Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/19 5:33 a.m.•4 views

Hibernate ORM vulnerable to SQL injection

Overview Hibernate ORM is an ORM framework for Java. Hibernate ORM can be configured hibernate.usesqlcomments to true, which is false by default to add comments to generated SQL statements, aimed at debugging purpose. When hibernate.usesqlcomments is configured to true, malicious input may produc...

7.4CVSS7.2AI score0.02907EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/10/21 5:50 a.m.•4 views

Multiple vulnerabilities in WordPress Plugin "Simple Download Monitor"

Overview WordPress Plugin "Simple Download Monitor" provided by Tips and Tricks HQ contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2020-5650 SQL Injection CWE-89 - CVE-2020-5651 Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the...

8.8CVSS7.7AI score0.01487EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/09/28 6:52 a.m.•4 views

ServerProtect for Linux vulnerable to OS command injection

Overview ServerProtect for Linux provided by Trend Micro Incorporated contains an OS command injection vulnerability CWE-78. Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact A remote authenticated attacker may execute arbitrary code. Soluti...

9.1CVSS8AI score0.05235EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/09/17 5:41 a.m.•4 views

Multiple access restriction bypass vulnerabilities in UNIQLO App

Overview UNIQLO App provided by UNIQLO CO., LTD. contains multiple access restriction bypass vulnerabilities below. A remote attacker may be able to lead a user to access an arbitrary website via the vulnerable App. The App launched by a Custom URL Scheme may lead a user to access an arbitrary UR...

6.5CVSS6.8AI score0.00997EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/08/03 7:36 a.m.•4 views

Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center

Overview Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution...

7.1AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/07/31 5:29 a.m.•4 views

FANUC i Series CNC vulnerable to denial-of-service (DoS)

Overview Fanuc i Series CNC provided by FANUC CORPORATION contains a denial-of-service DoS CWE-400 vulnerability. Industrial Control Security Laboratory of Qi An Xin Technology Group Inc. from China reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

5.3CVSS6.8AI score0.01949EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/07/09 6:46 a.m.•4 views

Multiple vulnerabilities in TCP/IP function on Mitsubishi Electric GOT2000 series

Overview TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series GT27, GT25, and GT23 contains multiple vulnerabilities listed below. Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-119 - CVE-2020-5595 Session Fixation CWE-384 - CVE-2020-5596 NUL...

10CVSS6.9AI score0.03489EPSS
Exploits1References21
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/06/11 8:17 a.m.•4 views

Multiple vulnerabilities in Zenphoto

Overview Zenphoto is a content management system CMS. Zenphoto contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2020-5592 Code Injection CWE-94 - CVE-2020-5593 Tomohisa Maeda of Panasonic Corporation, Product Security Center reported this vulnerability to IPA...

8.8CVSS6.9AI score0.01166EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/05/11 6:16 a.m.•4 views

PALLET CONTROL vulnerable to arbitrary code execution

Overview PALLET CONTROL provided by JAL Information Technology Co., Ltd. is IT asset management software. PALLET CONTROL contains an arbitrary code execution vulnerability due to improper file access permission CWE-284. Yoshimasa Obana reported this vulnerability to IPA. JPCERT/CC coordinated wit...

7.8CVSS7.8AI score0.00384EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/04/28 5:48 a.m.•4 views

Cybozu Garoon contains multiple vulnerabilities

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Authentication bypass in the API used to specify the fields CWE-287 - CVE-2020-5563 Cross-site scripting in the application "E-mail" CWE-79 - CVE-2020-5564 Input validation bypass in the applications...

7.5CVSS6.8AI score0.01434EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/04/20 8:13 a.m.•4 views

Toshiba Electronic Devices & Storage software registers unquoted service paths

Overview Some of Toshiba Electronic Devices & Storage software registers Windows services with unquoted file paths CWE-428. Toshiba Electronic Devices & Storage Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and TOSHIBA ELECTRONIC DEVIC...

8.4CVSS6.8AI score0.00345EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/03/24 8:42 a.m.•4 views

CuteNews vulnerable to cross-site scripting

Overview Cute News provided by CutePHP.com is a system to manage news. Cute News contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it was judged that an advisory for this...

6.1CVSS6.2AI score0.00773EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/02/25 6:47 a.m.•4 views

Improper Authentication Vulnerability in RICOH printers

Overview Multiple RICOH printers contain Improper Authentication Vulnerability CWE-287. RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership. Impac...

7.5CVSS6.5AI score0.01409EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/02/10 3:30 a.m.•4 views

HtmlUnit vulenerable to arbitrary code execution

Overview HtmlUnit is a Java-based library which provides web browser functionality to Java programs, and it supports JavaScript evaluation with embedded Mozilla Rhino engine. Mozilla Rhino engine offers a feature to make Java objects available from JavaScript. HtmlUnit initializes Rhino engine...

8.1CVSS7AI score0.04719EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/01/31 3:30 a.m.•4 views

AWMS Mobile App vulnerable to improper server certificate verification

Overview AWMS Mobile App is vulnerable to improper server certificate verification CWE-295. Dai Nakamura of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5.9CVSS6.6AI score0.00497EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/01/21 4:55 a.m.•4 views

Multiple Fuji Xerox mobile applications fails to verify SSL server certificates

Overview Multiple Fuji Xerox mobile applications fail to verify SSL server certificates CWE-295. Hirotaka Niisato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an...

7.4CVSS6.5AI score0.0052EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/20 6:43 a.m.•4 views

Multiple vulnerabilities in a-blog cms

Overview a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2019-6033 Script injection due to a flaw in processing cookie CWE-74 - CVE-2019-6034 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this...

6.1CVSS6.7AI score0.00781EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/19 4:59 a.m.•4 views

Android App "NTV News24" fails to verify SSL server certificates

Overview Android App "NTV News24" provided by Nippon Television Network Corporation fails to verify SSL server certificates CWE-295. Shinnosuke Tokusho of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA...

7.4CVSS6.5AI score0.0052EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/12 6:0 a.m.•4 views

Athenz vulnerable to open redirect

Overview Athenz provided by Verizon Media contains an open redirect vulnerability CWE-601. Akaki Tsunoda reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When accessing a specially crafted URL, the user may b...

6.1CVSS6.5AI score0.01119EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/11 12:56 a.m.•4 views

Kinza vulnerable to cross-site scripting

Overview Kinza provided by Dayz Inc. contains a cross-site scripting vulnerability CWE-79. RyotaK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If CSP Content Security Policy on the affected product is...

6.1CVSS6AI score0.00781EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/10/23 7:0 a.m.•4 views

PowerCMS vulnerable to open redirect

Overview PowerCMS provided by Alfasado Inc. contains an open redirect vulnerability CWE-601. Hidetomo Hosono of EG Secure Solutions Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When accessing a...

6.1CVSS6.6AI score0.00851EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/10/11 6:8 a.m.•4 views

Multiple vulnerabilities in WordPress Plugin "wpDataTables Lite"

Overview WordPress Plugin "wpDataTables Lite" provided by TMS-Plugins contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6011 SQL Injection CWE-89 - CVE-2019-6012 Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and...

7.2CVSS7.8AI score0.01447EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/10/07 6:17 a.m.•4 views

Multiple OS command injection vulnerabilities in DBA-1510P

Overview DBA-1510P provided by D-Link Japan K.K. contains multiple OS command injection vulnerabilities listed below. OS command injection vulnerability in Command Line Interface CLI CWE-78 - CVE-2019-6013 OS command injection vulnerability in Web User Interface CWE-78 - CVE-2019-6014 Katsuhiko...

8.8CVSS7.8AI score0.01245EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/09/10 4:56 a.m.•4 views

SHIRASAGI vulnerable to open redirect

Overview SHIRASAGI provided by SHIRASAGI Project contains an open redirect vulnerability CWE-601. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

6.1CVSS6.5AI score0.0185EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/08/15 5:29 a.m.•4 views

ApeosWare Management Suite and ApeosWare Management Suite 2 contain open redirect vulnerability

Overview ApeosWare Management Suite and ApeosWare Management Suite 2 provided by Fuji Xerox Co.,Ltd. are software products to manage devices and their usages; providing authentication, printing, log accounting, and document distribution. These software products contain an open redirect...

6.1CVSS6.5AI score0.01122EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/08/09 3:23 a.m.•4 views

WonderCMS vulnerable to directory traversal

Overview WonderCMS contains a directory traversal vulnerability CWE-22. Note that the original fix for this vulnerability was insufficient CVE-2018-7172. However, an updated version of the software, which completely addressed this vulnerability has been released by the developer. Sosuke Tokuda...

7.5CVSS6.6AI score0.01862EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/07/18 4:56 a.m.•4 views

WordPress Plugin "Category Specific RSS feed Subscription" vulnerable to cross-site request forgery

Overview WordPress Plugin "Category Specific RSS feed Subscription" provided by Tips and Tricks HQ contains a cross-site request forgery vulnerability CWE-352. Gota Abe of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University directly reported this...

8.8CVSS6.5AI score0.00846EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/06/13 4:57 a.m.•4 views

A map plugin for Mincraft server "Dynmap" fails to restrict access permissions

Overview A map plugin for Mincraft server "Dynmap" fails to restrict access permissions CWE-284. RyotaK directly reported this vulnerability to the developer and coordinated on his own. After coordination was completed, this case was reported to IPA, and JPCERT/CC coordinated with the developer f...

5.3CVSS6.8AI score0.01595EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/06/03 4:55 a.m.•4 views

Vulnerability in Cosminexus HTTP Server and Hitachi Web Server

Overview A vulnerability CVE-2019-0220 exists in Cosminexus HTTP Server and Hitachi Web Server. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate...

5.3CVSS6.8AI score0.1786EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/05/31 4:51 a.m.•4 views

Multiple vulnerabilities in WordPress Plugin "Zoho SalesIQ"

Overview WordPress Plugin "Zoho SalesIQ" provided by Zoho SalesIQ Team contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-5962 Cross-site Request Forgery CWE-352 - CVE-2019-5963 Kouhei Ikeda of Cryptography Laboratory,Department of Information and Communication...

8.8CVSS6.6AI score0.01587EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/04/25 8:13 a.m.•4 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Cross-site scripting in the additional processing of Customize Item function CWE-79 - CVE-2019-5928 Cross-site scripting in the application "Memo" CWE-79 - CVE-2019-5929 Browse restriction bypass in th...

9.8CVSS7.3AI score0.02138EPSS
Exploits0References71
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/27 8:14 a.m.•4 views

Multiple vulnerabilities in Nablarch

Overview Nablarch provided by TIS Inc. contains multiple vulnerabilities listed below. The vulnerability in the function of generic formatter by XXE attacks CWE-611 - CVE-2019-5918 An incomplete cryptography of the data store function by using hidden tag CWE-310 - CVE-2019-5919 TIS Inc. reported...

9.1CVSS6.8AI score0.01863EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/01/31 6:46 a.m.•4 views

UNLHA32.DLL, UNARJ32.DLL, LHMelting and LMLzh32.DLL may insecurely load Dynamic Link Libraries

Overview UNLHA32.DLL, UNARJ32.DLL, LHMelting and LMLzh32.DLL provided by Micco contain vulnerabilities listed below. Self-Extracting Archives created by UNLHA32.DLL may insecurely load Dynamic Link Libraries CWE-427 - CVE-2018-16189 Insecurely load specific DLL file in the same directory CWE-427 ...

7.8CVSS7AI score0.00944EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/01/31 6:35 a.m.•4 views

The installers of UNLHA32.DLL, UNARJ32.DLL and LHMelting may insecurely load Dynamic Link Libraries

Overview The installers of UNLHA32.DLL, UNARJ32.DLL and LHMelting provided by Micco use the old version of Self-Extracting Archives created by UNLHA32.DLL. They contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427, CVE-2018-16189. Eili...

7.8CVSS6.9AI score0.00944EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/26 7:36 a.m.•4 views

GROWI vulnerable to cross-site scripting

Overview GROWI provided by WESEEK, Inc. contains a cross-site scripting vulnerability CWE-79. The settings option for enabling and disabling the measures against cross-site scripting "Enable XSS prevention" option was introduced in v3.1.12. However, there was an issue with the implementation wher...

5.4CVSS5.5AI score0.00678EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/21 5:10 a.m.•4 views

PgpoolAdmin fails to restrict access permissions

Overview PgpoolAdmin provided by PgPool Global Development Group fails to restrict access permissions CWE-264. Fotios Rogkotis of DarkMatter reported this vulnerability to PgPool Global Development Group, and PgPool Global Development Group reported this vulnerability to IPA to notify users of it...

9.8CVSS7AI score0.0172EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/15 8:16 a.m.•4 views

Multiple Vulnerabilities in JP1/VERITAS

Overview Multiple vulnerabilities have been found in JP1/VERITAS. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

10CVSS7AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/14 6:42 a.m.•4 views

Cybozu Dezie vulnerable to directory traversal

Overview Cybozu Dezie provided by Cybozu, Inc. contains a directory traversal vulnerability CWE-22 due to a flaw in processing parameter of the HTTP request. Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its...

9.1CVSS6.8AI score0.02121EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/24 7:13 a.m.•4 views

BlueStacks App Player fails to restrict access permissions

Overview BlueStacks App Player fails to restrict access permissions CWE-284. Masaki Kubo and Yoshiki Mori of Cybersecurity Laboratory, National Institute of Information and Communications Technology reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

8.8CVSS6.7AI score0.00571EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/19 5:31 a.m.•4 views

Multiple vulnerabilities in YukiWiki

Overview YukiWiki is a Wiki engine. YukiWiki contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2018-0699 Processing a particular request consumes large amounts of CPU and memory resources CWE-400 - CVE-2018-0700 Tanaka Akira of National Institute of Advanced...

7.8CVSS6.8AI score0.01134EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/15 6:26 a.m.•4 views

Multiple vulnerabilities in FileZen

Overview FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains multiple vulnerabilities listed below. Directory traversal CWE-22 - CVE-2018-0693 OS command injection CWE-78 - CVE-2018-0694 Soliton Systems K.K...

10CVSS8AI score0.02374EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/09/10 5:1 a.m.•4 views

Cybozu Garoon vulnerable to directory traversal

Overview Cybozu Garoon provided by Cybozu, Inc. contains a directory traversal vulnerability CWE-22 due to a flaw in processing of the session information. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated und...

8.1CVSS6.6AI score0.01381EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/08/31 6:59 a.m.•4 views

AttacheCase vulnerable to arbitrary script execution

Overview AttacheCase is an open source file encryption software provided by HiBARA Software. If a setting file AtcCase.ini is specially crafted and it resides in the same folder where ATC file resides, it is leveraged to execute an arbitrary script when ATC file is decrypted. Taizoh Tsukamoto of...

7.8CVSS7.1AI score0.01434EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/08/29 9:1 a.m.•4 views

Multiple script injection vulnerabilities in multiple Yamaha network devices

Overview The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities CWE-74. The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.8CVSS7.2AI score0.00652EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/08/14 1:4 a.m.•4 views

Information Disclosure Vulnerability in Hitachi Command Suite

Overview An Information Disclosure Vulnerability was found in Hitachi Command Suite. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.5CVSS6.5AI score0.01352EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/08/09 7:43 a.m.•4 views

Multiple vulnerabilities in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE

Overview EC-CUBE Payment Module and GMO-PG Payment Module PG Multi-Payment Service, which are additional modules for EC-CUBE, provided by GMO Payment Gateway, Inc. contain multiple vulnerabilities listed below. Cross-site scripting vulnerability in the management screen CWE-79 - CVE-2018-0657 Inp...

7.2CVSS6.7AI score0.01029EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/08/07 5:33 a.m.•4 views

Multiple vulnerabilities in multiple I-O DATA network camera products

Overview Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. Permissions, Privileges, and Access Controls CWE-264 - CVE-2018-0661 Insufficient Verification of Data Authenticity CWE-345 - CVE-2018-0662 Use of Hard-coded Credentials...

9CVSS8AI score0.01624EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/24 5:43 a.m.•4 views

The installers of multiple Canon IT Solutions Inc. software programs may insecurely load Dynamic Link Libraries

Overview The installers of multiple software programs provided by Canon IT Solutions Inc. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC...

9.3CVSS7.1AI score0.01134EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/02 6:22 a.m.•4 views

Cybozu Garoon vulnerable to SQL injection

Overview Cybozu Garoon provided by Cybozu, Inc. contains an SQL injection vulnerability CWE-89 in application "Notifications". Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security...

8.8CVSS7.8AI score0.01153EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/06/15 5:40 a.m.•4 views

ANA App for iOS fails to verify SSL server certificates

Overview ANA App for iOS provided by ALL NIPPON AIRWAYS CO., LTD fails to verify SSL server certificates CWE-295. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

7.4CVSS6.4AI score0.00503EPSS
Exploits0References5
Total number of security vulnerabilities5000