Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/02 4:38 a.m.•4 views

Improper restriction of XML external entity references (XXE) in e-Tax software

Overview e-Tax software provided by National Tax Agency improperly restricts XML external entity references XXE CWE-611 due to the configuration of the embedded XML parser. Toyama Taku of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...

5.5CVSS6.6AI score0.00195EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/02 3:14 a.m.•5 views

Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer

Overview Multiple vulnerabilities have been found in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official...

8.6CVSS7AI score0.0028EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/02 12:0 a.m.•34 views

JVN#14762986: Improper restriction of XML external entity references (XXE) in e-Tax software

e-Tax software provided by National Tax Agency improperly restricts XML external entity references XXE CWE-611 due to the configuration of the embedded XML parser. Impact Processing a specially crafted XML file may lead to exposure of internal files on the system. Solution Update the Software...

5.5CVSS5.4AI score0.00195EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/01 7:49 a.m.•4 views

MCL Technologies MCL-Net vulnerable to directory traversal

Overview Server software "MCL-Net" provided by MCL Technologies contains a directory traversal vulnerability CWE-22, CVE-2023-4990. Panasonic reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact Arbitrary files on the server may be read by an attacker...

8.3CVSS6.6AI score0.00553EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/31 4:43 a.m.•6 views

Cybozu Remote Service vulnerable to uncontrolled resource consumption

Overview Cybozu Remote Service provided by Cybozu, Inc. is vulnerable to uncontrolled resource consumption CWE-400. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact Certain operations performed by a logged-in user may lead to huge storage...

6.5CVSS6.6AI score0.00616EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/31 12:0 a.m.•44 views

JVN#94132951: Cybozu Remote Service vulnerable to uncontrolled resource consumption

Cybozu Remote Service provided by Cybozu, Inc. is vulnerable to uncontrolled resource consumption CWE-400. Impact Certain operations performed by a logged-in user may lead to huge storage space consumption or significantly delayed communication. Solution Update the Software Update the software to...

6.5CVSS6.4AI score0.00616EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/30 4:48 a.m.•3 views

Inkdrop vulnerable to code injection

Overview Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains a code injection vulnerability CWE-94. T.Nodoka reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a specially crafted...

7.8CVSS7.7AI score0.00288EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/30 12:0 a.m.•39 views

JVN#48057522: Inkdrop vulnerable to code injection

Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains a code injection vulnerability CWE-94. Impact If a specially crafted markdown file is opened using the product, arbitrary code may be executed. Solution Update the Software The developer states that Inkdrop has an...

7.8CVSS7.8AI score0.00288EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/27 7:10 a.m.•3 views

Advanced Micro Devices Windows kernel drivers vulnerable to insufficient access control on its IOCTL

Overview Multiple Windows kernel drivers provided by Advanced Micro Devices Inc. are vulnerable to insufficient access control on its IOCTL CWE-782, CVE-2023-20598. Takahiro Haruyama of VMware reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact By sending a...

7.8CVSS6.8AI score0.0046EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/27 5:46 a.m.•2 views

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-29009 Reflected cross-site scripting vulnerability CWE-79 - CVE-2023-43647 Directory traversal vulnerability CWE-22 - CVE-2023-43648...

9.8CVSS6.8AI score0.0097EPSS
Exploits0References16
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/27 12:0 a.m.•45 views

JVN#45547161: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-29009 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...

9.8CVSS6.8AI score0.0097EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/25 6:18 a.m.•2 views

Movable Type vulnerable to cross-site scripting

Overview Movable Type provided by Six Apart Ltd. contains a cross-site scripting vulnerability CWE-79. Six Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning...

5.4CVSS6.2AI score0.00354EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/25 12:0 a.m.•29 views

JVN#39139884: Movable Type vulnerable to cross-site scripting

Movable Type provided by Six Apart Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged-in user's web browser. Solution Update the Software Apply the appropriate update according to the information provided by the developer. The develop...

5.4CVSS5.4AI score0.00354EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/24 7:11 a.m.•3 views

Improper restriction of XML external entity reference (XXE) vulnerability in OMRON CX-Designer

Overview CX-Designer provided by OMRON Corporation contains an improper restriction of XML external entity reference XXE vulnerability CWE-611. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If a user opens a specially crafted project fil...

5.5CVSS6.6AI score0.00195EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/23 5:26 a.m.•3 views

HP ThinUpdate vulnerable to improper server certificate verification

Overview HP ThinUpdate provided by HP Development Company, L.P. is vulnerable to improper server certificate verification CWE-295. Narumi Hirai of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

7.5CVSS6.6AI score0.00538EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/23 12:0 a.m.•25 views

JVN#02058996: HP ThinUpdate vulnerable to improper server certificate verification

HP ThinUpdate provided by HP Development Company, L.P. is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication or alter the communication. Solution Update the Software Update the software...

7.5CVSS7.3AI score0.00538EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/19 6:16 a.m.•3 views

Multiple vulnerabilities in JustSystems products

Overview Multiple products provided by JustSystems Corporation contain multiple vulnerabilities listed below. Use after free CWE-416 - CVE-2023-34366 Integer overflow CWE-190 - CVE-2023-38127 Access of resource using incompatible type Type confusion CWE-843 - CVE-2023-38128 Improper validation of...

7.8CVSS7.1AI score0.00678EPSS
Exploits4References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/19 12:0 a.m.•57 views

JVN#28846531: Multiple vulnerabilities in JustSystems products

Multiple products provided by JustSystems Corporation contain multiple vulnerabilities listed below. Use after free CWE-416 - CVE-2023-34366 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L| Base Score: 3.3 CVSS v2| AV:L/AC:M/Au:N/C:N/I:N/A:P| Base Score:...

7.8CVSS8.1AI score0.00678EPSS
Exploits4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/18 9:0 a.m.•2 views

Improper restriction of XML external entity references (XXE) in Proself

Overview Proself provided by North Grid Corporation improperly restricts XML external entity references XXE CWE-611. The developer states that attacks exploiting this vulnerability have been observed. North Grid Corporation reported this vulnerability to JPCERT/CC to notify users of its solution...

7.5CVSS6.9AI score0.03542EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/18 5:13 a.m.•1 views

Multiple vulnerabilities in JTEKT ELECTRONICS OnSinView2

Overview OnSinView2 provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below. Improper restriction of operations within the bounds of a memory buffer CWE-119 - CVE-2023-42506 Stack-based buffer overflow CWE-121 - CVE-2023-42507 Michael Heinzl reported these...

7.8CVSS7.8AI score0.00221EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/18 12:0 a.m.•44 views

JVN#95981460: Improper restriction of XML external entity references (XXE) in Proself

Proself provided by North Grid Corporation improperly restricts XML external entity references XXE CWE-611. The developer states that attacks exploiting this vulnerability have been observed. Impact By processing a specially crafted request containing malformed XML data, arbitrary files on the...

7.5CVSS7.7AI score0.03542EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/16 7:11 a.m.•4 views

Scanning evasion issue in Cisco Secure Email Gateway

Overview Cisco Secure Email Gateway provides anti-virus scanning facility for e-mail attachments. It was reported that a certain crafted file can evade anti-virus scanning facility. This issue was found by Takahiro Ohtani and Michael Joshua Telloyan in the Bug Bounty program at the University of...

6.5AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/16 7:11 a.m.•4 views

web2py vulnerable to OS command injection

Overview web2py web application framework contains an OS command injection vulnerability CWE-78. Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When web2py is configured to u...

9.8CVSS7.6AI score0.03689EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/16 12:0 a.m.•32 views

JVN#80476432: web2py vulnerable to OS command injection

web2py web application framework contains an OS command injection vulnerability CWE-78. Impact When web2py is configured to use notifySendHandler for logging not the default configuration, a crafted web request may execute an arbitrary OS command on the web server using the product. Solution Upda...

9.8CVSS9.6AI score0.03689EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/16 12:0 a.m.•15 views

JVN#58574030: Scanning evasion issue in Cisco Secure Email Gateway

Cisco Secure Email Gateway provides anti-virus scanning facility for e-mail attachments. It was reported that a certain crafted file can evade anti-virus scanning facility. Impact Some malicious contents may evade the scanning facility of the affected product and reach victim recipients. Solution...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/11 6:23 a.m.•4 views

Out-of-bounds read vulnerability in Keyence KV STUDIO and KV REPLAY VIEWER

Overview KV STUDIO and KV REPLAY VIEWER provided by KEYENCE CORPORATION contain an out-of-bounds read vulnerability CWE-125, CVE-2023-42138. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If this vulnerability is exploited, information ma...

7.8CVSS7AI score0.00186EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/06 5:57 a.m.•3 views

e-Gov Client Application fails to restrict custom URL schemes properly

Overview e-Gov Client Application is installed, a Custom URL Scheme is configured on the system to enable invoking the product through a web browser. This custom URL contains the information about the website which the product should access, and a crafted URL may direct the application to access ...

4.3CVSS6.5AI score0.00355EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/06 12:0 a.m.•45 views

JVN#15808274: e-Gov Client Application fails to restrict custom URL schemes properly

e-Gov Client Application is installed, a Custom URL Scheme is configured on the system to enable invoking the product through a web browser. This custom URL contains the information about the website which the product should access, and a crafted URL may direct the application to access an...

4.3CVSS4.5AI score0.00355EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/04 6:23 a.m.•4 views

Information Exposure Vulnerability in Hitachi Ops Center Administrator

Overview A vulnerability CVE-2023-3335 exists in Hitachi Ops Center Administrator. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

6.5CVSS6.8AI score0.00162EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/04 6:23 a.m.•2 views

DoS Vulnerability in Hitachi Ops Center Common Services

Overview A DoS vulnerability CVE-2023-3967 exists in Hitachi Ops Center Common Services. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.5CVSS6.8AI score0.00515EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/04 6:23 a.m.•3 views

File and Directory Permissions Vulnerability in JP1/Performance Management

Overview A File and Directory Permissions Vulnerability CVE-2023-3440 exists in JP1/Performance Management. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

8.4CVSS6.8AI score0.00189EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/04 5:7 a.m.•4 views

Citadel WebCit vulnerable to cross-site scripting on Instant Messaging facility

Overview Citadel WebCit provided by Citadel contains a cross-site scripting vulnerability CWE-79. Tomoro Taniguchi of FiveDrive, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When a malicious user sen...

5.4CVSS5.8AI score0.00444EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/04 12:0 a.m.•37 views

JVN#08237727: Citadel WebCit vulnerable to cross-site scripting on Instant Messaging facility

Citadel WebCit provided by Citadel contains a cross-site scripting vulnerability CWE-79. Impact When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user. Solution Update the software Update the software to the lates...

5.4CVSS5AI score0.00444EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/03 5:26 a.m.•3 views

Multiple vulnerabilities in multiple FURUNO SYSTEMS wireless LAN access point devices in ST(Standalone) mode

Overview Wireless LAN access point devices provided by FURUNO SYSTEMS Co.,Ltd., running in STStandalone mode, contain multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2023-39222 Cross-site Scripting CWE-79 - CVE-2023-39429 Cross-Site Request Forgery CWE-352 - CVE-2023-4108...

8.8CVSS7.2AI score0.01286EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/02 3:36 a.m.•4 views

Improper restriction of XML external entity references (XXE) in FD Application

Overview FD Application provided by Ministry of Health, Labour and Welfare improperly restricts XML external entity references XXE CWE-611. Toyama Taku and Sakaki Ryutaro of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...

5.5CVSS6.6AI score0.00195EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/02 12:0 a.m.•26 views

JVN#39596244: Improper restriction of XML external entity references (XXE) in FD Application

FD Application provided by Ministry of Health, Labour and Welfare improperly restricts XML external entity references XXE CWE-611. Impact By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. Solution Update the Software Update the software to the...

5.5CVSS5.4AI score0.00195EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/27 5:44 a.m.•6 views

Multiple vulnerabilities in Panasonic KW Watcher

Overview KW Watcher provided by Panasonic contains multiple vulnerabilities listed below. Improper restriction of operations within the bounds of a memory buffer CWE-119 - CVE-2023-3471 Use after free CWE-416 - CVE-2023-3472 Michael Heinzl reported these vulnerabilities to Panasonic and...

8.6CVSS7.5AI score0.00419EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/27 4:49 a.m.•6 views

Shihonkanri Plus vulnerable to relative path traversal

Overview Shihonkanri Plus provided by EKAKIN contains a relative path traversal vulnerability CWE-23. Shimizu Yutaro of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attack...

7.8CVSS7.4AI score0.00318EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/27 12:0 a.m.•37 views

JVN#17434995: Shihonkanri Plus vulnerable to relative path traversal

Shihonkanri Plus provided by EKAKIN contains a relative path traversal vulnerability CWE-23. Impact An attacker may execute arbitrary code by having a legitimate user import a specially crafted backup file of the product. Solution Update the software Update the software to the latest version...

7.8CVSS7.8AI score0.00318EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/26 2:30 a.m.•4 views

Trend Micro Mobile Security vulnerable to cross-site scripting

Overview Trend Micro Incorporated has released a security update for Trend Micro Mobile Security. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A cross-site scripting attack may be conducted if a user who is logged in to the...

6.1CVSS6.1AI score0.01798EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/22 4:51 a.m.•4 views

Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"

Overview WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains multiple vulnerabilities listed below. Unrestricted Upload of File with Dangerous Type CWE-434 - CVE-2023-40219 Path Traversal CWE-22 - CVE-2023-40532 Cross-site Scripting in registration process of Item List page...

8.8CVSS7.8AI score0.00949EPSS
Exploits0References22
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/22 12:0 a.m.•54 views

JVN#97197972: Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"

WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains multiple vulnerabilities listed below. Unrestricted Upload of File with Dangerous Type CWE-434 - CVE-2023-40219 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N| Base Score: 2.7 CVSS v2|...

8.8CVSS6.6AI score0.00949EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/20 4:58 a.m.•2 views

Trend Micro Endpoint security products for enterprises vulnerable to arbitrary code execution

Overview Trend Micro Endpoint security products for enterprises provided by Trend Micro Incorporated contain an arbitrary code execution vulnerability CWE-94, CVE-2023-41179 in 3rd Party AV Uninstaller Module. Trend Micro Incorporated states that an attack exploiting this vulnerability has been...

9.1CVSS7.7AI score0.04739EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/13 6:2 a.m.•3 views

Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software

Overview Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below. Double free CWE-415 - CVE-2023-41374 Use-after-free CWE-416 - CVE-2023-41375 Michael Heinzl reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with th...

7.8CVSS7.2AI score0.00188EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/11 4:53 a.m.•2 views

Pyramid vulnerable to directory traversal

Overview Pyramid provided by Pylons Project contains a directory traversal vulnerability. Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact index.html located one directory abov...

5.3CVSS6.5AI score0.00632EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/11 12:0 a.m.•39 views

JVN#41113329: Pyramid vulnerable to directory traversal

Pyramid provided by Pylons Project, which is a web framework for Python, contains a directory traversal vulnerability CWE-22. Impact index.html located one directory above the location of the static view's file system path can be accessed via a crafted request. Solution Update the software Update...

7.5CVSS5.8AI score0.02187EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/06 6:35 a.m.•3 views

Vulnerability in JP1/VERITAS

Overview A vulnerability VTS23-011 exists in JP1/VERITAS. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

9.8CVSS6.8AI score0.00334EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/06 5:33 a.m.•2 views

"direct" Desktop App for macOS fails to restrict access permissions

Overview "direct" Desktop App for macOS provided by L is B Corp. fails to restrict access permissions CWE-284. The access control mechanism provided by macOS "TCC Transparency Consent and Control" may be bypassed. Koh M. Nakagawa of FFRI Security, Inc. reported this vulnerability to IPA. JPCERT/C...

5.5CVSS6.5AI score0.00163EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/06 12:0 a.m.•28 views

JVN#42691027: "direct" Desktop App for macOS fails to restrict access permissions

"direct" Desktop App for macOS provided by L is B Corp. fails to restrict access permissions CWE-284. The access control mechanism provided by macOS "TCC Transparency Consent and Control" may be bypassed. Impact Camrea, microphone, etc. of the device where the product is installed may be used...

5.5CVSS5.2AI score0.00163EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/05 6:51 a.m.•4 views

Multiple vulnerabilities in F-RevoCRM

Overview F-RevoCRM provided by ThinkingReed inc. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2023-41149 Cross-site scripting vulnerability CWE-79 - CVE-2023-41150 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA. JPCERT/...

9.8CVSS7.2AI score0.01261EPSS
Exploits0References8
Total number of security vulnerabilities5625