Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/24 2:40 a.m.•4 views

Cross-site Scripting Vulnerability in Hitachi Ops Center Analyzer

Overview A Cross-site Scripting Vulnerability exists in Hitachi Ops Center Analyzer. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.6CVSS6.5AI score0.00378EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/22 4:30 a.m.•1 views

Tornado vulnerable to open redirect

Overview Tornado provided by tornadoweb contains a vulnerability that triggers open redirect CWE-601 under certain non-default configurations. Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.1CVSS6.6AI score0.01132EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/22 12:0 a.m.•27 views

JVN#45127776: Tornado vulnerable to open redirect

Tornado provided by tornadoweb contains a vulnerability that triggers open redirect CWE-601 under certain non-default configurations. Impact When accessing a specially crafted URL, the user of the website using the affected product may be redirected to an arbitrary website. As a result, the user...

6.1CVSS6.3AI score0.01132EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/19 6:40 a.m.•3 views

Android App "Brother iPrint&Scan" vulnerable to improper access control

Overview Android App "Brother iPrint" provided by BROTHER INDUSTRIES, LTD. contains an improper access control vulnerability CWE-284, CVE-2023-28369. Johan Francsics reported this vulnerability to BROTHER INDUSTRIES, LTD. and coordinated. After the coordination, BROTHER INDUSTRIES, LTD. reported...

3.3CVSS6.5AI score0.00213EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/19 6:21 a.m.•5 views

Multiple vulnerabilities in T&D and ESPEC MIC data logger products

Overview Multiple data logger products provided by T Corporation and ESPEC MIC CORP. contain multiple vulnerabilities listed below. Client-side enforcement of server-side security CWE-602 - CVE-2023-22654 Improper authentication CWE-287 - CVE-2023-27388 Missing authentication for critical functio...

9.8CVSS6.9AI score0.01252EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/19 12:0 a.m.•46 views

JVN#14778242: Multiple vulnerabilities in T&D and ESPEC MIC data logger products

Multiple data logger products provided by T&D Corporation and ESPEC MIC CORP. contain multiple vulnerabilities listed below. Client-side enforcement of server-side security CWE-602 - CVE-2023-22654 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N| Base...

9.8CVSS7.1AI score0.01252EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/18 5:13 a.m.•3 views

Qrio Smart Lock Q-SL2 vulnerable to authentication bypass by capture-replay

Overview Qrio Smart Lock Q-SL2 provided by Qrio, inc. contains an authentication bypass by capture-replay vulnerability CWE-294. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

8.8CVSS6.8AI score0.00361EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/18 12:0 a.m.•35 views

JVN#48687031: Qrio Smart Lock Q-SL2 vulnerable to authentication bypass by capture-replay

Qrio Smart Lock Q-SL2 provided by Qrio, inc. contains an authentication bypass by capture-replay vulnerability CWE-294. Impact An attacker may analyze the product's communication data and perform unintended operations under certain conditions. Solution Update the firmware and related products...

8.8CVSS8.8AI score0.00361EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/17 6:9 a.m.•5 views

OS command injection vulnerability in Inaba Denki Sangyo Wi-Fi AP UNIT

Overview Wi-Fi AP UNIT provided by Inaba Denki Sangyo Co., Ltd. contains an OS command injection vulnerability CWE-78. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An arbitrary OS command may be executed by an authenticat...

7.2CVSS7.5AI score0.0088EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/15 5:29 a.m.•2 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-3122 Denial-of-service DoS in Message CWE-400 - CVE-2023-26595 CyVDB-3142 Operation restriction bypass vulnerability in Message and Bulletin CWE-285 - CVE-2023-27304 CyVDB-3165 Operation...

6.5CVSS6.8AI score0.00534EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/15 5:29 a.m.•3 views

Multiple vulnerabilities in WordPress Plugin "MW WP Form" and "Snow Monkey Forms"

Overview WordPress Plugin "MW WP Form" and "Snow Monkey Forms" provided by Monkey Wrench Inc. contain multiple vulnerabilities listed below. Directory traversal CWE-22 - CVE-2023-28408 Unrestricted upload of file with dangerous type CWE-434 - CVE-2023-28409 Directory traversal CWE-22 -...

9.8CVSS7AI score0.02021EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/15 12:0 a.m.•45 views

JVN#41694426: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-3122 Denial-of-service DoS in Message CWE-400 - CVE-2023-26595 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L| Base Score: 5.0 CVSS v2| AV:N/AC:L/Au:S/C:N/I:N/A:P...

6.5CVSS5.2AI score0.00534EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/15 12:0 a.m.•45 views

JVN#01093915: Multiple vulnerabilities in WordPress Plugin "MW WP Form" and "Snow Monkey Forms"

WordPress Plugin "MW WP Form" and "Snow Monkey Forms" provided by Monkey Wrench Inc. contain multiple vulnerabilities listed below. Directory traversal CWE-22 - CVE-2023-28408 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L| Base Score: 7.2 CVSS v2|...

9.8CVSS9.8AI score0.02021EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/12 7:42 a.m.•2 views

Beekeeper Studio vulnerable to code injection

Overview Beekeeper Studio provided by Beekeeper Studio, Inc. contains a code injection vulnerability CWE-74. Eiji Mori of Flatt Security Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote...

8.8CVSS7.7AI score0.01388EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/12 12:0 a.m.•31 views

JVN#11705010: Beekeeper Studio vulnerable to code injection

Beekeeper Studio provided by Beekeeper Studio, Inc. contains a code injection vulnerability CWE-74. Impact A remote authenticated attacker may execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS...

8.8CVSS8.7AI score0.01388EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/10 4:57 a.m.•2 views

Multiple vulnerabilities in MicroEngine Mailform

Overview MicroEngine Mailform provided by MicroEngine Inc. contains multiple vulnerabilities listed below. Unrestricted upload of file with dangerous type CWE-434 - CVE-2023-27397 Path traversal CWE-22 - CVE-2023-27507 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. and hibiki moriyama of...

9.8CVSS7.4AI score0.01281EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/10 12:0 a.m.•25 views

JVN#31701509: Multiple vulnerabilities in MicroEngine Mailform

MicroEngine Mailform provided by MicroEngine Inc. contains multiple vulnerabilities listed below. Unrestricted upload of file with dangerous type CWE-434 - CVE-2023-27397 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N| Base Score: 3.7 CVSS v2|...

9.8CVSS10AI score0.01281EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/09 7:9 a.m.•4 views

Multiple vulnerabilities in SolarView Compact

Overview SolarView Compact provided by CONTEC CO.,LTD. contains multiple vulnerabilities listed below. Use of hard-coded credentials CWE-798 - CVE-2023-27512 OS command injection in the download page CWE-78 - CVE-2023-27514 Buffer overflow in the multiple setting pages CWE-120 - CVE-2023-27518 OS...

8.8CVSS8.7AI score0.01924EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/09 6:14 a.m.•4 views

WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" vulnerable to cross-site scripting

Overview WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" provided by Vektor,Inc. contain multiple cross-site scripting vulnerabilities CWE-79 listed below. Cross-site scripting vulnerability in Tag edit function - CVE-2023-27923 Cross-site scripting vulnerability in Post function ...

5.4CVSS6.3AI score0.00613EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/09 5:42 a.m.•2 views

WordPress Plugin "Newsletter" vulnerable to cross-site scripting

Overview WordPress Plugin "Newsletter" provided by Stefano Lissa & The Newsletter Team contains a cross-site scripting vulnerability CWE-79. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated. JPCERT/CC published respective advisories in...

6.1CVSS6AI score0.01198EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/09 4:58 a.m.•3 views

SR-7100VN vulnerable to privilege escalation

Overview SR-7100VN provided by ICOM INCORPORATED contains a privilege escalation vulnerability CWE-268. HAMANO Kiyoto of SOUM Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user with an...

6.8CVSS7AI score0.00338EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/09 12:0 a.m.•27 views

JVN#80476232: SR-7100VN vulnerable to privilege escalation

SR-7100VN provided by ICOM INCORPORATED contains a privilege escalation vulnerability CWE-268. Impact A user with an administrator privilege of the product may obtain administrative privileges of the OS Operating System. As a result, an arbitrary OS command may be executed by the user. Solution...

6.8CVSS6.9AI score0.00338EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/09 12:0 a.m.•25 views

JVN#59341308: WordPress Plugin "Newsletter" vulnerable to cross-site scripting

WordPress Plugin "Newsletter" provided by Stefano Lissa & The Newsletter Team contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the WordPress using the plugin. Solution Update the plugin Update the...

6.1CVSS6AI score0.01198EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/09 12:0 a.m.•58 views

JVN#95792402: WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" vulnerable to cross-site scripting

WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" provided by Vektor,Inc. contain multiple cross-site scripting vulnerabilities CWE-79 listed below. Cross-site scripting vulnerability in Tag edit function - CVE-2023-27923 Version| Vector| Score ---|---|--- CVSS v3|...

5.4CVSS6.3AI score0.00613EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/08 6:16 a.m.•1 views

LINE WORKS Drive Explorer vulnerable to code injection

Overview LINE WORKS Drive Explorer provided by WORKS MOBILE Japan Corp. contains a code injection vulnerability CWE-94. Koh M. Nakagawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacker who can log...

9.8CVSS7.9AI score0.00576EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/08 6:13 a.m.•2 views

JINS MEME CORE uses a hard-coded cryptographic key

Overview JINS MEME CORE provided by JINS Inc. is a nose pad type sensor attached to a glass frame. JINS MEME CORE uses a hard-coded cryptographic key CWE-321. MASAHIRO IIDA of LAC Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

6.5CVSS6.5AI score0.00279EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/08 12:0 a.m.•39 views

JVN#13306058: JINS MEME CORE uses a hard-coded cryptographic key

JINS MEME CORE provided by JINS Inc. is a nose pad type sensor attached to a glass frame. JINS MEME CORE uses a hard-coded cryptographic key CWE-321. Impact A network-adjacent attacker may decrypt data acquired by a sensor of the affected product. Solution Update the firmware Update the firmware ...

6.5CVSS6.4AI score0.00279EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/08 12:0 a.m.•23 views

JVN#01937209: LINE WORKS Drive Explorer vulnerable to code injection

LINE WORKS Drive Explorer provided by WORKS MOBILE Japan Corp. contains a code injection vulnerability CWE-94. Impact An attacker who can login to the client where the affected product is installed may inject arbitrary code while processing the product execution. Since a full disk access privileg...

9.8CVSS9.5AI score0.00576EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/25 5:31 a.m.•5 views

Heap-based buffer overflow vulnerability in OMRON CX-Drive

Overview CX-Drive provided by OMRON Corporation contains a heap-based buffer overflow vulnerability CWE-122, CVE-2023-27385. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact By having a user open a specially crafted SDD file, arbitrary code...

7.8CVSS7.5AI score0.00226EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/24 4:41 a.m.•2 views

WordPress Plugin "Appointment and Event Booking Calendar for WordPress - Amelia" vulnerable to cross-site scripting

Overview WordPress Plugin "Appointment and Event Booking Calendar for WordPress - Amelia" provided by TMS contains a cross-site scripting vulnerability CWE-79. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated. The developer and JPCERT/...

6.1CVSS6AI score0.00508EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/24 12:0 a.m.•24 views

JVN#00971105: WordPress Plugin "Appointment and Event Booking Calendar for WordPress - Amelia" vulnerable to cross-site scripting

WordPress Plugin "Appointment and Event Booking Calendar for WordPress - Amelia" provided by TMS contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in the WordPress where the product is installed. Solution...

6.1CVSS6.1AI score0.00508EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/19 5:49 a.m.•3 views

Improper restriction of XML external entity references (XXE) in Shinseiyo Sogo Soft

Overview Shinseiyo Sogo Soft provided by The Ministry of Justice improperly restricts XML external entity references XXE CWE-611. Taku Toyama of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

7.5CVSS6.8AI score0.00343EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/19 5:24 a.m.•3 views

WordPress plugin "LIQUID SPEECH BALLOON" vulnerable to cross-site request forgery

Overview WordPress plugin "LIQUID SPEECH BALLOON" provided by LIQUID DESIGN Ltd. contains a cross-site request forgery vulnerability CWE-352. Ryo Sato of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.8CVSS6.4AI score0.00457EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/19 5:6 a.m.•5 views

EC-CUBE plugin "NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series)" vulnerable to authentication bypass

Overview EC-CUBE plugin "NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series" provided by NE Inc. contains an authentication bypass vulnerability CWE-287. TSUKADA Nobuhisa of Seasoft reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.3CVSS6.8AI score0.007EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/19 12:0 a.m.•23 views

JVN#99657911: WordPress plugin "LIQUID SPEECH BALLOON” vulnerable to cross-site request forgery

WordPress plugin "LIQUID SPEECH BALLOON” provided by LIQUID DESIGN Ltd. contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Software Update the Software to the latest...

8.8CVSS8.6AI score0.00457EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/19 12:0 a.m.•19 views

JVN#73178249: Improper restriction of XML external entity references (XXE) in Shinseiyo Sogo Soft

Shinseiyo Sogo Soft provided by The Ministry of Justice improperly restricts XML external entity references XXE CWE-611. Impact By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker. Solution Update the Software Update the software to the latest...

7.5CVSS7.5AI score0.00343EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/19 12:0 a.m.•34 views

JVN#50862842: EC-CUBE plugin "NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series)" vulnerable to authentication bypass

EC-CUBE plugin "NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series" provided by NE Inc. contains an authentication bypass vulnerability CWE-287. Impact A remote attacker may alter the information stored in the system. Solution Stop using "NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series "...

5.3CVSS5.4AI score0.007EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/18 4:58 a.m.•5 views

Security Issues in FINS protocol

Overview FINS Factory Interface Network Service is a message communication protocol, which is designed to be used in closed FA Factory Automation networks, and is used in FA networks composed of Omron products. FINS commands enable to read/write information, conduct various operations and set the...

9.8CVSS7.3AI score0.01385EPSS
Exploits1References15
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/17 5:19 a.m.•2 views

Joruri Gw vulnerable to cross-site scripting

Overview Joruri Gw provided by SiteBridge Inc. is groupware. Message Memo function of Joruri Gw contains a cross-site scripting vulnerability CWE-79. Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5.4CVSS6AI score0.0045EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/17 5:4 a.m.•1 views

API server of TONE Family vulnerable to authentication bypass using an alternate path

Overview API server of TONE Family provided by DREAM TRAIN INTERNET INC. contains an authentication bypass vulnerability using an alternate path CWE-288. Kodai Karakawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnershi...

5.3CVSS6.9AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/17 12:0 a.m.•26 views

JVN#87559956: Joruri Gw vulnerable to cross-site scripting

Joruri Gw provided by SiteBridge Inc. is groupware. Message Memo function of Joruri Gw contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the specific page of the product. Solution Update the software...

5.4CVSS5.3AI score0.0045EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/17 12:0 a.m.•13 views

JVN#14492006: API server of TONE Family vulnerable to authentication bypass using an alternate path

API server of TONE Family provided by DREAM TRAIN INTERNET INC. contains an authentication bypass vulnerability using an alternate path CWE-288. Impact A remote unauthenticated attacker may login to the management console of the affected service by using E-mail address required when logging into...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/14 6:48 a.m.•4 views

JB Inquiry form vulnerable to exposure of private personal information to an unauthorized actor

Overview JB Inquiry form provided by Jubei Inc. contains an exposure of private personal information to an unauthorized actor vulnerability CWE-359. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

7.5CVSS6.6AI score0.00707EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/14 6:44 a.m.•3 views

Trend Micro Security may insecurely load Dynamic Link Libraries

Overview Trend Micro Security provided by Trend Micro Incorporated contains an insecure DLL loading issue CWE-427. While the affected version of Trend Micro Security is installed and a malicious DLL is placed in a directory where some application executable resides, invoking the application...

8.6CVSS6.7AI score0.00367EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/14 12:0 a.m.•25 views

JVN#76257155: Trend Micro Security may insecurely load Dynamic Link Libraries

Trend Micro Security provided by Trend Micro Incorporated contains an insecure DLL loading issue CWE-427. While the affected version of Trend Micro Security is installed and a malicious DLL is placed in a directory where some application executable resides, invoking the application executable may...

7.8CVSS7.6AI score0.00367EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/14 12:0 a.m.•19 views

JVN#36340790: JB Inquiry form vulnerable to exposure of private personal information to an unauthorized actor

JB Inquiry form provided by Jubei Inc. contains an exposure of private personal information to an unauthorized actor vulnerability CWE-359 . Impact A remote attacker may obtain information entered from forms created using the affected product. Solution Update the Software Update to the latest...

7.5CVSS7.4AI score0.00707EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/13 2:9 a.m.•7 views

Multiple mobile printing apps for Android vulnerable to improper intent handling

Overview Multiple mobile printing apps for Android are vulnerable to improper intent handling CWE-668. Johan Francsics reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact When a malicious app is installed on the victim user's Android device, the app may send...

5.5CVSS6.5AI score0.00343EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/12 6:1 a.m.•1 views

Vulnerability in JP1/VERITAS

Overview A vulnerability VTS23-003 exists in JP1/VERITAS. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.1CVSS6.8AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/06 5:59 a.m.•3 views

Yokogawa Electric CENTUM series vulnerable to cleartext storage of sensitive information

Overview CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information CWE-312, CVE-2023-26593. Yokogawa Electric Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact If an attacker who can...

7.8CVSS6.9AI score0.00136EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/04 6:22 a.m.•7 views

Multiple vulnerabilities in JustSystems products

Overview Multiple products provided by JustSystems Corporation contain multiple vulnerabilities listed below. Use After Free CWE-416 - CVE-2022-43664 Heap-based Buffer Overflow CWE-122 - CVE-2022-45115 Free of Memory not on the Heap CWE-590 - CVE-2023-22291 Heap-based Buffer Overflow CWE-122 -...

7.8CVSS7.4AI score0.00537EPSS
Exploits4References12
Total number of security vulnerabilities5625