Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/09/05 5:55 a.m.3 views

Multiple vulnerabilities in CGIs of PMailServer and PMailServer2

Overview CGIs included with PMailServer and PMailServer2 provided by A.K.I Software contain multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-39223 Insufficient verification vulnerability in Broadcast Mail CGI pmc.exe CWE-434 - CVE-2023-39933...

7.5CVSS6.7AI score0.00975EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/09/05 12:0 a.m.59 views

JVN#92720882: Multiple vulnerabilities in CGIs of PMailServer and PMailServer2

CGIs included with PMailServer and PMailServer2 provided by A.K.I Software contain multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-39223 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVS...

7.5CVSS8.2AI score0.00975EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/09/05 12:0 a.m.47 views

JVN#78113802: Multiple vulnerabilities in F-RevoCRM

F-RevoCRM provided by Thinkingreed Inc. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2023-41149 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5...

9.8CVSS7.4AI score0.01261EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/09/04 4:41 a.m.4 views

Multiple vulnerabilities in SHIRASAGI

Overview SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2023-36492 Stored cross-site scripting CWE-79 - CVE-2023-38569 Path traversal CWE-22 - CVE-2023-39448 CVE-2023-36492, CVE-2023-38569 Taiga Shirakura of Mits...

8.8CVSS7.3AI score0.0107EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/09/04 12:0 a.m.40 views

JVN#82758000: Multiple vulnerabilities in SHIRASAGI

SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2023-36492 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score:...

8.8CVSS7.3AI score0.0107EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/31 5:13 a.m.1 views

Multiple vulnerabilities in i-PRO VI Web Client

Overview VI Web Client provided by i-PRO Co., Ltd. is Video Insight's video management software. VI Web Client contains multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2023-38574 Reflected Cross-site Scripting CWE-79 - CVE-2023-39938 View Stored Cross-site Scripting in View...

6.1CVSS6.4AI score0.00412EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/31 12:0 a.m.52 views

JVN#60140221: Multiple vulnerabilities in i-PRO VI Web Client

VI Web Client provided by i-PRO Co., Ltd. is Video Insight’s video management software. VI Web Client contains multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2023-38574 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7...

6.1CVSS6.1AI score0.00412EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/30 1:5 a.m.3 views

Phoenix Technologies Windows kernel driver vulnerable to insufficient access control on its IOCTL

Overview Some of the Windows kernel drivers provided by Phoenix Technologies Inc. is vulnerable to insufficient access control on its IOCTL CWE-782, CVE-2023-35841. Takahiro Haruyama of VMware reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact By sending a...

7.8CVSS6.5AI score0.00372EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/29 6:55 a.m.3 views

Vulnerability in HiRDB

Overview A Vulnerability CVE-2023-1995 exists in HiRDB. Impact Some audit logs may not be retrieved. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.5CVSS6.8AI score0.00377EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/24 5:12 a.m.2 views

SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)

Overview Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service ReDoS vulnerability CWE-1333, CVE-2023-40599. This vulnerability is a similar issue as CVE-2023-32610 published on JVN on June 20, 2023, and was newly discovered in several Add-ons listed above...

7.5CVSS6.7AI score0.00672EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/24 4:34 a.m.2 views

"Skylark" App fails to restrict custom URL schemes properly

Overview "Skylark" App provided by SKYLARK HOLDINGS CO., LTD. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939, CVE-2023-40530, CVE-2024-54014 which may be exploited to direct the App to access any sites...

4.7CVSS6.6AI score0.0049EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/24 12:0 a.m.61 views

JVN#86484824: SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)

Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service ReDoS vulnerability CWE-1333, CVE-2023-40599. This vulnerability is a similar issue as CVE-2023-32610 published on JVN on June 20, 2023, and was newly discovered in several Add-ons listed above. Impact A...

7.5CVSS7.3AI score0.01253EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/24 12:0 a.m.41 views

JVN#03447226: "Skylark" App fails to restrict custom URL schemes properly

"Skylark" App provided by SKYLARK HOLDINGS CO., LTD. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939, CVE-2023-40530, CVE-2024-54014 which may be exploited to direct the App to access any sites. Impact An...

4.7CVSS4.4AI score0.0049EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/23 3:42 a.m.2 views

Rakuten WiFi Pocket vulnerable to improper authentication

Overview Rakuten WiFi Pocket provided by Rakuten Mobile, Inc. is a mobile router. Management Screen of Rakuten WiFi Pocket contains an improper authentication vulnerability CWE-287. Sato Nobuhiro of Suzuki Motor Corporation and You Okuma of LAC Co., Ltd. reported this vulnerability to IPA...

5.4CVSS6.6AI score0.00276EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/23 12:0 a.m.27 views

JVN#55217369: Rakuten WiFi Pocket vulnerable to improper authentication

Rakuten WiFi Pocket provided by Rakuten Mobile, Inc. is a mobile router. Management Screen of Rakuten WiFi Pocket contains an improper authentication vulnerability CWE-287. Impact An attacker who can access the product may log in to the product's Management Screen. As a result, sensitive...

5.4CVSS5.5AI score0.00276EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/22 9:2 a.m.3 views

Multiple vulnerabilities in Panasonic Control FPWIN Pro7

Overview Control FPWIN Pro7 provided by Panasonic contains multiple vulnerabilities listed below. Stack-based Buffer Overflow CWE-121 - CVE-2023-28728 Access of Resource Using Incompatible Type CWE-843 - CVE-2023-28729 Improper Restriction of Operations within the Bounds of a Memory Buffer Michae...

7.8CVSS7.5AI score0.00279EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/22 8:35 a.m.2 views

Multiple vulnerabilities in CBC digital video recorders

Overview Digital video recorders provided by CBC Co.,Ltd. contain multiple vulnerabilities listed below. Improper authentication CWE-287 - CVE-2023-38585 OS command injection CWE-78 - CVE-2023-40144 Hidden functionality CWE-912 - CVE-2023-40158 Yoshiki Mori, Ushimaru Hayato, Hiromu Kubiura and...

8.8CVSS8AI score0.01583EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/21 5:5 a.m.2 views

WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting

Overview WordPress Plugin "Advanced Custom Fields" provided by WP Engine contains a cross-site scripting vulnerability CWE-79. Ryotaro Imamura of SB Technology Corp. and Satoo Nakano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.4CVSS6.1AI score0.0148EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/21 4:29 a.m.4 views

Multiple vulnerabilities in LuxCal Web Calendar

Overview LuxCal Web Calendar provided by LuxSoft contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2023-39543 SQL injection CWE-89 - CVE-2023-39939 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated wit...

9.1CVSS7.9AI score0.00705EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/21 12:0 a.m.47 views

JVN#04876736: Multiple vulnerabilities in LuxCal Web Calendar

LuxCal Web Calendar provided by LuxSoft contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2023-39543 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 SQL...

9.1CVSS7.7AI score0.00705EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/21 12:0 a.m.38 views

JVN#98946408: WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting

WordPress Plugin "Advanced Custom Fields" provided by WP Engine contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the product with the editor or higher privilege. Solution Update the plugin Update t...

5.4CVSS5.7AI score0.0148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/18 4:47 a.m.2 views

Multiple vulnerabilities in Proself

Overview Proself provided by North Grid Corporation is an online storage server software. Proself contains multiple vulnerabilities listed below. Improper authentication CWE-287 - CVE-2023-39415 OS command injection CWE-78 - CVE-2023-39416 The developer states that attacks exploiting these...

7.5CVSS8.2AI score0.0087EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/18 12:0 a.m.33 views

JVN#19661362: Multiple vulnerabilities in Proself

Proself provided by North Grid Corporation is an online storage server software. Proself contains multiple vulnerabilities listed below. Improper authentication CWE-287 - CVE-2023-39415 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N| Base Score: 7.5 CVSS...

7.5CVSS8.4AI score0.0087EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/17 6:12 a.m.3 views

EC-CUBE 2 series vulnerable to cross-site scripting

Overview EC-CUBE 2 series provided by EC-CUBE CO.,LTD. contains a cross-site scripting vulnerability CWE-79 in "mail/template" and "products/product" of Management page. Shimamine Taihei of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to EC-CUBE CO.,LTD. and EC-CUBE CO.,LTD...

4.8CVSS6AI score0.00362EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/17 12:0 a.m.35 views

JVN#46993816: EC-CUBE 2 series vulnerable to cross-site scripting

EC-CUBE 2 series provided by EC-CUBE CO.,LTD. contains a cross-site scripting vulnerability CWE-79 in "mail/template" and "products/product" of Management page. Impact An arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the...

4.8CVSS4.9AI score0.00362EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/15 2:54 a.m.4 views

Multiple vulnerabilities in ELECOM and LOGITEC network devices

Overview Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below. Hidden Functionality CWE-912 - CVE-2023-32626, CVE-2023-35991, CVE-2023-39445 Telnet service access restriction failure CWE-284 - CVE-2023-38132 Hidden Functionalit...

9.8CVSS7.6AI score0.01566EPSS
Exploits0References30
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/10 7:4 a.m.5 views

Multiple server-side request forgery vulnerabilities in Trend Micro Apex Central (July 2023)

Overview Trend Micro Apex Central is vulnerable to multiple server-side request forgeries. Trend Micro Incorporated has released Patch 5 build 6481 for Trend Micro Apex Central. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact...

5.4CVSS7.1AI score0.00358EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/09 3:45 a.m.0 views

"Rikunabi NEXT" App for Android fails to restrict custom URL schemes properly

Overview "Rikunabi NEXT" App for Android provided by Recruit Co., Ltd. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Nao Komatsu of LAC Co.,...

6.1CVSS6.8AI score0.00323EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/09 12:0 a.m.22 views

JVN#84820712: "Rikunabi NEXT" App for Android fails to restrict custom URL schemes properly

"Rikunabi NEXT" App for Android provided by Recruit Co., Ltd. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead ...

6.1CVSS6.2AI score0.00323EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/07 8:39 a.m.2 views

"FFRI yarai" and "FFRI yarai Home and Business Edition" handle exceptional conditions improperly

Overview "FFRI yarai" and "FFRI yarai Home and Business Edition" provided by FFRI Security, Inc. handle exceptional conditions improperly CWE-703. When the product's Windows Defender management feature is enabled, and Microsoft Defender detects some files matching specific conditions as a threat,...

4.3CVSS6.5AI score0.00285EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/07 6:15 a.m.3 views

Multiple vulnerabilities in Special Interest Group Network for Analysis and Liaison's API

Overview Special Interest Group Network for Analysis and Liaison's "Inter-SOC Cooperation API" provided by Japan Computer Emergency Response Team Coordination Center JPCERT/CC contains multiple vulnerabilities listed below. Improper Authorization in Information Provision function CWE-285 -...

4.3CVSS7AI score0.00376EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/07 12:0 a.m.23 views

JVN#42527152: "FFRI yarai" and "FFRI yarai Home and Business Edition" handle exceptional conditions improperly

"FFRI yarai" and "FFRI yarai Home and Business Edition" provided by FFRI Security, Inc. handle exceptional conditions improperly CWE-703. When the product's Windows Defender management feature is enabled, and Microsoft Defender detects some files matching specific conditions as a threat, the...

3.3CVSS3.8AI score0.00285EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/07 12:0 a.m.49 views

JVN#83334799: Multiple vulnerabilities in Special Interest Group Network for Analysis and Liaison's API

Special Interest Group Network for Analysis and Liaison's "Inter-SOC Cooperation API" provided by Japan Computer Emergency Response Team Coordination Center JPCERT/CC contains multiple vulnerabilities listed below. Improper Authorization in Information Provision function CWE-285 - CVE-2023-38751...

4.3CVSS5AI score0.00376EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/04 8:31 a.m.3 views

Fujitsu Software Infrastructure Manager (ISM) stores sensitive information in cleartext

Overview Fujitsu Software Infrastructure Manager ISM V2.8.0.060, provided by Fujitsu Limited, stores the password for the proxy server in cleartext form to the product's maintenance data ismsnap CWE-312 under the following conditions. Using a proxy server that requires authentication in the...

7.5CVSS6.8AI score0.00351EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/04 12:0 a.m.40 views

JVN#38847224: Fujitsu Software Infrastructure Manager (ISM) stores sensitive information in cleartext

Fujitsu Software Infrastructure Manager ISM V2.8.0.060, provided by Fujitsu Limited, stores the password for the proxy server in cleartext form to the product's maintenance data ismsnap CWE-312 under the following conditions. Using a proxy server that requires authentication in the connection fro...

7.5CVSS5.8AI score0.00351EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/03 4:45 a.m.4 views

OMRON CJ series and CS/CJ Series EtherNet/IT unit vulnerable to Denial-of-Service (DoS)

Overview Denial-of-service DoS vulnerability due to improper validation of specified type of input CWE-1287 issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit provided by OMRON Corporation. OMRON...

7.5CVSS6.8AI score0.00653EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/03 4:42 a.m.2 views

Multiple vulnerabilities in OMRON CX-Programmer

Overview CX-Programmer provided by OMRON Corporation contains multiple vulnerabilities listed below. Out-of-bounds read CWE-125 - CVE-2023-38746 Heap-based buffer overflow CWE-122 - CVE-2023-38747 Use after free CWE-416 - CVE-2023-38748 Michael Heinzl reported these vulnerabilities to JPCERT/CC...

7.8CVSS7.8AI score0.00223EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/02 5:55 a.m.3 views

SEIKO EPSON printer Web Config vulnerable to denial-of-service (DoS)

Overview SEIKO EPSON printer Web Config contains a denial-of-service DoS vulnerability due to improper input validation CWE-20. SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and SEIKO EPSON CORPORATION coordinated under the...

7.8CVSS6.6AI score0.00644EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/02 12:0 a.m.29 views

JVN#61337171: SEIKO EPSON printer Web Config vulnerable to denial-of-service (DoS)

SEIKO EPSON printer Web Config contains a denial-of-service DoS vulnerability due to improper input validation CWE-20. Impact The printer may be turned off by a remote attacker. Solution Apply workarounds The developer strongly recommends users to apply workarounds, as the update firmware for the...

7.5CVSS7.5AI score0.00644EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/07/28 9:24 a.m.4 views

Multiple vulnerabilities in Command Center RX (CCRX) of Kyocera Document Solutions MFPs and printers

Overview Command Center RX CCRX, a web interface for MFPs and printers provided by KYOCERA Document Solutions Inc., contains multiple vulnerabilities listed below. Path traversal CWE-22 - CVE-2023-34259 Path traversal CWE-22 - CVE-2023-34260 Observable response discrepancy CWE-204 - CVE-2023-3426...

7.5CVSS6.9AI score0.73354EPSS
Exploits4References10
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/07/27 9:12 a.m.2 views

Fujitsu network devices Si-R series and SR-M series vulnerable to authentication bypass

Overview The web management interface of Fujitsu network devices Si-R series and SR-M series contains an authentication bypass vulnerability CWE-287,CVE-2023-38555. Katsuhiko Sato a.k.a. gorohkun of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer...

8.8CVSS6.9AI score0.00332EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/07/26 9:0 a.m.2 views

Fujitsu Real-time Video Transmission Gear "IP series" uses a hard-coded credentials

Overview Real-time Video Transmission Gear "IP series" provided by Fujitsu Limited uses a hard-coded credentials CWE-798 . The product's credentials for factory testing may be obtained by reverse engineering and others. Fujitsu Limited reported this vulnerability to JPCERT/CC to notify users of i...

7.5CVSS6.6AI score0.0299EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/07/26 12:0 a.m.59 views

JVN#95727578: Fujitsu Real-time Video Transmission Gear "IP series" uses a hard-coded credentials

Real-time Video Transmission Gear "IP series" provided by Fujitsu Limited uses a hard-coded credentials CWE-798 . The product's credentials for factory testing may be obtained by reverse engineering and others. Impact An attacker who log in to the web interface using the obtained credentials may...

7.5CVSS7.4AI score0.0299EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/07/24 6:44 a.m.2 views

Improper restriction of XML external entity references (XXE) in Applicant Programme

Overview Applicant Programme provided by The Ministry of Justice improperly restricts XML external entity references XXE CWE-611. Toyama Taku and Sakaki Ryutaro of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.5CVSS6.7AI score0.00195EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/07/24 12:0 a.m.24 views

JVN#37857022: Improper restriction of XML external entity references (XXE) in Applicant Programme

Applicant Programme provided by The Ministry of Justice improperly restricts XML external entity references XXE CWE-611. Impact By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. Solution Update the Software Update the software to the latest...

5.5CVSS5.4AI score0.00195EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/07/21 6:2 a.m.2 views

GBrowse vulnerable to unrestricted upload of files with dangerous types

Overview GBrowse provided by Generic Model Organism Database Project is a web-based genome browser. GBrowse allows the users to upload their own data in several file formats see "GBrowse User Uploads". The affected versions of GBrowse accept files with any formats uploaded CWE-434, and place them...

9.8CVSS7.8AI score0.00984EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/07/21 12:0 a.m.21 views

JVN#35897618: GBrowse vulnerable to unrestricted upload of files with dangerous types

GBrowse provided by Generic Model Organism Database Project is a web-based genome browser. GBrowse allows the users to upload their own data in several file formats see "GBrowse User Uploads". The affected versions of GBrowse accept files with any formats uploaded CWE-434, and place them in the...

9.8CVSS9.8AI score0.00984EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/07/20 7:5 a.m.1 views

Multiple vulnerabilities in WordPress Plugin "TS Webfonts for SAKURA"

Overview WordPress Plugin "TS Webfonts for SAKURA" provided by SAKURA internet Inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2023-32624 Cross-site request forgery CWE-352 - CVE-2023-32625 SAKURA internet Inc. reported these vulnerabilities to IPA to notify...

6.1CVSS6.7AI score0.00482EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/07/20 12:0 a.m.43 views

JVN#90560760: Multiple vulnerabilities in WordPress Plugin "TS Webfonts for SAKURA"

WordPress Plugin "TS Webfonts for SAKURA" provided by SAKURA internet Inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2023-32624 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

6.1CVSS5.9AI score0.00482EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/07/19 5:48 a.m.3 views

Multiple Vulnerabilities in Hitachi Device Manager

Overview Multiple vulnerabilities have been found in Hitachi Device Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

9CVSS7AI score0.00285EPSS
Exploits0References6
Total number of security vulnerabilities5625