Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/06 6:35 a.m.•3 views

Vulnerability in JP1/VERITAS

Overview A vulnerability VTS23-011 exists in JP1/VERITAS. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

9.8CVSS6.8AI score0.00334EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/05 5:55 a.m.•3 views

Multiple vulnerabilities in CGIs of PMailServer and PMailServer2

Overview CGIs included with PMailServer and PMailServer2 provided by A.K.I Software contain multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-39223 Insufficient verification vulnerability in Broadcast Mail CGI pmc.exe CWE-434 - CVE-2023-39933...

7.5CVSS6.7AI score0.00975EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/30 1:5 a.m.•3 views

Phoenix Technologies Windows kernel driver vulnerable to insufficient access control on its IOCTL

Overview Some of the Windows kernel drivers provided by Phoenix Technologies Inc. is vulnerable to insufficient access control on its IOCTL CWE-782, CVE-2023-35841. Takahiro Haruyama of VMware reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact By sending a...

7.8CVSS6.5AI score0.00372EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/29 6:55 a.m.•3 views

Vulnerability in HiRDB

Overview A Vulnerability CVE-2023-1995 exists in HiRDB. Impact Some audit logs may not be retrieved. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.5CVSS6.8AI score0.00377EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/22 9:2 a.m.•3 views

Multiple vulnerabilities in Panasonic Control FPWIN Pro7

Overview Control FPWIN Pro7 provided by Panasonic contains multiple vulnerabilities listed below. Stack-based Buffer Overflow CWE-121 - CVE-2023-28728 Access of Resource Using Incompatible Type CWE-843 - CVE-2023-28729 Improper Restriction of Operations within the Bounds of a Memory Buffer Michae...

7.8CVSS7.5AI score0.00279EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/17 6:12 a.m.•3 views

EC-CUBE 2 series vulnerable to cross-site scripting

Overview EC-CUBE 2 series provided by EC-CUBE CO.,LTD. contains a cross-site scripting vulnerability CWE-79 in "mail/template" and "products/product" of Management page. Shimamine Taihei of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to EC-CUBE CO.,LTD. and EC-CUBE CO.,LTD...

4.8CVSS6AI score0.00362EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/07 6:15 a.m.•3 views

Multiple vulnerabilities in Special Interest Group Network for Analysis and Liaison's API

Overview Special Interest Group Network for Analysis and Liaison's "Inter-SOC Cooperation API" provided by Japan Computer Emergency Response Team Coordination Center JPCERT/CC contains multiple vulnerabilities listed below. Improper Authorization in Information Provision function CWE-285 -...

4.3CVSS7AI score0.00376EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/04 8:31 a.m.•3 views

Fujitsu Software Infrastructure Manager (ISM) stores sensitive information in cleartext

Overview Fujitsu Software Infrastructure Manager ISM V2.8.0.060, provided by Fujitsu Limited, stores the password for the proxy server in cleartext form to the product's maintenance data ismsnap CWE-312 under the following conditions. Using a proxy server that requires authentication in the...

7.5CVSS6.8AI score0.00351EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/19 5:48 a.m.•3 views

Multiple Vulnerabilities in Hitachi Device Manager

Overview Multiple vulnerabilities have been found in Hitachi Device Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

9CVSS7AI score0.00285EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/27 6:12 a.m.•3 views

Multiple vulnerabilities in Aterm series

Overview Aterm series provided by NEC Corporation contain multiple vulnerabilities listed below. Directory traversal CWE-22 - CVE-2023-3330 Directory traversal CWE-22 - CVE-2023-3331 Stored cross-site scripting CWE-79 - CVE-2023-3332 OS command injection CWE-78 - CVE-2023-3333 Taizoh Tsukamoto of...

7.7CVSS7AI score0.00713EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/09 6:18 a.m.•3 views

ASUS Router RT-AX3000 vulnerable to using sensitive cookies without 'Secure' attribute

Overview ASUS Router RT-AX3000 provided by ASUSTeK COMPUTER INC. uses sensitive cookies without 'Secure' attribute CWE-614. Shungo Kumasaka of GMO Cyber Security by IERAE reported this vulnerability to the developer and JPCERT/CC published respective advisories in order to notify users of this...

5.3CVSS6.4AI score0.0027EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/05 6:55 a.m.•3 views

Multiple vulnerabilities in FUJI ELECTRIC FRENIC RHC Loader

Overview FRENIC RHC Loader provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below. Stack-based buffer overflow CWE-121 - CVE-2023-29160 Out-of-bounds read CWE-125 - CVE-2023-29167 Improper restriction of XML external entity reference CWE-611 - CVE-2023-29498 Michael...

7.8CVSS7.6AI score0.00226EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/31 6:34 a.m.•3 views

Pleasanter vulnerable to cross-site scripting

Overview Pleasanter provided by Implem Inc. contains a cross-site scripting vulnerability CWE-79. Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Implem Inc. and Implem Inc. reported it to IPA. JPCERT/CC and Implem Inc. coordinated under the Information Security...

5.4CVSS6.2AI score0.00671EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/19 6:40 a.m.•3 views

Android App "Brother iPrint&Scan" vulnerable to improper access control

Overview Android App "Brother iPrint" provided by BROTHER INDUSTRIES, LTD. contains an improper access control vulnerability CWE-284, CVE-2023-28369. Johan Francsics reported this vulnerability to BROTHER INDUSTRIES, LTD. and coordinated. After the coordination, BROTHER INDUSTRIES, LTD. reported...

3.3CVSS6.5AI score0.00213EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/15 5:29 a.m.•3 views

Multiple vulnerabilities in WordPress Plugin "MW WP Form" and "Snow Monkey Forms"

Overview WordPress Plugin "MW WP Form" and "Snow Monkey Forms" provided by Monkey Wrench Inc. contain multiple vulnerabilities listed below. Directory traversal CWE-22 - CVE-2023-28408 Unrestricted upload of file with dangerous type CWE-434 - CVE-2023-28409 Directory traversal CWE-22 -...

9.8CVSS7AI score0.02021EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/09 4:58 a.m.•3 views

SR-7100VN vulnerable to privilege escalation

Overview SR-7100VN provided by ICOM INCORPORATED contains a privilege escalation vulnerability CWE-268. HAMANO Kiyoto of SOUM Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user with an...

6.8CVSS7AI score0.00338EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/19 5:49 a.m.•3 views

Improper restriction of XML external entity references (XXE) in Shinseiyo Sogo Soft

Overview Shinseiyo Sogo Soft provided by The Ministry of Justice improperly restricts XML external entity references XXE CWE-611. Taku Toyama of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

7.5CVSS6.8AI score0.00343EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/19 5:24 a.m.•3 views

WordPress plugin "LIQUID SPEECH BALLOON" vulnerable to cross-site request forgery

Overview WordPress plugin "LIQUID SPEECH BALLOON" provided by LIQUID DESIGN Ltd. contains a cross-site request forgery vulnerability CWE-352. Ryo Sato of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.8CVSS6.4AI score0.00457EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/14 6:44 a.m.•3 views

Trend Micro Security may insecurely load Dynamic Link Libraries

Overview Trend Micro Security provided by Trend Micro Incorporated contains an insecure DLL loading issue CWE-427. While the affected version of Trend Micro Security is installed and a malicious DLL is placed in a directory where some application executable resides, invoking the application...

8.6CVSS6.7AI score0.00367EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/06 5:59 a.m.•3 views

Yokogawa Electric CENTUM series vulnerable to cleartext storage of sensitive information

Overview CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information CWE-312, CVE-2023-26593. Yokogawa Electric Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact If an attacker who can...

7.8CVSS6.9AI score0.00136EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/03 7:24 a.m.•3 views

JTEKT ELECTRONIC Screen Creator Advance 2 vulnerable to improper restriction of operations within the bounds of a memory buffer

Overview Screen Creator Advance 2 provided by JTEKT ELECTRONICS CORPORATION is vulnerable to improper restriction of operations within the bounds of a memory buffer CWE-119 due to improper check of its data size when processing a project file. Michael Heinzl reported this vulnerability to...

7.8CVSS7.3AI score0.00219EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/03 7:19 a.m.•3 views

CONPROSYS HMI System(CHS) vulnerable to SQL injection

Overview CONPROSYS HMI SystemCHS provided by Contec Co., Ltd. contains an SQL injection vulnerability CWE-89, CVE-2023-1658. Tenable Network Security reported this vulnerability to the developer. JPCERT/CC coordinated with the reporter and the developer. Impact Sending a specially crafted paramet...

7.5CVSS7.5AI score
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/03/13 3:28 a.m.•3 views

Android App "Wolt Delivery: Food and more" uses a hard-coded API key for an external service

Overview Android App "Wolt Delivery: Food and more" provided by Wolt uses a hard-coded API key for an external service CWE-798. Naoya Kurosawa of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

7.8CVSS6.5AI score0.00161EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/03/06 6:31 a.m.•3 views

Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software

Overview Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below. Out-of-bounds read CWE-125 - CVE-2023-22419, CVE-2023-22421 Use-after-free CWE-416 - CVE-2023-22424 Michael Heinzl reported these vulnerabilities to JPCERT/CC...

7.8CVSS7.8AI score0.00318EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/03/06 6:22 a.m.•3 views

Multiple vulnerabilities in PostgreSQL extension module pg_ivm

Overview pgivm provided by IVM Development Group is a PostgreSQL extension module that provides incremental view maintenance functionality of materialized views. pgivm contains multiple vulnerabilities listed below. Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2023-228...

8.8CVSS7AI score0.00939EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/03/03 2:10 a.m.•3 views

Multiple vulnerabilities in Trend Micro Maximum Security

Overview Trend Micro Incorporated has released security updates for Trend Micro Maximum Security. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Trend Micro Maximum Security 2022 Arbitrary file deletion due to link...

7.8CVSS6.9AI score0.00435EPSS
Exploits0References20
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/03/01 7:59 a.m.•3 views

File and Directory Permissions Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center

Overview A File and Directory Permissions Vulnerability CVE-2020-36652 exists in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor...

7.1CVSS6.8AI score0.0015EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/02/13 5:48 a.m.•3 views

Multiple vulnerabilities in PLANEX COMMUNICATIONS Network Camera CS-WMV02G

Overview Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G provided by PLANEX COMMUNICATIONS INC. contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2023-22370 Cross-site request forgery CWE-352 - CVE-2023-22375 Reflected cross-site scripting CWE-79 -...

8.8CVSS6.2AI score0.00508EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/02/13 5:18 a.m.•3 views

Zuken Elmic KASAGO uses insufficient random values for TCP Initial Sequence Numbers

Overview Zuken Elmic KASAGO, TCP/IP protocol stack for embedded systems, uses its own random number generator function when generating TCP initial sequence numbers, which leads to use insufficient random values CWE-330. Zuken Elmic reported this vulnerability to JPCERT/CC to notify users of its...

9.1CVSS6.6AI score0.00565EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/24 4:38 a.m.•3 views

Contec CONPROSYS HMI System (CHS) vulnerable to multiple SQL injections

Overview CONPROSYS HMI System CHS provided by CONTEC CO.,LTD. contains multiple SQL injection vulnerabilities CWE-89. Mosin from ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity, Inc., reported these vulnerabilities to Contec Co., Ltd. Contec Co., Ltd. reported the issues to JPCERT/CC in ord...

6.5CVSS8AI score0.01327EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/12 5:50 a.m.•3 views

Multiple vulnerabilities in PIXELA PIX-RT100

Overview PIX-RT100 provided by PIXELA CORPORATION contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2023-22304 Backdoor access issue CWE-912 - CVE-2023-22316 MASAHIRO IIDA of LAC Co.,Ltd. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the develop...

8.8CVSS7.8AI score0.00893EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/11 7:11 a.m.•3 views

Multiple vulnerabilities in MAHO-PBX NetDevancer series

Overview There are multiple vulnerabilities in the Management screen of MAHO-PBX NetDevancer series provided by Mahoroba Kobo, Inc. OS Command Injection CWE-78 - CVE-2023-22279 OS Command Injection CWE-78 - CVE-2023-22280 Cross-Site Request Forgery CWE-352 - CVE-2023-22286 Reflected Cross-site...

10CVSS7.1AI score0.01127EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/11 6:4 a.m.•3 views

TP-Link SG105PE vulnerable to authentication bypass

Overview TP-Link SG105PE contains an authentication bypass vulnerability CWE-287. Baba Takao of BPS Co., Ltd reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Under certain conditions, an attacker may...

9.8CVSS6.8AI score0.00945EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/11 5:23 a.m.•3 views

pgAdmin 4 vulnerable to open redirect

Overview pgAdmin 4 provided by pgAdmin Project contains an open redirect vulnerability CWE-601. SHIGA TAKUMA of BroadBand Security, Inc. and Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

6.1CVSS6.6AI score0.0091EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/04 5:16 a.m.•3 views

Multiple vulnerabilities in Fuji Electric V-SFT and TELLUS

Overview V-SFT and TELLUS provided by FUJI ELECTRIC CO., LTD. contain multiple vulnerabilities listed below. Out-of-bounds Read CWE-125 - CVE-2022-46360 Out-of-bounds Write CWE-787 - CVE-2022-43448 Michael Heinzl reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the develope...

7.8CVSS7.6AI score0.00243EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/21 5:13 a.m.•3 views

+Message App improper handling of Unicode control characters

Overview +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links CWE-451. Akaki Tsunoda reported this vulnerability to IPA. JPCERT/CC...

5.4CVSS6.5AI score0.00488EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/19 4:39 a.m.•3 views

Zenphoto vulnerable to cross-site scripting

Overview Zenphoto contains a stored cross-site scripting vulnerability CWE-79. Terada Yu of Fujitsu System Integration Laboratories reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...

6.1CVSS5.9AI score0.00742EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/16 4:29 a.m.•3 views

Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)

Overview CONPROSYS HMI System CHS provided by Contec Co., Ltd. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2022-44456 Use of Default Credentials CWE-1392 - CVE-2023-22331 Use of Password Hash Instead of Password for Authentication CWE-836 - CVE-2023-22334...

10CVSS7.2AI score0.69877EPSS
Exploits0References19
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/12 6:28 a.m.•3 views

Multiple vulnerabilities in Buffalo network devices

Overview Multiple network devices provided by BUFFALO INC. contain multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2022-43466 OS Command Injection CWE-78 - CVE-2022-43443 Hidden Functionality CWE-912 - CVE-2022-43486 Chuya Hayakawa of 00One, Inc. reported these...

8.8CVSS7.8AI score0.0079EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/07 8:30 a.m.•3 views

Information Exposure Vulnerability in JP1/Automatic Operation

Overview An information exposure vulnerability CVE-2022-34881 exists in JP1/Automatic Operation. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate...

3.3CVSS6.6AI score0.00166EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/06 6:8 a.m.•3 views

Contec SolarView Compact vulnerable to cross-site scripting

Overview SolarView Compact provided by Contec Co., Ltd. is PV Measurement System. SolarView Compact contains a cross-site scripting vulnerability CWE-79, CVE-2022-44355 in Check Network Communication Page of the product's web server. As of 2022 December 5, a Proof-of-Concept PoC code exploiting...

6.1CVSS6.3AI score0.01644EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/11/25 5:15 a.m.•3 views

Cybozu Remote Service vulnerable to Uncontrolled Resource Consumption

Overview Cybozu Remote Service provided by Cybozu, Inc. is vulnerable to uncontrolled resource consumption CWE-400. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A logged-in user may consume huge storage space, resulting to a...

7.5CVSS6.6AI score0.00854EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/11/18 6:14 a.m.•3 views

WordPress Plugin "WordPress Popular Posts" accepts untrusted external inputs to update certain internal variables

Overview WordPress Plugin "WordPress Popular Posts" provided by Hector Cabrera accepts untrusted external inputs to update certain internal variables CWE-454. Tsubasa Iinuma of Origami Systems reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

7.5CVSS6.6AI score0.00846EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/11/17 2:15 a.m.•3 views

RICOH Aficio SP 4210N vulnerable to cross-site scripting

Overview Aficio SP 4210N provided by RICOH COMPANY, LTD. contains a cross-site scripting vulnerability CWE-79 in Web Image Monitor. Yudai Morii, Takaya Noma, Hiroki Yasui, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC...

4.8CVSS6AI score0.00598EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/11/14 7:45 a.m.•3 views

TERASOLUNA Global Framework and TERASOLUNA Server Framework for Java (Rich) vulnerable to ClassLoader manipulation

Overview The past versions of TERASOLUNA Global Framework and TERASOLUNA Server Framework for Java Rich are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability. According to the developer, this vulnerability is...

9.8CVSS7AI score0.00407EPSS
Exploits1References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/11/10 12:46 a.m.•3 views

Multiple vulnerabilities in OMRON products

Overview Machine automation controller NJ/NX series, Automation software "Sysmac Studio", and programmable terminal PT NA series provided by OMRON Corporation contain multiple vulnerabilities in the communication function. The vulnerabilities are as follows. Use of Hard-coded Credentials CWE-798 ...

9.4CVSS7.4AI score0.01769EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/11/01 5:51 a.m.•3 views

Multiple vulnerabilities in the web interfaces of Kyocera Document Solutions MFPs and printers

Overview The web interface "Command Center" of multiple MFPs and printers provided by KYOCERA Document Solutions Inc. contain multiple vulnerabilities listed below. Session Information Easily Guessable CWE-287 - CVE-2022-41798 Missing authorization CWE-425 - CVE-2022-41807 Stored cross-site...

6.5CVSS6.4AI score0.00823EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/10/28 6:12 a.m.•3 views

Multiple vulnerabilities in FUJI SOFT network devices

Overview USB dongle +F FS040U and mobile routers +F FS020W/+F FS030W/+F FS040W provided by FUJI SOFT INCORPORATED contain multiple vulnerabilities listed below. Plaintext Storage of a Password CWE-256 - CVE-2022-43442 Cross-Site Request Forgery CWE-352 - CVE-2022-43470 Tomohisa Hasegawa of Canon ...

7.3CVSS6.8AI score0.00295EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/10/11 8:49 a.m.•3 views

bingo!CMS vulnerable to authentication bypass

Overview bingo!CMS provided by Shift Tech Inc. contains an authentication bypass vulnerability CWE-288 in some of the management functions. Shift Tech Inc. states that attacks exploiting this vulnerability have been observed. Shift Tech Inc. reported this vulnerability to IPA to notify users of i...

9.8CVSS7.3AI score0.01078EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/10/11 6:8 a.m.•3 views

The installer of Sony Content Transfer may insecurely load Dynamic Link Libraries

Overview The installer of Content Transfer for Windows provided by Sony Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Tomohisa Hasegawa of Canon IT Solutions Inc. reported this vulnerability to IPA. JPCERT/CC coordinat...

7.8CVSS7.1AI score0.00204EPSS
Exploits0References6
Total number of security vulnerabilities5000