 Cross-site request forgery CWE-352 - CVE-2021-20636, CVE-2021-20641 Improper check or handling of exceptional conditions...

7.7CVSS8.4AI score0.00993EPSS
Exploits0References23
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/01/12 6:53 a.m.•4 views

The installer of SKYSEA Client View may insecurely load Dynamic Link Libraries

Overview SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. The installer of SKYSEA Client View contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. shogo kumamaru of LAC Co.,Ltd reported this...

7.8CVSS7AI score0.00321EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/01/04 8:24 a.m.•4 views

Multiple NEC Products vulnerable to authentication bypass

Overview In Intelligent Platform Management Interface IPMI v1.5, Remote Management Control Protocol RMCP to access BMC through LAN is prescribed. Multiple NEC products which conduct RMCP access using IPMI over LAN contain an issue in implementations of the BMC firmware and when accessing BMC...

5.3CVSS6.9AI score
Exploits0References5
Total number of security vulnerabilities5000