Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/30 12:0 a.m.63 views

JVN#23389212: Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice may insecurely load Dynamic Link Libraries

Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the...

9.3CVSS7.7AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/03/18 12:0 a.m.63 views

JVN#01611135: VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability

The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability due to an issue in the processing directly after the SSH connection is established. Impact SSH access may become unavailable until the next reboot when receiving a specially crafted packet after a SSH...

6.8CVSS6.2AI score0.02614EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/12/22 12:0 a.m.63 views

JVN#25435092: Apache Struts vulnerable to cross-site scripting

Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts may create web applications that contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update t...

2.6CVSS8.9AI score0.33111EPSS
Exploits3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/12/11 12:0 a.m.62 views

JVN#34145838: Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series

HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contains multiple denial-of-service DoS vulnerabilities listed below. Denial-of-service DoS vulnerability in FTP service CWE-400 - CVE-2023-41963 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H|...

7.5CVSS7.9AI score0.00981EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/18 12:0 a.m.62 views

JVN#14706307: Multiple vulnerabilities in a-blog cms

a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2022-24374 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2| AV:N/AC:M/Au:S/C:N/I:P/A:N| Base Score: 3.5...

9.8CVSS7.4AI score0.01523EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/07 12:0 a.m.62 views

JVN#25850723: GU App for Android fails to restrict access permissions

GU App for Android provided by G.U. CO., LTD. contains an access restriction bypass issue CWE-939. The App launched by a Custom URL Scheme may lead an user to access an arbitrary URL. Impact A remote attacker may lead a user to access an arbitrary website via the vulnerable App. As a result, if t...

4.3CVSS4.5AI score0.00869EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/21 12:0 a.m.62 views

JVN#78254777: Installer of Overwolf may insecurely load Dynamic Link Libraries

Overwolf is a software framework for creating applications for games. The Overwolf Installer contains an issue with the DLL search path CWE-427, which may lead to insecurely loading Dynamic Link Libraries stored in the same directory where the installer resides. Impact Arbitrary code may be...

7.8CVSS7.7AI score0.00292EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/10 12:0 a.m.62 views

JVN#86438134: Multiple cross-site scripting vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters CWE-79 - CVE-2021-20672 Version| Vector| Score ---|---|--- CVSS v3|...

6.1CVSS5.8AI score0.00947EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/27 12:0 a.m.62 views

JVN#41853173: OS command injection vulnerability in multiple Infoscience Corporation log management tools

Infoscience Corporation's multiple log management tools provide an FTP upload function as one of the log collection methods, and is able to set to allow the adminitrators to accept FTP uploads. In a situation where the FTP upload function is enabled and there is a flaw of input value handling in...

9CVSS8.8AI score0.02156EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/05/22 12:0 a.m.62 views

JVN#67881316: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community is an opensource content management system. baserCMS contains multiple vulnerabilities listed below. Command injection CWE-94 - CVE-2018-0569 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L| Base Score: 6.3 CVS...

8.8CVSS7AI score0.01632EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/12/11 12:0 a.m.62 views

JVN#67389262: Qt for Android vulnerable to OS command injection

Qt for Android provided by The Qt Company contains an OS command injection vulnerability CWE-78. Impact A remote attacker may execute an arbitrary OS command. Solution Update the Software Update to the latest version of software according to the information provided by the developer. Apply the...

9.8CVSS9AI score0.01958EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/11/22 12:0 a.m.62 views

JVN#73141967: PWR-Q200 vulnerable to DNS cache poisoning attacks

PWR-Q200 provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION is a mobile WiFi router. PWR-Q200 is vulnerable to DNS cache poisoning attacks as DNS queries are done with a fixed source port CWE-330. Impact The DNS responses spoofed by a remote attacker may result in any device on the LAN...

7.5CVSS7.5AI score0.01323EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/10/11 12:0 a.m.62 views

JVN#14658424: Cybozu Office fails to restrict access permissions

Cybozu Office provided by Cybozu, Inc. fails to restrict access permissions CWE-284 due to an issue in "Cabinet" function. Impact A user who can login to Cybozu Office may perform arbitrary operations to the folder where the user does not have acces with its privilege. Solution Update the Softwar...

4.3CVSS4.6AI score0.00618EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/06 12:0 a.m.62 views

JVN#63249051: WordPress plugin "Shortcodes Ultimate" vulnerable to directory traversal

The WordPress plugin "Shortcodes Ultimate" contains a directory traversal vulnerability CWE-22 in the Examples page. Impact Arbitrary local files on the server may be accessed by a logged-in user. Solution Update the Software Update to the latest version according to the information provided by t...

5CVSS4.9AI score0.02571EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/12 12:0 a.m.63 views

JVN#56588965: Cybozu KUNAI for Android vulnerable to cross-site scripting

Cybozu KUNAI for Android is mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android contains a cross-site scripting vulnerability CWE-79 due to an issue in mobile view mode. Impact An arbitrary script may be executed on the user's web browser. Solution Update the...

6.1CVSS6AI score0.00762EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/09/03 12:0 a.m.62 views

JVN#24692261: hitSuji (rktSNS2) vulnetable to cross-site scripting

hitSuji rktSNS2 provided by rakuto.net is an open source SNS software. hitSuji rktSNS2 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Consider stop using hitSuji rktSNS2 0.2.2b Since the developer was unreachable,...

4.3CVSS6.1AI score0.0095EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/07/17 12:0 a.m.62 views

JVN#73568461: PHP for Windows vulnerable to OS command injection

PHP for Windows contains an OS command injection due to a processing flaw in the escapeshellarg function. Impact Specifying a specially crafted parameter in the escapeshellarg function may result in an arbitrary OS command being executed. Solution Apply the patch Apply the patch according to the...

10CVSS7.6AI score0.05999EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/02/15 12:0 a.m.62 views

JVN#02596643: 3DM (3ware Disk Manager) vulnerable to directory traversal

3DM provided by LSI is a software to manage a RAID controller. 3DM contains a directory traversal vulnerability. Impact A remote attacker may obtain arbitrary files. Solution Use 3DM2 The developer states that the development of 3DM is discontinued and there are no plans for 3DM to be modified. U...

5CVSS6.5AI score0.01854EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/07/09 12:0 a.m.62 views

JVN#33593387 KDDI sample CGI download program directory traversal vulnerability

A sample CGI download program is included with KDDI's EZFactory for downloading and saving data such as images and ringtones to EZweb compatible cellular phones. A directory traversal vulnerability exists in this program. Impact A remote anauthenticated attacker could access files on the server...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/07/09 12:0 a.m.61 views

JVN#81442045: Multiple vulnerabilities in multiple Webmin products

Multiple Webmin products contain multiple vulnerabilities listed below. sysinfo.cgi is vulnerable to cross-site scripting CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1 CVE-2024-36450 sessionlogin.cgi is vulnerable to cross-site scripting CWE-79...

8.8CVSS6.6AI score0.00569EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/24 12:0 a.m.61 views

JVN#86484824: SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)

Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service ReDoS vulnerability CWE-1333, CVE-2023-40599. This vulnerability is a similar issue as CVE-2023-32610 published on JVN on June 20, 2023, and was newly discovered in several Add-ons listed above. Impact A...

7.5CVSS7.3AI score0.01253EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/08/29 12:0 a.m.61 views

JVN#45473612: Multiple vulnerabilities in CentreCOM AR260S V2

CentreCOM AR260S V2 provided by Allied Telesis K.K. contains multiple vulnerabilities listed below. OS command injection vulnerability in GUI setting page CWE-78 - CVE-2022-35273 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

9.8CVSS9.3AI score0.01525EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/08 12:0 a.m.61 views

JVN#17482543: Multiple vulnerabilities in multiple ELECOM LAN routers

Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Hidden functionality CWE-912 - CVE-2022-21173 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2| AV:A/AC:L/Au:N/C:C/I:C/A:C| Base...

8.8CVSS6.8AI score0.00447EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/03 12:0 a.m.61 views

JVN#64064138: ATOM - Smart life App vulnerable to improper server certificate verification

ATOM - Smart life App provided by ATOM tech Inc. is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update the application to the latest version...

5.9CVSS5.3AI score0.00486EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/12/11 12:0 a.m.61 views

JVN#43969166: Apache Struts 2 vulnerable to remote code execution (S2-061)

Apache Struts 2 provided by The Apache Software Foundation contains a remote code execution vulnerability due to improper input validation CWE-20. Impact A remote attacker may execute arbitrary code. Solution Update the software Update the software to the latest version according to the informati...

9.8CVSS9.7AI score0.95922EPSS
Exploits11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/27 12:0 a.m.61 views

JVN#08386386: WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" vulnerable to cross-site scripting

The WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" provided by Webdados contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according t...

6.1CVSS6AI score0.01085EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/02 12:0 a.m.61 views

JVN#56132776: Multiple vulnerabilities in Jubatus

Jubatus provided by Jubatus Community contains multiple vulnerabilities listed below. Arbitrary code execution - CVE-2018-0524 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 5.6 CVSS v2| AV:N/AC:M/Au:N/C:P/I:P/A:P| Base Score: 6.8 Directory...

7.5CVSS6.9AI score0.02509EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/10/11 12:0 a.m.61 views

JVN#94056834: Installer of HIBUN Confidential File Viewer may insecurely load Dynamic Link Libraries and invoke executable files

Installer of HIBUN Confidential File Viewer provided by Hitachi Solutions, Ltd. contains an issue with the search path for DLL/executable files, which may lead to insecurely loading Dynamic Link Libraries and invoking executable files CWE-427. Impact Arbitrary code may be executed with the...

9.3CVSS7.8AI score0.01008EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/05/09 12:0 a.m.61 views

JVN#87760109: Nessus vulnerable to cross-site scripting

Nessus provided by Tenable Network Security, Inc. contains a stored cross-site scripting vulnerability CVE-2017-2122. An authenticated user may store crafted contents to Nessus. According to the developer, another stored cross-site scripting vulnerability CVE-2017-5179 was found and fixed in Ness...

5.4CVSS5.2AI score0.01252EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/12/20 12:0 a.m.61 views

JVN#27691264: Opera Mini / Opera Mobile for Android vulnerable in the WebView class

Opera Mini and Opera Mobile are web browsers for mobile devices. Opera Mini and Opera Mobile for Android contain a vulnerability in the WebView class. Impact If a user of the affected product uses another malicious Android application, information managed by the product may be disclosed. Solution...

4.3CVSS6.2AI score0.00893EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/05/13 12:0 a.m.60 views

JVN#28869536: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Improper handling of data in Mail CWE-231 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Base Score 4.9 CVE-2024-31397 CyVDB-3167 Improper restriction on the output of some API CWE-201...

9CVSS5.5AI score0.00504EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/04/05 12:0 a.m.60 views

JVN#82074338: Multiple vulnerabilities in NEC Aterm series

Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0 CVE-2024-28005 Exposure of Sensitive System Information to an Unauthorized Control...

9.8CVSS10AI score0.00743EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/06/27 12:0 a.m.60 views

JVN#38343415: Multiple vulnerabilities in Aterm series

Aterm series provided by NEC Corporation contain multiple vulnerabilities listed below. Directory traversal CWE-22 - CVE-2023-3330 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N| Base Score: 2.6 CVSS v2| AV:A/AC:M/Au:S/C:P/I:N/A:N| Base Score: 2.3...

7.2CVSS6.2AI score0.00713EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/06/27 12:0 a.m.60 views

JVN#97127032: WordPress Plugin "Snow Monkey Forms" vulnerable to directory traversal

WordPress Plugin "Snow Monkey Forms" provided by Monkey Wrench Inc. contains a directory traversal vulnerability CWE-22. Impact Arbitrary files on the server may be deleted by a remote attacker. Solution Update the plugin Update the plugin according to the information provided by the developer...

9.1CVSS9.2AI score0.01528EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/17 12:0 a.m.60 views

JVN#42866574: Multiple vulnerabilities in Sharp NEC Display Solutions' public displays

Multiple public displays provided by Sharp NEC Display Solutions, Ltd. contain multiple vulnerabilities listed below. Command Injection CWE-77 - CVE-2021-20698 Version| Vector| Score ---|---|--- CVSS v2| AV:N/AC:L/Au:N/C:C/I:C/A:C| Base Score:10.0 CVSS v3|...

10CVSS10AI score0.0166EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/12/18 12:0 a.m.60 views

JVN#94244575: Self-Extracting files created by multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries

Self-Extracting files created by multiple SEIKO EPSON products contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the Self-Extracting files. Solution Update t...

9.3CVSS7.7AI score0.00866EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/13 12:0 a.m.60 views

JVN#28806943: Multiple vulnerabilities in Movable Type

Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. HTML attribute value injection vulnerability CWE-74 - CVE-2020-5574 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N...

8.8CVSS7.3AI score0.01733EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 12:0 a.m.60 views

JVN#46471407: QQQ SYSTEMS vulnerable to cross-site scripting

QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. QQQ SYSTEMS contains a stored cross-site scripting vulnerability CWE-79. When an administrative user of the software accesses a malicious page created by an attacker, an arbitrary script may be executed. Impact Due to...

6.1CVSS6AI score0.00746EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/20 12:0 a.m.60 views

JVN#83834277: Multiple vulnerabilities in FS010W

FS010W provided by FUJI SOFT INCORPORATED is a WiFi router. FS010W contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2018-0519 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.3 CVSS v2|...

8.8CVSS7AI score0.00658EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/15 12:0 a.m.60 views

JVN#28865183: Insecure DLL Loading issue in multiple Trend Micro products

Multiple products provided by Trend Micro Incorporated contain an insecure DLL loading issue CWE-427. When invoking the installers of other applications while the concerned products are installed to the PC, the DLL placed in the same directory as the the installers of the other applications may b...

7CVSS6.9AI score0.01566EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/10/11 12:0 a.m.60 views

JVN#58909026: HIBUN Confidential File Decryption program may insecurely load Dynamic Link Libraries

HIBUN Confidential File Decryption program provided by Hitachi Solutions, Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privileges of the user running HIBUN Confidential File...

9.3CVSS7.6AI score0.01059EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/12 12:0 a.m.60 views

JVN#27198823: Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely invoke an executable file

Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency contains an issue with the search path for executable files, which may lead to insecurely invoking an executable file. Impact This vulnerability can be exploited when the following...

7.8CVSS7.8AI score0.01374EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/06/30 12:0 a.m.60 views

JVN#89379547: Apache Commons FileUpload vulnerable to denial-of-service (DoS)

Apache Commons FileUpload provided by the Apache Software Foundation contains a flaw when processing multi-part requests, which may lead to a denial-of-service DoS. Impact Processing a specially crafted request may result in the server's CPU resources to be exhausted. Solution Apply the update...

7.8CVSS6.8AI score0.35927EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/09/05 12:0 a.m.59 views

JVN#92720882: Multiple vulnerabilities in CGIs of PMailServer and PMailServer2

CGIs included with PMailServer and PMailServer2 provided by A.K.I Software contain multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-39223 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVS...

7.5CVSS8.2AI score0.00975EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/07/26 12:0 a.m.59 views

JVN#95727578: Fujitsu Real-time Video Transmission Gear "IP series" uses a hard-coded credentials

Real-time Video Transmission Gear "IP series" provided by Fujitsu Limited uses a hard-coded credentials CWE-798 . The product's credentials for factory testing may be obtained by reverse engineering and others. Impact An attacker who log in to the web interface using the obtained credentials may...

7.5CVSS7.4AI score0.0299EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/05/09 12:0 a.m.59 views

JVN#95792402: WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" vulnerable to cross-site scripting

WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" provided by Vektor,Inc. contain multiple cross-site scripting vulnerabilities CWE-79 listed below. Cross-site scripting vulnerability in Tag edit function - CVE-2023-27923 Version| Vector| Score ---|---|--- CVSS v3|...

5.4CVSS6.3AI score0.00613EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/01 12:0 a.m.59 views

JVN#57942445: EC-CUBE fails to restrict access permissions

EC-CUBE provided by EC-CUBE CO.,LTD. fails to restrict access permissions CWE-284 . Impact A remote attacker may obtain sensitive information. Solution Update the Softwere Update the software according to the information provided by the developer. The developer has released EC-CUBE 4.0.6-p1 that...

7.5CVSS7.4AI score0.02071EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/02 12:0 a.m.59 views

JVN#91691168: goo blog App fails to restrict custom URL schemes properly

goo blog App by NTT Resonant Incorporated provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-284 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an...

5.3CVSS5.1AI score0.00993EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/21 12:0 a.m.59 views

JVN#65733194: The installers of ScanSnap Manager may insecurely load Dynamic Link Libraries

The installers of ScanSnap Manager provided by FUJITSU LIMITED contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...

7.8CVSS7.8AI score0.0044EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/12/07 12:0 a.m.59 views

JVN#59779918: Apache Cordova Plugin camera vulnerable to information exposure

Apache Cordova Plugin camera is a plugin for Apache Cordova applications, which provides an API for taking pictures and for choosing images from the system image library. Vulnerable versions of Apache Cordova Plugin camera, when used in Android applications, use the external storage on the device...

3.3CVSS3.9AI score0.00732EPSS
Exploits0
Total number of security vulnerabilities5000