Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/06 5:33 a.m.•2 views

"direct" Desktop App for macOS fails to restrict access permissions

Overview "direct" Desktop App for macOS provided by L is B Corp. fails to restrict access permissions CWE-284. The access control mechanism provided by macOS "TCC Transparency Consent and Control" may be bypassed. Koh M. Nakagawa of FFRI Security, Inc. reported this vulnerability to IPA. JPCERT/C...

5.5CVSS6.5AI score0.00163EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/24 5:12 a.m.•2 views

SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)

Overview Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service ReDoS vulnerability CWE-1333, CVE-2023-40599. This vulnerability is a similar issue as CVE-2023-32610 published on JVN on June 20, 2023, and was newly discovered in several Add-ons listed above...

7.5CVSS6.7AI score0.00672EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/24 4:34 a.m.•2 views

"Skylark" App fails to restrict custom URL schemes properly

Overview "Skylark" App provided by SKYLARK HOLDINGS CO., LTD. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939, CVE-2023-40530, CVE-2024-54014 which may be exploited to direct the App to access any sites...

4.7CVSS6.6AI score0.0049EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/23 3:42 a.m.•2 views

Rakuten WiFi Pocket vulnerable to improper authentication

Overview Rakuten WiFi Pocket provided by Rakuten Mobile, Inc. is a mobile router. Management Screen of Rakuten WiFi Pocket contains an improper authentication vulnerability CWE-287. Sato Nobuhiro of Suzuki Motor Corporation and You Okuma of LAC Co., Ltd. reported this vulnerability to IPA...

5.4CVSS6.6AI score0.00276EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/22 8:35 a.m.•2 views

Multiple vulnerabilities in CBC digital video recorders

Overview Digital video recorders provided by CBC Co.,Ltd. contain multiple vulnerabilities listed below. Improper authentication CWE-287 - CVE-2023-38585 OS command injection CWE-78 - CVE-2023-40144 Hidden functionality CWE-912 - CVE-2023-40158 Yoshiki Mori, Ushimaru Hayato, Hiromu Kubiura and...

8.8CVSS8AI score0.01583EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/21 5:5 a.m.•2 views

WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting

Overview WordPress Plugin "Advanced Custom Fields" provided by WP Engine contains a cross-site scripting vulnerability CWE-79. Ryotaro Imamura of SB Technology Corp. and Satoo Nakano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.4CVSS6.1AI score0.0148EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/18 4:47 a.m.•2 views

Multiple vulnerabilities in Proself

Overview Proself provided by North Grid Corporation is an online storage server software. Proself contains multiple vulnerabilities listed below. Improper authentication CWE-287 - CVE-2023-39415 OS command injection CWE-78 - CVE-2023-39416 The developer states that attacks exploiting these...

7.5CVSS8.2AI score0.0087EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/07 8:39 a.m.•2 views

"FFRI yarai" and "FFRI yarai Home and Business Edition" handle exceptional conditions improperly

Overview "FFRI yarai" and "FFRI yarai Home and Business Edition" provided by FFRI Security, Inc. handle exceptional conditions improperly CWE-703. When the product's Windows Defender management feature is enabled, and Microsoft Defender detects some files matching specific conditions as a threat,...

4.3CVSS6.5AI score0.00285EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/03 4:42 a.m.•2 views

Multiple vulnerabilities in OMRON CX-Programmer

Overview CX-Programmer provided by OMRON Corporation contains multiple vulnerabilities listed below. Out-of-bounds read CWE-125 - CVE-2023-38746 Heap-based buffer overflow CWE-122 - CVE-2023-38747 Use after free CWE-416 - CVE-2023-38748 Michael Heinzl reported these vulnerabilities to JPCERT/CC...

7.8CVSS7.8AI score0.00223EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/27 9:12 a.m.•2 views

Fujitsu network devices Si-R series and SR-M series vulnerable to authentication bypass

Overview The web management interface of Fujitsu network devices Si-R series and SR-M series contains an authentication bypass vulnerability CWE-287,CVE-2023-38555. Katsuhiko Sato a.k.a. gorohkun of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer...

8.8CVSS6.9AI score0.00332EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/26 9:0 a.m.•2 views

Fujitsu Real-time Video Transmission Gear "IP series" uses a hard-coded credentials

Overview Real-time Video Transmission Gear "IP series" provided by Fujitsu Limited uses a hard-coded credentials CWE-798 . The product's credentials for factory testing may be obtained by reverse engineering and others. Fujitsu Limited reported this vulnerability to JPCERT/CC to notify users of i...

7.5CVSS6.6AI score0.0299EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/24 6:44 a.m.•2 views

Improper restriction of XML external entity references (XXE) in Applicant Programme

Overview Applicant Programme provided by The Ministry of Justice improperly restricts XML external entity references XXE CWE-611. Toyama Taku and Sakaki Ryutaro of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.5CVSS6.7AI score0.00195EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/21 6:2 a.m.•2 views

GBrowse vulnerable to unrestricted upload of files with dangerous types

Overview GBrowse provided by Generic Model Organism Database Project is a web-based genome browser. GBrowse allows the users to upload their own data in several file formats see "GBrowse User Uploads". The affected versions of GBrowse accept files with any formats uploaded CWE-434, and place them...

9.8CVSS7.8AI score0.00984EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/19 5:48 a.m.•2 views

File and Directory Permissions Vulnerability in Hitachi Command Suite

Overview A File and Directory Permissions Vulnerability CVE-2020-36695 exists in Hitachi Command Suite. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

7.8CVSS6.9AI score0.00148EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/18 6:22 a.m.•2 views

Improper restriction of XML external entity references (XXE) in XBRL data create application

Overview XBRL data create application provided by Financial Services Agency improperly restricts XML external entity references XXE CWE-611. Taku Toyama of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.5CVSS6.7AI score0.00195EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/11 6:37 a.m.•2 views

Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters

Overview Wireless LAN routers and wireless LAN repeaters provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2023-37560 Open Redirect CWE-601 - CVE-2023-37561 Cross-Site Request Forgery CWE-352 - CVE-2023-37562 Information disclosure CWE-20...

8.8CVSS7.1AI score0.00827EPSS
Exploits0References22
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/30 6:6 a.m.•2 views

"NewsPicks" App uses a hard-coded API key for an external service

Overview "NewsPicks" App for Android and "NewsPicks" App for iOS provided by NewsPicks, Inc. use a hard-coded API key for an external service CWE-798. Sunagawa Masanori of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

5.5CVSS6.4AI score0.00172EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/27 8:5 a.m.•2 views

WordPress Plugin "Snow Monkey Forms" vulnerable to directory traversal

Overview WordPress Plugin "Snow Monkey Forms" provided by Monkey Wrench Inc. contains a directory traversal vulnerability CWE-22. Shinsaku Nomura of Bitforest Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

9.1CVSS6.7AI score0.01528EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/22 6:49 a.m.•2 views

Multiple vulnerabilities in Pleasanter

Overview Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-32607 Directory traversal vulnerability CWE-22 - CVE-2023-32608 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities ...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/20 5:48 a.m.•2 views

SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)

Overview Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service ReDoS vulnerability CWE-1333. Tran Quang Vu of FPT Software reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

7.5CVSS6.7AI score0.01253EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/15 7:6 a.m.•2 views

Printer Driver Packager NX creates driver installation packages without modification detection

Overview Printer Driver Packager NX provided by Ricoh Company, Ltd. is a tool to create driver installation packages. A driver installation package is used to install and configure printer drivers on the target PCs. The installation and configuration of printer drivers require an administrative...

8.4CVSS6.6AI score0.00144EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/13 4:38 a.m.•2 views

Chatwork Desktop Application (Mac) vulnerable to code injection

Overview Chatwork Desktop Application Mac provided by Chatwork Co., Ltd. contains a code injection vulnerability CWE-94. Koh M. Nakagawa of FFRI Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

5.3CVSS7.2AI score0.00272EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/09 3:23 a.m.•2 views

Multiple vulnerabilities in Fuji Electric products

Overview Multiple vulnerabilities listed below exist in the simulator module and the remote monitoring software 'V-Server Lite' and 'V-Server' contained in the graphic editor 'V-SFT', and the remote monitoring software 'TELLUS' and 'TELLUS Lite' provided by FUJI ELECTRIC CO., LTD. Stack-based...

7.8CVSS7.7AI score0.00278EPSS
Exploits0References22
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/30 4:34 a.m.•2 views

Starlette vulnerable to directory traversal

Overview Starlette provided by Encode contains a directory traversal vulnerability CWE-22. Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Under certain conditions, a remote...

7.5CVSS6.7AI score0.02032EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/25 4:40 a.m.•2 views

Wacom Tablet Driver installer for macOS vulnerable to improper link resolution before file access

Overview Wacom Tablet Driver installer for macOS provided by Wacom contains an improper link resolution before file access vulnerability CWE-59. Koh M. Nakagawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

7.8CVSS7.4AI score0.00238EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/15 5:29 a.m.•2 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-3122 Denial-of-service DoS in Message CWE-400 - CVE-2023-26595 CyVDB-3142 Operation restriction bypass vulnerability in Message and Bulletin CWE-285 - CVE-2023-27304 CyVDB-3165 Operation...

6.5CVSS6.8AI score0.00534EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/12 7:42 a.m.•2 views

Beekeeper Studio vulnerable to code injection

Overview Beekeeper Studio provided by Beekeeper Studio, Inc. contains a code injection vulnerability CWE-74. Eiji Mori of Flatt Security Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote...

8.8CVSS7.7AI score0.01388EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/10 4:57 a.m.•2 views

Multiple vulnerabilities in MicroEngine Mailform

Overview MicroEngine Mailform provided by MicroEngine Inc. contains multiple vulnerabilities listed below. Unrestricted upload of file with dangerous type CWE-434 - CVE-2023-27397 Path traversal CWE-22 - CVE-2023-27507 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. and hibiki moriyama of...

9.8CVSS7.4AI score0.01281EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/09 5:42 a.m.•2 views

WordPress Plugin "Newsletter" vulnerable to cross-site scripting

Overview WordPress Plugin "Newsletter" provided by Stefano Lissa & The Newsletter Team contains a cross-site scripting vulnerability CWE-79. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated. JPCERT/CC published respective advisories in...

6.1CVSS6AI score0.01198EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/08 6:13 a.m.•2 views

JINS MEME CORE uses a hard-coded cryptographic key

Overview JINS MEME CORE provided by JINS Inc. is a nose pad type sensor attached to a glass frame. JINS MEME CORE uses a hard-coded cryptographic key CWE-321. MASAHIRO IIDA of LAC Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

6.5CVSS6.5AI score0.00279EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/24 4:41 a.m.•2 views

WordPress Plugin "Appointment and Event Booking Calendar for WordPress - Amelia" vulnerable to cross-site scripting

Overview WordPress Plugin "Appointment and Event Booking Calendar for WordPress - Amelia" provided by TMS contains a cross-site scripting vulnerability CWE-79. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated. The developer and JPCERT/...

6.1CVSS6AI score0.00508EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/17 5:19 a.m.•2 views

Joruri Gw vulnerable to cross-site scripting

Overview Joruri Gw provided by SiteBridge Inc. is groupware. Message Memo function of Joruri Gw contains a cross-site scripting vulnerability CWE-79. Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5.4CVSS6AI score0.0045EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/03/17 3:27 a.m.•2 views

TP-Link T2600G-28SQ uses vulnerable SSH host keys

Overview TP-Link layer-2 switch T2600G-28SQ uses vulnerable SSH host keys CWE-1391. Kuniyuki Hasegawa of VeriServe Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact The credential information for a...

5.7CVSS6.5AI score0.00265EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/02/22 6:16 a.m.•2 views

Multiple cross-site scripting vulnerabilities in SHIRASAGI

Overview SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability on Schedule function CWE-79 - CVE-2023-22425 Stored cross-site scripting vulnerability on Theme switching function CWE-79 - CVE-2023-22427 CVE-2023-22425 Ren...

5.4CVSS5.9AI score0.00831EPSS
Exploits2References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/25 5:28 a.m.•2 views

Improper restriction of XML external entity reference (XXE) vulnerability in OMRON CX-Motion Pro

Overview CX-Motion Pro provided by OMRON Corporation contains an improper restriction of XML external entity reference XXE vulnerability CWE-611. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If a user opens a specially crafted project...

5.5CVSS6.5AI score0.00211EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/23 7:35 a.m.•2 views

Pgpool-II vulnerable to information disclosure

Overview Pgpool-II is cluster management tool. Pgpool-II contains an information disclosure vulnerability CWE-200 in its watchdog function. Note that, only systems that meet all of the following setting requirements are affected by this vulnerability. Watchdog function is enabled usewatchdog = on...

6.5CVSS6.5AI score0.00704EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/17 5:17 a.m.•2 views

WordPress plugin "Welcart e-Commerce" vulnerable to directory traversal

Overview WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a directory traversal vulnerability CWE-22. Masato Ikeda of Mitsui Bussan Secure Directions, Inc. and Takeshi Suzuki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

7.5CVSS6.8AI score0.02941EPSS
Exploits2References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/12 6:53 a.m.•2 views

Active debug code vulnerability in OMRON CP1L-EL20DR-D

Overview Active debug code CWE-489 exists in CP1L-EL20DR-D provided by OMRON Corporation, which may lead to a command that is not specified in FINS protocol being executed without authentication. Georgy Kiguradze of Positive Technologies reported this vulnerability to JPCERT/CC. JPCERT/CC...

9.8CVSS7.8AI score0.0117EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/11 8:7 a.m.•2 views

OpenAM Web Policy Agent (OpenAM Consortium Edition) vulnerable to path traversal

Overview OpenAM Web Policy Agent OpenAM Consortium Edition provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability CWE-22. Furthermore, a crafted URL may be evaluated incorrectly. OpenAM Consortium reported this vulnerability to JPCERT/CC to notify users of...

7.5CVSS6.6AI score0.00722EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/06 5:57 a.m.•2 views

Digital Arts m-FILTER vulnerable to improper authentication

Overview m-FILTER provided by Digital Arts Inc. is an emaill security product. m-FILTER contains an improper authentication vulnerability CWE-287 when emails are being sent under certain conditions, and unintended emails may be sent by a remote attacker. Digital Arts Inc. states that attacks...

5.3CVSS7AI score0.00706EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/04 5:21 a.m.•2 views

Multiple vulnerabilities in Fuji Electric V-Server

Overview V-Server provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below. Stack-based Buffer ovewflow CWE-121 - CVE-2022-47908 Out-of-bounds Read CWE-125 - CVE-2022-41645 Out-of-bounds Write CWE-787 - CVE-2022-47317 Michael Heinzl reported these vulnerabilities to...

7.8CVSS7.5AI score0.00253EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/20 6:32 a.m.•2 views

Use-after-free vulnerability in Omron CX-Drive

Overview CX-Drive provided by Omron Corporation contains a use-after-free vulnerability CWE-416. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact By having a user to open a specially crafted file, arbitrary code may be executed. Solution...

7.8CVSS7.1AI score0.00237EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/11/10 4:40 a.m.•2 views

Aiphone Video Multi-Tenant System Entrance Stations vulnerable to information disclosure

Overview Video Multi-Tenant System Entrance Stations provided by AIPHONE CO., LTD. contain an information disclosure vulnerability CWE-200. Cameron Palmer of PROMON reported this vulnerability to Aiphone Co., Ltd. and coordinated. Aiphone Co., Ltd. and JPCERT/CC published respective advisories in...

6.5CVSS6.1AI score0.00295EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/11/08 6:7 a.m.•2 views

WordPress Plugin "Salon booking system" vulnerable to cross-site scripting

Overview WordPress Plugin "Salon booking system" contains a cross-site scripting vulnerability CWE-79. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6AI score0.00785EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/10/19 7:23 a.m.•2 views

Stack-based buffer overflow vulnerability in Yokogawa Test & Measurement WTViewerE

Overview WTViewerE provided by Yokogawa Test & Measurement Corporation contains a stack-based buffer overflow vulnerability CWE-121. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact Processing a long file name may cause the product to crash...

9.8CVSS7.1AI score0.00777EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/10/19 5:8 a.m.•2 views

Lemon8 App fails to restrict access permissions

Overview Lemon8 by ByteDance K.K. provides the function to access a requested URL using Custom URL Scheme/DeepLink. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Ryo Sato of BroadBand Security,Inc. reported this...

6.5CVSS6.6AI score0.00858EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/10/14 4:57 a.m.•2 views

Android App "IIJ SmartKey" vulnerable to information disclosure

Overview Android App "IIJ SmartKey" provided by Internet Initiative Japan Inc. contains an information disclosure vulnerability CWE-200. Naoaki Iwakiri reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Under...

7.5CVSS6.3AI score0.00608EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/10/11 8:2 a.m.•2 views

Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security agents for Windows

Overview Trend Micro Incorporated has released a security update for Trend Micro Deep Security and Cloud One - Workload Security agents for Windows. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Information disclosure due...

7.8CVSS6.7AI score0.00417EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/10/05 8:28 a.m.•2 views

Privilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenter

Overview A privilege escalation vulnerability CVE-2022-2637 exists in Hitachi Storage Plug-in for VMware vCenter. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and ta...

8.8CVSS7.1AI score0.00461EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/08/24 5:17 a.m.•2 views

Multiple vulnerabilities in PukiWiki

Overview PukiWiki provided by PukiWiki Development Team contains multiple vulnerabilities listed below. Path Traversal CWE-22 - CVE-2022-34486 Reflected Cross-site Scripting CWE-79 - CVE-2022-27637 Harold Kim reported these vulnerabilities to the developer and coordinated. After coordination was...

7.7CVSS6.8AI score0.01116EPSS
Exploits0References8
Total number of security vulnerabilities5000