Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/17 4:55 a.m.•3 views

Multiple vulnerabilities in Cybozu Office

Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Directory traversal in the "Customapp" function CWE-22 - CVE-2019-6022 Browse restriction bypass in the application "Address" CWE-284 - CVE-2019-6023 Two vulnerabilities were reported by the following...

7.7CVSS7AI score0.02021EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/12 5:55 a.m.•3 views

Multiple vulnerabilities in "Custom Body Class"

Overview WordPress Plugin "Custom Body Class" provided by Andrei Lupu contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6029 Cross-site Request Forgery CWE-352 - CVE-2019-6030 Shirai Masatake of Cryptography Laboratory,Department of Information and Communicati...

8.8CVSS6.7AI score0.00937EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/03 4:34 a.m.•3 views

Multiple MOTEX products vulnerable to privilege escalation

Overview LanScope Cat and LanScope An provided by MOTEX Inc. contain a privilege escalation vulnerability. Mitsuaki Mitch Shiraishi of Secureworks Japan and Yoshimasa Obana reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

7.8CVSS7.3AI score0.00419EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/11/26 9:16 a.m.•3 views

WordPress Plugin "WP Spell Check" vulnerable to cross-site request forgery

Overview WordPress Plugin "WP Spell Check" provided by Tips and Tricks HQ contains a cross-site request forgery vulnerability CWE-352. Takuya Yamaguchi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University directly reported these vulnerabilities...

8.8CVSS6.7AI score0.00678EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/11/11 5:9 a.m.•3 views

Information Disclosure Vulnerability in Hitachi Command Suite

Overview An Information Disclosure Vulnerability was found in Hitachi Command Suite. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.5CVSS6.5AI score0.01376EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/11/07 5:50 a.m.•3 views

Rakuma App vulnerable to authentication information disclosure

Overview Rakuma App provided by Rakuten, Inc. contains an authentication information disclosure vulnerability CWE-200. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.5CVSS6.3AI score0.02039EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/10/28 6:37 a.m.•3 views

Library Information Management System LIMEDIO vulnerable to open redirect

Overview Library Information Management System LIMEDIO provided by RICOH COMPANY, LTD. contains an open redirect vulnerability CWE-601. Takeshi Imai of Internet Initiative Japan Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

6.1CVSS6.8AI score0.00851EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/10/07 6:9 a.m.•3 views

Multiple vulnerabilities in EC-CUBE module "REMISE Payment module (2.11, 2.12 and 2.13)"

Overview EC-CUBE module "REMISE Payment module 2.11, 2.12 and 2.13" provided by REMISE Corporation contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2019-6016 Information disclosure CWE-200 - CVE-2019-6017 Gen Sato of Mitsui Bussan Secure Directions, Inc. reported...

6.1CVSS6.4AI score0.01072EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/09/09 6:58 a.m.•3 views

Multiple Vulnerabilities in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor

Overview Multiple vulnerabilities have been found in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure...

7.1AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/08/23 6:57 a.m.•3 views

Smart TV Box fails to restrict access permissions

Overview Smart TV Box provided by KDDI CORPORATION enables access to Android Debug Bridge via port 5555/TCP of LAN side interface. When a cable television provider sets up Smart TV Box at an individual residence, direct access from outside to the LAN side interface of Smart TV Box is disabled...

9.8CVSS6.7AI score0.02123EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/07/16 7:8 a.m.•3 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. DOM-based cross-site scripting in the application "Portal" CWE-79 - CVE-2019-5975 Denial-of-service DoS CWE-20 - CVE-2019-5976 Mail header injection in the application "E-mail" CWE-74 - CVE-2019-5977...

6.1CVSS6.7AI score0.01161EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/07/05 6:28 a.m.•3 views

Multiple vulnerabilities in Access analysis CGI An-Analyzer

Overview Access analysis CGI An-Analyzer provided by ANGLERSNET Co,.Ltd. contains multiple vulnerabilities listed below. OS command injection in the Management Page CWE-78 - CVE-2019-5987 Stored cross-site scripting in the Management Page CWE-79 - CVE-2019-5988 DOM-based cross-site scripting in t...

9CVSS7AI score0.02497EPSS
Exploits3References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/06/27 6:36 a.m.•3 views

Multiple vulnerabilities in Hikari Denwa router/Home GateWay

Overview Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-5985 Cross-site Request Forgery CWE-352 - CVE-2019-5986...

8.8CVSS6.6AI score0.0089EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/06/24 5:22 a.m.•3 views

WordPress Plugin "HTML5 Maps" vulnerable to cross-site request forgery

Overview WordPress Plugin "HTML5 Maps" provided by Fla-Shop.com contains a cross-site request forgery vulnerability CWE-352. Daisuke Shimizu of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University directly reported this vulnerability to the...

8.8CVSS6.5AI score0.01008EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/06/21 5:22 a.m.•3 views

Multiple vulnerabilities in VAIO Update

Overview VAIO Update provided by Sony Corporation contains multiple vulnerabilities listed below. Improper authorization process CWE-285 - CVE-2019-5981 Improper verification of download file CWE-669 - CVE-2019-5982 Device Security reported this vulnerability to IPA. JPCERT/CC coordinated with th...

7.8CVSS6.8AI score0.00944EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/06/19 5:13 a.m.•3 views

WordPress Plugin "Personalized WooCommerce Cart Page" vulnerable to cross-site request forgery

Overview WordPress Plugin "Personalized WooCommerce Cart Page" provided by N-MEDIA contains a cross-site request forgery vulnerability CWE-352. Akira Yamasaki of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University directly reported this...

8.8CVSS6.5AI score0.01047EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/06/07 6:18 a.m.•3 views

Multiple vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Cross-site request forgery vulnerability in the process of updating user's "Basic Info" CWE-352 - CVE-2019-5968 Open redirect vulnerability in the process of login CWE-601 - CVE-2019-5969 Security Group of...

8.8CVSS6.8AI score0.01133EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/05/22 5:37 a.m.•3 views

Apache Camel vulnerable to XML external entity injection (XXE)

Overview Apache Camel provided by The Apache Software Foundation contains an XML external entity injection XXE vulnerability CWE-611 due to using an outdated vulnerable JSON-lib library. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...

7.5CVSS7.2AI score0.08463EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/05/20 6:38 a.m.•3 views

DoS Vulnerability in Hitachi IT Operations Director, JP1/IT Desktop Management - Manager and JP1/IT Desktop Management 2 - Manager

Overview A DoS Vulnerability was found in Hitachi IT Operations Director, JP1/IT Desktop Management - Manager and JP1/IT Desktop Management 2 - Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section...

6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/05/13 6:25 a.m.•3 views

Multiple Vulnerabilities in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor

Overview Multiple vulnerabilities have been found in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure...

7.1AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/04/01 6:42 a.m.•3 views

API server used by JR East Japan train operation information push notification App for Android fails to restrict access permissions

Overview JR East Japan train operation information push notification App for Android provided by East Japan Railway Company fails to restrict access permissions CWE-284. The application is no longer available/supported, and its service was ended in 2019 march 23. Tomoya Takahashi of TCU...

9.1CVSS6.6AI score0.01921EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/03/19 6:51 a.m.•3 views

"an" App for iOS vulnerable to directory traversal

Overview "an" App for iOS provided by PERSOL CAREER CO., LTD. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this Vuerability to IPA. JPCERT/CC...

7.5CVSS6.7AI score0.03027EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/03/05 5:18 a.m.•3 views

Dradis Community Edition and Dradis Professional Edition vulnerable to cross-site scripting

Overview Dradis Community Edition and Dradis Professional Edition provided by Security Roots Ltd contain a cross-site scripting vulnerability CWE-79. Ohji Kashiwazaki of Ierae Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

5.4CVSS6AI score0.0082EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/28 6:57 a.m.•3 views

WordPress plugin "Smart Forms" vulnerable to cross-site request forgery

Overview The WordPress plugin "Smart Forms" provided by RedNao contains a cross-site request forgery vulnerability CWE-352. Masaki Saito of TDU Cryptography Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

8.8CVSS6.6AI score0.0116EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/28 6:52 a.m.•3 views

Windows 7 may insecurely load Dynamic Link Libraries

Overview In standard DLL files provided by Windows 7, there are some DLL files read from the same directory where the program resides when executing the program CWE-427. Microsoft states that the root cause of this vulnerability is "Application Directory App Dir DLL planting", thus there is no pl...

7.8CVSS7AI score0.04605EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/26 5:46 a.m.•3 views

WordPress plugin "FormCraft" vulnerable to cross-site request forgery

Overview The WordPress plugin "FormCraft" provided by nCrafts contains a cross-site request forgery vulnerability CWE-352. Masaki Saito of TDU Cryptography Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

8.8CVSS6.6AI score0.00833EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/12 8:23 a.m.•3 views

A vulnerability in V20 PRO L-01J that may cause a crash

Overview V20 PRO L-01J provided by NTT DOCOMO, INC. is an Android smartphone. V20 PRO L-01J contains a flaw in processing connection using Wi-Fi CERTIFIED Passpoint which may result in the device to crash when Poasspoint is enabled. Hiroyuki Harada of Sapporo Gakuin University, Masashi Honma of...

5.7CVSS6.5AI score0.00475EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/06 6:45 a.m.•3 views

OpenAM (Open Source Edition) vulnerable to open redirect

Overview OpenAM Open Source Edition contains an open redirect vulnerability. Norihito Aimoto of Open Source Solution Technology Corporation reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developers. Impact When accessing a specially crafted page, the user may be redirect...

6.1CVSS6.7AI score0.01099EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/01/22 2:47 a.m.•3 views

Information Disclosure Vulnerability in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor

Overview An Information Disclosure Vulnerability was found in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official...

5.3CVSS6.5AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/01/22 2:47 a.m.•3 views

Cross-site Scripting Vulnerability in Hitachi Device Manager

Overview A Cross-site Scripting Vulnerability was found in Hitachi Device Manager. Impact Remote users can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

4.7CVSS6.6AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/19 6:20 a.m.•3 views

Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway

Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. Improper access control CWE-284 - CVE-2018-16197 Hidden functionality CWE-912 - CVE-2018-16198 Cross-site scripting CWE-79 - CVE-2018-16199 OS command injection CWE-78 -...

8.8CVSS7.2AI score0.00788EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/14 5:53 a.m.•3 views

Multiple vulnerabilities in Aterm WF1200CR and Aterm WG1200CR

Overview Aterm WF1200CR and Aterm WG1200CR provided by NEC Corporation contain multiple vulnerabilities listed below. Information disclosure CWE-200 - CVE-2018-16192 Stored cross-site scripting CWE-79 - CVE-2018-16193 OS command injection CWE-78 - CVE-2018-16194 OS command injection in SOAP...

9CVSS6.6AI score0.01399EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/10 5:14 a.m.•3 views

Cybozu Garoon access restriction bypass vulnerability

Overview Single sign-on function of Cybozu Garoon provided by Cybozu, Inc. contains a restriction bypass vulnerability CWE-284. Kanta Nishitani reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...

7.5CVSS6.6AI score0.01392EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/07 5:30 a.m.•3 views

Multiple vulnerabilities in i-FILTER

Overview i-FILTER provided by Digital Arts Inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2018-16180 HTTP header injection CWE-113 - CVE-2018-16181 Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

6.1CVSS7.1AI score0.00833EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/06 7:19 a.m.•3 views

Multiple vulnerabilities in multiple SEIKO EPSON printers and scanners

Overview Multiple printers and scanners provided by SEIKO EPSON CORPORATION contain multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2018-0688 HTTP header injection CWE-113 - CVE-2018-0689 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability t...

8.8CVSS7.7AI score0.01642EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/29 5:45 a.m.•3 views

Panasonic applications register unquoted service paths

Overview Some pre-installed applications on Panasonic PCs register Windows services with unquoted file paths CWE-428. Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Panasonic Corporation coordinated under the Information...

8.4CVSS6.5AI score0.01329EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/28 8:27 a.m.•3 views

The installer of MARKET SPEED may insecurely load Dynamic Link Libraries

Overview The installer of MARKET SPEED provided by Rakuten Securities, Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Takashi Sugawara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.8CVSS7AI score0.00796EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/28 8:24 a.m.•3 views

EC-CUBE vulnerable to open redirect

Overview EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an open redirect vulnerability CWE-601. LOCKON CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and LOCKON CO.,LTD...

6.1CVSS6.6AI score0.01297EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/09 7:13 a.m.•3 views

The installer of Windows10 Fall Creators Update Modify module for Security Measures tool may insecurely load Dynamic Link Libraries

Overview The installer of Windows10 Fall Creators Update Modify module for Security Measures tool provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Tomohisa Hasegawa of Canon...

7.8CVSS6.9AI score0.00365EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/02 5:42 a.m.•3 views

Mail app for iOS vulnerable to denial-of-service (DoS)

Overview Mail app for iOS provided by Apple contains a denial-of-service DoS vulnerability due to an issue in the handling of a maliciously crafted S/MIME signed message. Yukinobu Nagayasu of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.5CVSS6.2AI score0.00913EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/26 7:16 a.m.•3 views

Multiple vulnerabilities in OpenDolphin

Overview OpenDolphin provided by Life Sciences Computing Corporation contains multiple vulnerabilities listed below. Privilege escalation - CVE-2018-16161 Information disclosure CWE-200 - CVE-2018-16162 Restrict access permissions failure CWE-284 - CVE-2018-16163 Symantec Japan, Inc. Advisory...

9CVSS6.9AI score0.01317EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/12 5:44 a.m.•3 views

OpenAM (Open Source Edition) vulnerable to session management

Overview OpenAM Open Source Edition contains a vulnerability in session management. Yasushi Iwakata of Open Source Solution Technology Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user who c...

7.5CVSS6.7AI score0.01057EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/11 6:54 a.m.•3 views

Metabase vulnerable to cross-site scripting

Overview Metabase provided by Metabase, Inc. contains a reflected cross-site scripting vulnerability CWE-79. Yuuta Watanabe of STNet, Incorporated reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

6.1CVSS6AI score0.00842EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/09 7:27 a.m.•3 views

User-friendly SVN vulnerable to cross-site scripting

Overview User-friendly SVN provided by USVN Team contains a reflected cross-site scripting vulnerability CWE-79. Jun Okutsu of NTT TechnoCross Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6AI score0.00788EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/03 6:2 a.m.•3 views

The installer of Baidu Browser may insecurely load Dynamic Link Libraries

Overview Baidu Browser provided by Baidu, Inc. is a Web browser. The installer of Baidu Browser contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Asuka Nakajima of NTT Secure Platform Laboratories reported this vulnerability to IPA...

9.3CVSS7AI score0.00944EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/09/13 4:57 a.m.•3 views

Multiple FXC network devices vulnerable to cross-site scripting

Overview Multiple network devices provided by FXC Inc. contain a stored cross-site scripting vulnerability CWE-79. SUNAGAWA, Masanori of Japan Advanced Institute of Science and Technology Graduate School of Advanced Science and Technology Security and Networks reported this vulnerability to IPA...

4.8CVSS5.9AI score0.00523EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/08/31 6:48 a.m.•3 views

QNAP Photo Station vulnerable to cross-site scripting

Overview Photo Station provided by QNAP Systems, Inc. contains a reflected cross-site scripting vulnerability CWE-79. Mitsuaki Mitch Shiraishi of Secureworks Japan reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

6.1CVSS6AI score0.03122EPSS
Exploits5References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/08/22 8:11 a.m.•3 views

Path Traversal Vulnerability in JP1/Automatic Operation

Overview A Path Traversal Vulnerability was found in JP1/Automatic Operation. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.1CVSS6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/08/17 4:49 a.m.•3 views

NoMachine App for Android vulnerable to environment variables alteration

Overview NoMachine App for Android contains an information alteration vulnerability. Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote attacker may alte...

9.8CVSS7.2AI score0.01652EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/08/03 6:4 a.m.•3 views

Multiple cross-site scripting vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in the UserGroup Management section of admin page CWE-79 - CVE-2018-0652 Stored cross-site scripting vulnerability in Wiki page view CWE-79 -...

6.4CVSS5.9AI score0.00899EPSS
Exploits0References11
Total number of security vulnerabilities5000