Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/06/15 5:36 a.m.•4 views

Chrome Extension "5000 trillion yen converter" vulnerable to cross-site scripting

Overview Chrome Extension "5000 trillion yen converter" provided by Owen contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the extension Update the extension according to the information provided by the...

6.1CVSS6.1AI score0.00781EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/06/04 5:10 a.m.•4 views

H2O vulnerable to buffer overflow

Overview H2O is open source web server software. H2O contains a buffer overflow vulnerability CWE-119 due to a processing flaw in the output of Access Log. Marlies Ruck of ForAllSecure reported this vulnerability to Kazuho Oku, and Kazuho Oku reported this vulnerability to IPA to notify users of...

9.8CVSS7.6AI score0.03815EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/28 5:11 a.m.•4 views

WordPress plugin "Site Reviews" vulnerable to cross-site scripting

Overview The WordPress plugin "Site Reviews" provided by Gemini Labs contains a stored cross-site scripting vulnerability CWE-79. Keita Uchida of TDU Cryptography Lab reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

6.1CVSS5.8AI score0.01309EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/24 6:25 a.m.•4 views

The installer of PlayMemories Home for Windows may insecurely load Dynamic Link Libraries

Overview PlayMemories Home for Windows provided by Sony Corporation is Image Management Software. The installer of PlayMemories Home for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications...

7.8CVSS7AI score0.01027EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/24 6:15 a.m.•4 views

Susie plug-in "axpdfium" may insecurely load Dynamic Link Libraries

Overview Susie plug-in "axpdfium" contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user running the program where "axpdfium" is used. Solution Update the plug-in Update...

9.3CVSS6.9AI score0.00959EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/22 6:26 a.m.•4 views

Multiple cross-site scripting vulnerabilities in Cybozu Mailwise

Overview Cybozu Mailwise contains multiple cross-site scripting vulnerabilities below. Stored cross-site scripting vulnerability in "E-mail Details Screen" CWE-79 - CVE-2018-0557 Reflected cross-site scripting vulnerability in "System settings" CWE-79 - CVE-2018-0558 Reflected cross-site scriptin...

6.1CVSS6AI score0.00809EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/22 5:53 a.m.•4 views

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community is an opensource content management system. baserCMS contains multiple vulnerabilities listed below. Command injection CWE-94 - CVE-2018-0569 Cross-site scripting CWE-79 - CVE-2018-0570 Unrestricted Upload of File with Dangerous Type in uploa...

8.8CVSS8AI score0.01632EPSS
Exploits0References20
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/21 4:39 a.m.•4 views

Nessus vulnerable to cross-site scripting

Overview Nessus provided by Tenable, Inc. contains a stored cross-site scripting vulnerability CWE-79. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

6.1CVSS5.8AI score0.01148EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/27 6:19 a.m.•4 views

The installers of multiple CELSYS,Inc. software may insecurely load Dynamic Link Libraries

Overview The installers of multiple software provided by CELSYS,Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the lates...

8CVSS6.9AI score0.02109EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/03/15 4:38 a.m.•4 views

The installer of PhishWall Client Firefox and Chrome edition for Windows may insecurely load Dynamic Link Libraries

Overview PhishWall Client Firefox and Chrome edition for Windows provided by SecureBrain Corporation is an anti-phishing and anti-MITB software. The installer of PhishWall Client Firefox and Chrome edition for Windows contains an issue with the DLL search path, which may lead to insecurely loadin...

7.8CVSS6.8AI score0.00963EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/03/13 7:43 a.m.•4 views

QQQ SYSTEMS vulnerable to arbitrary command injection

Overview QQQ SYSTEMS provided by Gundam Cult QQQ is a perl CGI script to create quiz pages. QQQ SYSTEMS contains an OS command injection vulnerability CWE-78. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on December 5, 2017, it was judged that ...

10CVSS7.7AI score0.02703EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/03/13 7:43 a.m.•4 views

QQQ SYSTEMS vulnerable to cross-site scripting

Overview QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. quizop.cgi of QQQ SYSTEMS contains a cross-site scripting vulnerability CWE-79. When a user accesses a malicious page and is redirected to a page created with the product, an arbitrary script may be executed on...

6.1CVSS5.9AI score0.00746EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/02/08 3:21 a.m.•4 views

MP Form Mail CGI eCommerce Edition vulnerable to OS command injection

Overview MP Form Mail CGI eCommerce Edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce Edition contains an OS command injection vulnerability CWE-78. Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...

10CVSS7.6AI score0.02337EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/02/02 3:28 a.m.•4 views

Spring Security and Spring Framework vulnerable to authentication bypass

Overview Spring Framework and Spring Security provided by Pivotal Software, Inc. contain an authentication bypass vulnerability. Macchinetta Framework Development Team : NTT COMWARE, NTT DATA Corporation, and NTT reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5.3CVSS6.9AI score0.02857EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/02/01 4:58 a.m.•4 views

Multiple vulnerabilities in epg search result viewer(kkcald)

Overview epg search result viewerkkcald provided by kkcal contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2018-0508 Cross-site request forgery CWE-352 - CVE-2018-0509 Buffer overflow CWE-121 - CVE-2018-0510 Kusano Kazuhiko reported this vulnerability to IPA...

9.8CVSS7.1AI score0.02033EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/01/31 4:43 a.m.•4 views

Deep Discovery Email Inspector vulnerable to arbitrary code execution

Overview Deep Discovery Email Inspector provided by Trend Micro Incorporated contains an arbitrary code execution vulnerability due to an issue in uploading files. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact An...

10CVSS8AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/01/19 5:19 a.m.•4 views

Nootka App for Android vulnerable to OS command injection

Overview Nootka App for Android provided by SeeLook contains an OS command injection vulnerability CWE-78. Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

10CVSS7.7AI score0.02277EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/01/19 5:19 a.m.•4 views

GroupSession vulnerable to open redirect

Overview GroupSession provided by Japan Total System Co.,Ltd. is an open source groupware. GroupSession contains an open redirect vulnerability CWE-601. Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

6.1CVSS6.7AI score0.00769EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/01/17 7:15 a.m.•4 views

Multiple vulnerabilities in Deep Discovery Email Inspector

Overview Deep Discovery Email Inspector provided by Trend Micro Incorporated contains multiple vulnerabilities. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact The possible impacts are as follows: A user may execute arbitrary...

7.7AI score
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/01/17 7:15 a.m.•4 views

Trend Micro Control Manager vulnerable to SQL injection

Overview Trend Micro Control Manager contains multiple SQL injection vulnerabilities. This advisory refers to the vulnerabilities that are disclosed on the TippingPoint Zero Day Initiative advisories listed below. TippingPoint Zero Day Initiative...

9AI score
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/01/12 6:32 a.m.•4 views

AssetView and AssetView PLATINUM contain multiple vulnerabilities

Overview AssetView and AssetView PLATINUM provided by Hammock Corporation contain 2 vulnerabilities listed below. Use of Hard-coded Cryptographic Key CWE-321 - CVE-2017-10866 Improper Input Validation CWE-20 - CVE-2017-10867 Muneaki Nishimura of of Recruit Technologies Co.,Ltd. RED TEAM reported...

8.8CVSS7.5AI score
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/12/22 6:50 a.m.•4 views

The installer of Content Manager Assistant for PlayStation may insecurely load Dynamic Link Libraries

Overview Content Manager Assistant for PlayStation provided by Sony Interactive Entertainment Inc. is a data transfer tool. The installer of Content Manager Assistant for PlayStation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427...

7.8CVSS6.8AI score0.00865EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/12/18 6:17 a.m.•4 views

Multiple vulnerabilities in H2O

Overview H2O is an open source web server software. H2O contains multiple vulnerabilities listed below. A Denial-of-service DoS due to a flaw in processing HTTP/1 header CWE-20 - CVE-2017-10868 Stack-based buffer overflow CWE-121 - CVE-2017-10869 A Denial-of-service DoS due to a flaw in outputtin...

7.5CVSS7.4AI score0.03636EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/12/11 4:40 a.m.•4 views

Qt for Android environment variables alteration

Overview Qt for Android contains an information alteration vulnerability. Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote attacker may alter environem...

6.8CVSS7.3AI score0.00576EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/12/11 4:40 a.m.•4 views

Qt for Android vulnerable to OS command injection

Overview Qt for Android provided by The Qt Company contains an OS command injection vulnerability CWE-78. Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

9.8CVSS7.7AI score0.01958EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/12/06 5:42 a.m.•4 views

The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries

Overview The installer of The Public Certification Service for Individuals "The JPKI user's software" provided by Japan Agency for Local Authority Information Systems J-LIS contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Note that...

9.3CVSS7AI score0.01029EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/11/30 6:45 a.m.•4 views

Multiple vulnerabilities in Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1

Overview Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1 provided by Princeton Ltd. is a Wi-Fi storage. Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1 contains multiple vulnerabilities listed below. Improper Access Restriction CWE-284 - CVE-2017-10900 Buffer Overflow CWE-119 -...

10CVSS7.5AI score0.02553EPSS
Exploits0References15
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/11/22 4:51 a.m.•4 views

PWR-Q200 vulnerable to DNS cache poisoning attacks

Overview PWR-Q200 provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION is a mobile WiFi router. PWR-Q200 is vulnerable to DNS cache poisoning attacks as DNS queries are done with a fixed source port CWE-330. Toshifumi Sakaguchi reported this vulnerability to IPA. JPCERT/CC coordinated with...

7.5CVSS6.6AI score0.01323EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/11/14 6:19 a.m.•4 views

Multiple vulnerabilities in BOOK WALKER for Windows/Mac

Overview BOOK WALKER for Windows/Mac provided by BOOK WALKER Co.,Ltd. are applications to view e-books. Installer of BOOK WALKER for Windows contains a vulnerabirity, which may lead to insecurely loading Dynamic Link Libraries. Also BOOK WALKER for Windows/Mac contain a vulnerability which may le...

9.3CVSS6.3AI score0.01059EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/11/09 3:29 a.m.•4 views

Installer of HYPER SBI may insecurely load Dynamic Link Libraries

Overview HYPER SBI provided by SBI SECURITIES Co.,Ltd. is a trading tool. Installer of HYPER SBI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuto Iso of NTT Security Japan KK reported this vulnerability to IPA. JPCERT/CC...

9.3CVSS6.9AI score0.01029EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/11/06 4:48 a.m.•4 views

I-O DATA LAN DISK Connect vulnerable to denial-of-service (DoS)

Overview LAN DISK Connect provided by I-O DATA DEVICE, INC. contains a denial-of-service DoS vulnerability CWE-119 due to a flaw in processing certain packets. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

7.5CVSS6.5AI score0.01234EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/10/17 8:22 a.m.•4 views

Home unit KX-HJB1000 contains multiple vulnerabilities

Overview Home unit KX-HJB1000 provided by Panasonic Corporation is a control system for home network. Home unit KX-HJB1000 contains multiple vulnerabilities listed below. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

8.8CVSS6.8AI score0.01248EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/10/17 8:1 a.m.•4 views

Information Disclosure Vulnerability in Hitachi Automation Director

Overview An Information Disclosure Vulnerability was found in Hitachi Automation Director. Impact Information might be disclosed. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

3.5CVSS6.4AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/10/11 7:43 a.m.•4 views

Installer of HIBUN Confidential File Viewer may insecurely load Dynamic Link Libraries and invoke executable files

Overview Installer of HIBUN Confidential File Viewer provided by Hitachi Solutions, Ltd. contains an issue with the search path for DLL/executable files, which may lead to insecurely loading Dynamic Link Libraries and invoking executable files CWE-427. Eili Masami of Tachibana Lab. reported this...

9.3CVSS7AI score0.01008EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/10/03 2:18 a.m.•4 views

Self-Decrypting Confidential Files created by JP1/HIBUN may insecurely load Dynamic Link Libraries

Overview Self-decrypting confidential files created by JP1/HIBUN contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor...

7.8CVSS6.9AI score
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/09/29 4:54 a.m.•4 views

Marp vulnerable to improper access control in JavaScript execution

Overview Marp is a tool to create a presentation PDF with Markdown. Marp executes JavaScript inside the Markdown contents. Marp allows JavaScript to access local resources and files CWE-284. Keitaro Yamazaki of Kyoto University reported this vulnerability to IPA. JPCERT/CC coordinated with the...

6.8CVSS6.3AI score0.00519EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/09/26 6:37 a.m.•4 views

jwt-scala fails to verify token signatures

Overview jwt-scala contains a vulnerability where it fails to verify token signatures correctly. jwt-scala is a Scala library to handle JSON Web Token JWT. jwt-scala contains a vulnerability where it fails to verify token signatures correctly due to improper processing of JWT headers. Toshiharu...

5.3CVSS6.9AI score0.00583EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/09/21 6:58 a.m.•4 views

InterScan Web Security Virtual Appliance vulnerable to code injection

Overview InterScan Web Security Virtual Appliance provided by Trend Micro Incorporated contains code injection vulnerability. Impact Arbitrary code may be executed by a user who logged-in to the management screen of the product as an administrator. Solution Apply the Patch Apply the patch accordi...

9CVSS7.2AI score0.03196EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/09/11 6:19 a.m.•4 views

SEIL Series routers vulnerable to denial-of-service (DoS)

Overview The IPsec/IKE function in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to a flaw in processing certain packets. Internet Initiative Japan Inc. reported this vulnerability to IPA to notify users of its solution through JV...

5.3CVSS6.8AI score0.01524EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/09/08 5:14 a.m.•4 views

Multiple vulnerabilities in CG-WLR300NM

Overview CG-WLR300NM provided by Corega Inc. is a wireless LAN router. CG-WLR300NM contains multiple vulnerabilities listed below. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

7.7CVSS7.8AI score0.00823EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/31 7:35 a.m.•4 views

Multiple Fuji Xerox products may insecurely load Dynamic Link Libraries

Overview Installers of multiple products, and DocuWorks self-extracting documents provided by Fuji Xerox Co.,Ltd. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA...

9.3CVSS6.9AI score0.01059EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/25 5:52 a.m.•4 views

Installer of "Flets Setsuzoku Tool" may insecurely load Dynamic Link Libraries

Overview Installer of "Flets Setsuzoku Tool"provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC...

9.3CVSS6.9AI score0.01059EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/22 3:34 a.m.•4 views

Installer of Photo Collection PC Software provided by NTT DOCOMO, INC. may insecurely load Dynamic Link Libraries and invoke executable files

Overview Photo Collection PC Software provided by NTT DOCOMO, INC. contains an issue with the search paths for DLL/executable files, which may lead to insecurely loading Dynamic Link Libraries and invoking executable files CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA...

9.3CVSS7.2AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/17 8:29 a.m.•4 views

Installer of Shin Kinkyuji Houkoku Data Nyuryoku Program may insecurely load Dynamic Link Libraries

Overview Installer of Shin Kinkyuji Houkoku Data Nyuryoku Program provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability ...

9.3CVSS6.8AI score0.01238EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/17 8:29 a.m.•4 views

Installer of Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program may insecurely load Dynamic Link Libraries

Overview Installer of Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this...

9.3CVSS6.8AI score0.01061EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/03 3:28 a.m.•4 views

Installer of Baidu IME may insecurely load Dynamic Link Libraries

Overview Installer of Baidu IME contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

9.3CVSS7AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/04 5:43 a.m.•4 views

Installer of Douroshisetu Kihon Data Sakusei System may insecurely load Dynamic Link Libraries

Overview The installer of Douroshisetu Kihon Data Sakusei System provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this...

7.8CVSS7AI score0.01057EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/04 4:59 a.m.•4 views

MFC-J960DWN vulnerable to cross-site request forgery

Overview MFC-J960DWN provided by BROTHER INDUSTRIES, LTD. is a MultiFunction Printer. MFC-J960DWN contains a cross-site request forgery vulnerability CWE-352. Taiga Asano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.8CVSS6.5AI score0.00722EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/03 6:23 a.m.•4 views

Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon provided by Cybozu, Inc. contains a cross-site scripting in the application menu. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact An arbitrary script may be executed on the logged-in user's web browser. Solution Upda...

4.8CVSS6.1AI score0.00603EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/03 6:22 a.m.•4 views

Cybozu Garoon fails to restrict access permission

Overview Cybozu Garoon provided by Cybozu, Inc. contains an improper access restriction. Jun Kokatsu of KDDI Singapore Dubai Branch reported vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. Impact When a logged-in user accesses ...

5.8CVSS6.5AI score0.00849EPSS
Exploits0References6
Total number of security vulnerabilities5000