5596 matches found
Multiple vulnerabilities in RoamWiFi R10
Overview RoamWiFi R10 provided by RoamWiFi Technology Co., Ltd. contains multiple vulnerabilities listed below. Active debug code CWE-489 - CVE-2024-31406 Insertion of sensitive information into log file CWE-532 - CVE-2024-32051 Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities...
Multiple vulnerabilities in OMRON Sysmac Studio/CX-One and CX-Programmer
Overview OMRON Sysmac Studio/CX-One and CX-Programmer contain multiple vulnerabilities listed below. Out-of-bounds read CWE-125 - CVE-2024-31412 Free of pointer not at start of buffer CWE-761 - CVE-2024-31413 Michael Heinzl reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with t...
JVN#62737544: Multiple vulnerabilities in RoamWiFi R10
RoamWiFi R10 provided by RoamWiFi Technology Co., Ltd. contains multiple vulnerabilities listed below. Active debug code CWE-489 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.8 CVE-2024-31406 Insertion of sensitive information into log file CWE-532...
TvRock vulnerable to cross-site request forgery
Overview TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a cross-site request forgery vulnerability CWE-352. During the meeting of Committee for authorizing the disclosure of unresolved...
TvRock vulnerable to denial-of-service (DoS)
Overview TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a denial-of-service DoS vulnerability CWE-400. During the meeting of Committee for authorizing the disclosure of unresolved...
JVN#40079147: TvRock vulnerable to denial-of-service (DoS)
TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a denial-of-service DoS vulnerability CWE-400. Impact Receiving a specially crafted request by a remote attacker or having a user of TVRock cli...
JVN#24683352: TvRock vulnerable to cross-site request forgery
TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a cross-site request forgery vulnerability CWE-352. Impact If a logged-in user of TVRock accesses a specially crafted page, unintended operatio...
Armeria-saml improperly handles SAML messages
Overview Armeria-saml provided by LY Corporation contains an issue in handling SAML messages CWE-304, CVE-2024-1735. LY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact Authentication may be bypassed by receiving a specially crafted SAML...
LINE client for iOS vulnerable to improper server certificate verification
Overview The financial module within LINE client for iOS lacks server certificate verification in log transmission CWE-295, CVE-2023-5554. LINE Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact The communication may be eavesdropped under a...
Multiple vulnerabilities in WordPress Plugin "Forminator"
Overview WordPress Plugin "Forminator" provided by WPMU DEV contains multiple vulnerabilities listed below. Unrestricted upload of file with dangerous type CWE-434 SQL injection CWE-89 Cross-site scripting CWE-79 hibiki moriyama of STNet, Incorporated reported these vulnerabilities to IPA...
JVN#50132400: Multiple vulnerabilities in WordPress Plugin "Forminator"
WordPress Plugin "Forminator" provided by WPMU DEV contains multiple vulnerabilities listed below. Unrestricted upload of file with dangerous type CWE-434 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8 CVE-2024-28890 SQL injection CWE-89 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H...
Proscend Communications M330-W and M330-W5 vulnerable to OS command injection
Overview M330-W and M330-W5 provided by Proscend Communications Inc. are LTE Industrial Cellular Routers. M330-W and M330-W5 contain an OS command injection vulnerability CWE-78. CYNEX Analysis Team of National Institute of Information and Communications Technology reported this vulnerability to...
JVN#23835228: Proscend Communications M330-W and M330-W5 vulnerable to OS command injection
M330-W and M330-W5 provided by Proscend Communications Inc. are LTE Industrial Cellular Routers. M330-W and M330-W5 contain an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed by an attacker who has access to the product. Solution Update the firmware The...
Multiple vulnerabilities in BUFFALO wireless LAN routers
Overview Multiple wireless LAN routers provided by BUFFALO INC. contain multiple vulnerabilities listed below. Plaintext storage of a password CWE-256 OS Command Injection CWE-78 Satoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the...
JVN#58236836: Multiple vulnerabilities in BUFFALO wireless LAN routers
Multiple wireless LAN routers provided by BUFFALO INC. contain multiple vulnerabilities listed below. Plaintext storage of a password CWE-256 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-23486 OS Command Injection CWE-78 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base...
Multiple vulnerabilities in a-blog cms
Overview a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in Entry editing pages CWE-79 - CVE-2024-30419 Server-side request forgery CWE-918 - CVE-2024-30420 Directory traversal CWE-22 - CVE-2024-31394 Stored cross-site...
JVN#70977403: Multiple vulnerabilities in a-blog cms
a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in Entry editing pages CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2024-30419 Server-side request forgery CWE-918...
Multiple vulnerabilities in WordPress Plugin "Ninja Forms"
Overview WordPress Plugin "Ninja Forms" provided by Saturday Drive contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2024-25572 Stored cross-site scripting in submit processing CWE-79 - CVE-2024-26019 Stored cross-site scripting in custom fields for labels...
JVN#50361500: Multiple vulnerabilities in WordPress Plugin "Ninja Forms"
WordPress Plugin "Ninja Forms" provided by Saturday Drive contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2024-25572 Stored cross-site scripting in submit processing CWE-79...
Multiple vulnerabilities in Cente middleware
Overview Some products in Cente middleware TCP/IP Network Series developed by DMG MORI Digital Co., LTD. and provided by NEXT Co., Ltd. contain multiple vulnerabilities listed below. Out-of-bounds Read caused by improper checking of the option length values in IPv6 NDP packets CWE-125 Out-of-boun...
Multiple vulnerabilities in NEC Aterm series
Overview Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2024-28005 Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-497 - CVE-2024-28006 Incorrect Permission...
Multiple vulnerabilities in PLANEX COMMUNICATIONS wireless LAN routers
Overview Wireless LAN routers provided by PLANEX COMMUNICATIONS INC. contain multiple vulnerabilities listed below. Active debug code CWE-489 - CVE-2024-30219 Command Injection on certain port CWE-77 - CVE-2024-30220 Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported these vulnerabilities to...
JVN#82074338: Multiple vulnerabilities in NEC Aterm series
Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0 CVE-2024-28005 Exposure of Sensitive System Information to an Unauthorized Control...
FURUNO SYSTEMS Managed Switch ACERA 9010 running in non MS mode with the initial configuration has no password
Overview In the initial configuration of Managed Switch ACERA 9010 provided by FURUNO Systems Co., Ltd., the password is empty CWE-258 and the remote access service is enabled. The products are affected only when running in non MS mode with the initial configuration. FURUNO SYSTEMS Co.,Ltd...
KEYENCE VT STUDIO may insecurely load Dynamic Link Libraries
Overview VT STUDIO provided by KEYENCE CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427, CVE-2024-28099. KEYENCE CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact...
Multiple vulnerabilities in KEYENCE KV STUDIO, KV REPLAY VIEWER, and VT5-WX15/WX12
Overview KV STUDIO, KV REPLAY VIEWER, and VT5-WX15/WX12 provided by KEYENCE CORPORATION contain multiple vulnerabilities listed below. Out-of-bounds write CWE-787 - CVE-2024-29218 Out-of-bounds read CWE-125 - CVE-2024-29219 Michael Heinzl reported these vulnerabilities to JPCERT/CC. JPCERT/CC...
"Yahoo! JAPAN" App vulnerable to cross-site scripting
Overview "Yahoo! JAPAN" App provided by LY Corporation contains a cross-site scripting vulnerability CWE-79. Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
JVN#23528780: "Yahoo! JAPAN" App vulnerable to cross-site scripting
"Yahoo! JAPAN" App provided by LY Corporation contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the WebView of "Yahoo! JAPAN" App via other app installed on the user's device. Solution Update the application Update the application to the latest...
SEEnergy SVR-116 vulnerable to OS command injection
Overview Network video recorder SVR-116 provided by SEEnergy Corp. contains an OS command injection vulnerability CWE-78. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC to notify users its existence and the solutions through JVN. Impact If a logged-in user with an...
Security information for Hitachi Disk Array Systems
Overview Log files of Hitachi Disk Array Systems have the CVE-2022-36407 Plaintext Storage of Passwords vulnerability. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure a...
Multiple vulnerabilities in WordPress Plugin "Survey Maker"
Overview WordPress Plugin "Survey Maker" provided by AYS Pro Plugins contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2023-34423 Insufficient verification of data authenticity CWE-345 - CVE-2023-35764 Atsuya Yoda of GMO Cybersecurity by Ierae, Inc. reported...
SonicDICOM Media Viewer may insecurely load Dynamic Link Libraries
Overview SonicDICOM Media Viewer provided by Fujidenolo Solutions Co., Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Taihei Shimamine of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and...
Multiple vulnerabilities in ELECOM wireless LAN routers
Overview Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2024-25568 OS Command Injection CWE-78 - CVE-2024-26258 Exposure of Sensitive Information to an Unauthorized Actor CWE-200 - CVE-2024-29225 Chuya...
JVN#40367518: SonicDICOM Media Viewer may insecurely load Dynamic Link Libraries
SonicDICOM Media Viewer provided by Fujidenolo Solutions Co., Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privileges of the running application. Solution Update the Software...
JVN#51098626: Multiple vulnerabilities in WordPress Plugin "Survey Maker"
WordPress Plugin "Survey Maker" provided by AYS Pro Plugins contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2023-34423 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...
Mini Thread vulnerable to cross-site scripting
Overview Mini Thread provided by Flash CGI according to the original report submitted by the reporter is a CGI script for creating a bulletin board system BBS. Mini Thread contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of...
ffBull vulnerable to OS command injection
Overview ffBull according to the original report submitted by the reporter provided by Fortunefield is a bulletin board system BBS. ffBull contains an OS command injection vulnerability CWE-78. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on...
"EasyRange" may insecurely load executable files
Overview "EasyRange" provided by sira.jp according to the original report submitted by the reporter is a tool to extract compressed files. "EasyRange" contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file...
0ch BBS Script (0ch) vulnerable to cross-site scripting
Overview 0ch BBS Script 0ch according to the original report submitted by the reporter provided by Zerochannel according to the original report submitted by the reporter is bulletin board software. 0ch BBS Script 0ch contains a cross-site scripting vulnerability CWE-79. During the meeting of...
TvRock vulnerable to cross-site scripting
Overview TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved...
WebProxy vulnerable to OS command injection
Overview WebProxy provided by LunarNight Laboratory according to the original report submitted by the reporter is software to build a proxy server. WebProxy contains an OS command injection vulnerability CWE-78. During the meeting of Committee for authorizing the disclosure of unresolved...
BUFFALO LinkStation 200 series vulnerable to arbitrary code execution
Overview LinkStation 200 series provided by BUFFALO INC. is a network attached storage NAS. LinkStation 200 series contains an arbitrary code execution vulnerability CWE-354, CVE-2023-51073 due to insufficient verification of data authenticity during firmware update. BUFFALO INC. reported this...
Multiple vulnerabilities in home gateway HGW BL1500HM
Overview Home gateway HGW BL1500HM provided by KDDI CORPORATION contains multiple vulnerabilities listed below. Use of weak credentials CWE-1391 - CVE-2024-21865, CVE-2024-29071 Command injection CWE-77 - CVE-2024-28041 Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC...
WordPress Plugin "easy-popup-show" vulnerable to cross-site request forgery
Overview WordPress Plugin "easy-popup-show" provided by Ari Susanto contains a cross-site request forgery vulnerability CWE-352. Daiki Kojima of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this vulnerability to the developer an...
JVN#86206017: WordPress Plugin "easy-popup-show" vulnerable to cross-site request forgery
WordPress Plugin "easy-popup-show" provided by Ari Susanto contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in, unintended operations may be performed. Solution Stop using the plugin The developer...
JVN#46874970: 0ch BBS Script (0ch) vulnerable to cross-site scripting
0ch BBS Script 0ch according to the original report submitted by the reporter provided by Zerochannel according to the original report submitted by the reporter is bulletin board software. 0ch BBS Script 0ch contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be...
JVN#40523785: Mini Thread vulnerable to cross-site scripting
Mini Thread provided by Flash CGI according to the original report submitted by the reporter is a CGI script for creating a bulletin board system BBS. Mini Thread contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user...
JVN#69107517: TvRock vulnerable to cross-site scripting
TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user accessing the website th...
JVN#22376992: WebProxy vulnerable to OS command injection
WebProxy provided by LunarNight Laboratory according to the original report submitted by the reporter is software to build a proxy server. WebProxy contains an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed with the privilege of the running web server...
JVN#17176449: ffBull vulnerable to OS command injection
ffBull according to the original report submitted by the reporter provided by Fortunefield is a bulletin board system BBS. ffBull contains an OS command injection vulnerability CWE-78. Impact A remote unauthenticated attacker may execute an arbitrary OS command with the privilege of the running w...