Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/23 7:53 a.m.•3 views

Android App "Spoon" uses a hard-coded API key for an external service

Overview Android App "Spoon" provided by Spoon Radio Japan Inc. uses a hard-coded API key for an external service CWE-798. Yoshihito Sakai of BroadBand Security, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

5.5CVSS6.6AI score0.00163EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/23 6:13 a.m.•3 views

Improper restriction of XML external entity references (XXE) in Electronic Deliverables Creation Support Tool provided by Ministry of Defense

Overview Electronic Deliverables Creation Support Tool provided by Ministry of Defense improperly restricts XML external entity references XXE CWE-611. Toyama Taku of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.5CVSS6.6AI score0.00195EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/19 3:30 a.m.•3 views

FusionPBX vulnerable to cross-site scripting

Overview FusionPBX contains a stored cross-site scripting vulnerability CWE-79. Satoshi Horikoshi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the web browser of the...

4.8CVSS5.8AI score0.00458EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/16 4:41 a.m.•3 views

Drupal vulnerable to improper handling of structural elements

Overview Drupal provided by Drupal.org contains an improper handling of structural elements vulnerability CWE-237. Shiga Takuma of BroadBand Security Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

7.5CVSS6.5AI score0.00791EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/15 6:19 a.m.•3 views

Thermal camera TMC series vulnerable to insufficient technical documentation

Overview Thermal camera TMC series provided by THREE R SOLUTION CORP. JAPAN are vulnerable to insufficient technical documentation CWE-1059. The related documentation does not describe the existence of the network interface, nor the internal storage for pictures and measurement data. Hiroyuki...

4.6CVSS6.5AI score0.00238EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/10 4:57 a.m.•3 views

Multiple TP-Link products vulnerable to OS command injection

Overview Multiple products provided by TP-LINK contain multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2024-21773 OS command injection CWE-78 - CVE-2024-21821 OS command injection CWE-78 - CVE-2024-21833 Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to...

8.8CVSS7.9AI score0.01072EPSS
Exploits0References15
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/15 6:17 a.m.•3 views

WordPress plugin "MW WP Form" vulnerable to arbitrary file upload

Overview WordPress plugin "MW WP Form" provided by Web Consultation Office Co., Ltd can create a mail form using shortcode. MW WP Form contains a vulnerability that may allow an attacker to upload arbitrary files CVE-2023-6316, CWE-434. Impact When the "Saving inquiry data in database" option in...

9.8CVSS7.7AI score0.01448EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/13 6:6 a.m.•3 views

ELECOM wireless LAN routers vulnerable to OS command injection

Overview Multiple ELECOM wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability CWE-78. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If a logged-in user with an administrative...

6.8CVSS7.5AI score0.00862EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/01 5:58 a.m.•3 views

Ruckus Access Point contains a cross-site scripting vulnerability.

Overview Ruckus Access Point provided by CommScope, Inc. contains a cross-site scripting vulnerability CWE-79. MUNEHIRO SHIRATANI of AGEST,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

6.1CVSS6AI score0.00414EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/20 8:15 a.m.•3 views

Multiple vulnerabilities in LuxCal Web Calendar

Overview LuxCal Web Calendar provided by LuxSoft contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2023-46700 Cross-site scripting CWE-79 - CVE-2023-47175 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated wit...

9.8CVSS7.7AI score0.0103EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/17 8:31 a.m.•3 views

Multiple vulnerabilities in First Corporation's DVRs

Overview DVRs provided by First Co., Ltd. contain multiple vulnerabilities listed below. Use of hard-coded password CWE-259 - CVE-2023-47213 Missing authentication for critical function CWE-306 - CVE-2023-47674 Yoshiki Mori of National Institute of Information and Communications Technology...

9.8CVSS7.3AI score0.01264EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/13 5:1 a.m.•3 views

Multiple vulnerabilities in Cisco Firepower Management Center Software

Overview Cisco Firepower Management Center Software provided by Cisco Systems contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2023-20219 Path traversal CWE-22 - CVE-2023-20220 Kentaro Kawane of LAC Co., Ltd. reported these vulnerabilitis to IPA. JPCERT/CC...

8.8CVSS7.7AI score0.01073EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/10 5:41 a.m.•3 views

HOTELDRUID vulnerable to cross-site scripting

Overview HOTELDRUID provided by DigitalDruid.Net contains a cross-site scripting vulnerability CWE-79. Tomoro Taniguchi of FiveDrive, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script...

6.1CVSS6AI score0.00705EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/30 4:48 a.m.•3 views

Inkdrop vulnerable to code injection

Overview Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains a code injection vulnerability CWE-94. T.Nodoka reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a specially crafted...

7.8CVSS7.7AI score0.00288EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/27 7:10 a.m.•3 views

Advanced Micro Devices Windows kernel drivers vulnerable to insufficient access control on its IOCTL

Overview Multiple Windows kernel drivers provided by Advanced Micro Devices Inc. are vulnerable to insufficient access control on its IOCTL CWE-782, CVE-2023-20598. Takahiro Haruyama of VMware reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact By sending a...

7.8CVSS6.8AI score0.0046EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/24 7:11 a.m.•3 views

Improper restriction of XML external entity reference (XXE) vulnerability in OMRON CX-Designer

Overview CX-Designer provided by OMRON Corporation contains an improper restriction of XML external entity reference XXE vulnerability CWE-611. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If a user opens a specially crafted project fil...

5.5CVSS6.6AI score0.00195EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/23 5:26 a.m.•3 views

HP ThinUpdate vulnerable to improper server certificate verification

Overview HP ThinUpdate provided by HP Development Company, L.P. is vulnerable to improper server certificate verification CWE-295. Narumi Hirai of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

7.5CVSS6.6AI score0.00538EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/19 6:16 a.m.•3 views

Multiple vulnerabilities in JustSystems products

Overview Multiple products provided by JustSystems Corporation contain multiple vulnerabilities listed below. Use after free CWE-416 - CVE-2023-34366 Integer overflow CWE-190 - CVE-2023-38127 Access of resource using incompatible type Type confusion CWE-843 - CVE-2023-38128 Improper validation of...

7.8CVSS7.1AI score0.00678EPSS
Exploits4References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/06 5:57 a.m.•3 views

e-Gov Client Application fails to restrict custom URL schemes properly

Overview e-Gov Client Application is installed, a Custom URL Scheme is configured on the system to enable invoking the product through a web browser. This custom URL contains the information about the website which the product should access, and a crafted URL may direct the application to access ...

4.3CVSS6.5AI score0.00355EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/04 6:23 a.m.•3 views

File and Directory Permissions Vulnerability in JP1/Performance Management

Overview A File and Directory Permissions Vulnerability CVE-2023-3440 exists in JP1/Performance Management. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

8.4CVSS6.8AI score0.00189EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/03 5:26 a.m.•3 views

Multiple vulnerabilities in multiple FURUNO SYSTEMS wireless LAN access point devices in ST(Standalone) mode

Overview Wireless LAN access point devices provided by FURUNO SYSTEMS Co.,Ltd., running in STStandalone mode, contain multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2023-39222 Cross-site Scripting CWE-79 - CVE-2023-39429 Cross-Site Request Forgery CWE-352 - CVE-2023-4108...

8.8CVSS7.2AI score0.01286EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/13 6:2 a.m.•3 views

Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software

Overview Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below. Double free CWE-415 - CVE-2023-41374 Use-after-free CWE-416 - CVE-2023-41375 Michael Heinzl reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with th...

7.8CVSS7.2AI score0.00188EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/06 6:35 a.m.•3 views

Vulnerability in JP1/VERITAS

Overview A vulnerability VTS23-011 exists in JP1/VERITAS. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

9.8CVSS6.8AI score0.00334EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/05 5:55 a.m.•3 views

Multiple vulnerabilities in CGIs of PMailServer and PMailServer2

Overview CGIs included with PMailServer and PMailServer2 provided by A.K.I Software contain multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-39223 Insufficient verification vulnerability in Broadcast Mail CGI pmc.exe CWE-434 - CVE-2023-39933...

7.5CVSS6.7AI score0.00975EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/30 1:5 a.m.•3 views

Phoenix Technologies Windows kernel driver vulnerable to insufficient access control on its IOCTL

Overview Some of the Windows kernel drivers provided by Phoenix Technologies Inc. is vulnerable to insufficient access control on its IOCTL CWE-782, CVE-2023-35841. Takahiro Haruyama of VMware reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact By sending a...

7.8CVSS6.5AI score0.00372EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/29 6:55 a.m.•3 views

Vulnerability in HiRDB

Overview A Vulnerability CVE-2023-1995 exists in HiRDB. Impact Some audit logs may not be retrieved. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.5CVSS6.8AI score0.00377EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/22 9:2 a.m.•3 views

Multiple vulnerabilities in Panasonic Control FPWIN Pro7

Overview Control FPWIN Pro7 provided by Panasonic contains multiple vulnerabilities listed below. Stack-based Buffer Overflow CWE-121 - CVE-2023-28728 Access of Resource Using Incompatible Type CWE-843 - CVE-2023-28729 Improper Restriction of Operations within the Bounds of a Memory Buffer Michae...

7.8CVSS7.5AI score0.00279EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/17 6:12 a.m.•3 views

EC-CUBE 2 series vulnerable to cross-site scripting

Overview EC-CUBE 2 series provided by EC-CUBE CO.,LTD. contains a cross-site scripting vulnerability CWE-79 in "mail/template" and "products/product" of Management page. Shimamine Taihei of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to EC-CUBE CO.,LTD. and EC-CUBE CO.,LTD...

4.8CVSS6AI score0.00362EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/07 6:15 a.m.•3 views

Multiple vulnerabilities in Special Interest Group Network for Analysis and Liaison's API

Overview Special Interest Group Network for Analysis and Liaison's "Inter-SOC Cooperation API" provided by Japan Computer Emergency Response Team Coordination Center JPCERT/CC contains multiple vulnerabilities listed below. Improper Authorization in Information Provision function CWE-285 -...

4.3CVSS7AI score0.00376EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/04 8:31 a.m.•3 views

Fujitsu Software Infrastructure Manager (ISM) stores sensitive information in cleartext

Overview Fujitsu Software Infrastructure Manager ISM V2.8.0.060, provided by Fujitsu Limited, stores the password for the proxy server in cleartext form to the product's maintenance data ismsnap CWE-312 under the following conditions. Using a proxy server that requires authentication in the...

7.5CVSS6.8AI score0.00351EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/02 5:55 a.m.•3 views

SEIKO EPSON printer Web Config vulnerable to denial-of-service (DoS)

Overview SEIKO EPSON printer Web Config contains a denial-of-service DoS vulnerability due to improper input validation CWE-20. SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and SEIKO EPSON CORPORATION coordinated under the...

7.8CVSS6.6AI score0.00644EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/19 5:48 a.m.•3 views

Multiple Vulnerabilities in Hitachi Device Manager

Overview Multiple vulnerabilities have been found in Hitachi Device Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

9CVSS7AI score0.00285EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/27 6:12 a.m.•3 views

Multiple vulnerabilities in Aterm series

Overview Aterm series provided by NEC Corporation contain multiple vulnerabilities listed below. Directory traversal CWE-22 - CVE-2023-3330 Directory traversal CWE-22 - CVE-2023-3331 Stored cross-site scripting CWE-79 - CVE-2023-3332 OS command injection CWE-78 - CVE-2023-3333 Taizoh Tsukamoto of...

7.7CVSS7AI score0.00713EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/09 6:18 a.m.•3 views

ASUS Router RT-AX3000 vulnerable to using sensitive cookies without 'Secure' attribute

Overview ASUS Router RT-AX3000 provided by ASUSTeK COMPUTER INC. uses sensitive cookies without 'Secure' attribute CWE-614. Shungo Kumasaka of GMO Cyber Security by IERAE reported this vulnerability to the developer and JPCERT/CC published respective advisories in order to notify users of this...

5.3CVSS6.4AI score0.0027EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/05 6:55 a.m.•3 views

Multiple vulnerabilities in FUJI ELECTRIC FRENIC RHC Loader

Overview FRENIC RHC Loader provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below. Stack-based buffer overflow CWE-121 - CVE-2023-29160 Out-of-bounds read CWE-125 - CVE-2023-29167 Improper restriction of XML external entity reference CWE-611 - CVE-2023-29498 Michael...

7.8CVSS7.6AI score0.00226EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/31 6:34 a.m.•3 views

Pleasanter vulnerable to cross-site scripting

Overview Pleasanter provided by Implem Inc. contains a cross-site scripting vulnerability CWE-79. Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Implem Inc. and Implem Inc. reported it to IPA. JPCERT/CC and Implem Inc. coordinated under the Information Security...

5.4CVSS6.2AI score0.00671EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/19 6:40 a.m.•3 views

Android App "Brother iPrint&Scan" vulnerable to improper access control

Overview Android App "Brother iPrint" provided by BROTHER INDUSTRIES, LTD. contains an improper access control vulnerability CWE-284, CVE-2023-28369. Johan Francsics reported this vulnerability to BROTHER INDUSTRIES, LTD. and coordinated. After the coordination, BROTHER INDUSTRIES, LTD. reported...

3.3CVSS6.5AI score0.00213EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/18 5:13 a.m.•3 views

Qrio Smart Lock Q-SL2 vulnerable to authentication bypass by capture-replay

Overview Qrio Smart Lock Q-SL2 provided by Qrio, inc. contains an authentication bypass by capture-replay vulnerability CWE-294. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

8.8CVSS6.8AI score0.00361EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/15 5:29 a.m.•3 views

Multiple vulnerabilities in WordPress Plugin "MW WP Form" and "Snow Monkey Forms"

Overview WordPress Plugin "MW WP Form" and "Snow Monkey Forms" provided by Monkey Wrench Inc. contain multiple vulnerabilities listed below. Directory traversal CWE-22 - CVE-2023-28408 Unrestricted upload of file with dangerous type CWE-434 - CVE-2023-28409 Directory traversal CWE-22 -...

9.8CVSS7AI score0.02021EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/09 4:58 a.m.•3 views

SR-7100VN vulnerable to privilege escalation

Overview SR-7100VN provided by ICOM INCORPORATED contains a privilege escalation vulnerability CWE-268. HAMANO Kiyoto of SOUM Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user with an...

6.8CVSS7AI score0.00338EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/19 5:49 a.m.•3 views

Improper restriction of XML external entity references (XXE) in Shinseiyo Sogo Soft

Overview Shinseiyo Sogo Soft provided by The Ministry of Justice improperly restricts XML external entity references XXE CWE-611. Taku Toyama of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

7.5CVSS6.8AI score0.00343EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/19 5:24 a.m.•3 views

WordPress plugin "LIQUID SPEECH BALLOON" vulnerable to cross-site request forgery

Overview WordPress plugin "LIQUID SPEECH BALLOON" provided by LIQUID DESIGN Ltd. contains a cross-site request forgery vulnerability CWE-352. Ryo Sato of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.8CVSS6.4AI score0.00457EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/14 6:44 a.m.•3 views

Trend Micro Security may insecurely load Dynamic Link Libraries

Overview Trend Micro Security provided by Trend Micro Incorporated contains an insecure DLL loading issue CWE-427. While the affected version of Trend Micro Security is installed and a malicious DLL is placed in a directory where some application executable resides, invoking the application...

8.6CVSS6.7AI score0.00367EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/06 5:59 a.m.•3 views

Yokogawa Electric CENTUM series vulnerable to cleartext storage of sensitive information

Overview CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information CWE-312, CVE-2023-26593. Yokogawa Electric Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact If an attacker who can...

7.8CVSS6.9AI score0.00136EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/03 7:24 a.m.•3 views

JTEKT ELECTRONIC Screen Creator Advance 2 vulnerable to improper restriction of operations within the bounds of a memory buffer

Overview Screen Creator Advance 2 provided by JTEKT ELECTRONICS CORPORATION is vulnerable to improper restriction of operations within the bounds of a memory buffer CWE-119 due to improper check of its data size when processing a project file. Michael Heinzl reported this vulnerability to...

7.8CVSS7.3AI score0.00219EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/03 7:19 a.m.•3 views

CONPROSYS HMI System(CHS) vulnerable to SQL injection

Overview CONPROSYS HMI SystemCHS provided by Contec Co., Ltd. contains an SQL injection vulnerability CWE-89, CVE-2023-1658. Tenable Network Security reported this vulnerability to the developer. JPCERT/CC coordinated with the reporter and the developer. Impact Sending a specially crafted paramet...

7.5CVSS7.5AI score
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/03/13 3:28 a.m.•3 views

Android App "Wolt Delivery: Food and more" uses a hard-coded API key for an external service

Overview Android App "Wolt Delivery: Food and more" provided by Wolt uses a hard-coded API key for an external service CWE-798. Naoya Kurosawa of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

7.8CVSS6.5AI score0.00161EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/03/06 6:31 a.m.•3 views

Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software

Overview Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below. Out-of-bounds read CWE-125 - CVE-2023-22419, CVE-2023-22421 Use-after-free CWE-416 - CVE-2023-22424 Michael Heinzl reported these vulnerabilities to JPCERT/CC...

7.8CVSS7.8AI score0.00318EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/03/06 6:22 a.m.•3 views

Multiple vulnerabilities in PostgreSQL extension module pg_ivm

Overview pgivm provided by IVM Development Group is a PostgreSQL extension module that provides incremental view maintenance functionality of materialized views. pgivm contains multiple vulnerabilities listed below. Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2023-228...

8.8CVSS7AI score0.00939EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/03/03 2:10 a.m.•3 views

Multiple vulnerabilities in Trend Micro Maximum Security

Overview Trend Micro Incorporated has released security updates for Trend Micro Maximum Security. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Trend Micro Maximum Security 2022 Arbitrary file deletion due to link...

7.8CVSS6.9AI score0.00435EPSS
Exploits0References20
Total number of security vulnerabilities5000