Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/10/20 8:38 a.m.•3 views

Movable Type XMLRPC API vulnerable to OS command injection

Overview Movable Type XMLRPC API provided by Six Apart Ltd. contains an OS command injection vulnerability CWE-78. Sending a specially crafted message by POST method to Movavle Type XMLRPC API may allow arbitrary OS command execution. Updated on 2021 November 10 As of 2021 November 10, a...

9.8CVSS7.9AI score0.88144EPSS
Exploits11References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/09/30 4:56 a.m.•3 views

Trend Micro HouseCall for Home Networks vulnerable to privilege escalation

Overview Trend Micro Incorporated has released a security update for HouseCall for Home Networks. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A user who can log in to the product may obtain administrative privileges. As a...

7CVSS7.2AI score0.00533EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/09/16 5:33 a.m.•3 views

EC-CUBE plugin "Order Status Batch Change Plug-in" vulnerable to cross-site scripting

Overview EC-CUBE plugin "Order Status Batch Change Plug-in" provided by ActiveFusions Co., Ltd. contains a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by conducting a specific operation on the management page of EC-CUBE. ActiveFusions Co., Ltd. reported this...

6.1CVSS6.2AI score0.00748EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/08/20 5:25 a.m.•3 views

Multiple vulnerabilities in Navigate CMS

Overview Navigate CMS is an open source Contents Management System CMS provided by Naviwebs S.C. Navigate CMS contains multiple vulnerabilities listed below. Reflected cross-site scripting in the Help feature CWE-79 Reflected cross-site scripting CWE-79 - CVE-2021-36454 SQL injection CWE-89 -...

8.8CVSS7.2AI score0.01104EPSS
Exploits2References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/07/21 6:12 a.m.•3 views

Minecraft Java Edition vulnerable to directory traversal

Overview Minecraft Java Edition provided by Mojang Studios contains a directory traversal vulnerability CWE-22. RyotaK reported this vulnerability to the developer and coordinated on his own. After coordination was completed, this case was reported to IPA, and JPCERT/CC coordinated with the...

7.5CVSS6.5AI score0.0143EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/07/19 7:53 a.m.•3 views

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) vulnerable to cross-site scripting

Overview Trend Micro Incorporated has released a security update for InterScan Web Security Virtual Appliance IWSVA. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. Impact A user may be redirected to an arbitrary website due to the...

5.4CVSS6.1AI score0.01398EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/07/14 8:13 a.m.•3 views

Optical BB unit E-WMTA2.3 vulnerable to cross-site request forgery

Overview Optical BB unit E-WMTA2.3 provided by SoftBank contains a cross-site request forgery vulnerability CWE-352. Hiroki Nishino reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user views a malicious...

8.8CVSS6.7AI score0.00551EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/07/13 5:34 a.m.•3 views

Multiple vulnerabilities in Retty App

Overview Retty App provided by Retty Inc. contains multiple vulnerabilities listed below. The app is launched by Custom URL Scheme and a user may be led to access an arbitrary URL CWE-939 - CVE-2021-20747 The App uses a hard-coded API key for external services CWE-798 - CVE-2021-20748 Ryo Sato of...

7.5CVSS6.9AI score0.01037EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/07/08 5:29 a.m.•3 views

WordPress Plugin "WordPress Meta Data Filter & Taxonomies Filter" vulnerable to cross-site request forgery

Overview WordPress Plugin "WordPress Meta Data Filter & Taxonomies Filter" provided by realmag777 contains a cross-site request forgery vulnerability CWE-352. Ryoma Nishioka of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this...

8.8CVSS6.6AI score0.00849EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/07/01 6:49 a.m.•3 views

EC-CUBE fails to restrict access permissions

Overview EC-CUBE provided by EC-CUBE CO.,LTD. fails to restrict access permissions CWE-284 . EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LTD. coordinated under the Information Security Early Warning Partnership...

7.5CVSS6.6AI score0.02071EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/05/26 5:50 a.m.•3 views

Zettlr vulnerable to cross-site scripting

Overview Zettlr provided by Hendrik Erz is a Markdown editor. Zettlr contains a cross-site scripting vulnerability CWE-79. Eiji Mori of flatt security Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If ...

6.1CVSS6.2AI score0.01036EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/05/21 7:7 a.m.•3 views

Installer of Overwolf may insecurely load Dynamic Link Libraries

Overview Overwolf is a software framework for creating applications for games. The Overwolf Installer contains an issue with the DLL search path CWE-427, which may lead to insecurely loading Dynamic Link Libraries stored in the same directory where the installer resides. Shogo kumamaru of LAC Co....

7.8CVSS6.8AI score0.00292EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/05/13 7:5 a.m.•3 views

RFNTPS vulnerable to OS command injection

Overview RFNTPS provided by NIPPON ANTENNA Co.,Ltd. is a terrestrial reception type NTP server. RFNTPS contains an OS command injection vulnerability CWE-78. Tomoomi Iwata of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

8.8CVSS7.5AI score0.0044EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/04/28 7:14 a.m.•3 views

Multiple vulnerabilities in Buffalo broadband routers

Overview Multiple broadband routers provided by BUFFALO INC. contain multiple vulnerabilities listed below. Disclosure of sensitive information to an unauthorized user CWE-200 - CVE-2021-3511 Improper access control CWE-284 - CVE-2021-3512 Chuya Hayakawa of 00One, Inc. reported this vulnerability...

8.8CVSS7.7AI score0.00857EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/04/22 7:33 a.m.•3 views

yappa-ng vulnerable to cross-site scripting

Overview yappa-ng provided by yet another PHP photo album next generation according to the original report submitted by the reporter is a PHP photo gallery. yappa-ng contains a cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the user's web browser. During...

6.1CVSS6.3AI score0.03722EPSS
Exploits1References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/04/09 8:16 a.m.•3 views

Multiple vulnerabilities in multiple Aterm products

Overview Multiple Aterm products provided by NEC Corporation contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2021-20680 OS command injection via UPnP CWE-78 - CVE-2014-8361 CVE-2021-20680 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this...

10CVSS7.6AI score0.99975EPSS
Exploits6References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/04/09 7:42 a.m.•3 views

Multiple vulnerabilities in Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP

Overview Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP provided by NEC Corporation contain multiple vulnerabilities listed below. Aterm WF1200CR, Aterm WG1200CR, and Aterm WG2600HS OS Command Injection CWE-78 - CVE-2021-20708 Improper Validation of Integrity Check Value CWE-3...

10CVSS7.2AI score0.01359EPSS
Exploits0References16
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/03/25 9:12 a.m.•3 views

Yomi-Search vulnerable to cross-site scripting

Overview Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the user's web browser. During the meeting of Committee for authorizing the disclosure of unresolv...

6.1CVSS6.2AI score0.00756EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/03/25 9:1 a.m.•3 views

Yomi-Search vulnerable to cross-site scripting

Overview Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 22, 2021, it was judged that an...

6.1CVSS6.1AI score0.00756EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/03/25 8:46 a.m.•3 views

Kagemai vulnerable to cross-site scripting

Overview Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a stored cross-site scripting vulnerability CWE-79 which allows an unintended script execution on the web browser of the user w...

6.1CVSS5.9AI score0.00756EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/03/25 8:32 a.m.•3 views

MagazinegerZ vulnerable to cross-site scripting

Overview MagazinegerZ provided by CGI Script Market is a CGI script which provides a function to enable email newsletter distribution for a website. MagazinegerZ contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of the...

6.1CVSS6.3AI score0.00756EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/03/22 5:57 a.m.•3 views

UNIVERGE Aspire series PBX vulnerable to denial-of-service (DoS)

Overview Remote system maintenance feature of UNIVERGE Aspire series PBX contain an issue in handling commands, which may cause a denial-of-service DoS. NEC Platforms, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinate...

3.5CVSS6.8AI score0.00919EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/03/19 6:32 a.m.•3 views

Fuji Xerox multifunction devices and printers vulnerable to denial-of-service (DoS)

Overview Multifunction devices and printers provided by Fuji Xerox Co.,Ltd. contain a denial-of-service DoS vulnerability. Masahiro Kawada of Ierae Security Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

7.8CVSS6.4AI score0.01549EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/03/17 7:24 a.m.•3 views

WordPress plugin "Paid Memberships Pro" vulnerable to SQL injection

Overview WordPress Plugin "Paid Memberships Pro" contains an SQL injection vulnerability CWE-89. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated on his own. After coordination was completed, this case was reported to JPCERT/CC, and...

8.8CVSS7.6AI score0.02044EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/03/10 7:11 a.m.•3 views

Multiple cross-site scripting vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters CWE-79 - CVE-2021-20672 Stored cross-site scripting vulnerability in Admin Page CWE-79...

6.1CVSS6.1AI score0.00947EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/03/09 5:17 a.m.•3 views

Multiple vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Stored Cross-site Scripting CWE-79 - CVE-2021-20667 Path Traversal CWE-22 - CVE-2021-20668 Path Traversal CWE-22 - CVE-2021-20669 Improper Access Control CWE-284 - CVE-2021-20670 Improper Input Validation CWE-...

7.5CVSS7.4AI score0.01835EPSS
Exploits0References18
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/02/16 8:23 a.m.•3 views

Multiple Vulnerabilities in JP1/Automatic Operation

Overview Multiple vulnerabilities have been found in JP1/Automatic Operation. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/02/16 6:7 a.m.•3 views

FileZen vulnerable to OS command injection

Overview FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains an OS command injection vulnerability CWE-78. Soliton Systems K.K. reported this vulnerability to JPCERT/CC to notify users of its solution through...

9.1CVSS7.7AI score0.0397EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/02/15 6:52 a.m.•3 views

Calsos CSDJ fails to restrict access permissions

Overview Calsos CSDJ provided by NEC Platforms, Ltd. fails to restrict access permissions CWE-264, which may lead to an unauthorized user being able to view the historical data without access privileges. Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this...

5.3CVSS6.5AI score0.01191EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/02/09 6:8 a.m.•3 views

Cross-site Scripting Vulnerability in Hitachi Application Server Help

Overview A cross-site scripting vulnerability was found in Hitachi Application Server Help. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

6.1AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/02/04 6:42 a.m.•3 views

Trend Micro HouseCall for Home Networks (Windows Edition) may insecurely load Dynamic Link Libraries

Overview HouseCall for Home Networks Windows Edition provided by Trend Micro Incorporated contains an issue with the DLL search path. By reading a malicious DLL placed in the folder specified by the PATH environment variable, arbitrary code with an escalated privilege may be executed CWE-427. Tre...

7.8CVSS7.5AI score0.00749EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/01/27 9:31 a.m.•3 views

OS command injection vulnerability in multiple Infoscience Corporation log management tools

Overview Infoscience Corporation's multiple log management tools provide an FTP upload function as one of the log collection methods, and is able to set to allow the adminitrators to accept FTP uploads. In a situation where the FTP upload function is enabled and there is a flaw of input value...

9CVSS7.1AI score0.02156EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/01/26 7:33 a.m.•3 views

Multiple vulnerabilities in multiple ELECOM products

Overview Multiple products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Improper Access Control CWE-284 - CVE-2021-20643 Script injection in web setup page CWE-74 - CVE-2021-20644 Stored cross-site scripting CWE-79 - CVE-2021-20645 Cross-site request forgery CWE-352 ...

10CVSS7.5AI score0.99975EPSS
Exploits6References25
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/01/25 7:21 a.m.•3 views

TP-Link TL-WR841N V13 (JP) vulnerable to OS command injection

Overview ​TP-Link TL-WR841N is a wifi router for home networks. The firmware version 161028 for hardware version V13 JP is reported vulnerable to OS command injection CWE-78. According to the vendor, the firmware for hardware version V14 JP is not affected. Koh You Liang of 3-shake Inc. reported...

9CVSS7.5AI score0.42285EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/01/14 7:22 a.m.•3 views

Multiple vulnerabilities in acmailer

Overview acmailer provided by Seeds Co.,Ltd. contains multiple vulnerabilities listed below. Improper Access Control CWE-284 - CVE-2021-20617 Privilege Chaining CWE-268 - CVE-2021-20618 ma.la reported these vulnerabilities to the developer, and also to IPA in order to notify users of its solution...

10CVSS7.3AI score0.07871EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/21 8:48 a.m.•3 views

Improper certificate validation vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer

Overview The Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer contains improper certificate validation vulnerability. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the...

6.9AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/18 8:0 a.m.•3 views

Management software for NEC Storage disk array system vulnerable to improper server certificate verification

Overview Management software for NEC Storage disk array system provided by NEC Corporation is vulnerable to improper server certificate verification CWE-295. Masaaki KOBAYASHI reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.8CVSS6.5AI score0.00331EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/08 3:34 a.m.•3 views

ServerProtect for Linux vulnerable to heap-based buffer overflow

Overview Kernel Hook Module for ServerProtect for Linux provided by Trend Micro Incorporated contains a heap-based buffer overflow vulnerability CWE-122. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. Impact An attacker who can...

6.7CVSS7.5AI score0.00665EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/25 5:54 a.m.•3 views

Multiple vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Information disclosure CWE-200 - CVE-2020-5676 Reflected cross-site scripting vulnerability due to a flaw in processing input URLs CWE-79 - CVE-2020-5677 Stored cross-site scripting vulnerability due to a flaw...

7.5CVSS6AI score0.0177EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/20 6:39 a.m.•3 views

The installers of multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries

Overview The installers of multiple products by SEIKO EPSON CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wi...

7.8CVSS7.1AI score0.00341EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/19 9:3 a.m.•3 views

Trend Micro Security 2020 (Consumer) is vulnerable to arbitrary file deletion

Overview Trend Micro Security 2020 Consumer provided by Trend Micro Incorporated contains an arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges. Trend Micro Incorporated...

6.3CVSS6.7AI score0.00298EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/18 9:13 a.m.•3 views

Multiple vulnerabilities in KonaWiki3

Overview KonaWiki3 is a lightweight wiki clone that supports Japanese wiki notation. KonaWiki3 contains multiple vulnerabilities listed below. Path Traversal CWE-22 - CVE-2020-5670 Path Traversal CWE-22 - CVE-2020-5671 Stored Cross-site Scripting CWE-79 - CVE-2020-5672 Reflected Cross-site...

6.1CVSS6.1AI score
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/18 9:1 a.m.•3 views

Movable Type Premium vulnerable to cross-site scripting

Overview Movable Type Premium provided by Six Apart Ltd. contains a cross-site scripting vulnerability CWE-79. Six Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning...

6.1CVSS6AI score0.00585EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/09 6:10 a.m.•3 views

Multiple vulnerabilities in XOOPS module "XooNIps"

Overview XOOPS module "XooNIps" contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2020-5659 Reflected cross-site scripting CWE-79 - CVE-2020-5662 Stored cross-site scripting CWE-79 - CVE-2020-5663 Deserialization of untrusted data CWE-502 - CVE-2020-5664 stypr of Flatt...

9.8CVSS7.1AI score0.02611EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/10/14 6:32 a.m.•3 views

WordPress Plugin "Live Chat - Live support" vulnerable to cross-site request forgery

Overview WordPress Plugin "Live Chat - Live support" provided by onWebChat contains a cross-site request forgery vulnerability CWE-352. Yusuke Fukuda of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this vulnerability to the...

8.8CVSS6.5AI score0.00808EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/09/30 6:37 a.m.•3 views

InfoCage SiteShell installs their files with improper access permissions

Overview InfoCage SiteShell provided by NEC Corporation installs their files with improper access permissions CWE-732. Especially, the service executable files can be modified by Everyone users. NEC Corporation reported this vulnerability to IPA to notify users of its solution through JVN...

7.8CVSS7.3AI score0.00397EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/09/23 6:26 a.m.•3 views

Multiple vulnerabilities in Active Update function implemented in multiple Trend Micro products

Overview Active Update function implemented in Premium Security 2019 for Windows v15, Maximum Security 2019 for Windows v15, Internet Security 2019 for Windows v15 and Antivirus+ 2019 for Windows v15 provided by Trend Micro Incorporated contain multiple vulnerabilities listed below. Update files...

7.5CVSS7.4AI score0.01772EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/09/11 6:57 a.m.•3 views

Multiple vulnerabilities in Buffalo AirStation WHR-G54S

Overview Buffalo AirStation WHR-G54S contains multiple vulnerabilities listed below. Directory Traversal - CVE-2020-5605 Cross-site Scripting - CVE-2020-5606 RyotaK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

6.1CVSS6.6AI score0.01054EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/09/07 5:24 a.m.•3 views

Yodobashi App for Android fails to restrict access permissions

Overview Yodobashi App for Android provided by Yodobashi Camera Co.,Ltd. implements the function to access a requested URL using an Intent. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an Intent from an arbitrary App and to...

6.1CVSS6.7AI score0.00864EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/08/27 6:37 a.m.•3 views

Multiple vulnerabilities in XOOPS module "XooNIps"

Overview XOOPS module "XooNIps" contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2020-5624 Cross-site Scripting CWE-79 - CVE-2020-5625 Neuroinformatics Unit, Integrative Computational Brain Science Collaboration Division, RIKEN Center for Brain Science reported this...

9.8CVSS7.6AI score0.01405EPSS
Exploits0References9
Total number of security vulnerabilities5000