Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/04/04 6:22 a.m.5 views

Improper restriction of XML external entity references (XXE) in National land numerical information data conversion tool

Overview National land numerical information data conversion tool provided by MLIT improperly restricts XML external entity references XXE CWE-611. Taku Toyama and Kohei Matsumoto of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

5.5CVSS6.8AI score0.00226EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/04/04 12:0 a.m.28 views

JVN#75742861: Improper restriction of XML external entity references (XXE) in National land numerical information data conversion tool

National land numerical information data conversion tool provided by MLIT improperly restricts XML external entity references XXE CWE-611. Impact By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker. Solution Stop using the product The developer...

5.5CVSS5.4AI score0.00226EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/04/04 12:0 a.m.22 views

JVN#79149117: Multiple vulnerabilities in JustSystems products

Multiple products provided by JustSystems Corporation contain multiple vulnerabilities listed below. Use After Free CWE-416 - CVE-2022-43664 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H| Base Score: 7.8 CVSS v2| AV:N/AC:M/Au:N/C:P/I:P/A:P| Base Score:...

7.8CVSS7.7AI score0.00537EPSS
Exploits4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/04/03 7:24 a.m.3 views

JTEKT ELECTRONIC Screen Creator Advance 2 vulnerable to improper restriction of operations within the bounds of a memory buffer

Overview Screen Creator Advance 2 provided by JTEKT ELECTRONICS CORPORATION is vulnerable to improper restriction of operations within the bounds of a memory buffer CWE-119 due to improper check of its data size when processing a project file. Michael Heinzl reported this vulnerability to...

7.8CVSS7.3AI score0.00219EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/04/03 7:19 a.m.3 views

CONPROSYS HMI System(CHS) vulnerable to SQL injection

Overview CONPROSYS HMI SystemCHS provided by Contec Co., Ltd. contains an SQL injection vulnerability CWE-89, CVE-2023-1658. Tenable Network Security reported this vulnerability to the developer. JPCERT/CC coordinated with the reporter and the developer. Impact Sending a specially crafted paramet...

7.5CVSS7.5AI score
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/31 6:54 a.m.4 views

Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210

Overview SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210 provided by Seiko Solutions Inc. contain multiple vulnerabilities listed below. Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2016-2183 Command injection CWE-77 - CVE-2022-36556 Unrestricted upload of file with...

9.8CVSS9.3AI score0.95707EPSS
Exploits7References40
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/31 6:54 a.m.4 views

HAProxy vulnerable to HTTP request/response smuggling

Overview HAProxy's HTTP/3 implementation fails to block a malformed HTTP header field name, and when deployed in front of a server that incorrectly process this malformed header, it may be used to conduct an HTTP request/response smuggling attack CWE-444. Yuki Mogi of FFRI Security, Inc. reported...

7.3CVSS6.6AI score0.02942EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/31 12:0 a.m.52 views

JVN#40604023: Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210

SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210 provided by Seiko Solutions Inc. contain multiple vulnerabilities listed below. Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2016-2183 Version| Vector| Score ---|---|--- CVSS v3|...

9.8CVSS8.7AI score0.95707EPSS
Exploits7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/31 12:0 a.m.62 views

JVN#38170084: HAProxy vulnerable to HTTP request/response smuggling

HAProxy's HTTP/3 implementation fails to block a malformed HTTP header field name, and when deployed in front of a server that incorrectly process this malformed header, it may be used to conduct an HTTP request/response smuggling attack CWE-444. Impact A remote attacker may alter a legitimate...

7.3CVSS7.1AI score0.02942EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/27 4:39 a.m.6 views

baserCMS vulnerable to arbitrary file uploads

Overview baserCMS provided by baserCMS Users Community allows an authenticated user to upload arbitrary files CWE-434. Taisei Inoue of GMO Cybersecurity by Ierae, Inc. and Yusuke Akagi of Mitsui Bussan Secure Directions, Inc., Shiga Takuma of BroadBand Security, Inc. reported this vulnerability t...

9.8CVSS7AI score0.01089EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/27 12:0 a.m.53 views

JVN#61105618: baserCMS vulnerable to arbitrary file uploads

baserCMS provided by baserCMS Users Community allows an authenticated user to upload arbitrary files CWE-434. Impact An user with Operator privilege may upload arbitrary files. As a result, arbitrary PHP code may be executed. Solution Update the software Update the software to the latest version...

9.8CVSS9.5AI score0.01089EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/24 5:35 a.m.4 views

ELECOM WAB-MAT registers its windows service executable with an unquoted file path

Overview WAB-MAT provided by ELECOM CO.,LTD. is Access Point Management Tool for corporate users. WAB-MAT registers its windows service executable with an unquoted file path CWE-428. Tomohisa Hasegawa of Canon IT Solutions Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

8.2CVSS6.6AI score0.00198EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/24 12:0 a.m.38 views

JVN#35246979: ELECOM WAB-MAT registers its windows service executable with an unquoted file path

WAB-MAT provided by ELECOM CO.,LTD. is Access Point Management Tool for corporate users. WAB-MAT registers its windows service executable with an unquoted file path CWE-428. Impact If a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service...

7.3CVSS7.2AI score0.00198EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/22 4:41 a.m.5 views

Multiple vulnerabilities in Contec CONPROSYS IoT Gateway products

Overview CONPROSYS IoT Gateway products provided by Contec CO.,LTD. contain multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2023-27917 Network Maintenance page validates input values improperly, resulting in OS command injection. Inadequate Encryption Strength CWE-326 -...

8.8CVSS8.2AI score0.01929EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/17 3:27 a.m.2 views

TP-Link T2600G-28SQ uses vulnerable SSH host keys

Overview TP-Link layer-2 switch T2600G-28SQ uses vulnerable SSH host keys CWE-1391. Kuniyuki Hasegawa of VeriServe Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact The credential information for a...

5.7CVSS6.5AI score0.00265EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/17 12:0 a.m.36 views

JVN#62420378: TP-Link T2600G-28SQ uses vulnerable SSH host keys

TP-Link layer-2 switch T2600G-28SQ uses vulnerable SSH host keys CWE-1391. Impact The credential information for an affected device may be obtained when the administrator is tricked to login to a device which spoofs the affected device. Solution Update the Firmware Update the firmware to the late...

5.7CVSS5.4AI score0.00265EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/13 3:28 a.m.3 views

Android App "Wolt Delivery: Food and more" uses a hard-coded API key for an external service

Overview Android App "Wolt Delivery: Food and more" provided by Wolt uses a hard-coded API key for an external service CWE-798. Naoya Kurosawa of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

7.8CVSS6.5AI score0.00161EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/13 12:0 a.m.52 views

JVN#64453490: Android App "Wolt Delivery: Food and more" uses a hard-coded API key for an external service

Android App "Wolt Delivery: Food and more" provided by Wolt uses a hard-coded API key for an external service CWE-798. Impact The hard-coded API key may be retrieved via reverse-engineering the application binary. Note that the application users are not directly affected by this vulnerability...

7.8CVSS7.4AI score0.00161EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/08 6:12 a.m.4 views

Multiple vulnerabilities in Buffalo network devices

Overview Multiple network devices provided by BUFFALO INC. contain multiple vulnerabilities listed below. Use of hard-coded credentials CWE-798 - CVE-2023-26588 Improper access control CWE-284 - CVE-2023-24544 Stored cross-site scripting CWE-79 - CVE-2023-24464 Impact An attacker may access the...

8.1CVSS6.3AI score0.03306EPSS
Exploits4References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/08 6:9 a.m.6 views

Multiple vulnerabilities in SEIKO EPSON printers/network interface Web Config

Overview Web Config for printers/network interface provided by SEIKO EPSON CORPORATION contains multiple vulnerabilities listed below. Stored cross-site Scripting CWE-79 - CVE-2023-23572 Cross-Site Request Forgery CWE-352 - CVE-2023-27520 Takaya Noma, Yudai Morii, Hiroki Yasui, Takayuki Sasaki, a...

6.5CVSS6.2AI score0.00499EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/08 12:0 a.m.45 views

JVN#82424996: Multiple vulnerabilities in SEIKO EPSON printers/network interface Web Config

Web Config for printers/network interface provided by SEIKO EPSON CORPORATION contains multiple vulnerabilities listed below. Stored cross-site Scripting CWE-79 - CVE-2023-23572 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.8 CVSS v2|...

6.5CVSS6.5AI score0.00499EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/06 6:31 a.m.3 views

Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software

Overview Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below. Out-of-bounds read CWE-125 - CVE-2023-22419, CVE-2023-22421 Use-after-free CWE-416 - CVE-2023-22424 Michael Heinzl reported these vulnerabilities to JPCERT/CC...

7.8CVSS7.8AI score0.00318EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/06 6:22 a.m.3 views

Multiple vulnerabilities in PostgreSQL extension module pg_ivm

Overview pgivm provided by IVM Development Group is a PostgreSQL extension module that provides incremental view maintenance functionality of materialized views. pgivm contains multiple vulnerabilities listed below. Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2023-228...

8.8CVSS7AI score0.00939EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/06 12:0 a.m.48 views

JVN#19872280: Multiple vulnerabilities in PostgreSQL extension module pg_ivm

pgivm provided by IVM Development Group is a PostgreSQL extension module that provides incremental view maintenance functionality of materialized views. pgivm contains multiple vulnerabilities listed below. Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2023-22847 An...

8.8CVSS6.4AI score0.00939EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/03 2:10 a.m.3 views

Multiple vulnerabilities in Trend Micro Maximum Security

Overview Trend Micro Incorporated has released security updates for Trend Micro Maximum Security. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Trend Micro Maximum Security 2022 Arbitrary file deletion due to link...

7.8CVSS6.9AI score0.00435EPSS
Exploits0References20
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/02 8:33 a.m.4 views

Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service

Overview Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Uploading of a large number of files to fill up the file system on the...

9.8CVSS7.9AI score0.59585EPSS
Exploits0References20
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/01 7:59 a.m.3 views

File and Directory Permissions Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center

Overview A File and Directory Permissions Vulnerability CVE-2020-36652 exists in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor...

7.1CVSS6.8AI score0.0015EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/01 6:57 a.m.4 views

Multiple vulnerabilities in SS1 and Rakuraku PC Cloud

Overview SS1 is asset management software and Rakuraku PC Cloud is cloud-based asset management service. SS1 and Rakuraku PC Cloud Agent contain multiple vulnerabilities listed below. Improper Access Control CWE-284 - CVE-2023-22335 Path Traversal CWE-22 - CVE-2023-22336 Use of Hard-coded...

9.8CVSS7.8AI score0.01099EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/01 12:0 a.m.47 views

JVN#57224029: Multiple vulnerabilities in SS1 and Rakuraku PC Cloud

SS1 is asset management software and Rakuraku PC Cloud is cloud-based asset management service. SS1 and Rakuraku PC Cloud Agent contain multiple vulnerabilities listed below. Improper Access Control CWE-284 - CVE-2023-22335 Version| Vector| Score ---|---|--- CVSS v3|...

9.8CVSS9.4AI score0.01099EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/28 7:38 a.m.4 views

Multiple cross-site scripting vulnerabilities in EC-CUBE

Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability in Contents Management CWE-79 - CVE-2023-22438 Cross-site scripting vulnerability in Authentication Key Settings CWE-79 - CVE-2023-25077 Cross-site...

5.4CVSS6.4AI score0.00692EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/28 6:0 a.m.4 views

web2py development tool vulnerable to open redirect

Overview The admin development tool included in the web2py source code contains an open redirect vulnerability CWE-601. According to the developer, they do not recommend using the tool in operational environment or disclosing it on the Internet. Takuto Yoshikai of Aeye Security Lab reported this...

6.1CVSS6.8AI score0.02382EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/28 12:0 a.m.33 views

JVN#04785663: Multiple cross-site scripting vulnerabilities in EC-CUBE

EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability in Contents Management CWE-79 - CVE-2023-22438 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVS...

5.4CVSS6AI score0.00692EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/28 12:0 a.m.28 views

JVN#78253670: web2py development tool vulnerable to open redirect

The admin development tool included in the web2py source code contains an open redirect vulnerability CWE-601. According to the developer, they do not recommend using the tool in operational environment or disclosing it on the Internet. Impact When using the tool, a web2py user may be redirected ...

6.1CVSS6.2AI score0.02382EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/22 6:16 a.m.2 views

Multiple cross-site scripting vulnerabilities in SHIRASAGI

Overview SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability on Schedule function CWE-79 - CVE-2023-22425 Stored cross-site scripting vulnerability on Theme switching function CWE-79 - CVE-2023-22427 CVE-2023-22425 Ren...

5.4CVSS5.9AI score0.00831EPSS
Exploits2References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/22 12:0 a.m.31 views

JVN#18765463: Multiple cross-site scripting vulnerabilities in SHIRASAGI

SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability on Schedule function CWE-79 - CVE-2023-22425 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...

5.4CVSS5.5AI score0.00831EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/14 8:0 a.m.5 views

The installers of ELECOM Camera Assistant and QuickFileDealer may insecurely load Dynamic Link Libraries

Overview The installers of ELECOM Camera Assistant and QuickFileDealer provided by ELECOM CO.,LTD. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Tomohisa Hasegawa of Canon IT Solutions Inc. reported this vulnerability to IPA...

7.8CVSS7AI score0.00204EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/14 8:0 a.m.4 views

Improper restriction of XML external entity reference (XXE) vulnerability in tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools

Overview tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools provided by FUJITSU LIMITED contain an improper restriction of XML external entity reference XXE vulnerability CWE-611. Toyama Taku and Sakaki Ryutaro of NEC Corporation reported this vulnerability to IPA. JPCERT/CC...

7.4CVSS6.8AI score0.00677EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/14 12:0 a.m.30 views

JVN#00712821: Improper restriction of XML external entity reference (XXE) vulnerability in tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools

tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools provided by FUJITSU LIMITED contain an improper restriction of XML external entity reference XXE vulnerability CWE-611. Impact By reading a specially crafted XML file, arbitrary files which meet a certain condition may be...

7.4CVSS7.4AI score0.00677EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/14 12:0 a.m.27 views

JVN#60263237: The installers of ELECOM Camera Assistant and QuickFileDealer may insecurely load Dynamic Link Libraries

The installers of ELECOM Camera Assistant and QuickFileDealer provided by ELECOM CO.,LTD. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privileges of the running application. Solution...

7.8CVSS7.7AI score0.00204EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/13 5:48 a.m.3 views

Multiple vulnerabilities in PLANEX COMMUNICATIONS Network Camera CS-WMV02G

Overview Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G provided by PLANEX COMMUNICATIONS INC. contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2023-22370 Cross-site request forgery CWE-352 - CVE-2023-22375 Reflected cross-site scripting CWE-79 -...

8.8CVSS6.2AI score0.00508EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/13 5:18 a.m.3 views

Zuken Elmic KASAGO uses insufficient random values for TCP Initial Sequence Numbers

Overview Zuken Elmic KASAGO, TCP/IP protocol stack for embedded systems, uses its own random number generator function when generating TCP initial sequence numbers, which leads to use insufficient random values CWE-330. Zuken Elmic reported this vulnerability to JPCERT/CC to notify users of its...

9.1CVSS6.6AI score0.00565EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/13 12:0 a.m.49 views

JVN#98612206: Multiple vulnerabilities in PLANEX COMMUNICATIONS Network Camera CS-WMV02G

Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G provided by PLANEX COMMUNICATIONS INC. contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2023-22370 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.8...

8.8CVSS6.6AI score0.00508EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/10 5:43 a.m.1 views

NEC PC Settings Tool vulnerable to missing authentication for critical function

Overview PC Settings Tool is an application pre-installed on computers provided by NEC by default. PC Settings Tool Library contained in the application is vulnerable to missing authentication for critical function CWE-306. Haruki Yadani of LAC Co., Ltd. reported this vulnerability to IPA...

8.8CVSS6.8AI score0.00165EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/10 12:0 a.m.31 views

JVN#60320736: NEC PC Settings Tool vulnerable to missing authentication for critical function

PC Settings Tool is an application pre-installed on computers provided by NEC by default. PC Settings Tool Library contained in the application is vulnerable to missing authentication for critical function CWE-306. Impact A general user of the computer which the affected product is installed may...

7.8CVSS7.7AI score0.00165EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/08 3:46 a.m.4 views

Multiple vulnerabilities in JTEKT ELECTRONICS Screen Creator Advance 2

Overview Screen Creator Advance 2 provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below. Out-of-bound write CWE-787 - CVE-2023-22345 Out-of-bound read CWE-125 - CVE-2023-22346, CVE-2023-22347, CVE-2023-22349, CVE-2023-22350, CVE-2023-22353 Use-after-free CWE-416...

7.8CVSS7.6AI score0.00334EPSS
Exploits0References20
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/06 5:31 a.m.4 views

Ichiran App vulnerable to improper server certificate verification

Overview Ichiran App developed by Betrend Corporation and provided by ICHIRAN INC. is vulnerable to improper server certificate verification CWE-295. Ryo Nihonyanagi of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

6.5CVSS6.5AI score0.00513EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/06 12:0 a.m.36 views

JVN#11257333: Ichiran App vulnerable to improper server certificate verification

Ichiran App developed by Betrend Corporation and provided by ICHIRAN INC. is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the application Update the application t...

5.9CVSS5.3AI score0.00513EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/01/31 5:14 a.m.1 views

Vulnerability in Driver Distributor where passwords are stored in a recoverable format

Overview Driver Distributor provided by FUJIFILM Business Innovation Corp. contains a vulnerability where passwords are stored in a recoverable format CWE-257. Sato Ryo, Yokoi Hiroshi, and Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

7.5CVSS6.5AI score0.00536EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/01/31 5:10 a.m.7 views

SUSHIRO App for Android outputs sensitive information to the log file

Overview SUSHIRO App for Android provided by AKINDO SUSHIRO CO., LTD. outputs sensitive information to the log file CWE-532. Impact An attacker may obtain a credential information from the log file. Solution Update the Application Update the application to the latest version according to the...

7.5CVSS6.5AI score0.00784EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/01/31 12:0 a.m.29 views

JVN#84642320: SUSHIRO App for Android outputs sensitive information to the log file

SUSHIRO App for Android provided by AKINDO SUSHIRO CO., LTD. outputs sensitive information to the log file CWE-532. Impact An attacker may obtain a credential information from the log file. Solution Update the Application Update the application to the latest version according to the information...

7.5CVSS7.3AI score0.00784EPSS
Exploits0
Total number of security vulnerabilities5625