Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/21 2:58 a.m.•4 views

Multiple vulnerabilities in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software

Overview AIPHONE IX SYSTEM is an IP Network Audio-Video Intercom and IXG SYSTEM is an IP-based Residential System. IX SYSTEM, IXG SYSTEM, and System Support Software contain multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2024-31408 Insufficiently protected credentials...

8CVSS7.7AI score0.01077EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/18 5:48 a.m.•2 views

N-LINE vulnerable to HTML injection

Overview N-LINE provided by NEUMANN CO.LTD. is an online learning management system for driving schools. N-LINE processes inputs with insufficient check CWE-94, and malicious inputs from an student's device may badly impact the instructor's screen. Ayato Shitomi of Fore-Z co.ltd reported this...

7.4CVSS6.8AI score0.00219EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/18 5:40 a.m.•4 views

MUSASI version 3 performing authentication on client-side

Overview MUSASI provided by NEUMANN CO.LTD. is an e-learning system for driving schools. MUSASI version 3 performs authentication within the client-side code CWE-603, and the client in pre-authentication state retrieves the credential information from the server just when a user ID is input. This...

7.5CVSS7AI score0.00425EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/18 12:0 a.m.•15 views

JVN#57285747: N-LINE vulnerable to HTML injection

N-LINE provided by NEUMANN CO.LTD. is an online learning management system for driving schools. N-LINE processes inputs with insufficient check CWE-94, and malicious inputs from an student's device may badly impact the instructor's screen. Impact Arbitrary code may be executed on the instructor's...

7.4CVSS7.1AI score0.00219EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/18 12:0 a.m.•13 views

JVN#31982676: MUSASI version 3 performing authentication on client-side

MUSASI provided by NEUMANN CO.LTD. is an e-learning system for driving schools. MUSASI version 3 performs authentication within the client-side code CWE-603, and the client in pre-authentication state retrieves the credential information from the server just when a user ID is input. This behavior...

7.5CVSS7.2AI score0.00425EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/18 12:0 a.m.•28 views

JVN#41397971: Multiple vulnerabilities in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software

AIPHONE IX SYSTEM is an IP Network Audio-Video Intercom and IXG SYSTEM is an IP-based Residential System. IX SYSTEM, IXG SYSTEM, and System Support Software contain multiple vulnerabilities listed below. OS command injection CWE-78 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0...

8CVSS8.2AI score0.01077EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/16 5:12 a.m.•3 views

SHIRASAGI vulnerable to path traversal

Overview SHIRASAGI provided by SHIRASAGI Project processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability CWE-22. Shogo Kumamaru of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.6CVSS6.7AI score0.01016EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/15 12:0 a.m.•15 views

JVN#58721679: SHIRASAGI vulnerable to path traversal

SHIRASAGI provided by SHIRASAGI Project processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability CWE-22. Impact When processing crafted HTTP requests, arbitrary files on the server may be retrieved. Solution Update the software Update the software to the latest...

8.6CVSS7.6AI score0.01016EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/11 5:13 a.m.•3 views

Multiple vulnerabilities in Exment

Overview Exment provided by Kajitori Co.,Ltd contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2024-46897 Stored Cross-site Scripting CWE-79 - CVE-2024-47793 CVE-2024-46897 masataka sato of Mitsui Bussan Secure Directions, Inc...

5.4CVSS6.6AI score0.00356EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/11 12:0 a.m.•32 views

JVN#74538317: Multiple vulnerabilities in Exment

Exment provided by Kajitori Co.,Ltd contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N Base Score 3.8 CVE-2024-46897 Stored Cross-site Scripting CWE-79...

5.4CVSS7.2AI score0.00356EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/10 5:57 a.m.•1 views

baserCMS plugin "BurgerEditor" vulnerable to directory listing

Overview baserCMS plugin "BurgerEditor" provided by D-ZERO CO.,LTD. contains a directory listing vulnerability CWE-548, CVE-2024-44807. If accessing a URL of the web site using the plugin that has a specific string added to the end, a list of uploaded files may be obtained. In addition, the...

5.3CVSS6.7AI score0.00474EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/10 12:0 a.m.•13 views

JVN#54676967: baserCMS plugin "BurgerEditor" vulnerable to directory listing

baserCMS plugin "BurgerEditor" provided by D-ZERO CO.,LTD. contains a directory listing vulnerability CWE-548, CVE-2024-44807. If accessing a URL of the web site using the plugin that has a specific string added to the end, a list of uploaded files may be obtained. In addition, the uploaded file...

5.3CVSS6.9AI score0.00474EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/03 4:42 a.m.•2 views

Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software

Overview Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below. Out-of-bounds write CWE-787 - CVE-2024-47134 Stack-based buffer overflow CWE-121 - CVE-2024-47135 Out-of-bounds read CWE-125 - CVE-2024-47136 Michael Heinzl reported...

7.8CVSS7.7AI score0.00298EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/01 8:51 a.m.•3 views

Apache Tomcat improper handling of TLS handshake process data

Overview Apache Tomcat provided by The Apache Software Foundation improperly handles TLS handshake process data, which may lead to a denial-of-service DoS condition CWE-770, CVE-2024-38286. The reporter, Ozaki of North Grid Corporation, reported this issue directly to and coordinated with the...

8.6CVSS6.6AI score0.01702EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/01 7:1 a.m.•5 views

Vulnerability in Cosminexus

Overview Vulnerability has been found in Cosminexus. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.5CVSS6.8AI score0.23072EPSS
Exploits1References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/01 5:14 a.m.•14 views

Insecure initial password configuration issue in SEIKO EPSON Web Config

Overview Web Config is software that allows users to check the status and change the settings of SEIKO EPSON products, e.g., printers and scanners, via a web browser. In the initial setting no administrative password is set, and when a user connects the device and configures Web Config settings f...

8.1CVSS7AI score0.00811EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/01 12:0 a.m.•14 views

JVN#72148744: Apache Tomcat improper handling of TLS handshake process data

Apache Tomcat provided by The Apache Software Foundation improperly handles TLS handshake process data, which may lead to a denial-of-service DoS condition CWE-770, CVE-2024-38286. Impact Denial-of-service DoS attacks may be conducted through TLS connection. Solution Update the software Update...

8.6CVSS7.3AI score0.01702EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/30 6:17 a.m.•2 views

RevoWorks Cloud vulnerable to unintended process execution

Overview RevoWorks Cloud provided by J's Communication Co., Ltd. is software to build a sandbox environment isolated from a client's local environment. In the sandbox environment, the product provides the function enabling execution of web browsers and detection and blocking of unauthorized...

7.8CVSS6.5AI score0.00173EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/30 5:15 a.m.•3 views

File Permissions Vulnerability in Hitachi Ops Center Common Services

Overview File permissions vulnerability exists in Hitachi Ops Center Common Services. CVE-2024-2819: File permission vulnerability in Hitachi Ops Center Common Services Display new window Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer ...

6.5CVSS6.8AI score0.00202EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/30 5:14 a.m.•3 views

Multiple vulnerabilities in Smart-tab

Overview Smart-tab provided by TECHNO SUPPORT COMPANY is a multi-functional guest room tablet system for hotels and other accommodation facilities. Smart-tab contains multiple vulnerabilities listed below. Active debug code CWE-489 - CVE-2024-41999 Plaintext storage of a password CWE-256 -...

6.8CVSS7.5AI score0.00261EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/30 3:46 a.m.•4 views

SNMP service is enabled by default in Sharp NEC Display Solutions projectors

Overview Multiple projectors provided by Sharp NEC Display Solutions, Ltd. are configured with SNMP service enabled by default, therefore can be accessed by specifying SNMP community name "public" CWE-1242 ,CVE-2024-7011. SNMP service configuration enable/disable cannot be changed on the manageme...

6.5CVSS6.6AI score0.00319EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/30 12:0 a.m.•8 views

JVN#39280069: RevoWorks Cloud vulnerable to unintended process execution

RevoWorks Cloud provided by J’s Communication Co., Ltd. is software to build a sandbox environment isolated from a client's local environment. In the sandbox environment, the product provides the function enabling execution of web browsers and detection and blocking of unauthorized processes...

7.8CVSS7.5AI score0.00173EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/30 12:0 a.m.•15 views

JVN#42445661: Multiple vulnerabilities in Smart-tab

Smart-tab provided by TECHNO SUPPORT COMPANY is a multi-functional guest room tablet system for hotels and other accommodation facilities. Smart-tab contains multiple vulnerabilities listed below. Active debug code CWE-489 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 6.8 CVE-2024-41999...

6.8CVSS5.5AI score0.00261EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/27 6:0 a.m.•3 views

MF Teacher Performance Management System vulnerable to cross-site scripting

Overview MF Teacher Performance Management System provided by Media Fusion Co.,Ltd. contains a cross-site scripting vulnerability CWE-79. Akira Sumiyoshi, Takuto Matsuhashi, Kei Watanabe, Akio Yamaguchi, Syunji Yazaki and Hideaki Tsuchiya of UEC-CSIRT, The University of Electro-Communications...

6.1CVSS6.2AI score0.00243EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/27 12:0 a.m.•11 views

JVN#21176842: MF Teacher Performance Management System vulnerable to cross-site scripting

MF Teacher Performance Management System provided by Media Fusion Co.,Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who accessed the website using the product. Solution Apply the Patch The developer has release...

6.1CVSS6.4AI score0.00243EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/24 7:12 a.m.•4 views

The installer of e-Tax software(common program) vulnerable to privilege escalation

Overview The installer of e-Tax softwarecommon program provided by National Tax Agency contains a vulnerability which allows uploading a malicious DLL to be executed with higher privileges than that of an general user by altering registry CWE-268. Takashi Yoshikawa of Mitsui Bussan Secure...

7.8CVSS6.7AI score0.00148EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/24 7:0 a.m.•2 views

Multiple NTT EAST Home GateWay/Hikari Denwa routers fail to restrict access permissions

Overview Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION fail to restrict access permissions CWE-451. Keishi Awata of logicalmixed reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.3CVSS6.6AI score0.00428EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/24 6:26 a.m.•5 views

Multiple vulnerabilities in PLANEX COMMUNICATIONS network devices

Overview Multiple network devices network cameras and a router provided by PLANEX COMMUNICATIONS INC. contain multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2024-45372 Cross-site scripting vulnerability in the web management page CWE-79 - CVE-2024-45836...

7.1CVSS6.6AI score0.00243EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/24 12:0 a.m.•17 views

JVN#57749899: The installer of e-Tax software(common program) vulnerable to privilege escalation

The installer of e-Tax softwarecommon program provided by National Tax Agency contains a vulnerability which allows uploading a malicious DLL to be executed with higher privileges than that of an general user by altering registry CWE-268. Impact A malicious DLL prepared by an attacker may be...

7.8CVSS7.5AI score0.00148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/24 12:0 a.m.•9 views

JVN#78356367: Multiple NTT EAST Home GateWay/Hikari Denwa routers fail to restrict access permissions

Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION fail to restrict access permissions CWE-451. Impact An attacker who identified WAN-side IPv6 address may access the product's Device Setting page via WAN-side. Solution Update the firmware Updat...

5.3CVSS5.1AI score0.00428EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/24 12:0 a.m.•17 views

JVN#81966868: Multiple vulnerabilities in PLANEX COMMUNICATIONS network devices

Multiple network devices network cameras and a router provided by PLANEX COMMUNICATIONS INC. contain multiple vulnerabilities listed below. Cross-site request forgery CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L Base Score 7.1 CVE-2024-45372 Cross-site scripting vulnerability in the web...

6.5CVSS6.8AI score0.00243EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/19 5:7 a.m.•5 views

Multiple vulnerabilities in TAKENAKA ENGINEERING digital video recorders

Overview Multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. contain multiple vulnerabilities listed below. Improper authentication CWE-287 - CVE-2024-41929 OS command injection CWE-78 - CVE-2024-43778 Hidden functionality CWE-912 - CVE-2024-47001 Yoshiki Mori, Ushimaru...

8.8CVSS7.8AI score0.00999EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/18 5:34 a.m.•4 views

Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"

Overview WordPress plugin "Welcart e-Commerce" provided by Welcart Inc. contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2024-42404 Cross-site scripting CWE-79 - CVE-2024-45366 Shogo Kumamaru of LAC CyberLink Co., Ltd. reported this vulnerability to IPA. JPCERT/CC...

8.8CVSS7.6AI score0.00482EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/18 5:20 a.m.•4 views

Assimp vulnerable to heap-based buffer overflow

Overview PlyLoader.cpp of Assimp provided by Open Asset Import Library contains a heap-based buffer overflow vulnerability CWE-122. Yuhei Kawakoya of NTT Security Holdings reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.4CVSS7.8AI score0.00273EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/18 12:0 a.m.•24 views

JVN#42386607: Assimp vulnerable to heap-based buffer overflow

PlyLoader.cpp of Assimp provided by Open Asset Import Library contains a heap-based buffer overflow vulnerability CWE-122. Impact An attacker may execute arbitrary code by importing a specially crafted file into the product. Solution Update the Software Update the software to the latest version...

8.4CVSS8.7AI score0.00273EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/18 12:0 a.m.•10 views

JVN#19766555: Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"

WordPress plugin "Welcart e-Commerce" provided by Welcart Inc. contains multiple vulnerabilities listed below. SQL injection CWE-89 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.8 CVE-2024-42404 Cross-site scripting CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1...

8.8CVSS8.9AI score0.00482EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/12 3:23 a.m.•4 views

Falsification and eavesdropping of contents across multiple websites via Web Rehosting services

Overview Researchers at NTT Secure Platform Laboratories and Waseda University have identified multiple security issues that lead to content being tampered with and eavesdropped on a service called Web Rehosting. These issues have been published in NDSS 2020. "Web Rehosting" is the name of a grou...

6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/11 9:19 a.m.•5 views

Security Problem in Web Browser Permission Mechanism

Overview A research team of Waseda University and NTT Social Informatics Laboratories conducted a systematic analysis of the permission mechanisms of 5 different Operating Systems both mobile and desktop OS and 22 major browsers running on each OS. The results show that they have multiple problem...

6.4AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/11 9:19 a.m.•3 views

Malleability attack against executables encrypted by CBC mode with no integrity check

Overview Researchers at NTT, University of Hyogo, and NEC have identified a security issue that leads to executing arbitrary code in executable files that are encrypted by CBC mode with no integrity check. This issue has been published in ACNS 2020 . There is a risk that an encrypted executable...

7.8AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/09 7:40 a.m.•3 views

Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery

Overview Multiple Alps System Integration products and the OEM products contain a cross-site request forgery vulnerability CWE-352. Yoshiaki komeyama of KOBELCO SYSTEMS CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...

6.5CVSS6.5AI score0.003EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/09 5:58 a.m.•3 views

Pgpool-II vulnerable to information disclosure

Overview Pgpool-II is a cluster management tool. Pgpool-II contains an information disclosure vulnerability CWE-213 in its query cache function. PgPool Global Development Group reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and PgPool Global Development...

7.5CVSS6.2AI score0.00528EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/09 5:20 a.m.•4 views

"@cosme" App fails to restrict custom URL schemes properly

Overview "@cosme" App provided by istyle Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Pantuhong Sorasiri of LAC Co., Ltd. reported this...

4.3CVSS6.7AI score0.00277EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/09 4:51 a.m.•4 views

WordPress Plugin "Forminator" vulnerable to cross-site scripting

Overview WordPress Plugin "Forminator" provided by WPMU DEV assists building web forms. When accessing the page including the web form created with Forminator, some information from the URL may be embedded to the web form. This feature processes the embedded information improperly, leading to...

6.1CVSS5.9AI score0.0041EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/09 12:0 a.m.•20 views

JVN#65724976: WordPress Plugin "Forminator" vulnerable to cross-site scripting

WordPress Plugin "Forminator" provided by WPMU DEV assists building web forms. When accessing the page including the web form created with Forminator, some information from the URL may be embedded to the web form. This feature processes the embedded information improperly, leading to cross-site...

6.1CVSS6.3AI score0.0041EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/09 12:0 a.m.•14 views

JVN#05579230: Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery

Multiple Alps System Integration products and the OEM products contain a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the software or apply the workaround Update the software to t...

6.5CVSS6.2AI score0.003EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/09 12:0 a.m.•12 views

JVN#67456481: Pgpool-II vulnerable to information disclosure

Pgpool-II is a cluster management tool. Pgpool-II contains an information disclosure vulnerability CWE-213 in its query cache function. Impact If a database user access a query cache, table data unauthorized for the user may be retrieved. Solution Update the Software Apply the appropriate updates...

7.5CVSS7.2AI score0.00528EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/09 12:0 a.m.•34 views

JVN#81570776: "@cosme" App fails to restrict custom URL schemes properly

"@cosme" App provided by istyle Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an...

4.3CVSS4.4AI score0.00277EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/06 6:7 a.m.•4 views

Multiple products from KINGSOFT JAPAN vulnerable to path traversal

Overview KINGSOFT JAPAN, INC. provides Kingsoft Office Software's WPS Office and its related products localized for Japan. WPS Office and its related products provided by KINGSOFT JAPAN, INC. contain a path traversal vulnerability CWE-22, CVE-2024-7262, CVE-2024-7263 due to inadequate file path...

9.3CVSS7AI score0.01773EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/06 5:39 a.m.•4 views

Secure Boot bypass Vulnerability in PRIMERGY

Overview PRIMERGY is an IA server provided by Fsas Technologies Inc. PRIMERGY contains a vulnerability where Secure Boot function is bypassed. This is due to a vulnerability called "PKFail" CVE-2024-8105, which was publicly disclosed by Binarly. Fsas Technologies Inc. reported this vulnerability ...

6.4CVSS6.6AI score0.0024EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/06 12:0 a.m.•32 views

JVN#32529796: Multiple products from KINGSOFT JAPAN vulnerable to path traversal

KINGSOFT JAPAN, INC. provides Kingsoft Office Software's WPS Office and its related products localized for Japan. WPS Office and its related products provided by KINGSOFT JAPAN, INC. contain a path traversal vulnerability CWE-22, CVE-2024-7262, CVE-2024-7263 due to inadequate file path validation...

9.3CVSS7.7AI score0.01773EPSS
Exploits0
Total number of security vulnerabilities5625