Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/01/13 6:21 a.m.•2 views

Label printers "TEPRA" PRO SR5900P / SR-R7900P vulnerable to insufficiently protected credentials

Overview Label printers "TEPRA" PRO SR5900P / SR-R7900P provided by KING JIM CO.,LTD. contain an insufficiently protected credentials vulnerability CWE-522. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

4.3CVSS6.5AI score0.00342EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/12/27 7:54 a.m.•2 views

Multiple vulnerabilities in IDEC PLCs

Overview Multiple PLCs provided by IDEC Corporation contain multiple vulnerabilities listed below. Unprotected transport of credentials CWE-523 - CVE-2021-37400 Plaintext storage of a password CWE-256 - CVE-2021-37401 Unprotected transport of credentials CWE-523 - CVE-2021-20826 Plaintext storage...

9.8CVSS7.2AI score0.0134EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/12/24 1:51 a.m.•2 views

Multiple vulnerabilities in multiple Yamaha routers

Overview Multiple routers provided by Yamaha Corporation contain multiple vulnerabilities listed below. Cross-site script inclusion CWE-829 - CVE-2021-20843 Improper neutralization of HTTP request headers for scripting syntax CWE-644 - CVE-2021-20844 Shoji Baba of IERAE SECURITY INC. reported the...

5.7CVSS6.8AI score0.00926EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/12/22 6:7 a.m.•2 views

Android Apps developed using Yappli fails to restrict custom URL schemes properly

Overview Yappli provided by Yappli, Inc. is an application development platform. Android Apps that are developed with Yappli provide the function to access a requested URL using Custom URL Scheme. The access to the function is not restricted properly CWE-939 which may be exploited to direct the A...

8.1CVSS6.4AI score0.00842EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/12/20 5:53 a.m.•2 views

Multiple vulnerabilities in GroupSession

Overview GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2021-20874 Open redirect CWE-601 - CVE-2021-20875 Path Traversal CWE-22 - CVE-2021-20876 CVE-2021-20874 TAKUMA SHIGA...

7.5CVSS6.7AI score0.01296EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/11/24 6:47 a.m.•2 views

PowerCMS XMLRPC API vulnerable to OS command injection

Overview PowerCMS XMLRPC API provided by Alfasado Inc. contains an OS command injection vulnerability CWE-78. Alfasado Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Alfasado Inc. coordinated under the Information Security Early Warning...

9.8CVSS7.6AI score0.01486EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/11/16 4:38 a.m.•2 views

rwtxt vulnerable to cross-site scripting

Overview rwtxt provided by Zack Scholl is a light-weight content management system CMS that enables to share and/or view any text saved online. rwtxt contains a cross-site scripting vulnerability CWE-79. Ito Reo of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/C...

6.1CVSS5.9AI score0.00877EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/11/10 5:26 a.m.•2 views

WordPress Plugin "Booking Package - Appointment Booking Calendar System" vulnerable to cross-site scripting

Overview WordPress Plugin "Booking Package - Appointment Booking Calendar System" provided by Saasproject contains a cross-site scripting vulnerability CWE-79 due to the flaw in handling some URL query parameters. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IP...

6.1CVSS6AI score0.01243EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/11/05 6:4 a.m.•2 views

File Permission Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center

Overview A file permission vulnerability was found in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for...

6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/10/29 6:11 a.m.•2 views

Android App "Mercari (Merpay) - Marketplace and Mobile Payments App" (Japan version) vulnerable to improper handling of Intent

Overview Android App "Mercari Merpay - Marketplace and Mobile Payments App" Japan version provided by Mercari, Inc. is vulnerable to improper handling of Intent CWE-939. RyotaK reported this vulnerability to Mercari, Inc. and Mercari, Inc. reported it to JPCERT/CC to disclose the vulnerability...

7.5CVSS6.6AI score0.01329EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/10/26 3:35 a.m.•2 views

Trend Micro Endpoint security products for enterprises vulnerable to privilege escalation

Overview Trend Micro Incorporated has released security updates for Endpoint security products for enterprises. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact An attacker may obtain administrative privileges and an arbitrary...

6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/10/08 5:32 a.m.•2 views

Nike App fails to restrict custom URL schemes properly

Overview Nike App by Nike, Inc. provides the function to access a requested URL using Custom URL Scheme. The app does not restrict access to the function properly CWE-939 which may be exploited to direct the app to access any sites. Impact A remote attacker may lead a user to access an arbitrary...

6.1CVSS6.7AI score0.01157EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/10/05 6:37 a.m.•2 views

Information Disclosure Vulnerability in Hitachi Tuning Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer

Overview Hitachi Tuning Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer contains information disclosure vulnerability. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section...

6.3AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/09/28 6:11 a.m.•2 views

WordPress Plugin "OG Tags" vulnerable to cross-site request forgery

Overview WordPress Plugin "OG Tags" provided by Mario Valney contains a cross-site request forgery vulnerability CWE-352. Ryota Nakazato of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported and coordinated with the developer to fix...

8.8CVSS6.6AI score0.00716EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/09/28 5:27 a.m.•2 views

InBody App vulnerable to information disclosure

Overview InBody App provided by InBody Japan Inc. works with the household body composition analyzer InBody Dial manufactured and sold by InBody Japan Inc., and as a part of its functions, it manages and stores data such as weight, BMI, skeletal muscle mass, and fat mass measured by InBody Dial...

5.3CVSS6.2AI score0.00753EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/09/13 5:24 a.m.•2 views

EC-CUBE plugin "List (order management) item change plug-in" vulnerable to cross-site scripting

Overview EC-CUBE plugin "List order management item change plug-in" provided by shiro8 Co., Ltd. contains a cross-site scripting vulnerability CWE-79. shiro8 Co., Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and shiro8 Co., Ltd. coordinated under...

6.1CVSS6AI score0.00733EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/09/10 6:44 a.m.•2 views

Multiple vulnerabilities in RevoWorks Browser

Overview RevoWorks Browser provided by J's Communication Co., Ltd. is a virtual browser which enables internet isolation. It provides the function that enables access to drives, folders, files, and registries under the isolated environment from the local environment when running the web browser...

9.6CVSS7.2AI score0.01222EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/08/19 6:1 a.m.•2 views

Incorrect permission assignment vulnerability in multiple Trend Micro Endpoint security products for enterprises

Overview Trend Micro Incorporated has released a security update for multiple Endpoint security products for enterprises. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. Impact A local authenticated attacker may escalate privileges a...

6.7AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/08/17 5:24 a.m.•2 views

Huawei EchoLife HG8045Q vulnerable to OS command injection

Overview EchoLife HT8045Q provided by Huawei is an ONT Optical Network Terminal device. It is equipped with the command line interface for network operators' maintenance purpose, which is disabled by default. When the command line interface is enabled, operators can interact with a certain...

7.7CVSS6.9AI score0.00347EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/08/17 5:9 a.m.•2 views

Multiple vulnerabilities in D-Link router DSL-2750U

Overview D-Link router DSL-2750U is vulnerable to unauthorized configuration modification CWE-15, CVE-2021-3707 and OS command injection CWE-78, CVE-2021-3708. Mohammed Hadi reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An unauthenticated attacker on t...

8.8CVSS7.5AI score0.24563EPSS
Exploits2References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/08/10 5:40 a.m.•2 views

WordPress Plugin "Quiz And Survey Master" vulnerable to cross-site scripting

Overview WordPress Plugin "Quiz And Survey Master" provided by ExpressTech contains a cross-site scripting vulnerability CWE-79 due to the flow in handling some URL query parameters. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated on...

6.1CVSS6AI score0.03515EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/07/09 5:40 a.m.•2 views

voidtools "Everything" vulnerable to HTTP header injection

Overview The HTTP server of Everything provided by voidtools contains an HTTP header injection vulnerability CWE-644. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact On the web browser of a...

6.1CVSS7AI score0.01118EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/07/07 4:16 a.m.•2 views

GU App for Android fails to restrict access permissions

Overview GU App for Android provided by G.U. CO., LTD. contains an access restriction bypass issue CWE-939. The App launched by a Custom URL Scheme may lead an user to access an arbitrary URL. Nao Komatsu of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...

4.3CVSS6.7AI score0.00869EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/07/06 5:50 a.m.•2 views

WordPress Plugin "WordPress Email Template Designer - WP HTML Mail" vulnerable to cross-site request forgery

Overview WordPress Plugin "WordPress Email Template Designer - WP HTML Mail" provided by codemiq contains a cross-site request forgery vulnerability CWE-352. Konan Nagashima of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this...

8.8CVSS6.4AI score0.0087EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/06/22 6:6 a.m.•2 views

Inkdrop vulnerable to OS command injection

Overview Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains an OS command injection vulnerability CWE-78. Eiji Mori of Flatt Security Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

9.3CVSS7.8AI score0.00964EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/06/22 6:6 a.m.•2 views

WordPress plugin "Fudousan plugin" series vulnerable to cross-site scripting

Overview Some of WordPress plugin "Fudousan plugin" series provided by nendeb contain a cross-site scripting vulnerability CWE-79. Yu Iwama of Secure Sky Technology Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.4CVSS6AI score0.00989EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/06/18 6:45 a.m.•2 views

Hitachi Virtual File Platform vulnerable to OS command injection

Overview Hitachi Virtual File Platform provided by Hitachi contains an OS command injection vulnerability CWE-78 due to a flaw in processing parameters of the HTTP requests. Hiroki MATSUKUMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

9CVSS7.6AI score0.0311EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/06/17 6:11 a.m.•2 views

Hitachi Application Server Help vulnerable cross-site scripting

Overview Hitachi Application Server Help contains a cross-site scripting vulnerability CWE-79. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrar...

6.1CVSS6AI score0.00754EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/05/21 6:38 a.m.•2 views

Multiple cross-site scripting vulnerabilities in multiple PHP Factory products

Overview Multiple products provided by PHP Factory contain multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability CWE-79 - CVE-2021-20723 Reflected cross-site scripting vulnerability in the admin page CWE-79 - CVE-2021-20724 Reflected cross-site...

6.1CVSS6.5AI score0.00777EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/05/21 5:21 a.m.•2 views

QND vulnerable to privilege escalation

Overview QND provided by QualitySoft Corporation contains a privilege escalation vulnerability CWE-268. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. RedTeam reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

7.8CVSS6.7AI score0.0022EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/04/28 7:15 a.m.•2 views

Multiple Buffalo network devices contain hidden functionality

Overview Multiple network devices provided by BUFFALO INC. contain hidden functionality CWE-912 that allows an attacker to enable the debug option. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact A network-adjacent attacker...

10CVSS7.4AI score0.03179EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/04/14 8:22 a.m.•2 views

Gurunavi Apps fail to restrict access permissions

Overview Gurunavi Apps provided by Gurunavi, Inc. implement the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute an access...

7.5CVSS6.9AI score0.01148EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/04/13 7:46 a.m.•2 views

Information Disclosure Vulnerability in Cosminexus

Overview An Information Disclosure Vulnerability was found in Cosminexus. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

6.4AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/03/26 5:25 a.m.•2 views

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Improper Neutralization of JavaScript input in the page editing function CWE-79 - CVE-2021-20681 OS command injection CWE-78 - CVE-2021-20682 Improper Neutralization of JavaScript input in the...

9CVSS7.5AI score0.02475EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/03/25 8:52 a.m.•2 views

Click Ranker vulnerable to cross-site scripting

Overview Click Ranker contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of user who accesses a page ranking screen. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January...

6.1CVSS6.1AI score0.00756EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/03/25 8:50 a.m.•2 views

Kagemai vulnerable to cross-site request forgery

Overview Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a cross-site request forgery vulnerability CWE-352 which allows unintended operations if a user with an administrative privileg...

8.8CVSS6.5AI score0.00558EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/02/24 6:20 a.m.•2 views

Multiple cross-site scripting vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability in Role authority setting screen CWE-79 - CVE-2021-20663 Cross-site scripting vulnerability in Asset registration screen CWE-79 - CVE-2021-20664...

6.1CVSS6.3AI score0.0081EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/02/01 7:49 a.m.•2 views

Vulnerability in JP1/VERITAS

Overview A vulnerability exists in JP1/VERITAS. Impact Regerding the impact df the vulnerablilty, please refer to the ventor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

6.9AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/01/27 8:38 a.m.•2 views

Android App "ELECOM File Manager" vulnerable to directory traversal

Overview Android App "ELECOM File Manager" provided by ELECOM CO.,LTD. contains a directory traversal vulnerability CWE-22 due to a flaw in the processing of the filenames when extracting the compressed files. Ryohei Koike reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...

9.1CVSS7AI score0.01871EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/18 7:47 a.m.•2 views

Self-Extracting files created by multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries

Overview Self-Extracting files created by multiple SEIKO EPSON products contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...

9.3CVSS7AI score0.00866EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/15 6:41 a.m.•2 views

Multiple vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Denial-of-service DoS due to improper verification of input values CWE-400 - CVE-2020-5682 Directory traversal due to improper verification of uploaded files CWE-22 - CVE-2020-5683 These vulnerabilities were...

7.5CVSS6.7AI score0.02982EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/10 6:21 a.m.•2 views

FileZen vulnerable to directory traversal

Overview FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains a directory traversal vulnerability CWE-22. Soliton Systems K.K. reported this vulnerability to IPA to notify users of its solution through JVN...

10CVSS7.3AI score0.05009EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/07 7:34 a.m.•2 views

Apache Cordova Plugin camera vulnerable to information exposure

Overview Apache Cordova Plugin camera is a plugin for Apache Cordova applications, which provides an API for taking pictures and for choosing images from the system image library. Vulnerable versions of Apache Cordova Plugin camera, when used in Android applications, use the external storage on t...

4.3CVSS6.9AI score0.00732EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/24 5:32 a.m.•2 views

NETGEAR GS108Ev3 vulnerable to cross-site request forgery

Overview GS108Ev3 switching hub provided by NETGEAR contains a cross-site request forgery vulnerability CWE-352. Yuta Ikegami reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user views a malicious page...

6.5CVSS6.5AI score0.00628EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/12 5:58 a.m.•2 views

MELSEC iQ-R Series CPU Modules vulnerable to uncontrolled resource consumption

Overview MELSEC iQ-R series CPU modules provided by Mitsubishi Electric Corporation contain an uncontrolled resource consumption vulnerability CWE-400. According to the developer, in case of "To Use or Not to Use Web Server Settings" in the parameter of CPU modules are set to "Not Use", this issu...

7.5CVSS6.8AI score0.08397EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/10/05 6:33 a.m.•2 views

OS command injection vulnerability in multiple ELECOM LAN routers

Overview Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability CWE-78. Katsuhiko Satoa.k.a. gorohkun of 00One, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

8.8CVSS7.7AI score0.00614EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/09/28 9:10 a.m.•2 views

CMONOS.JP vulnerable to cross-site scripting

Overview CMONOS.JP provided CMONOS Co. Ltd. is a content management system CMS. CMONOS.JP contains a stored cross-site scripting vulnerability CWE-79. stypr of Flatt Security Inc. reported this vulnerability to the developer and coordinated on his own. After coordination was completed, this case...

6.1CVSS5.9AI score0.0103EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/08/31 6:10 a.m.•2 views

CLUSTERPRO X and EXPRESSCLUSTER X vulnerable to XML external entity injection (XXE)

Overview CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain an XML external entity injection XXE vulnerability CWE-611. NEC Corporation reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Corporation coordinated under the Informatio...

7.5CVSS7.3AI score0.73962EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/08/31 5:41 a.m.•2 views

"Shadankun Server Security Type" vulnerable to denial-of-service (DoS)

Overview "Shadankun Server Security Type" provided by Cyber Security Cloud , Inc. contains a denial-of-service DoS vulnerability. When "Rule id"s assigned by the product's internal script overlap, it would not be able to add newly detected attack source IP addresses as the blocking targets CWE-70...

7.5CVSS6.7AI score0.01296EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/08/25 4:59 a.m.•2 views

Apache Struts 2 vulnerable to denial-of-service (DoS)

Overview Apache Struts 2 provided by The Apache Software Foundation contains a denial-of-service DoS vulnerability CWE-400. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

7.5CVSS6.6AI score0.68761EPSS
Exploits0References6
Total number of security vulnerabilities5000