Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/09 12:0 a.m.73 views

JVN#96561229: Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM

FUJITSU Network IPCOM provided by FUJITSU LIMITED is an integrated network appliance. Operation management interface used to operate FUJITSU Network IPCOM contains multiple vulnerabilities listed below. OS command injection in the web console CWE-78 - CVE-2022-29516 Version| Vector| Score...

10CVSS10AI score0.74513EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/03/30 12:0 a.m.73 views

JVN#42543427: WordPress Plugin "Advanced Custom Fields" vulnerable to missing authorization

WordPress Plugin "Advanced Custom Fields" provided by Delicious Brains contains a missing authorization vulnerability CWE-862. Impact Users of this product Editor, Author, Contributor may view the information on the database without the access permission. Solution Update the plugin Update the...

6.5CVSS6.4AI score0.01437EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/12/07 12:0 a.m.73 views

JVN#32155106: Multiple vulnerabilities in i-FILTER

i-FILTER provided by Digital Arts Inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2018-16180 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 HTTP...

6.1CVSS6.9AI score0.00833EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/05/31 12:0 a.m.73 views

JVN#27978559: Multiple vulnerabilities in Pixelpost

Pixelpost provided by Pixelpost.org contains multiple vulnerabilities listed below. Arbitrary code execution - CVE-2018-0604 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L| Base Score: 4.7 CVSS v2| AV:N/AC:L/Au:S/C:P/I:P/A:P| Base Score: 6.5 Cross-site...

7.2CVSS7.7AI score0.01796EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/05/10 12:0 a.m.73 views

JVN#28804532: Multiple vulnerabilities in WordPress plugin "Ultimate Member"

The WordPress plugin "Ultimate Member" provided by Ultimate Member contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2018-0585 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...

7.5CVSS5.5AI score0.02598EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/27 12:0 a.m.73 views

JVN#61081552: WordPress plugin "PixelYourSite" vulnerable to cross-site scripting

The WordPress plugin "PixelYourSite" provided by Minimal Work SRL contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

5.4CVSS5.3AI score0.00766EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/11/29 12:0 a.m.73 views

JVN#71291160: StreamRelay.net.exe and sDNSProxy.exe vulnerable to denial-of-service (DoS)

StreamRelay.net.exe and sDNSProxy.exe fail to properly process ICMP Port Unreachable message CWE-703. Impact A remote attacker may be able to cause a denial-of-service DoS condition. Solution Update the Software Update to the latest version according to the information provided by the developer...

7.5CVSS7.3AI score0.015EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/25 12:0 a.m.73 views

JVN#14926025: Installer of ”Flets Install Tool” may insecurely load Dynamic Link Libraries

Installer of "Flets Install Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installe...

9.3CVSS7.6AI score0.01059EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/06/20 12:0 a.m.73 views

JVN#45093481: Multiple vulnerabilities in Apache Struts 2

Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating web applications in Java. Web applications that are developed using Apache Struts 2 contain multiple vulnerabilities listed below. Cross-site request forgery S2-038 - CVE-2016-4430 Version| Vector|...

8.8CVSS8.5AI score0.10013EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/03/03 12:0 a.m.72 views

JVN#85572374: pfSense-pkg-WireGuard vulnerable to directory traversal

pfSense-pkg-WireGuard provided by pfSense is an add-on package for pfSense CE and pfSense Plus. pfSense-pkg-WireGuard contains a directory traversal vulnerability CWE-22. Impact pfSense users may view files in the private folders which they do not have privileges to access. Solution Update the...

6.5CVSS6.4AI score0.01756EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/09 12:0 a.m.72 views

JVN#67447798: Multiple SONY Wireless Headphones allow improper Bluetooth pairing

Multiple SONY Wireless Headphones have vulnerability that someone within the Bluetooth range can make the Bluetooth pairingCWE-306. Impact When using the product, someone within the Bluetooth range may make the Bluetooth pairing and operate such as changing volume of the product. Solution Update...

8.8CVSS8.7AI score0.00582EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/03/24 12:0 a.m.72 views

JVN#88277644: Keijiban Tsumiki vulenrable to OS command injection

Keijiban Tsumiki provided by Mash room - Free CGI - is a CGI to provide Bulletin Board System BBS functions. Keijiban Tsumiki contains an OS command injection vulnerability CWE-78. Impact A remote attacker may execute an arbitrary OS command. Solution Consider stop using Keijiban Tsumiki v1.15...

10CVSS9.8AI score0.02274EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/03/24 12:0 a.m.72 views

JVN#88033799: WL-Enq (WEB Enquete) vulnerable to cross-site scripting

WL-Enq WEB Enquete provided by WonderLink is a CGI to provide web enquete functions. WL-Enq WEB Enquete contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing a website that uses WL-Enq WEB Enquete. Solution...

6.1CVSS6AI score0.00773EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/31 12:0 a.m.72 views

JVN#09769017: Multiple Fuji Xerox products may insecurely load Dynamic Link Libraries

Installers of multiple products, and DocuWorks self-extracting documents provided by Fuji Xerox Co.,Ltd. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the administrative...

9.3CVSS7.6AI score0.01059EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/20 12:0 a.m.72 views

JVN#48413726: Multiple vulnerabilities in multiple Buffalo wireless LAN routers

WMR-433 and WMR-433W provided by BUFFALO INC. are wireless LAN routers. WMR-433 and WMR-433W contain multiple vulnerabilities listed below. Cross-site Request Forgery CWE-352 - CVE-2017-2273 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L| Base Score: 4.3...

8.8CVSS7.4AI score0.0085EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/05/12 12:0 a.m.72 views

JVN#16248227: PrimeDrive Desktop Application Installer may insecurely load executable files

PrimeDrive Desktop Application is the client application for PrimeDrive online storage service provided by SoftBank Corp. The installer of PrimeDrive Desktop Application contains an issue with the file search path, which may insecurely load executable files CWE-427. Impact Arbitrary code may be...

7.8CVSS7.7AI score0.01881EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/03/30 12:0 a.m.72 views

JVN#55121369: CentreCOM AR260S V2 vulnerable to privilege escalation

​CentreCOM AR260S V2 provided by Allied Telesis K.K. is a wired LAN router. CentreCOM AR260S V2 contains a privilege escalation vulnerability. Impact Unintended operations may be performed with administrative privileges by a user who can log into the product with "guest" account. Solution Apply...

8.8CVSS9.1AI score0.01916EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/25 12:0 a.m.71 views

JVN#97545738: Multiple cross-site scripting vulnerabilities in Movable Type

Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability in Search screen CWE-79 - CVE-2021-20808 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS...

6.1CVSS6.5AI score0.00904EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/21 12:0 a.m.71 views

JVN#74686032: QND vulnerable to privilege escalation

QND provided by QualitySoft Corporation contains a privilege escalation vulnerability CWE-268. Impact A user who can log in to the PC where the product's Windows client is installed may obtain administrative privileges. As a result, sensitive information may be modified/obtained or unintended...

7.8CVSS7.7AI score0.0022EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/04 12:0 a.m.71 views

JVN#42252698: Panasonic Video Insight VMS vulnerable to arbitrary code execution

Video Insight VMS provided by Panasonic Corporation contains an arbitrary code execution vulnerability CWE-94 because unencrypted communication exists in the communication using non-well known ports. Impact By sending a specially crafted request to the vulnerable product, a remoto attacker may...

10CVSS9.6AI score0.02815EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/09/30 12:0 a.m.71 views

JVN#07426151: InfoCage SiteShell installs their files with improper access permissions

InfoCage SiteShell provided by NEC Corporation installs their files with improper access permissions CWE-732. Especially, the service executable files can be modified by Everyone users. Impact The service executable files may be modified by local users, resulting in arbitrary code execution with ...

7.8CVSS7.9AI score0.00397EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/12/26 12:0 a.m.71 views

JVN#96493183: GROWI vulnerable to cross-site scripting

GROWI provided by WESEEK, Inc. contains a cross-site scripting vulnerability CWE-79. The settings option for enabling and disabling the measures against cross-site scripting "Enable XSS prevention" option was introduced in v3.1.12. However, there was an issue with the implementation where the...

5.4CVSS5.3AI score0.00678EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/12/22 12:0 a.m.71 views

JVN#95423049: The installer of Content Manager Assistant for PlayStation may insecurely load Dynamic Link Libraries

Content Manager Assistant for PlayStation provided by Sony Interactive Entertainment Inc. is a data transfer tool. The installer of Content Manager Assistant for PlayStation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact...

7.8CVSS7.7AI score0.00865EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/24 12:0 a.m.71 views

JVN#39628662: Multiple vulnerabilities in SEO Panel

SEO Panel provided by SEO Panel contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2017-10838 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score: 2.6 SQL injection...

8.8CVSS7.4AI score0.01071EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/19 12:0 a.m.71 views

JVN#14151222: Multiple vulnerabilities SONY Portable Wireless Server WG-C10

Portable Wireless Server WG-C10 provided by Sony Corporation contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2017-2275 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:P/I:P/A:P|...

9CVSS7.9AI score0.01933EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/04/25 12:0 a.m.71 views

JVN#19294237: Apache Struts vulnerable to ClassLoader manipulation

Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a vulnerability where the ClassLoader may be manipulated. Impact On a server where Apache Struts in running, a remote attacker may steal information or execu...

7.5CVSS8AI score0.99614EPSS
Exploits7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/10/01 12:0 a.m.71 views

JVN#79013771 Safari allows access from HTTP to HTTPS

Safari is a default web browser installed in Mac OS X and iPhone. Safari contains a vulnerability that allows a remote attacker to access web page contents protected by SSL/TLS from an HTTP page in the same domain. Impact A remote attacker could obtain or change the web page contents protected by...

6.8CVSS7.5AI score0.02569EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/08 12:0 a.m.70 views

JVN#51106450: Apache HTTP Server vulnerable to directory traversal

Apache HTTP Server provided by The Apache Software Foundation contains a directory traversal vulnerability CWE-22. Impact A remote attacker may access the unprotected files in "require all denied" placed outside of the document root. Moreover, if CGI scripts are enabled, arbitrary code may be...

9.8CVSS9.2AI score0.99992EPSS
Exploits173
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/27 12:0 a.m.70 views

JVN#35240327: WordPress plugin "WP Fastest Cache" vulnerable to directory traversal

WordPress plugin "WP Fastest Cache" provided by Emre Vona contains a directory traversal vulnerability CWE-22. Impact Arbitrary files on the server may be deleted by a user with an administrative privilege. Solution Update the plugin Update the plugin according to the information provided by the...

6.5CVSS6.3AI score0.02625EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/11/25 12:0 a.m.70 views

JVN#56450373: Multiple vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Information disclosure CWE-200 - CVE-2020-5676 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 5.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:N/A:N| Base Score: 5.0 Reflected...

7.5CVSS6.8AI score0.0177EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/09/17 12:0 a.m.70 views

JVN#31864411: Multiple access restriction bypass vulnerabilities in UNIQLO App

UNIQLO App provided by UNIQLO CO., LTD. contains multiple access restriction bypass vulnerabilities below. A remote attacker may be able to lead a user to access an arbitrary website via the vulnerable App. The App launched by a Custom URL Scheme may lead a user to access an arbitrary URL -...

6.5CVSS6.7AI score0.00997EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/11 12:0 a.m.70 views

JVN#61849442: PALLET CONTROL vulnerable to arbitrary code execution

PALLET CONTROL provided by JAL Information Technology Co., Ltd. is IT asset management software. PALLET CONTROL contains an arbitrary code execution vulnerability due to improper file access permission CWE-284. Impact A user who can login to the computer where the vulnerable product is installed...

7.8CVSS7.9AI score0.00384EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/03/24 12:0 a.m.70 views

JVN#63834780: Shihonkanri Plus GOOUT vulnerable to OS command injection

Shihonkanri Plus GOOUT provided by EKAKIN is a CGI that enables to view data stored in Shihonkanri Plus outside. Shihonkanri Plus GOOUT contains an OS command injection CWE-78 vulnerability. Impact A remote attacker may execute an arbitrary OS command. Solution Consider stop using Shihonkanri Plu...

10CVSS9.8AI score0.02274EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/05/17 12:0 a.m.70 views

JVN#81196185: The installer of Visual C++ Redistributable may insecurely load Dynamic Link Libraries

The installer of Visual C++ Redistributable provided Microsoft contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the same directory as the installer CWE-427. Microsoft states that the root cause of this vulnerability is "Application Directo...

9.3CVSS7.7AI score0.04589EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/01 12:0 a.m.70 views

JVN#06770361: Installer of Tera Term may insecurely load Dynamic Link Libraries

The installer of Tera Term provided by TeraTerm Project contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer Use...

9.3CVSS7.7AI score0.02029EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/12 12:0 a.m.69 views

JVN#50804280: Plone vulnerable to open redirect

Plone provided by Plone Foundation contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Apply the Patch Apply the patch according...

6.5CVSS6.1AI score0.01028EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/26 12:0 a.m.69 views

JVN#64869876: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Improper Neutralization of JavaScript input in the page editing function CWE-79 - CVE-2021-20681 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4...

9CVSS6.6AI score0.02475EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/13 12:0 a.m.69 views

JVN#41035278: BookStack vulnerable to cross-site scripting

BookStack contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update the software to the latest version according to the information provided by the developer. The developer states as follows; Aft...

6.3CVSS5.4AI score0.00782EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/04/28 12:0 a.m.69 views

JVN#47668991: Sales Force Assistant vulnerable to cross-site scripting

Sales Force Assistant provided by NI Consulting CO.,Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser while logging in Sales Force Assistant. Solution Update the Software Update the software to the latest version...

5.4CVSS5.3AI score0.00849EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/02/18 12:0 a.m.69 views

JVN#89259622: WordPress Plugin "Easy Property Listings" vulnerable to cross-site request forgery

WordPress Plugin "Easy Property Listings" provided by Merv Barrett contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the informatio...

8.8CVSS8.6AI score0.00818EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/09/14 12:0 a.m.69 views

JVN#75929834: Install program and Installer of i-フィルター 6.0 may insecurely load Dynamic Link Libraries and invoke executable files

i-フィルター 6.0 provided by Digital Arts Inc. is web filtering and parental control software. The install program is designed to download the installer via the internet and execute it. The i-フィルター 6.0 install program and installer contain the following vulnerabilities. Lead to insecurely loading...

9.3CVSS8.1AI score0.01781EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/01/22 12:0 a.m.68 views

JVN#34565930: Multiple vulnerabilities in a-blog cms

a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Improper input validation CWE-20 - CVE-2024-23180 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N| Base Score: 3.5 CVSS v2| AV:N/AC:M/Au:S/C:N/I:P/A:N| Base Score: 3.5...

8.8CVSS7.2AI score0.00918EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/07/03 12:0 a.m.68 views

JVN#64316789: Multiple vulnerabilities in SoftEther VPN and PacketiX VPN

SoftEther VPN provided by University of Tsukuba SoftEther VPN Project and PacketiX VPN provided by SoftEther Corporation contain multiple vulnerabilities listed below in VPN Client function, and Dynamic DNS Client function included in the VPN server. Heap-based buffer overflow CWE-122 -...

9CVSS7.5AI score0.01543EPSS
Exploits6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/22 12:0 a.m.68 views

JVN#29949691: Inkdrop vulnerable to OS command injection

Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains an OS command injection vulnerability CWE-78. Impact If a file or code snippet containing an invalid iframe is loaded into Inkdrop, an arbitrary OS command may be executed on the system where it runs. Solution Update the...

9.3CVSS7.9AI score0.00964EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/05 12:0 a.m.68 views

JVN#50470170: WordPress Plugin "Name Directory" vulnerable to cross-site request forgery

WordPress Plugin "Name Directory" provided by J. Peters contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin...

8.8CVSS8.7AI score0.0084EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/12 12:0 a.m.68 views

JVN#69635538: The installer of SKYSEA Client View may insecurely load Dynamic Link Libraries

SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. The installer of SKYSEA Client View contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of...

7.8CVSS7.8AI score0.00321EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/04/08 12:0 a.m.68 views

JVN#89224521: Multiple vulnerabilities in EasyBlocks IPv6

EasyBlocks IPv6 provided by Plat'Home Co., Ltd. contains multiple vulnerabilities listed below. Cross site request forgeryCWE-352 - CVE-2020-5549 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base...

8.8CVSS8.5AI score0.0186EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/09/11 12:0 a.m.68 views

JVN#76692689: SEIL Series routers vulnerable to denial-of-service (DoS)

The IPsec/IKE function in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to a flaw in processing certain packets. Impact Receiving a specially crafted packet may result in a temporary failure of the device's encrypted communication...

4.3CVSS4.1AI score0.01524EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/11/14 12:0 a.m.68 views

JVN#52422792: Direct Web Remoting (DWR) vulnerable to cross-site scripting

Direct Web Remoting DWR is a Java framework for developing Ajax into web applications. DWR contains a cross-site scripting vulnerability CWE-79. Impact Arbitrary JavaScript may be executed on the user's web browser. Solution Update the Software Update to the latest version of DWR according to the...

4.3CVSS5.6AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/21 12:0 a.m.67 views

JVN#53278122: Minecraft Java Edition vulnerable to directory traversal

Minecraft Java Edition provided by Mojang Studios contains a directory traversal vulnerability CWE-22. Impact Arbitrary JSON files on the system using the product may be deleted by an attacker. Solution Update Minecraft Update Minecraft to the latest version according to the information provided ...

7.5CVSS7.5AI score0.0143EPSS
Exploits0
Total number of security vulnerabilities5000