Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/26 4:55 a.m.•2 views

ORC vulnerable to stack-based buffer overflow

Overview ORC provided by GStreamer is typically used when developing GStreamer plugins. Stack-based buffer overflow vulnerability CWE-121 exists in orcparse.c of ORC. Yuhei Kawakoya of NTT Security Holdings reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7CVSS7.4AI score0.00379EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/26 12:0 a.m.•16 views

JVN#02030803: ORC vulnerable to stack-based buffer overflow

ORC provided by GStreamer is typically used when developing GStreamer plugins. Stack-based buffer overflow vulnerability CWE-121 exists in orcparse.c of ORC. Impact If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on t...

7CVSS7AI score0.00379EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/18 4:44 a.m.•3 views

Assimp vulnerable to heap-based buffer overflow

Overview Assimp provided by Open Asset Import Library contains a heap-based buffer overflow vulnerability CWE-122. Yuhei Kawakoya of NTT Security Holdings reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

8.4CVSS7.8AI score0.00281EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/18 12:0 a.m.•19 views

JVN#87710540: Assimp vulnerable to heap-based buffer overflow

Assimp provided by Open Asset Import Library contains a heap-based buffer overflow vulnerability CWE-122. Impact An attacker may execute arbitrary code by inputting a specially crafted file into the product. Solution Update the Software Update the software to the latest version according to the...

8.4CVSS8.1AI score0.00281EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/16 7:14 a.m.•1 views

Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon provided by Cybozu, Inc. contains a cross-site scripting vulnerability in PDF preview CWE-79. Masato Kinugawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. Impact An arbitrary script may be...

7.4CVSS6AI score0.00249EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/16 5:41 a.m.•1 views

FUJITSU Network Edgiot GW1500 vulnerable to path traversal

Overview FUJITSU Network Edgiot GW1500 M2M-GW for FENICS provided by Fujitsu Limited contains a path traversal vulnerability CWE-22. Eddy HUYNH & Jonathan PAUC from LCIE - BUREAU VERITAS CPS reported this vulnerability to Fujitsu Limited and coordinated. After the coordination was completed,...

6.5CVSS6.8AI score0.01422EPSS
Exploits1References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/16 12:0 a.m.•25 views

JVN#25583987: FUJITSU Network Edgiot GW1500 vulnerable to path traversal

FUJITSU Network Edgiot GW1500 M2M-GW for FENICS provided by Fujitsu Limited contains a path traversal vulnerability CWE-22. Impact If a logged-in attacker with User Class privilege sends a specially crafted request to the affected product, access restricted files containing sensitive information...

6.5CVSS6.6AI score0.01422EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/16 12:0 a.m.•20 views

JVN#74825766: Cybozu Garoon vulnerable to cross-site scripting

Cybozu Garoon provided by Cybozu, Inc. contains a cross-site scripting vulnerability in PDF preview CWE-79. Impact An arbitrary script may be executed on a logged-in user's web browser. Solution Update the Software Update the software to the latest version according to the information provided by...

5.4CVSS5.3AI score0.00249EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/10 5:16 a.m.•4 views

Out-of-bounds write vulnerability in Ricoh MFPs and printers

Overview MFPs multifunction printers and printers provided by Ricoh Company, Ltd. contain an out-of-bounds write vulnerability CWE-787. Ricoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated under the...

8.2CVSS6.8AI score0.00576EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/10 12:0 a.m.•17 views

JVN#14294633: Out-of-bounds write vulnerability in Ricoh MFPs and printers

MFPs and printers provided by Ricoh Company, Ltd. contain an out-of-bounds write vulnerability CWE-787. Impact If a remote attacker sends a specially crafted request to the affected products, the products may be able to cause a denial-of-service DoS condition and/or user's data may be destroyed...

8.2CVSS8AI score0.00576EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/09 5:27 a.m.•4 views

Multiple vulnerabilities in multiple Webmin products

Overview Multiple Webmin products contain multiple vulnerabilities listed below. sysinfo.cgi is vulnerable to cross-site scripting CWE-79 CVE-2024-36450 sessionlogin.cgi is vulnerable to cross-site scripting CWE-79 CVE-2024-36453 ajaxterm module is vulnerable to improper handling of insufficient...

8.8CVSS6.3AI score0.00569EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/09 12:0 a.m.•61 views

JVN#81442045: Multiple vulnerabilities in multiple Webmin products

Multiple Webmin products contain multiple vulnerabilities listed below. sysinfo.cgi is vulnerable to cross-site scripting CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1 CVE-2024-36450 sessionlogin.cgi is vulnerable to cross-site scripting CWE-79...

8.8CVSS6.6AI score0.00569EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/08 4:43 a.m.•2 views

Cleartext transmission issue in TONE store App to TONE store

Overview TONE store App provided by DREAM TRAIN INTERNET INC. contains a cleartext transmission issue to TONE store website CWE-419. Kodai Karakawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

3.7CVSS6.5AI score0.00257EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/08 12:0 a.m.•8 views

JVN#28515217: Cleartext transmission issue in TONE store App to TONE store

TONE store App provided by DREAM TRAIN INTERNET INC. contains a cleartext transmission issue to TONE store website CWE-419. Impact A man-in-the-middle attack may allow an attacker to obtain and/or alter communications of the affected App. Solution Update the application Update the application to...

3.7CVSS4AI score0.00257EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/03 5:57 a.m.•1 views

JP1/Extensible SNMP Agent fails to restrict access permissions

Overview JP1/Extensible SNMP Agent provided by Hitachi fails to restrict access permissions CWE-276. Yutaka Kokubu, Shun Suzaki, and Kazuki Hirota of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

7.8CVSS6.9AI score0.00173EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/03 12:0 a.m.•26 views

JVN#94347255: JP1/Extensible SNMP Agent fails to restrict access permissions

JP1/Extensible SNMP Agent provided by Hitachi fails to restrict access permissions CWE-276. Impact If an authenticated attacker who can log in to the product places a specially crafted DLL file in a specific directory, arbitrary code may be executed with the administrative privilege. Solution...

7.8CVSS7.6AI score0.00173EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/28 8:38 a.m.•3 views

Multiple TP-Link products vulnerable to OS command injection

Overview Multiple products provided by TP-LINK contains an OS command injection vulnerability CWE-78 related to the backup/restore function. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact A user who logs in to the affected...

6.8CVSS7.5AI score0.00362EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/28 4:18 a.m.•2 views

"Piccoma" App uses a hard-coded API key for an external service

Overview "Piccoma" App for Android and "Piccoma" App for iOS provided by Kakao piccoma Corp. use a hard-coded API key for an external service CWE-798. Yoshihito Sakai of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...

4CVSS6.4AI score0.00169EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/28 12:0 a.m.•36 views

JVN#01073312: "Piccoma" App uses a hard-coded API key for an external service

"Piccoma" App for Android and "Piccoma" App for iOS provided by Kakao piccoma Corp. use a hard-coded API key for an external service CWE-798. Impact Data in the app may be analyzed and API key for an external service may be obtained. Note that the users of the app are not directly affected by thi...

4CVSS6AI score0.00169EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/26 5:25 a.m.•2 views

WordPress plugins "WP Tweet Walls" and "Sola Testimonials" vulnerable to cross-site request forgery

Overview WordPress plugins "WP Tweet Walls" and "Sola Testimonials" provided by Sola Plugins contain a cross-site request forgery vulnerability CWE-352. These vulnerabilities are reported by the following reporters, and JPCERT/CC coordinated with the developer under Information Security Early...

8.1CVSS6.5AI score0.00256EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/26 12:0 a.m.•32 views

JVN#34977158: WordPress plugins "WP Tweet Walls" and "Sola Testimonials" vulnerable to cross-site request forgery

WordPress plugins "WP Tweet Walls" and "Sola Testimonials" provided by Sola Plugins contain a cross-site request forgery vulnerability CWE-352. Impact While a user logs in to the WordPress site where the affected plugin is enabled, accessing a malicious page may make the user perform unintended...

8.1CVSS7.9AI score0.00256EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/24 2:5 a.m.•3 views

LINE client for iOS vulnerable to universal cross-site scripting

Overview The in-app browser of LINE client for iOS provided by LY Corporation contains a universal cross-site scripting vulnerability CWE-79, CVE-2024-5739. LY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact If a user clicks a malicious...

6.1CVSS5.9AI score0.00269EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/20 5:59 a.m.•5 views

Multiple vulnerabilities in multiple Trend Micro products

Overview Trend Micro Incorporated has released security updates for multiple Trend Micro products. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Apex One 2019 On-prem, Apex One as a Service Local privilege escalation due ...

7.8CVSS6.3AI score0.00889EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/19 7:4 a.m.•3 views

"ZOZOTOWN" App for Android fails to restrict custom URL schemes properly

Overview "ZOZOTOWN" App for Android provided by ZOZO, Inc. provides the function to access a URL requested via Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a use...

4.3CVSS6.8AI score0.00289EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/19 5:25 a.m.•1 views

WordPress plugin "SiteGuard WP Plugin" may leak the customized path to the login page

Overview WordPress plugin "SiteGuard WP Plugin" provided by EG Secure Solutions Inc. provides a functionality to customize the path to the login page wp-login.php. The plugin implements a measure to avoid redirection from other URLs, but missed to implement a measure to avoid redirection from...

5.3CVSS6.6AI score0.01174EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/19 12:0 a.m.•16 views

JVN#37818611: "ZOZOTOWN" App for Android fails to restrict custom URL schemes properly

"ZOZOTOWN" App for Android provided by ZOZO, Inc. provides the function to access a URL requested via Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to acce...

4.3CVSS4.6AI score0.00289EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/19 12:0 a.m.•19 views

JVN#60331535: WordPress plugin "SiteGuard WP Plugin" may leak the customized path to the login page

WordPress plugin "SiteGuard WP Plugin" provided by EG Secure Solutions Inc. provides a functionality to customize the path to the login page wp-login.php. The plugin implements a measure to avoid redirection from other URLs, but missed to implement a measure to avoid redirection from...

5.3CVSS5.4AI score0.01174EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/18 5:56 a.m.•4 views

Multiple vulnerabilities in Ricoh Streamline NX PC Client

Overview Ricoh Streamline NX PC Client provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. ricoh-2024-000004 Improper restriction of communication channel to intended endpoints CWE-923 - CVE-2024-36252 ricoh-2024-000005 Use of hard-coded credentials CWE-798 -...

9.8CVSS7.2AI score0.00507EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/18 4:43 a.m.•2 views

Multiple vulnerabilities in ID Link Manager and FUJITSU Software TIME CREATOR

Overview ID Link Manager and FUJITSU Software TIME CREATOR provided by Fsas Technologies Inc. contain multiple vulnerabilities listed below. Path Traversal CWE-36 CVE-2024-33620 Missing Authentication CWE-306 CVE-2024-33622 Information disclosure CWE-204 CVE-2024-34024 Christian Demko of WithSecu...

8.6CVSS6.8AI score0.00678EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/18 12:0 a.m.•34 views

JVN#65171386: Multiple vulnerabilities in ID Link Manager and FUJITSU Software TIME CREATOR

ID Link Manager and FUJITSU Software TIME CREATOR provided by Fsas Technologies Inc. contain multiple vulnerabilities listed below. Path Traversal CWE-36 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Base Score 8.6 CVE-2024-33620 Missing Authentication CWE-306...

8.6CVSS8.7AI score0.00678EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/18 12:0 a.m.•26 views

JVN#00442488: Multiple vulnerabilities in Ricoh Streamline NX PC Client

Ricoh Streamline NX PC Client provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. Improper restriction of communication channel to intended endpoints CWE-923 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 6.3 CVE-2024-36252 ricoh-2024-000004 Use of hard-coded...

9.8CVSS7.3AI score0.00507EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/17 6:21 a.m.•16 views

Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs

Overview MFPs multifunction printers provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below. Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' CWE-776 - CVE-2024-27141, CVE-2024-27142 Execution with...

9.8CVSS7.5AI score0.26811EPSS
Exploits2References65
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/12 6:3 a.m.•2 views

Denial-of-service (DoS) vulnerability in IPCOM WAF function

Overview WAF function of IPCOM provided by Fsas Technologies Inc. contains a denial-of-service DoS vulnerability CWE-908. Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Fsas Technologies Inc. coordinated under the...

5.3CVSS6.5AI score0.0046EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/12 12:0 a.m.•28 views

JVN#25594256: Denial-of-service (DoS) vulnerability in IPCOM WAF function

WAF function of IPCOM provided by Fsas Technologies Inc. contains a denial-of-service DoS vulnerability CWE-908. Impact If the product receives a specially crafted packet by an attacker, the system may be rebooted or suspended. Solution Update the firmware Update the firmware to the latest versio...

5.3CVSS5.1AI score0.0046EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/07 6:24 a.m.•4 views

WordPress Plugin "Music Store - WordPress eCommerce" vulnerable to SQL injection

Overview WordPress Plugin "Music Store - WordPress eCommerce" provided by CodePeople contains an SQL injection vulnerability CWE-89. Daiki Sato of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.5CVSS7.9AI score0.00519EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/07 5:51 a.m.•4 views

Multiple vulnerabilities in "FreeFrom - the nostr client" App

Overview "FreeFrom - the nostr client" App provided by FreeFrom K.K. contains multiple vulnerabilities listed below. Improper verification of cryptographic signature CWE-347 - CVE-2024-36277 Reliance on obfuscation or encryption of security-relevant inputs without integrity checking CWE-649 -...

5.3CVSS6.6AI score0.00257EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/07 12:0 a.m.•19 views

JVN#55045256: Multiple vulnerabilities in "FreeFrom - the nostr client" App

"FreeFrom - the nostr client" App provided by FreeFrom K.K. contains multiple vulnerabilities listed below. Improper verification of cryptographic signature CWE-347 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 5.3 CVE-2024-36277 Reliance on obfuscation or encryption of security-relevan...

5.3CVSS5.2AI score0.00257EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/07 12:0 a.m.•22 views

JVN#79213252: WordPress Plugin "Music Store - WordPress eCommerce" vulnerable to SQL injection

WordPress Plugin "Music Store - WordPress eCommerce" provided by CodePeople contains an SQL injection vulnerability CWE-89. Impact A user of the product with the administrator privilege may execute an arbitrary SQL command. Information stored in the database may be obtained or altered by the user...

6.5CVSS7.1AI score0.00519EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/03 6:32 a.m.•6 views

Multiple vulnerabilities in UNIVERSAL PASSPORT RX

Overview UNIVERSAL PASSPORT RX provided by Japan System Techniques Co., Ltd. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2023-42427 Dependency on vulnerable third-party component CWE-1395 Known vulnerability in Primefaces library used in the product Cross-sit...

6.5CVSS7.3AI score0.00289EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/03 5:53 a.m.•1 views

Seiko Solutions SkyBridge MB-A100/MB-A110 and SkyBridge BASIC MB-A130 vulnerable to OS command injection

Overview SkyBridge MB-A100/MB-A110 and SkyBridge BASIC MB-A130 provided by Seiko Solutions Inc. contain a command injection vulnerability CWE-77. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If the remote monitoring and...

9.8CVSS7.9AI score0.01207EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/03 5:36 a.m.•31 views

Multiple vulnerabilities in Sharp and Toshiba Tec MFPs

Overview Sharp and Toshiba Tec MFPs multifunction printers contain multiple vulnerabilities listed below. Stack-based Buffer Overflow CWE-121 - CVE-2024-28038 Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2024-28955 Cleartext Storage of Sensitive Information CWE-312 -...

9.1CVSS7AI score0.45142EPSS
Exploits2References28
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/03 12:0 a.m.•31 views

JVN#43215077: Multiple vulnerabilities in UNIVERSAL PASSPORT RX

UNIVERSAL PASSPORT RX provided by Japan System Techniques Co., Ltd. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2023-42427 Dependency on vulnerable third-party component CWE-1395 Known vulnerability in...

6.5CVSS6.7AI score0.00289EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/30 5:39 a.m.•2 views

awkblog vulnerable to OS command injection

Overview awkblog provided by Keisuke Nakayama contains an OS command injection vulnerability CWE-78. Keigo YAMAZAKI of LAC Co., Ltd. / Nuligen Security Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

9.8CVSS7.6AI score0.01571EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/30 12:0 a.m.•16 views

JVN#80506242: awkblog vulnerable to OS command injection

awkblog provided by Keisuke Nakayama contains an OS command injection vulnerability CWE-78. Impact If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary OS command may be executed with the privileges of the affected product on the machine running the product...

9.8CVSS9.7AI score0.01571EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/29 5:13 a.m.•2 views

Redmine DMSF Plugin vulnerable to path traversal

Overview Redmine DMSF Plugin provided by Kontron contains a path traversal vulnerability CWE-22. Tsukuba Secure Network Research Co. Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When the affected...

8.8CVSS6.8AI score0.00497EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/29 5:6 a.m.•2 views

EC-Orange vulnerable to authorization bypass

Overview EC-Orange provided by S-cubism Inc. is an e-commerce website building system package based on an open source software EC-CUBE. EC-Orange contains an authorization bypass vulnerability CWE-639. This is the same issue as JVN51770585 EC-CUBE vulnerable to authorization bypass. This...

9.1CVSS6.5AI score0.02245EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/29 3:33 a.m.•5 views

ELECOM wireless LAN routers vulnerable to OS command injection

Overview Wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability CWE-78. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If a user who can log in to the product sends a specially crafte...

6.8CVSS7.4AI score0.00699EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/29 12:0 a.m.•24 views

JVN#22182715: Redmine DMSF Plugin vulnerable to path traversal

Redmine DMSF Plugin provided by Kontron contains a path traversal vulnerability CWE-22. Impact When the affected version of the plugin is enabled on the Redmine instance, the logged-in user may obtain or delete arbitrary files on the server within the privilege of the Redmine process. Solution...

8.1CVSS8.1AI score0.00497EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/29 12:0 a.m.•33 views

JVN#15637138: EC-Orange vulnerable to authorization bypass

EC-Orange provided by S-cubism Inc. is an e-commerce website building system package based on an open source software EC-CUBE. EC-Orange contains an authorization bypass vulnerability CWE-639. This is the same issue as JVN51770585 EC-CUBE vulnerable to authorization bypass. Impact A user of the...

9.1CVSS9.1AI score0.02245EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/28 5:47 a.m.•4 views

Multiple vulnerabilities in Unifier and Unifier Cast

Overview Unifier and Unifier Cast provided by Yokogawa Rental & Lease Corporation contains multiple vulnerabilities listed below. Incorrect Default Permissions configured by Cast Launcher CWE-276 - CVE-2024-23847 Missing Authorization for coejobhook Command Execution CWE-862 - CVE-2024-36246...

9.8CVSS7.4AI score0.00546EPSS
Exploits0References7
Total number of security vulnerabilities5625