5596 matches found
JVN#78356367: Multiple NTT EAST Home GateWay/Hikari Denwa routers fail to restrict access permissions
Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION fail to restrict access permissions CWE-451. Impact An attacker who identified WAN-side IPv6 address may access the product's Device Setting page via WAN-side. Solution Update the firmware Updat...
JVN#57749899: The installer of e-Tax software(common program) vulnerable to privilege escalation
The installer of e-Tax softwarecommon program provided by National Tax Agency contains a vulnerability which allows uploading a malicious DLL to be executed with higher privileges than that of an general user by altering registry CWE-268. Impact A malicious DLL prepared by an attacker may be...
Multiple vulnerabilities in TAKENAKA ENGINEERING digital video recorders
Overview Multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. contain multiple vulnerabilities listed below. Improper authentication CWE-287 - CVE-2024-41929 OS command injection CWE-78 - CVE-2024-43778 Hidden functionality CWE-912 - CVE-2024-47001 Yoshiki Mori, Ushimaru...
Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"
Overview WordPress plugin "Welcart e-Commerce" provided by Welcart Inc. contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2024-42404 Cross-site scripting CWE-79 - CVE-2024-45366 Shogo Kumamaru of LAC CyberLink Co., Ltd. reported this vulnerability to IPA. JPCERT/CC...
Assimp vulnerable to heap-based buffer overflow
Overview PlyLoader.cpp of Assimp provided by Open Asset Import Library contains a heap-based buffer overflow vulnerability CWE-122. Yuhei Kawakoya of NTT Security Holdings reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#19766555: Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"
WordPress plugin "Welcart e-Commerce" provided by Welcart Inc. contains multiple vulnerabilities listed below. SQL injection CWE-89 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.8 CVE-2024-42404 Cross-site scripting CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1...
JVN#42386607: Assimp vulnerable to heap-based buffer overflow
PlyLoader.cpp of Assimp provided by Open Asset Import Library contains a heap-based buffer overflow vulnerability CWE-122. Impact An attacker may execute arbitrary code by importing a specially crafted file into the product. Solution Update the Software Update the software to the latest version...
Falsification and eavesdropping of contents across multiple websites via Web Rehosting services
Overview Researchers at NTT Secure Platform Laboratories and Waseda University have identified multiple security issues that lead to content being tampered with and eavesdropped on a service called Web Rehosting. These issues have been published in NDSS 2020. "Web Rehosting" is the name of a grou...
Security Problem in Web Browser Permission Mechanism
Overview A research team of Waseda University and NTT Social Informatics Laboratories conducted a systematic analysis of the permission mechanisms of 5 different Operating Systems both mobile and desktop OS and 22 major browsers running on each OS. The results show that they have multiple problem...
Malleability attack against executables encrypted by CBC mode with no integrity check
Overview Researchers at NTT, University of Hyogo, and NEC have identified a security issue that leads to executing arbitrary code in executable files that are encrypted by CBC mode with no integrity check. This issue has been published in ACNS 2020 . There is a risk that an encrypted executable...
Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery
Overview Multiple Alps System Integration products and the OEM products contain a cross-site request forgery vulnerability CWE-352. Yoshiaki komeyama of KOBELCO SYSTEMS CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...
Pgpool-II vulnerable to information disclosure
Overview Pgpool-II is a cluster management tool. Pgpool-II contains an information disclosure vulnerability CWE-213 in its query cache function. PgPool Global Development Group reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and PgPool Global Development...
"@cosme" App fails to restrict custom URL schemes properly
Overview "@cosme" App provided by istyle Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Pantuhong Sorasiri of LAC Co., Ltd. reported this...
WordPress Plugin "Forminator" vulnerable to cross-site scripting
Overview WordPress Plugin "Forminator" provided by WPMU DEV assists building web forms. When accessing the page including the web form created with Forminator, some information from the URL may be embedded to the web form. This feature processes the embedded information improperly, leading to...
JVN#81570776: "@cosme" App fails to restrict custom URL schemes properly
"@cosme" App provided by istyle Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an...
JVN#65724976: WordPress Plugin "Forminator" vulnerable to cross-site scripting
WordPress Plugin "Forminator" provided by WPMU DEV assists building web forms. When accessing the page including the web form created with Forminator, some information from the URL may be embedded to the web form. This feature processes the embedded information improperly, leading to cross-site...
JVN#67456481: Pgpool-II vulnerable to information disclosure
Pgpool-II is a cluster management tool. Pgpool-II contains an information disclosure vulnerability CWE-213 in its query cache function. Impact If a database user access a query cache, table data unauthorized for the user may be retrieved. Solution Update the Software Apply the appropriate updates...
JVN#05579230: Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery
Multiple Alps System Integration products and the OEM products contain a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the software or apply the workaround Update the software to t...
Multiple products from KINGSOFT JAPAN vulnerable to path traversal
Overview KINGSOFT JAPAN, INC. provides Kingsoft Office Software's WPS Office and its related products localized for Japan. WPS Office and its related products provided by KINGSOFT JAPAN, INC. contain a path traversal vulnerability CWE-22, CVE-2024-7262, CVE-2024-7263 due to inadequate file path...
Secure Boot bypass Vulnerability in PRIMERGY
Overview PRIMERGY is an IA server provided by Fsas Technologies Inc. PRIMERGY contains a vulnerability where Secure Boot function is bypassed. This is due to a vulnerability called "PKFail" CVE-2024-8105, which was publicly disclosed by Binarly. Fsas Technologies Inc. reported this vulnerability ...
JVN#49873988: Secure Boot bypass Vulnerability in PRIMERGY
PRIMERGY is an IA server provided by Fsas Technologies Inc. PRIMERGY contains a vulnerability where Secure Boot function is bypassed. This is due to a vulnerability called "PKFail" CVE-2024-8105, which was publicly disclosed by Binarly. Impact The product's Secure Boot function may be bypassed an...
JVN#32529796: Multiple products from KINGSOFT JAPAN vulnerable to path traversal
KINGSOFT JAPAN, INC. provides Kingsoft Office Software's WPS Office and its related products localized for Japan. WPS Office and its related products provided by KINGSOFT JAPAN, INC. contain a path traversal vulnerability CWE-22, CVE-2024-7262, CVE-2024-7263 due to inadequate file path validation...
WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting
Overview The field labels in WordPress Plugin "Advanced Custom Fields" provided by WP Engine contains a cross-site scripting vulnerability CWE-79. Ryo Sotoyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
JVN#67963942: WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting
The field labels in WordPress Plugin "Advanced Custom Fields" provided by WP Engine contains a cross-site scripting vulnerability CWE-79. Impact If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the script ma...
Panasonic Control FPWIN Pro7 vulnerable to stack-based buffer overflow
Overview Control FPWIN Pro7 provided by Panasonic contains a stack-based buffer overflow vulnerability CWE-121, CVE-2024-7013. Michael Heinzl reported this vulnerability to the developer and coordinated. After the coordination was completed, Panasonic reported the case to JPCERT/CC to notify user...
IPCOM vulnerable to information disclosure
Overview SSL Accelerator/SSL-VPN Function of IPCOM provided by Fsas Technologies Inc. contains an information disclosure vulnerability due to observable timing discrepancy CWE-208. Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/...
Multiple vulnerabilities in WordPress plugin "Carousel Slider"
Overview WordPress plugin "Carousel Slider" provided by Sayful Islam contains 2 CSRF vulnerabilities listed below. Cross-site request forgery on Carousel image selection feature CWE-352 - CVE-2024-45269 Cross-site request forgery on Hero image selection feature CWE-352 - CVE-2024-45270 RyotaK of...
JVN#29238389: IPCOM vulnerable to information disclosure
SSL Accelerator/SSL-VPN Function of IPCOM provided by Fsas Technologies Inc. contains an information disclosure vulnerability due to observable timing discrepancy CWE-208. Impact Some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication...
JVN#25264194: Multiple vulnerabilities in WordPress plugin "Carousel Slider"
WordPress plugin "Carousel Slider" provided by Sayful Islam contains 2 CSRF vulnerabilities listed below. Cross-site request forgery on Carousel image selection feature CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2024-45269 Cross-site request forgery on Hero image...
WindLDR and WindO/I-NV4 store sensitive information in cleartext
Overview PLC programming software "WindLDR" and Operator Interfaces' Touchscreen Programming Software "WindO/I-NV4" provided by IDEC Corporation store sensitive information in cleartext form CWE-312. Yuki Meguro of Toinx Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
xfpt vulnerable to stack-based buffer overflow
Overview xfpt fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability CWE-121. Yuhei Kawakoya of NTT Security Holdings Corporation reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact When ...
JVN#08342147: WindLDR and WindO/I-NV4 store sensitive information in cleartext
PLC programming software "WindLDR" and Operator Interfaces' Touchscreen Programming Software "WindO/I-NV4" provided by IDEC Corporation store sensitive information in cleartext form CWE-312. Impact An attacker who obtained the product's project file may obtain user credentials of the PLC or...
Multiple vulnerabilities in ELECOM wireless LAN routers and access points
Overview Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site scripting vulnerability due to an improper processing of input values in easysetup.cgi and menu.cgi CWE-79 - CVE-2024-34577, CVE-2024-42412 Missing...
Authentication Bypass Vulnerability in Hitachi Ops Center Common Services
Overview Authentication bypass vulnerability exists in Hitachi Ops Center Common Services. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
JVN#24885537: Multiple vulnerabilities in ELECOM wireless LAN routers and access points
Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site scripting vulnerability due to an improper processing of input values in easysetup.cgi and menu.cgi CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score...
Unquoted Service Path in Hitachi Device Manager
Overview Hitachi Device Manager contain the following vulnerabilities: CVE-2024-5963: An unquoted executable path exists in Hitachi Device Manager Display new window Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor...
BUFFALO wireless LAN routers and wireless LAN repeaters vulnerable to OS command injection
Overview Wireless LAN routers and wireless LAN repeaters provided by BUFFALO INC. contain an OS command injection vulnerability CWE-78. Yoshiki Mori and Masaki Kubo of National Institute of Information and Communications Technology, Cybersecurity Research Laboratory reported this vulnerability to...
JVN#12824024: BUFFALO wireless LAN routers and wireless LAN repeaters vulnerable to OS command injection
Wireless LAN routers and wireless LAN repeaters provided by BUFFALO INC. contain an OS command injection vulnerability CWE-78. Impact If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS...
Multiple Safie products vulnerable to improper server certificate verification
Overview Multiple Safie products are vulnerable to improper server certificate verification CWE-295. The product can be operated via port 11029/TCP and Bluetooth, and its communications are AES encrypted. The product user can obtain the encryption key from the cloud server based on the...
Installer of Trend Micro Security 2020 (Consumer) may insecurely load Dynamic Link Libraries
Overview Installers of Trend Micro Security 2020 Consumer family may insecurely load Dynamic Link Libraries. Multiple products provided by Trend Micro Incorporated contain the DLL search path issue, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Trend Micro Incorporated...
JVN#83440451: Multiple Safie products vulnerable to improper server certificate verification
Multiple Safie products are vulnerable to improper server certificate verification CWE-295. The product can be operated via port 11029/TCP and Bluetooth, and its communications are AES encrypted. The product user can obtain the encryption key from the cloud server based on the device-specific...
Packetbeat vulnerable to denial-of-service (DoS)
Overview Packetbeat provided by Elastic contains a denial-of-service DoS vulnerability. Packetbeat provided by Elastic is a network packet analyzer. Packetbeat contains a flaw in processing the PostgreSQL handler CWE-129 . Impact Processing a specially crafted packet may lead to a denial-of-servi...
Multiple vulnerabilities in LogonTracer
Overview LogonTracer provided by JPCERT Coordination Center is a tool to investigate malicious Windows logon by visualizing and analyzing Windows event log. LogonTracer contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2018-16165 CVSS v3...
A vulnerability in TOYOTA MOTOR's DCU (Display Control Unit)
Overview TOYOTA MOTOR's DCU contains a vulnerability which is triggered by BlueBorne vulnerability. TOYOTA MOTER CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact An unauthenticated attacker may cause a denial of service DoS condition or...
Trend Micro Security (Consumer) Driver vulnerable to Out-of-bounds Read
Overview Trend Micro Security Consumer Driver is vulnerable to Out-of-bounds Read. Multiple products provided by Trend Micro Incorporated contain Out-of-bounds Read vulnerability CWE-125. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...
"Rakuten Ichiba App" fails to restrict custom URL schemes properly
Overview "Rakuten Ichiba App" provided by Rakuten Group, Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Shiga Takuma of BroadBand Security...
JVN#56648919: "Rakuten Ichiba App" fails to restrict custom URL schemes properly
"Rakuten Ichiba App" provided by Rakuten Group, Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to...
EL Injection Vulnerability in Hitachi Tuning Manager
Overview An EL Injection Vulnerability exists in Hitachi Tuning Manager. CVE-2024-5828:EL Injection Vulnerability in Hitachi Tuning Manager Display new window Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information'...
WAON service app for Android fails to verify SSL server certificates
Overview WAON service app for Android provided by AEON CO., LTD. fails to verify SSL server certificates. Gaku Taniguchi of RiskFinder,inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle...
Firmware update for RICOH JavaTM Platform resets the TLS configuration
Overview JavaTM Platform provided by Ricoh Company, Ltd. is the execution environment for firmware extensions of Ricoh MFPs and printers, providing TLS Transport Layer Security communication mechanism. When the firmware for JavaTM Platform is updated from Ver.12.89 or earlier versions to a newer...