Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/12 8:23 a.m.•3 views

A vulnerability in V20 PRO L-01J that may cause a crash

Overview V20 PRO L-01J provided by NTT DOCOMO, INC. is an Android smartphone. V20 PRO L-01J contains a flaw in processing connection using Wi-Fi CERTIFIED Passpoint which may result in the device to crash when Poasspoint is enabled. Hiroyuki Harada of Sapporo Gakuin University, Masashi Honma of...

5.7CVSS6.5AI score0.00475EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/06 6:45 a.m.•3 views

OpenAM (Open Source Edition) vulnerable to open redirect

Overview OpenAM Open Source Edition contains an open redirect vulnerability. Norihito Aimoto of Open Source Solution Technology Corporation reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developers. Impact When accessing a specially crafted page, the user may be redirect...

6.1CVSS6.7AI score0.01099EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/01/22 2:47 a.m.•3 views

Information Disclosure Vulnerability in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor

Overview An Information Disclosure Vulnerability was found in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official...

5.3CVSS6.5AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/01/22 2:47 a.m.•3 views

Cross-site Scripting Vulnerability in Hitachi Device Manager

Overview A Cross-site Scripting Vulnerability was found in Hitachi Device Manager. Impact Remote users can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

4.7CVSS6.6AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/26 3:9 a.m.•3 views

Clickjacking Vulnerability in Hitachi Automation Director

Overview A Clickjacking Vulnerability was found in Hitachi Automation Director. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

4.3CVSS6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/10 5:14 a.m.•3 views

Cybozu Garoon access restriction bypass vulnerability

Overview Single sign-on function of Cybozu Garoon provided by Cybozu, Inc. contains a restriction bypass vulnerability CWE-284. Kanta Nishitani reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...

7.5CVSS6.6AI score0.01392EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/07 5:30 a.m.•3 views

Multiple vulnerabilities in i-FILTER

Overview i-FILTER provided by Digital Arts Inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2018-16180 HTTP header injection CWE-113 - CVE-2018-16181 Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

6.1CVSS7.1AI score0.00833EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/06 7:19 a.m.•3 views

Multiple vulnerabilities in multiple SEIKO EPSON printers and scanners

Overview Multiple printers and scanners provided by SEIKO EPSON CORPORATION contain multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2018-0688 HTTP header injection CWE-113 - CVE-2018-0689 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability t...

8.8CVSS7.7AI score0.01642EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/29 5:45 a.m.•3 views

Panasonic applications register unquoted service paths

Overview Some pre-installed applications on Panasonic PCs register Windows services with unquoted file paths CWE-428. Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Panasonic Corporation coordinated under the Information...

8.4CVSS6.5AI score0.01329EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/28 8:27 a.m.•3 views

The installer of MARKET SPEED may insecurely load Dynamic Link Libraries

Overview The installer of MARKET SPEED provided by Rakuten Securities, Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Takashi Sugawara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.8CVSS7AI score0.00796EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/28 8:24 a.m.•3 views

EC-CUBE vulnerable to open redirect

Overview EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an open redirect vulnerability CWE-601. LOCKON CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and LOCKON CO.,LTD...

6.1CVSS6.6AI score0.01297EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/09 7:13 a.m.•3 views

The installer of Windows10 Fall Creators Update Modify module for Security Measures tool may insecurely load Dynamic Link Libraries

Overview The installer of Windows10 Fall Creators Update Modify module for Security Measures tool provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Tomohisa Hasegawa of Canon...

7.8CVSS6.9AI score0.00365EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/02 5:42 a.m.•3 views

Mail app for iOS vulnerable to denial-of-service (DoS)

Overview Mail app for iOS provided by Apple contains a denial-of-service DoS vulnerability due to an issue in the handling of a maliciously crafted S/MIME signed message. Yukinobu Nagayasu of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.5CVSS6.2AI score0.00913EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/26 7:16 a.m.•3 views

Multiple vulnerabilities in OpenDolphin

Overview OpenDolphin provided by Life Sciences Computing Corporation contains multiple vulnerabilities listed below. Privilege escalation - CVE-2018-16161 Information disclosure CWE-200 - CVE-2018-16162 Restrict access permissions failure CWE-284 - CVE-2018-16163 Symantec Japan, Inc. Advisory...

9CVSS6.9AI score0.01317EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/12 5:44 a.m.•3 views

OpenAM (Open Source Edition) vulnerable to session management

Overview OpenAM Open Source Edition contains a vulnerability in session management. Yasushi Iwakata of Open Source Solution Technology Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user who c...

7.5CVSS6.7AI score0.01057EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/11 6:54 a.m.•3 views

Metabase vulnerable to cross-site scripting

Overview Metabase provided by Metabase, Inc. contains a reflected cross-site scripting vulnerability CWE-79. Yuuta Watanabe of STNet, Incorporated reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

6.1CVSS6AI score0.00842EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/09 7:27 a.m.•3 views

User-friendly SVN vulnerable to cross-site scripting

Overview User-friendly SVN provided by USVN Team contains a reflected cross-site scripting vulnerability CWE-79. Jun Okutsu of NTT TechnoCross Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6AI score0.00788EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/03 6:2 a.m.•3 views

The installer of Baidu Browser may insecurely load Dynamic Link Libraries

Overview Baidu Browser provided by Baidu, Inc. is a Web browser. The installer of Baidu Browser contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Asuka Nakajima of NTT Secure Platform Laboratories reported this vulnerability to IPA...

9.3CVSS7AI score0.00944EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/09/13 4:57 a.m.•3 views

Multiple FXC network devices vulnerable to cross-site scripting

Overview Multiple network devices provided by FXC Inc. contain a stored cross-site scripting vulnerability CWE-79. SUNAGAWA, Masanori of Japan Advanced Institute of Science and Technology Graduate School of Advanced Science and Technology Security and Networks reported this vulnerability to IPA...

4.8CVSS5.9AI score0.00523EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/08/31 6:48 a.m.•3 views

QNAP Photo Station vulnerable to cross-site scripting

Overview Photo Station provided by QNAP Systems, Inc. contains a reflected cross-site scripting vulnerability CWE-79. Mitsuaki Mitch Shiraishi of Secureworks Japan reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

6.1CVSS6AI score0.03122EPSS
Exploits5References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/08/22 8:11 a.m.•3 views

Path Traversal Vulnerability in Hitachi Automation Director

Overview A Path Traversal Vulnerability was found in Hitachi Automation Director. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.1CVSS6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/08/22 8:11 a.m.•3 views

Path Traversal Vulnerability in JP1/Automatic Operation

Overview A Path Traversal Vulnerability was found in JP1/Automatic Operation. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.1CVSS6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/08/17 4:49 a.m.•3 views

NoMachine App for Android vulnerable to environment variables alteration

Overview NoMachine App for Android contains an information alteration vulnerability. Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote attacker may alte...

9.8CVSS7.2AI score0.01652EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/08/03 6:4 a.m.•3 views

Multiple cross-site scripting vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in the UserGroup Management section of admin page CWE-79 - CVE-2018-0652 Stored cross-site scripting vulnerability in Wiki page view CWE-79 -...

6.4CVSS5.9AI score0.00899EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/23 5:28 a.m.•3 views

Installer of ChatWork Desktop App for Windows may insecurely load Dynamic Link Libraries

Overview Installer of ChatWork Desktop App for Windows provided by ChatWork Co,. LTD. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Hamasaki Hiroki of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC...

7.8CVSS6.8AI score0.00796EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/18 6:35 a.m.•3 views

Multiple vulnerabilities in ORCA(Online Receipt Computer Advantage)

Overview ORCAOnline Receipt Computer Advantage provided by ORCA Management Organization Co., Ltd contains vulnerabilities listed below. OS command injection CWE-78 - CVE-2018-0643 Buffer overflow CWE-119 - CVE-2018-0644 IoT x Security Hackathon 2016 all participants reported this vulnerability to...

7.4CVSS7.7AI score0.0101EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/17 3:27 a.m.•3 views

WordPress plugin "FV Flowplayer Video Player" vulnerable to cross-site scripting

Overview The WordPress plugin "FV Flowplayer Video Player" provided by Foliovision contains a cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

6.1CVSS6AI score0.01044EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/06 5:36 a.m.•3 views

The installers of multiple Logicool software programs may insecurely load Dynamic Link Libraries

Overview The installers of multiple software programs provided by Logicool Co. Ltd contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427 . Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinat...

7.8CVSS7.1AI score0.00882EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/02 6:22 a.m.•3 views

Multiple vulnerabilities in Calsos CSDX and CSDJ series products

Overview Calsos CSDX and CSDJ series products provided by NEC Platforms, Ltd. contain multiple vulnerabilities listed below. Access Restriction Bypass CWE-284 - CVE-2018-0613 Cross-site scripting CWE-79 - CVE-2018-0614 NEC Platforms, Ltd. reported this vulnerability to JPCERT/CC to notify users o...

8.8CVSS6.6AI score0.01078EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/06/27 5:44 a.m.•3 views

MemoCGI vulnerable to directory traversal

Overview MemoCGI provided by ChamaNet contains a directory traversal vulnerability CWE-22. Ikuo Shoji reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote attacker may view files on the server. Solution...

7.5CVSS6.7AI score0.0218EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/28 5:11 a.m.•3 views

WordPress plugin "Email Subscribers & Newsletters" vulnerable to cross-site scripting

Overview The WordPress plugin "Email Subscribers & Newsletters" provided by Icegram contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

6.1CVSS5.9AI score0.01224EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/10 4:44 a.m.•3 views

Multiple vulnerabilities in WordPress plugin "Ultimate Member"

Overview The WordPress plugin "Ultimate Member" provided by Ultimate Member contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2018-0585 Directory Traversal in the shortcodes function CWE-22 - CVE-2018-0586 Arbitrary File Upload CWE-434 - CVE-2018-0587 Directory...

7.5CVSS6.5AI score0.02598EPSS
Exploits0References18
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/09 6:38 a.m.•3 views

RT-AC68U vulnerable to cross-site scripting

Overview RT-AC68U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC68U contains a cross-site scripting vulnerability CWE-79. Yuto MAEDA of University of Tsukuba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.1CVSS6.1AI score0.00899EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/09 6:37 a.m.•3 views

RT-AC1200HP vulnerable to cross-site scripting

Overview RT-AC1200HP provided by ASUS Japan Inc. is a wireless LAN router. RT-AC1200HP contains a cross-site scripting vulnerability CWE-79. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securi...

6.1CVSS6AI score0.00899EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/09 6:37 a.m.•3 views

RT-AC87U vulnerable to cross-site scripting

Overview RT-AC87U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC87U contains a cross-site scripting vulnerability CWE-79. Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

6.1CVSS6.1AI score0.00899EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/27 5:15 a.m.•3 views

WordPress plugin "WP Google Map Plugin" vulnerable to cross-site scripting

Overview The WordPress plugin "WP Google Map Plugin" provided by Flipper Code contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6AI score0.01066EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/26 6:19 a.m.•3 views

Joruri Gw vulnerable to arbitrary file upload

Overview Joruri Gw provided by SiteBridge Inc. is groupware which runs on Ruby on Rails. Joruri Gw contains a vulnerability that may allow an attacker to upload arbitrary files CWE-434. Shoji Baba of Kobe Digital Labo, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

8.8CVSS7.9AI score0.01721EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/13 4:52 a.m.•3 views

Installer of SoundEngine Free may insecurely load Dynamic Link Libraries

Overview Installer of SoundEngine Free contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warni...

9.3CVSS6.9AI score0.01119EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/12 5:33 a.m.•3 views

Tenable Appliance vulnerable to cross-site scripting

Overview Tenable Appliance provided by Tenable, Inc. contains a stored cross-site scripting vulnerability CWE-79. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.4CVSS5.8AI score0.00521EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/12 5:27 a.m.•3 views

The installer of PhishWall Client Internet Explorer edition may insecurely load Dynamic Link Libraries

Overview PhishWall Client Internet Explorer edition provided by SecureBrain Corporation is anti-phishing and anti-MITB software. The installer of PhishWall Client Internet Explorer edition contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries...

9.3CVSS7AI score0.01119EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/09 5:27 a.m.•3 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. SQL injection in the application "Address" CWE-89 - CVE-2018-0530 Operation restriction bypass in the "Folder settings" CWE-264 - CVE-2018-0531 Operation restriction bypass in the setting of Login...

8.8CVSS7.2AI score0.01422EPSS
Exploits0References21
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/03/29 5:0 a.m.•3 views

LXR vulnerable to OS command injection

Overview LXR provided by LXR Project contains an OS command injection vulnerability CWE-78. Touma Hatano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact On a server where the product is running, a remote...

10CVSS7.6AI score0.03117EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/03/29 4:52 a.m.•3 views

Multiple vulnerabilities in WZR-1750DHP2

Overview WZR-1750DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. Missing Authentication for Critical Function CWE-306 - CVE-2018-0554 Buffer Overflow CWE-119 - CVE-2018-0555 OS Command Injection CWE-78 - CVE-2018-0556 Taizoh...

9.3CVSS7.9AI score0.01585EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/03/13 7:46 a.m.•3 views

ArsenoL vulnerable to cross-site scripting

Overview ArsenoL provided by FlaFla... is software that can be downloaded from the Internet. ArsenoL is a dictionay software that is placed on a website used to post words and their meanings. ArsenoL contains a cross-site scripting vulnerability CWE-79 where an arbitrary script may be executed wh...

6.1CVSS6AI score0.00746EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/03/13 7:43 a.m.•3 views

QQQ SYSTEMS vulnerable to cross-site scripting

Overview QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. QQQ SYSTEMS contains a stored cross-site scripting vulnerability CWE-79. When an administrative user of the software accesses a malicious page created by an attacker, an arbitrary script may be executed. Note...

8.2CVSS5.8AI score0.00746EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/03/08 5:10 a.m.•3 views

WordPress plugin "WP All Import" vulnerable to cross-site scripting

Overview The WordPress plugin "WP All Import" provided by Soflyy contains a reflected cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN33527174. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with...

6.1CVSS5.9AI score0.01537EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/03/08 5:10 a.m.•3 views

WordPress plugin "WP All Import" vulnerable to cross-site scripting

Overview The WordPress plugin "WP All Import" provided by Soflyy contains a cross-site scripting vulnerability CWE-79 in the file upload function. Note that this vulnerability is different from JVN60032768. Mardan Muhidin of Gehirn Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wi...

6.1CVSS6.1AI score0.01537EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/03/02 4:45 a.m.•3 views

Multiple vulnerabilities in Jubatus

Overview Jubatus provided by Jubatus Community contains multiple vulnerabilities listed below. Arbitrary code execution - CVE-2018-0524 Directory traversal CWE-22 - CVE-2018-0525 Symantec Japan, Inc. Advisory Services Team reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...

7.5CVSS8.2AI score0.02509EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/02/26 5:10 a.m.•3 views

Multiple vulnerabilities in WXR-1900DHP2

Overview WXR-1900DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. Missing Authentication for Critical Function CWE-306 - CVE-2018-0521 Buffer Overflow CWE-119 - CVE-2018-0522 OS Command Injection CWE-78 - CVE-2018-0523 Taizoh...

8.8CVSS7.8AI score0.01364EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/02/14 5:59 a.m.•3 views

XXE Vulnerability in Hitachi Device Manager

Overview An XXE XML External Entity Vulnerability was found in Hitachi Device Manager. This vulnerability only affects the Linux cluster environment. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section fo...

7.8CVSS6.5AI score
Exploits0References2
Total number of security vulnerabilities5000