Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/09 5:38 a.m.•4 views

WL-330NUL information management vulnerability

Overview WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains an issue in information management. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

4.3CVSS6.5AI score0.00632EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/07 5:21 a.m.•4 views

GANMA! App for iOS fails to verify SSL server certificates

Overview GANMA! App for iOS provided by COMICSMART INC. fails to verify SSL server certificates. Yuji Tounai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attacker t...

5.9CVSS6.4AI score0.00696EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/30 4:44 a.m.•4 views

p++BBS vulnerable to cross-site scripting

Overview p++BBS provided by Let's PHP! contains a stored cross-site scripting vulnerability CWE-79. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the...

6.1CVSS5.9AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/27 4:29 a.m.•4 views

Apache Cordova vulnerable to improper application of whitelist restrictions

Overview Apache Cordova provided by the Apache Software Foundation is a framework for creating mobile applications for various platforms. Android applications built using Apache Cordova contain a vulnerability where whitelist restrictions are not properly applied. Muneaki Nishimura of Sony Digita...

4.3CVSS6.8AI score0.04216EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/17 5:21 a.m.•4 views

Kirby vulnerable to arbitrary file creation

Overview Kirby is a content management system CMS. Kirby contains a vulnerability that may allow a remote attacker to create arbitrary files. Yuji Tounai of NTT Com SecurityJapanKK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...

6.5CVSS7AI score0.01255EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/17 5:20 a.m.•4 views

applican vulnerable to script injection

Overview applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in processing SSID. Note that this vulnerability is different from JVN64625488. Kenta Suefusa and Tomonori Shiom...

5.4CVSS7AI score0.01171EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/13 5:25 a.m.•4 views

pWebManager vulnerable to OS command injection

Overview pWebManager provided by PC-EGG Co.,Ltd. contains an OS command injection vulnerability CWE-78. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary OS command may be executed on t...

6.5CVSS7.3AI score0.01302EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/29 4:46 a.m.•4 views

Enisys Gw fails to restrict access permissions

Overview Enisys Gw provided by Techno Project Japan Co. is an open source groupware. Enisys Gw fails to restrict access permissions. Impact A remote unauthenticated attacker may be access to an arbitrary file uploaded on the product. Solution Update the Software Update to the latest version...

5CVSS7AI score0.01423EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/29 4:37 a.m.•4 views

Enisys Gw vulnerable to SQL injection

Overview Enisys Gw provided by Techno Project Japan Co. is an open source groupware. Enisys Gw contains an SQL injection vulnerability CWE-89. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

7.5CVSS7.7AI score0.01271EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/28 5:50 a.m.•4 views

ANA App fails to verify SSL server certificates

Overview ANA App provided by ALL NIPPON AIRWAYS CO., LTD fails to verify SSL server certificates. AOKI Keiichi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attacker...

5.9CVSS6.5AI score0.00898EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/26 3:27 a.m.•4 views

EC-CUBE vulnerable to cross-site request forgery

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability CWE-352. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5.1CVSS6.9AI score0.00646EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/16 5:0 a.m.•4 views

AirDroid for Android vulnerable in handling of implicit intents

Overview AirDroid for Android provided by SAND STUDIO contains a vulnerability in the handling of implicit intents. Gaku Mochizuki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Information in AirDroid may ...

4.3CVSS6.5AI score0.00893EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/16 5:0 a.m.•4 views

Avast vulnerable to directory traversal

Overview Avast contains an issue in processing archive files, which may result in a directory traversal CWE-22 vulnerability. When an archive file such as zip is detected as containing a virus and the included virus file is being moved or deleted, the operation is done to the file path inside the...

6.4CVSS6.8AI score0.02969EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/15 3:24 a.m.•4 views

eXtplorer vulnerable to cross-site request forgery

Overview eXtplorer is a web-based file manager. index.php of eXtplorer contains a cross-site request forgery CWE-352 vulnerability. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.8CVSS6.8AI score0.01014EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/09 5:12 a.m.•4 views

Dojo Toolkit vulnerable to cross-site scripting

Overview Dojo Toolkit is a software to assist in building web applications. Dojo Toolkit contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

4.3CVSS6AI score0.02224EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/02 4:36 a.m.•4 views

Dotclear vulnerable to cross-site scripting

Overview Dotclear is a weblog software. Dotclear contains a cross-site scripting vulnerability. Yuji Tounai of NTT Com SecurityJapanKK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user views a...

4.3CVSS6.1AI score0.0121EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/01 5:11 a.m.•4 views

AjaXplorer vulnerable to directory traversal

Overview AjaXplorer contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5CVSS6.7AI score0.01895EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/30 6:5 a.m.•4 views

MATCHA SNS access restriction bypass vulnerability

Overview MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains an access restriction bypass vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user without...

6.5CVSS6.6AI score0.01255EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/30 6:5 a.m.•4 views

MATCHA SNS vulnerable to code injection

Overview MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains a code injection CWE-94 vulnerability due to a flaw when configuring the database during installation. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

6.8CVSS7.7AI score0.01321EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/30 5:46 a.m.•4 views

baserCMS fails to restrict access permissions

Overview baserCMS is an open-source Contents Management System CMS. baserCMS contains a vulnerability where user settings may be changed when processing specially crafted request sent by an attacker logged into the system. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with...

6.5CVSS6.7AI score0.01551EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/04 6:12 a.m.•4 views

Apache Struts vulnerable to cross-site scripting

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a cross-site scripting vulnerability when devMode is left turned on. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC...

6.1CVSS6.1AI score0.07551EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/03 5:46 a.m.•4 views

hitSuji (rktSNS2) vulnetable to cross-site scripting

Overview hitSuji rktSNS2 provided by rakuto.net is an open source SNS software. hitSuji rktSNS2 contains a cross-site scripting vulnerability. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on May 26, 2015, it was judged that an advisory for this...

4.3CVSS6.2AI score0.0095EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/01 3:36 a.m.•4 views

desknet's NEO vulnerable to directory traversal

Overview desknet's NEO provided by NEOJAPAN Inc. contains a directory traversal CWE-22 vulnerability where it fails to verify html parameter in zhtml.cgi. Hiroyuki Yamashita of M Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

4CVSS6.6AI score0.01557EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/29 5:58 a.m.•4 views

yoyaku_v41 vulnerable to authentication bypass

Overview yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains an authentication bypass vulnerability CWE-592. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5CVSS7AI score0.01277EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/29 5:58 a.m.•4 views

yoyaku_v41 vulnerable to arbitrary file creation

Overview yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a vulnerability that may allow a remote attacker to create arbitrary files CWE-20. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.5CVSS7.3AI score0.02288EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/24 5:46 a.m.•4 views

Research Artisan Lite does not properly perform authentication

Overview Research Artisan Lite provided by Research Artisan Project is an access analysis tool. Research Artisan Lite does not properly perform authentication CWE-592. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer unde...

5CVSS6.7AI score0.01344EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/10 5:50 a.m.•4 views

LINE@ vulnerable to script injection

Overview LINE@ provided by LINE Corporation is an application used to communicate with others. LINE@ is vulnerable to MITM man-in-the-middle attacks since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle...

5.9CVSS6.5AI score0.0018EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 5:15 a.m.•4 views

MilkyStep vulnerable to SQL injection

Overview MilkyStep provided by Igreks Inc. contains a SQL injection vulnerability. MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a SQL injection vulnerability CWE-89. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC...

7.5CVSS7.9AI score0.01285EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/05 5:2 a.m.•4 views

NetFlow Analyzer fails to restrict access permissions

Overview NetFlow Analyzer provided by Zoho Corporation fails to restrict access permissions. Tomoshige Hasegawa, Akihito Mukai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Administrative operations, for...

7.5CVSS6.6AI score0.03409EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/05 4:59 a.m.•4 views

NetFlow Analyzer vulnerable to cross-site scripting

Overview NetFlow Analyzer provided by Zoho Corporation contains a cross-site scripting vulnerability. Tomoshige Hasegawa, Akihito Mukai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may...

4.3CVSS6.1AI score0.02106EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/28 4:42 a.m.•4 views

ZenPhoto20 vulnerable to cross-site scripting

Overview ZenPhoto20 is a content management system CMS. ZenPhoto20 contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing encoded user-supplied input. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

4.3CVSS6AI score0.01181EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/21 7:36 a.m.•4 views

Problem with directory permissions in JP1/Automatic Operation

Overview There is a problem of permissions on file transfer directory in JP1/Automatic Operation. Impact Malicious local users might refer or modify transferred files. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

3.3CVSS6.5AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/20 5:34 a.m.•4 views

mt-phpincgi vulnerable to PHP object injection

Overview mt-phpincgi is script that runs Movable Type templates as PHP. mt-phpincgi contains a PHP object Injection vulnerability. According to the reporter, attacks that attempt to exploit this vulnerability have been confirmed. Impact Arbitrary PHP code may be executed on the server by an...

7.5CVSS7.3AI score0.01749EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/10 5:38 a.m.•4 views

Seasar S2Struts vulnerable to input validation bypass

Overview Seasar S2Struts provided by The Seasar Foundation is a software framework for developing Java web applications. Seasar S2Struts is vulnerable to an issue contained in the Apache Struts 1 Validator, because S2Struts 1.2.x uses Apache Struts 1.2.x, and S2Struts 1.3.x uses Apache Struts...

7.5CVSS8.4AI score0.21261EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/09 4:57 a.m.•4 views

Lhaplus vulnerable to directory traversal

Overview Lhaplus is a file compression/decompression software. Lhaplus contains an issue in processing file names, which may result in a directory traversal vulnerability. akirayou of Nico-TECH reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

5.8CVSS6.7AI score0.0156EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/26 5:4 a.m.•4 views

WordPress theme flashy vulnerable to cross-site scripting

Overview flashy is a theme for WordPress. flashy contains a cross-site scripting vulnerability. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the user'...

4.3CVSS6.2AI score0.01973EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/20 7:16 a.m.•4 views

LINE vulnerable to script injection

Overview LINE provided by LINE Corporation is an application used to communicate with others. LINE is vulnerable to MITM man-in-the-middle attacks since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle...

5.9CVSS6.5AI score0.0018EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/02/27 6:57 a.m.•4 views

Cross-site Scripting Vulnerability in Hitachi IT Operations Analyzer

Overview A cross-site scripting vulnerability was found in the online help of Hitachi IT Operations Analyzer. Impact Remote users can exploit a cross-site scripting vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasur...

4.3CVSS6.2AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/02/27 5:2 a.m.•4 views

KENT-WEB Clip Board vulnerability where arbitary files may be deleted

Overview Clip Board provided by KENT-WEB is a bulletin board software that allows users to upload binary files such as image files. KENT-WEB Clip Board contains a vulnerability that may allow a remote attacker to delete arbitrary files. Shoji Baba reported this vulnerability to IPA. JPCERT/CC...

6.4CVSS6.9AI score0.01511EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/02/17 5:20 a.m.•4 views

Saurus CMS Community Edition vulnerable to cross-site scripting

Overview Saurus CMS Community Edition is open source software to manage and build websites. Saurus CMS Community Edition contains multiple cross-site scripting vulnerabilities. Yuji Tounai of NTT Com Security reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under...

4.3CVSS6.5AI score0.01786EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/02/13 4:58 a.m.•4 views

shiromuku(u1)GUESTBOOK vulnerable to cross-site scripting

Overview shiromukuu1GUESTBOOK from Perl CGI's By Mrs. Shiromuku is a bulletin board software. shiromukuu1GUESTBOOK contains a cross-site scripting vulnerability. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.3CVSS6.1AI score0.00931EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/01/30 4:52 a.m.•4 views

Fumy News Clipper vulnerable to cross-site scripting

Overview Fumy News Clipper provided by Nishishi Factory contains a cross-site scripting vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the...

4.3CVSS6.1AI score0.01161EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/01/23 5:22 a.m.•4 views

shiromuku(bu2)BBS vulnerable to arbitrary file creation

Overview shiromukubu2BBS from Perl CGI's By Mrs. Shiromuku is a bulletin board software. shiromukubu2BBS contains a vulnerability that may allow a remote attacker to create arbitrary files. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

7.5CVSS7.6AI score0.02622EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/18 4:41 a.m.•4 views

TSUTAYA App for Android vulnerable to arbitrary Java method execution

Overview TSUTAYA App for Android contains a vulnerability where an arbitrary Java method may be executed. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

6.8CVSS6.7AI score0.02016EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/09 5:45 a.m.•4 views

i-HTTPD vulnerable to cross-site scripting

Overview i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in processing HTTP header, which may lead to cross-site scripting CWE-79. Note that this vulnerability is different from JVN89613370. Yamagata of webappsec.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the...

4.3CVSS6.1AI score0.01502EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/09 5:41 a.m.•4 views

i-HTTPD vulnerable to cross-site scripting

Overview i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in generating a directory index page, which may lead to a cross-site scripting CWE-79. Note that this vulnerability is different from JVN87910097. Yamagata of webappsec.jp reported this vulnerability to IPA. JPCERT/CC coordinat...

4.3CVSS6.2AI score0.01148EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/03 6:9 a.m.•4 views

DBD::PgPP vulnerable to SQL injection

Overview DBD::PgPP is a pure-Perl client interface for the PostgreSQL database. DBD::PgPP contains a SQL injection vulnerability. Toshiharu Sugiyama reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If DBD::Pg...

9.8CVSS7.9AI score0.01559EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/02 4:56 a.m.•4 views

Multiple improper data validation vulnerabilities in Syslink driver for Texas Instruments OMAP mobile processors

Overview The Syslink driver for OMAP mobile processors contained in Android devices contain mulitple improper data validation vulerabilities. The OMAP mobile processor provided by Texas Instruments is used in some Android tablets, smartphones and other devices. The Syslink driver for some OMAP...

6.2CVSS7.6AI score0.00377EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/01 6:18 a.m.•4 views

SEIL Series routers vulnerable to denial-of-service (DoS)

Overview SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing NTP requests. Note that this vulnerability is different from JVN04895240. Impact By receiving a large volume of NTP request in a short time, the devi...

7.5CVSS6.9AI score0.03172EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/28 5:54 a.m.•4 views

FAST/TOOLS vulnerable to improper restriction of XML external entity references

Overview FAST/TOOLS provided by Yokogawa Electric Corporation contains a vulnerability where XML external entity XXE references are not properly restricted CWE-611. Timur Yunusov, Alexey Osipov and Ilya Karpov of Positive Technologies reported this vulnerability to JPCERT/CC. JPCERT/CC coordinate...

3.2CVSS6.6AI score0.00319EPSS
Exploits0References7
Total number of security vulnerabilities5000