Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Sony mylo COM-2 does not verify server SSL certificate

Overview Sony mylo COM-2 contains a vulnerability where it does not verify the server certificate when connecting to a server via SSL/TLS. Sony mylo COM-2, a mobile terminal equipped with a web browser and media palyer, contains a vulnerability where it does not verify the server certificate when...

6.4CVSS6.4AI score0.01346EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Symantec Backup Exec for Windows Server ActiveX Control Multiple Buffer Overflow Vulnerabilities

Overview The PVATLCalendar.PVCalendar.1 pvcalendar.ocx ActiveX control, a scheduler component of the Media Server in Symantec Backup Exec for Windows Server BEWS, includes the insecure Save method that mishandles long strings assigned to various properties listed below, which can be exploited to...

9.3CVSS7.6AI score0.50419EPSS
Exploits8References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Microsoft Internet Explorer address bar spoofing vulnerability

Overview Microsoft Internet Explorer contains an address bar spoofing vulnerability. A remote attacker can cause a spoofed content to be displayed in a user's web browser window. The address bar and other parts of the trust user interface can be displayed in the context of a trusted site while th...

4.3CVSS6.7AI score0.19154EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Wiki clone products vulnerable to denial of service attacks

Overview Wiki clones allow a user via a web browser to edit documents on the web server. Some products of Wiki clones contain a vulnerability which consumes large amounts of CPU and memory resources when handling a particular request. Impact A remote attacker could execute a DoS denial of service...

5CVSS7AI score0.01566EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

ServerView cross-site scripting vulnerability

Overview ServerView, server-monitoring software included with Fujitsu servers, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...

4.3CVSS6.3AI score0.01275EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

04WebServer cross-site scripting vulnerability

Overview 04WebServer, open source web server software, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...

6.8CVSS6.3AI score0.01251EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Owl SQL injection vulnerability

Overview Owl, an open source document management and publishing system, contains an SQL injection vulnerability. Impact A remote attacker may modify or steal the database contents. Solution None...

7.5CVSS8AI score0.01308EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Cybozu products vulnerable to directory traversal

Overview Multiple Cybozu products contain a directory traversal vulnerability. Impact A remote authenticated attacker could read an arbitrary file on the server. The files that can be viewed by an attacker depend on the environment where the Cybozu products are installed. Solution None...

4CVSS6.9AI score0.01548EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Ichitaro buffer overflow vulnerability

Overview Ichitaro, word-processing software contains a buffer overflow vulnerability. Impact Arbitrary code could be executed on the Ichitaro user's PC, if the user opens a specially crafted Ichitaro file sent by a remote attacker. Solution...

5.1CVSS7.4AI score0.02911EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

NEC MultiWriter 1700C/7500C FTP server vulnerability

Overview NEC printers contain a vulnerability which allow connection to external FTP servers via the printer's internal FTP server. Although the printer's FTP server can connect to a target FTP server, it cannot send files to a target FTP server. Impact A remote attacker could possibly conduct a...

7.8CVSS7AI score0.01205EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Kahua vulnerable in allowing to share login sessions

Overview Kahua is an open source application development and runtime environment server. Kahua contains a vulnerability which allows the sharing of sessions among multiple applications which are referring to different user databases. Impact A remote attacker could possibly take over the user...

7.5CVSS6.9AI score0.0166EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Nucleus cross-site scripting vulnerability

Overview Nucleus, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the web browser of an administrator with Nucleus super-admin privilege. If session information from a cookie is leaked, an attacker could...

6.8CVSS6.1AI score0.01401EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

EC-CUBE cross-site scripting vulnerability

Overview EC-CUBE, an open source system for creating shopping websites, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution None...

4.3CVSS6.1AI score0.01262EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Chama Cargo cross-site scripting vulnerability

Overview Chama Cargo, a cgi program written in perl for creating shopping websites, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...

6.8CVSS6.3AI score0.014EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

SugarCRM cross-site scripting vulnerability

Overview SugarCRM, open source CRM Customer Relationship Management software, contains a cross-site scripting vulnerability. This vulnerability is different from JVN30144870. Impact An arbitrary script could be executed on the user's web browser where the user logged into SugarCRM. If an attacker...

6.8CVSS6AI score0.01386EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Shopping Basket Professional vulnerable to OS command injection

Overview Shopping Basket Professional provided by CGI RESCUE contains a vulnerability which allows a remote attacker to inject an arbitrary OS command as it does not properly validate input data. Impact A remote attacker could execute an arbitrary OS command on the server where Shopping Basket...

7.5CVSS7.2AI score0.01359EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone

Overview Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone My Computer zone. Impact An arbitrary script could be executed in an inappropriate security zone. Solution None...

7.5CVSS6.8AI score0.01688EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Interstage Application Server cross-site scripting vulnerability

Overview The Servlet Service for Interstage Business Application and the Servlet Service for Interstage Management Console may be referred to as "Servlet Service for Interstage Operation Management" in certain versions included in the Interstage product series from Fujitsu contain a cross-site...

4.3CVSS6.3AI score0.01551EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

MailDwarf cross-site scripting vulnerability

Overview MailDwarf is a mail form CGI provided by HTML Dwarf. MailDwarf contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution...

6.8CVSS6.1AI score0.01182EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Overlay Weaver cross-site scripting vulnerability

Overview Overlay Weaver is software for constructing and emulating overlay network. Overlay Weaver's DHT shell contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...

4.3CVSS6.3AI score0.01223EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Canon Network Camera Server VB100 Series vulnerable to cross-site scripting

Overview Canon Network Camera Server VB100 Series contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the camera server management screen. Solution None...

4.3CVSS6.3AI score0.01233EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Nessus report function vulnerable to arbitrary script execution

Overview Nessus scanning report in HTML format contains the target server's responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed on a user's web browser when the user views the report. Nessus, a vulnerability scanner from Tenable...

5.8CVSS6.7AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Shopping Basket Pro directory traversal vulnerability

Overview A directory traversal vulnerability exists in Shopping Basket Pro from CGI RESCUE. Shopping Basket Pro from CGI RESCUE is shopping cart software. A directory traversal vulnerability exists in Shopping Basket Pro. Impact A remote attacker could obtain a list of the file and directory name...

5CVSS6.9AI score0.01838EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Safari allows access from HTTP to HTTPS

Overview Apple Safari contains a vulnerability that allows a remote attacker to access HTTPS content via an HTTP session. Safari is a default web browser installed in Mac OS X and iPhone. Safari contains a vulnerability that allows a remote attacker to access web page contents protected by SSL/TL...

6.8CVSS6.5AI score0.02569EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•3 views

Lhaplus buffer overflow vulnerability

Overview Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user...

6.8CVSS8AI score0.03456EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/08 3:11 a.m.•2 views

Multiple Vulnerabilities in JP1/IT Desktop Management 2 and JP1/NETM/DM

Overview Multiple vulnerabilities have been found in JP1/IT Desktop Management 2 and JP1/NETM/DM. CVE-2025-65115:Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM CVE-2025-65116:Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM Impact...

9.8CVSS5.8AI score0.00613EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/04 1:40 a.m.•2 views

Canon IJ Scan Utility registers Windows services with unquoted file paths

Overview IJ Scan Utility provided by Canon Inc. contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2026-1585 Canon Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact A user may execute arbitrary code with SYSTEM...

8.4CVSS7.5AI score0.00119EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/08/27 6:13 a.m.•2 views

Multiple vulnerabilities in SS1

Overview SS1 provided by provided by DOS Co., Ltd. contains multiple vulnerabilities listed below. Inadequate encryption strength CWE-326 - CVE-2025-46409 Files or directories accessible to external parties CWE-552 - CVE-2025-52460 Incorrect permission assignment for critical resource CWE-732 -...

9.8CVSS7.7AI score0.00575EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/08/08 5:47 a.m.•2 views

Multiple vulnerabilities in Mubit Powered BLUE 870

Overview Powered BLUE 870 provided by Mubit co.,ltd. contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-54958 Path traversal CWE-22 - CVE-2025-54959 CVE-2025-54958 Yusuke SAKAI of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC...

6.3CVSS7.8AI score0.00826EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/07/16 4:54 a.m.•2 views

ZWX-2000CSW2-HN and ZWX-2000CS2-HN vulnerable to use of hard-coded credentials

Overview ZWX-2000CSW2-HN and ZWX-2000CS2-HN provided by ZEXELON CO., LTD. contain the following vulnerability. Use of Hard-coded Credentials CWE-798 - CVE-2025-53842 This vulnerability is caused by an insufficient fix for CVE-2024-39838 JVN70666401. Hiroki Sato of Institute of Science Tokyo...

6.8CVSS6.6AI score0.00193EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/07/07 7:26 a.m.•2 views

Heap-based buffer overflow vulnerability in V-SFT and TELLUS

Overview A heap-based buffer overflow vulnerability CWE-122 exists in VS6Sim.exe contained in V-SFT and TELLUS provided by FUJI ELECTRIC CO., LTD. - CVE-2025-50130 Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact Opening V9 files or X1 file...

8.4CVSS7.5AI score0.00191EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/07/07 7:4 a.m.•2 views

Windows shortcut following (.LNK) vulnerability in Trend Micro Security for Windows (CVE-2025-52521)

Overview Trend Micro Incorporated has released a security update for Trend Micro Security for Windows CVE-2025-52521. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact Arbitrary files or folders may be deleted due to a windows...

7.8CVSS6.9AI score0.00331EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/18 6:1 a.m.•2 views

+F FS010M vulnerable to OS command injection

Overview +F FS010M provided by FUJI SOFT INCORPORATED contains multiple OS command injection vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-24306 OS command injection CWE-78 - CVE-2025-25220 Takeshi Kuramori of National Institute of Information and Communications Technology,...

8.8CVSS7.6AI score0.01011EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/17 9:22 a.m.•2 views

Out-of-bounds read vulnerability in Cente middleware

Overview Some products in Cente middleware TCP/IP Network Series developed by DMG MORI Digital Co., LTD. and provided by NXTech Co., Ltd. treat TCP MSS option values improperly, leading to an out-of-bounds read vulnerability CWE-125, CVE-2025-23406. DMG MORI Digital Co., LTD. reported this...

5.3CVSS6.5AI score0.00373EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/06 9:27 a.m.•2 views

OMRON NJ/NX series vulnerable to path traversal

Overview Machine Automation Controller NJ/NX series provided by OMRON Corporation contain a path traversal vulnerability CWE-22, CVE-2024-12083. OMRON Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact An arbitrary file in the affected product...

6.6CVSS7.2AI score0.00637EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/04 4:58 a.m.•2 views

WordPress Plugin "Activity Log WinterLock" vulnerable to cross-site request forgery

Overview WordPress Plugin "Activity Log WinterLock" provided by SWIT contains a cross-site request forgery vulnerability CWE-352. KENJI YOSHIKAWA reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user vie...

4.3CVSS6.5AI score0.00164EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/29 5:57 a.m.•2 views

SXF Common Library vulnerable to improper input data handling

Overview SXF Common Library provided by General Incorporated Association OCF is vulnerable to improper input data handling CWE-237. Koh M. Nakagawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a produc...

3.3CVSS6.7AI score0.00153EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/12/25 2:28 a.m.•2 views

Trend Micro Deep Security 20.0 Agent (for Windows) vulnerable to uncontrolled search path element

Overview Trend Micro Incorporated has released the security updates for Deep Security 20.0 Agent for Windows that contains a fix for an uncontrolled search path element vulnerability CWE-427, CVE-2024-55955. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the...

7.3CVSS6.6AI score0.00133EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/12/17 6:23 a.m.•2 views

Authentication Bypass Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer

Overview Authentication bypass vulnerability exists in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official...

9.4CVSS6.8AI score0.00769EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/12/04 6:22 a.m.•2 views

Multiple vulnerabilities in I-O DATA routers UD-LT1 and UD-LT1/EX

Overview UD-LT1 and UD-LT1/EX provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2024-45841 OS Command Injection CWE-78 - CVE-2024-47133 Inclusion of Undocumented Features CWE-1242 - CVE-2024-52564 T...

7.5CVSS7.9AI score0.00904EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/11/29 5:42 a.m.•2 views

Multiple vulnerabilities in FUJI ELECTRIC products

Overview Multiple vulnerabilities listed below exist in the remote monitoring software 'TELLUS' and 'TELLUS Lite', and the simulator module and the remote monitoring software 'V-Server' and 'V-Server Lite' contained in the graphic editor 'V-SFT' provided by FUJI ELECTRIC CO., LTD. Multiple...

7.8CVSS7.7AI score0.00208EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/11/27 5:36 a.m.•2 views

HAProxy vulnerable to HTTP request/response smuggling

Overview HAProxy HTTP/3 implementation contains an issue on accepting malformed HTTP headers. When a request including malformed HTTP headers is forwarded to a HTTP/1.1 non-compliant back-end server, it is exploited to conduct an HTTP request/response smuggling attack CWE-444. Yuki Mogi of FFRI...

5.3CVSS6.5AI score0.01043EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/18 5:48 a.m.•2 views

N-LINE vulnerable to HTML injection

Overview N-LINE provided by NEUMANN CO.LTD. is an online learning management system for driving schools. N-LINE processes inputs with insufficient check CWE-94, and malicious inputs from an student's device may badly impact the instructor's screen. Ayato Shitomi of Fore-Z co.ltd reported this...

7.4CVSS6.8AI score0.00219EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/03 4:42 a.m.•2 views

Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software

Overview Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below. Out-of-bounds write CWE-787 - CVE-2024-47134 Stack-based buffer overflow CWE-121 - CVE-2024-47135 Out-of-bounds read CWE-125 - CVE-2024-47136 Michael Heinzl reported...

7.8CVSS7.7AI score0.00298EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/30 6:17 a.m.•2 views

RevoWorks Cloud vulnerable to unintended process execution

Overview RevoWorks Cloud provided by J's Communication Co., Ltd. is software to build a sandbox environment isolated from a client's local environment. In the sandbox environment, the product provides the function enabling execution of web browsers and detection and blocking of unauthorized...

7.8CVSS6.5AI score0.00173EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/24 7:0 a.m.•2 views

Multiple NTT EAST Home GateWay/Hikari Denwa routers fail to restrict access permissions

Overview Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION fail to restrict access permissions CWE-451. Keishi Awata of logicalmixed reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.3CVSS6.6AI score0.00428EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/30 5:56 a.m.•2 views

IPCOM vulnerable to information disclosure

Overview SSL Accelerator/SSL-VPN Function of IPCOM provided by Fsas Technologies Inc. contains an information disclosure vulnerability due to observable timing discrepancy CWE-208. Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/...

7.5CVSS6.2AI score0.00427EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/22 4:51 a.m.•2 views

Multiple Safie products vulnerable to improper server certificate verification

Overview Multiple Safie products are vulnerable to improper server certificate verification CWE-295. The product can be operated via port 11029/TCP and Bluetooth, and its communications are AES encrypted. The product user can obtain the encryption key from the cloud server based on the...

6.8CVSS7.1AI score0.0012EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/29 8:24 a.m.•2 views

SDoP contains a stack-based buffer overflow vulnerability.

Overview SDoP fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability CWE-121. Yuhei Kawakoya of NTT Security Holdings reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

8.8CVSS7.5AI score0.00567EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/26 4:55 a.m.•2 views

ORC vulnerable to stack-based buffer overflow

Overview ORC provided by GStreamer is typically used when developing GStreamer plugins. Stack-based buffer overflow vulnerability CWE-121 exists in orcparse.c of ORC. Yuhei Kawakoya of NTT Security Holdings reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7CVSS7.4AI score0.00379EPSS
Exploits0References6
Total number of security vulnerabilities5000