Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/19 5:48 a.m.•2 views

File and Directory Permissions Vulnerability in Hitachi Command Suite

Overview A File and Directory Permissions Vulnerability CVE-2020-36695 exists in Hitachi Command Suite. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

7.8CVSS6.9AI score0.00148EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/19 5:48 a.m.•1 views

EL Injection Vulnerability in Hitachi Replication Manager

Overview An EL Injection Vulnerability CVE-2022-4146 exists in Hitachi Replication Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

9.8CVSS7AI score0.00451EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/18 6:22 a.m.•2 views

Improper restriction of XML external entity references (XXE) in XBRL data create application

Overview XBRL data create application provided by Financial Services Agency improperly restricts XML external entity references XXE CWE-611. Taku Toyama of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.5CVSS6.7AI score0.00195EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/18 12:0 a.m.•25 views

JVN#44726469: Improper restriction of XML external entity references (XXE) in XBRL data create application

XBRL data create application provided by Financial Services Agency improperly restricts XML external entity references XXE CWE-611. Impact By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker. Solution Update the Software Update the software to the...

5.5CVSS5.4AI score0.00195EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/12 7:15 a.m.•4 views

Multiple vulnerabilities in ELECOM and LOGITEC wireless LAN routers

Overview Multiple wireless LAN routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below. Command Injection on the web management page CWE-77 - CVE-2023-37566, CVE-2023-37568 Command Injection on a certain port of the web management page CWE-77 -...

9.8CVSS7.5AI score0.01764EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/11 6:37 a.m.•2 views

Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters

Overview Wireless LAN routers and wireless LAN repeaters provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2023-37560 Open Redirect CWE-601 - CVE-2023-37561 Cross-Site Request Forgery CWE-352 - CVE-2023-37562 Information disclosure CWE-20...

8.8CVSS7.1AI score0.00827EPSS
Exploits0References22
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/11 12:0 a.m.•52 views

JVN#05223215: Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters

Wireless LAN routers and wireless LAN repeaters provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2023-37560 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

8.8CVSS8AI score0.00827EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/03 6:7 a.m.•5 views

Multiple vulnerabilities in SoftEther VPN and PacketiX VPN

Overview SoftEther VPN provided by University of Tsukuba SoftEther VPN Project and PacketiX VPN provided by SoftEther Corporation contain multiple vulnerabilities listed below in VPN Client function, and Dynamic DNS Client function included in the VPN server. Heap-based buffer overflow CWE-122 -...

9CVSS8AI score0.01543EPSS
Exploits6References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/03 12:0 a.m.•69 views

JVN#64316789: Multiple vulnerabilities in SoftEther VPN and PacketiX VPN

SoftEther VPN provided by University of Tsukuba SoftEther VPN Project and PacketiX VPN provided by SoftEther Corporation contain multiple vulnerabilities listed below in VPN Client function, and Dynamic DNS Client function included in the VPN server. Heap-based buffer overflow CWE-122 -...

9CVSS7.5AI score0.01543EPSS
Exploits6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/30 6:6 a.m.•2 views

"NewsPicks" App uses a hard-coded API key for an external service

Overview "NewsPicks" App for Android and "NewsPicks" App for iOS provided by NewsPicks, Inc. use a hard-coded API key for an external service CWE-798. Sunagawa Masanori of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

5.5CVSS6.4AI score0.00172EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/30 2:49 a.m.•5 views

Null pointer dereference vulnerability in multiple printers and MFPs which implement BROTHER debut web server

Overview Multiple printers and MFPs multifunction printers which implement Brother debut web server contain a null pointer dereference vulnerability CWE-476, CVE-2023-29984. Darren Johnson directly reported this vulnerability to BROTHER INDUSTRIES, LTD. and FUJIFILM Business Innovation Corp., and...

7.5CVSS6.7AI score0.00942EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/30 12:0 a.m.•36 views

JVN#32739265: "NewsPicks" App uses a hard-coded API key for an external service

"NewsPicks" App for Android and "NewsPicks" App for iOS provided by NewsPicks, Inc. use a hard-coded API key for an external service CWE-798. Impact Data in the app may be analyzed and API key for an external service may be obtained. Note that the users of the app are not directly affected by thi...

5.5CVSS5.1AI score0.00172EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/27 8:5 a.m.•2 views

WordPress Plugin "Snow Monkey Forms" vulnerable to directory traversal

Overview WordPress Plugin "Snow Monkey Forms" provided by Monkey Wrench Inc. contains a directory traversal vulnerability CWE-22. Shinsaku Nomura of Bitforest Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

9.1CVSS6.7AI score0.01528EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/27 7:50 a.m.•5 views

Multiple vulnerabilities in WAVLINK WL-WN531AX2

Overview WL-WN531AX2 provided by WAVLINK contains multiple vulnerabilities listed below. Client-side enforcement of server-side security CWE-602 - CVE-2023-32612 Exposure of resource to wrong sphere CWE-668 - CVE-2023-32613 Improper authentication CWE-287 - CVE-2023-32620 Unrestricted upload of...

8.1CVSS7.5AI score0.00734EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/27 6:12 a.m.•3 views

Multiple vulnerabilities in Aterm series

Overview Aterm series provided by NEC Corporation contain multiple vulnerabilities listed below. Directory traversal CWE-22 - CVE-2023-3330 Directory traversal CWE-22 - CVE-2023-3331 Stored cross-site scripting CWE-79 - CVE-2023-3332 OS command injection CWE-78 - CVE-2023-3333 Taizoh Tsukamoto of...

7.7CVSS7AI score0.00713EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/27 12:0 a.m.•56 views

JVN#78634340: Multiple vulnerabilities in WAVLINK WL-WN531AX2

WL-WN531AX2 provided by WAVLINK contains multiple vulnerabilities listed below. Client-side enforcement of server-side security CWE-602 - CVE-2023-32612 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:C/I:C/A:C|...

8.1CVSS7.6AI score0.00734EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/27 12:0 a.m.•60 views

JVN#38343415: Multiple vulnerabilities in Aterm series

Aterm series provided by NEC Corporation contain multiple vulnerabilities listed below. Directory traversal CWE-22 - CVE-2023-3330 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N| Base Score: 2.6 CVSS v2| AV:A/AC:M/Au:S/C:P/I:N/A:N| Base Score: 2.3...

7.2CVSS6.2AI score0.00713EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/27 12:0 a.m.•60 views

JVN#97127032: WordPress Plugin "Snow Monkey Forms" vulnerable to directory traversal

WordPress Plugin "Snow Monkey Forms" provided by Monkey Wrench Inc. contains a directory traversal vulnerability CWE-22. Impact Arbitrary files on the server may be deleted by a remote attacker. Solution Update the plugin Update the plugin according to the information provided by the developer...

9.1CVSS9.2AI score0.01528EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/22 6:49 a.m.•1 views

Multiple vulnerabilities in Pleasanter

Overview Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-32607 Directory traversal vulnerability CWE-22 - CVE-2023-32608 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities ...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/22 12:0 a.m.•27 views

JVN#97818024: Multiple vulnerabilities in Pleasanter

Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-32607 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2| AV:N/AC:M/Au:S/C:N/I:P/A:N| Base...

6.5CVSS6.5AI score0.01158EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/20 5:48 a.m.•2 views

SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)

Overview Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service ReDoS vulnerability CWE-1333. Tran Quang Vu of FPT Software reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

7.5CVSS6.7AI score0.01253EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/20 12:0 a.m.•43 views

JVN#70502982: SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)

Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service ReDoS vulnerability CWE-1333. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Update the Software Update the software to the latest version according to the information...

7.5CVSS7.4AI score0.01253EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/16 5:5 a.m.•12 views

Multiple vulnerabilities in Panasonic AiSEG2

Overview Panasonic AiSEG2 contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2023-28726 Improper Authentication CWE-287 - CVE-2023-28727 Taku Toyama of NEC Corporation reported CVE-2023-28726 and CVE-2023-28727 vulnerabilities to Panasonic and coordinated. Panasonic...

9.6CVSS7.9AI score0.00811EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/16 12:0 a.m.•29 views

JVN#19748237: Multiple vulnerabilities in Panasonic AiSEG2

Panasonic AiSEG2 contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2023-28726 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 7.5 CVSS v2| AV:N/AC:H/Au:S/C:C/I:C/A:C| Base Score: 7.1 Improper Authentication...

9.6CVSS9.2AI score0.00811EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/15 7:6 a.m.•2 views

Printer Driver Packager NX creates driver installation packages without modification detection

Overview Printer Driver Packager NX provided by Ricoh Company, Ltd. is a tool to create driver installation packages. A driver installation package is used to install and configure printer drivers on the target PCs. The installation and configuration of printer drivers require an administrative...

8.4CVSS6.6AI score0.00144EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/14 5:47 a.m.•4 views

Security updates for multiple Trend Micro products for enterprises (June 2023)

Overview Trend Micro Incorporated has released security updates for multiple Trend Micro products for enterprises. For more details, refer to the information provided by the developer. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JV...

9.8CVSS7.8AI score0.68941EPSS
Exploits2References78
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/13 4:38 a.m.•2 views

Chatwork Desktop Application (Mac) vulnerable to code injection

Overview Chatwork Desktop Application Mac provided by Chatwork Co., Ltd. contains a code injection vulnerability CWE-94. Koh M. Nakagawa of FFRI Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

5.3CVSS7.2AI score0.00272EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/13 12:0 a.m.•33 views

JVN#96828492: Chatwork Desktop Application (Mac) vulnerable to code injection

Chatwork Desktop Application Mac provided by Chatwork Co., Ltd. contains a code injection vulnerability CWE-94. Impact A non-administrative user of the Mac on which the product is installed may store and obtain audio and image data with no user-consent from the product. Solution Update the softwa...

4.4CVSS4.8AI score0.00272EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/12 3:57 a.m.•5 views

"WPS Office" vulnerable to OS command injection

Overview "WPS Office" which was provided by KINGSOFT JAPAN, INC. contains an OS command injection vulnerability CWE-78. Impact If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may...

9CVSS7.4AI score0.0106EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/12 12:0 a.m.•31 views

JVN#36060509: "WPS Office" vulnerable to OS command injection

"WPS Office" which was provided by KINGSOFT JAPAN, INC. contains an OS command injection vulnerability CWE-78. Impact If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be...

8.1CVSS8.2AI score0.0106EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/09 6:18 a.m.•3 views

ASUS Router RT-AX3000 vulnerable to using sensitive cookies without 'Secure' attribute

Overview ASUS Router RT-AX3000 provided by ASUSTeK COMPUTER INC. uses sensitive cookies without 'Secure' attribute CWE-614. Shungo Kumasaka of GMO Cyber Security by IERAE reported this vulnerability to the developer and JPCERT/CC published respective advisories in order to notify users of this...

5.3CVSS6.4AI score0.0027EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/09 6:18 a.m.•6 views

Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT

Overview Wi-Fi AP UNIT provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below. Missing authentication for critical function CWE-306 - CVE-2023-31196 OS command injection CWE-78 - CVE-2023-31198 OS command injection CWE-78 - CVE-2023-28392 MASAHIRO IIDA of LAC Co.,...

7.5CVSS7.8AI score0.01476EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/09 3:23 a.m.•2 views

Multiple vulnerabilities in Fuji Electric products

Overview Multiple vulnerabilities listed below exist in the simulator module and the remote monitoring software 'V-Server Lite' and 'V-Server' contained in the graphic editor 'V-SFT', and the remote monitoring software 'TELLUS' and 'TELLUS Lite' provided by FUJI ELECTRIC CO., LTD. Stack-based...

7.8CVSS7.7AI score0.00278EPSS
Exploits0References22
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/09 12:0 a.m.•48 views

JVN#34232595: ASUS Router RT-AX3000 vulnerable to using sensitive cookies without 'Secure' attribute

ASUS Router RT-AX3000 provided by ASUSTeK COMPUTER INC. uses sensitive cookies without 'Secure' attribute CWE-614. Impact When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted 'http' connectio...

5.3CVSS5.4AI score0.0027EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/09 12:0 a.m.•57 views

JVN#28412757: Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT

Wi-Fi AP UNIT provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below. Missing authentication for critical function CWE-306 - CVE-2023-31196 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N| Base Score: 7.5 CVSS v2|...

7.5CVSS8AI score0.01476EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/07 2:52 a.m.•4 views

Multiple vulnerabilities in KbDevice digital video recorders

Overview Multiple digital video recorders provided by KbDevice,Inc. contain multiple vulnerabilities listed below. Improper authentication CWE-287 - CVE-2023-30762 OS command injection CWE-78 - CVE-2023-30764 Hidden functionality CWE-912 - CVE-2023-30766 Yoshiki Mori, Ushimaru Hayato, Hiromu...

9.8CVSS8AI score0.01543EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/05 6:55 a.m.•3 views

Multiple vulnerabilities in FUJI ELECTRIC FRENIC RHC Loader

Overview FRENIC RHC Loader provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below. Stack-based buffer overflow CWE-121 - CVE-2023-29160 Out-of-bounds read CWE-125 - CVE-2023-29167 Improper restriction of XML external entity reference CWE-611 - CVE-2023-29498 Michael...

7.8CVSS7.6AI score0.00226EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/01 5:51 a.m.•4 views

"Jiyu Kukan Toku-Toku coupon" App vulnerable to improper server certificate verification

Overview "Jiyu Kukan Toku-Toku coupon" App provided by RUNSYSTEM CO.,LTD. is vulnerable to improper server certificate verification CWE-295. Ryo Nihonyanagi of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

6.5CVSS6.6AI score0.00281EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/01 4:48 a.m.•7 views

Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)

Overview CONPROSYS HMI System CHS provided by Contec Co., Ltd. contains multiple vulnerabilities listed below. Plaintext storage of a password CWE-256 - CVE-2023-28713 Incorrect permission assignment for critical resource CWE-732 - CVE-2023-28399 Improper access control CWE-284 - CVE-2023-28657...

8.8CVSS8.3AI score0.64795EPSS
Exploits1References23
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/01 12:0 a.m.•29 views

JVN#33836375: "Jiyu Kukan Toku-Toku coupon" App vulnerable to improper server certificate verification

"Jiyu Kukan Toku-Toku coupon" App provided by RUNSYSTEM CO.,LTD. is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the application Update the application to the...

4.8CVSS4.8AI score0.00281EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/31 6:34 a.m.•5 views

DataSpider Servista uses a hard-coded cryptographic key

Overview DataSpider Servista provided by SAISON INFORMATION SYSTEMS CO.,LTD. is a data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and ScriptRunner for Amazo...

8.8CVSS6.8AI score0.00812EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/31 6:34 a.m.•3 views

Pleasanter vulnerable to cross-site scripting

Overview Pleasanter provided by Implem Inc. contains a cross-site scripting vulnerability CWE-79. Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Implem Inc. and Implem Inc. reported it to IPA. JPCERT/CC and Implem Inc. coordinated under the Information Security...

5.4CVSS6.2AI score0.00671EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/31 12:0 a.m.•49 views

JVN#38222042: DataSpider Servista uses a hard-coded cryptographic key

DataSpider Servista provided by SAISON INFORMATION SYSTEMS CO.,LTD. is a data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and ScriptRunner for Amazon SQS,...

8.8CVSS8.8AI score0.00812EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/31 12:0 a.m.•23 views

JVN#62111727: Pleasanter vulnerable to cross-site scripting

Pleasanter provided by Implem Inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged-in user's web browser. Solution Update the software or apply the patch Update the software to the latest version according to the information provided by...

5.4CVSS5.5AI score0.00671EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/30 4:34 a.m.•2 views

Starlette vulnerable to directory traversal

Overview Starlette provided by Encode contains a directory traversal vulnerability CWE-22. Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Under certain conditions, a remote...

7.5CVSS6.7AI score0.02032EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/30 12:0 a.m.•28 views

JVN#95981715: Starlette vulnerable to directory traversal

Starlette provided by Encode contains a directory traversal vulnerability CWE-22. Impact Under certain conditions, a remote attacker may view files in a web service which was built using the product. Solution Update the software Update the software according to the information provided by the...

7.5CVSS7.4AI score0.02032EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/26 4:58 a.m.•7 views

ESS REC Agent Server Edition for Linux etc. vulnerable to directory traversal

Overview ESS REC Agent Server Edition for Linux etc. provided by Encourage Technologies Co.,Ltd. contain a directory traversal vulnerability CWE-23. Hayato Ushimaru of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

8.8CVSS6.6AI score0.00908EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/26 12:0 a.m.•34 views

JVN#19243534: ESS REC Agent Server Edition for Linux etc. vulnerable to directory traversal

ESS REC Agent Server Edition for Linux etc. provided by Encourage Technologies Co.,Ltd. contain a directory traversal vulnerability CWE-23. Impact Arbitrary files on the server may be viewed or altered by an attacker. Solution Update the software Update the software to the latest version accordin...

8.1CVSS8AI score0.00908EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/25 4:40 a.m.•2 views

Wacom Tablet Driver installer for macOS vulnerable to improper link resolution before file access

Overview Wacom Tablet Driver installer for macOS provided by Wacom contains an improper link resolution before file access vulnerability CWE-59. Koh M. Nakagawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

7.8CVSS7.4AI score0.00238EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/25 12:0 a.m.•37 views

JVN#90278893: Wacom Tablet Driver installer for macOS vulnerable to improper link resolution before file access

Wacom Tablet Driver installer for macOS provided by Wacom contains an improper link resolution before file access vulnerability CWE-59. Impact When a user is tricked to execute a small malicious script before executing the affected version of the installer, an arbitrary code may be executed with...

7.8CVSS7.8AI score0.00238EPSS
Exploits0
Total number of security vulnerabilities5625