Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/31 12:0 a.m.•26 views

JVN#22830348: Vulnerability in Driver Distributor where passwords are stored in a recoverable format

Driver Distributor provided by FUJIFILM Business Innovation Corp. contains a vulnerability where passwords are stored in a recoverable format CWE-257. Impact If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted. Solution...

7.5CVSS7.4AI score0.00536EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/25 5:28 a.m.•2 views

Improper restriction of XML external entity reference (XXE) vulnerability in OMRON CX-Motion Pro

Overview CX-Motion Pro provided by OMRON Corporation contains an improper restriction of XML external entity reference XXE vulnerability CWE-611. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If a user opens a specially crafted project...

5.5CVSS6.5AI score0.00211EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/24 7:0 a.m.•1 views

EasyMail vulnerable to cross-site scripting

Overview EasyMail provided by First Net Japan Inc. contains a stored cross-site scripting vulnerability CWE-79. Toyama Taku reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed...

6.1CVSS5.8AI score0.00508EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/24 7:0 a.m.•4 views

pgAdmin 4 vulnerable to directory traversal

Overview PostgreSQL management tool pgAdmin 4 contains a directory traversal vulnerability CWE-22. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user ...

6.5CVSS6.6AI score0.08826EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/24 4:38 a.m.•3 views

Contec CONPROSYS HMI System (CHS) vulnerable to multiple SQL injections

Overview CONPROSYS HMI System CHS provided by CONTEC CO.,LTD. contains multiple SQL injection vulnerabilities CWE-89. Mosin from ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity, Inc., reported these vulnerabilities to Contec Co., Ltd. Contec Co., Ltd. reported the issues to JPCERT/CC in ord...

6.5CVSS8AI score0.01327EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/24 12:0 a.m.•36 views

JVN#01398015: pgAdmin 4 vulnerable to directory traversal

PostgreSQL management tool pgAdmin 4 contains a directory traversal vulnerability CWE-22. Impact A user of the product may change another user's settings or alter the database. Solution Update the Software Update the software to the latest version according to the information provided by the...

6.5CVSS6.3AI score0.08826EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/24 12:0 a.m.•35 views

JVN#05288621: EasyMail vulnerable to cross-site scripting

EasyMail provided by First Net Japan Inc. contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who accessed the site using the product. Solution Update the software Update the software to the latest version accordin...

6.1CVSS6AI score0.00508EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/23 7:35 a.m.•2 views

Pgpool-II vulnerable to information disclosure

Overview Pgpool-II is cluster management tool. Pgpool-II contains an information disclosure vulnerability CWE-200 in its watchdog function. Note that, only systems that meet all of the following setting requirements are affected by this vulnerability. Watchdog function is enabled usewatchdog = on...

6.5CVSS6.5AI score0.00704EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/23 12:0 a.m.•33 views

JVN#72418815: Pgpool-II vulnerable to information disclosure

Pgpool-II is cluster management tool. Pgpool-II contains an information disclosure vulnerability CWE-200 in its watchdog function. Note that, only systems that meet all of the following setting requirements are affected by this vulnerability. Watchdog function is enabled usewatchdog = on "query...

6.5CVSS6.4AI score0.00704EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/18 4:51 a.m.•4 views

File and Directory Permissions Vulnerability in Hitachi Tuning Manager

Overview A File and Directory Permissions Vulnerability CVE-2020-36611 exists in Hitachi Tuning Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

7.1CVSS6.8AI score0.0015EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/17 5:17 a.m.•2 views

WordPress plugin "Welcart e-Commerce" vulnerable to directory traversal

Overview WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a directory traversal vulnerability CWE-22. Masato Ikeda of Mitsui Bussan Secure Directions, Inc. and Takeshi Suzuki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

7.5CVSS6.8AI score0.02941EPSS
Exploits2References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/17 12:0 a.m.•45 views

JVN#31073333: WordPress plugin "Welcart e-Commerce" vulnerable to directory traversal

WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a directory traversal vulnerability CWE-22. Impact Arbitrary files on the server may be viewed by a remote attacker. Solution Update the plugin Update the plugin according to the information provided by the developer. The...

7.5CVSS7.5AI score0.02941EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/12 6:53 a.m.•2 views

Active debug code vulnerability in OMRON CP1L-EL20DR-D

Overview Active debug code CWE-489 exists in CP1L-EL20DR-D provided by OMRON Corporation, which may lead to a command that is not specified in FINS protocol being executed without authentication. Georgy Kiguradze of Positive Technologies reported this vulnerability to JPCERT/CC. JPCERT/CC...

9.8CVSS7.8AI score0.0117EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/12 6:6 a.m.•1 views

Access of uninitialized pointer vulnerability in OMRON CX-Motion-MCH

Overview CX-Motion-MCH provided by OMRON Corporation contains an access of uninitialized pointer vulnerability CWE-824, CVE-2023-22366. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact Having a user to open a specially crafted project file...

7.8CVSS7.2AI score0.002EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/12 5:50 a.m.•3 views

Multiple vulnerabilities in PIXELA PIX-RT100

Overview PIX-RT100 provided by PIXELA CORPORATION contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2023-22304 Backdoor access issue CWE-912 - CVE-2023-22316 MASAHIRO IIDA of LAC Co.,Ltd. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the develop...

8.8CVSS7.8AI score0.00893EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/12 12:0 a.m.•40 views

JVN#57296685: Multiple vulnerabilities in PIXELA PIX-RT100

PIX-RT100 provided by PIXELA CORPORATION contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2023-22304 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.0 CVSS v2| AV:A/AC:L/Au:S/C:C/I:C/A:C| Base Score: 7.7...

8CVSS7.9AI score0.00893EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/11 8:7 a.m.•2 views

OpenAM Web Policy Agent (OpenAM Consortium Edition) vulnerable to path traversal

Overview OpenAM Web Policy Agent OpenAM Consortium Edition provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability CWE-22. Furthermore, a crafted URL may be evaluated incorrectly. OpenAM Consortium reported this vulnerability to JPCERT/CC to notify users of...

7.5CVSS6.6AI score0.00722EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/11 7:11 a.m.•3 views

Multiple vulnerabilities in MAHO-PBX NetDevancer series

Overview There are multiple vulnerabilities in the Management screen of MAHO-PBX NetDevancer series provided by Mahoroba Kobo, Inc. OS Command Injection CWE-78 - CVE-2023-22279 OS Command Injection CWE-78 - CVE-2023-22280 Cross-Site Request Forgery CWE-352 - CVE-2023-22286 Reflected Cross-site...

10CVSS7.1AI score0.01127EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/11 6:4 a.m.•3 views

TP-Link SG105PE vulnerable to authentication bypass

Overview TP-Link SG105PE contains an authentication bypass vulnerability CWE-287. Baba Takao of BPS Co., Ltd reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Under certain conditions, an attacker may...

9.8CVSS6.8AI score0.00945EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/11 5:23 a.m.•3 views

pgAdmin 4 vulnerable to open redirect

Overview pgAdmin 4 provided by pgAdmin Project contains an open redirect vulnerability CWE-601. SHIGA TAKUMA of BroadBand Security, Inc. and Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

6.1CVSS6.6AI score0.0091EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/11 12:0 a.m.•25 views

JVN#78481846: TP-Link SG105PE vulnerable to authentication bypass

TP-Link SG105PE contains an authentication bypass vulnerability CWE-287. Impact Under certain conditions, an attacker may impersonate an administrator of the product. As a result, information may be obtained and the product's settings may be altered with the privilege of the administrator. Soluti...

9.8CVSS9.6AI score0.00945EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/11 12:0 a.m.•33 views

JVN#99957889: Multiple vulnerabilities in MAHO-PBX NetDevancer series

There are multiple vulnerabilities in the Management screen of MAHO-PBX NetDevancer series provided by Mahoroba Kobo, Inc. OS Command Injection CWE-78 - CVE-2023-22279 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2|...

9.8CVSS7.9AI score0.01127EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/11 12:0 a.m.•40 views

JVN#03832974: pgAdmin 4 vulnerable to open redirect

pgAdmin 4 provided by pgAdmin Project contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update the softwar...

6.1CVSS6.2AI score0.0091EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/06 5:57 a.m.•2 views

Digital Arts m-FILTER vulnerable to improper authentication

Overview m-FILTER provided by Digital Arts Inc. is an emaill security product. m-FILTER contains an improper authentication vulnerability CWE-287 when emails are being sent under certain conditions, and unintended emails may be sent by a remote attacker. Digital Arts Inc. states that attacks...

5.3CVSS7AI score0.00706EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/06 12:0 a.m.•35 views

JVN#55675303: Digital Arts m-FILTER vulnerable to improper authentication

m-FILTER provided by Digital Arts Inc. is an emaill security product. m-FILTER contains an improper authentication vulnerability CWE-287 when emails are being sent under certain conditions, and unintended emails may be sent by a remote attacker. Digital Arts Inc. states that attacks exploiting th...

5.3CVSS5.5AI score0.00706EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/05 6:51 a.m.•1 views

Multiple code injection vulnerabilities in ruby-git

Overview ruby-git is a Ruby library that can be used to create, read and operate Git repositories. ruby-git contains multiple code injection vulnerabilities CWE-94. Yuki Kokubun of DeNA Co., Ltd. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information...

8.8CVSS7.3AI score0.0136EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/05 12:0 a.m.•43 views

JVN#16765254: Multiple code injection vulnerabilities in ruby-git

ruby-git is a Ruby library that can be used to create, read and operate Git repositories. ruby-git contains multiple code injection vulnerabilities CWE-94. Impact If a repository containing a specially crafted filename is loaded to the product, an arbitrary ruby code may be executed. Solution...

8.8CVSS8.1AI score0.0136EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/04 5:21 a.m.•2 views

Multiple vulnerabilities in Fuji Electric V-Server

Overview V-Server provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below. Stack-based Buffer ovewflow CWE-121 - CVE-2022-47908 Out-of-bounds Read CWE-125 - CVE-2022-41645 Out-of-bounds Write CWE-787 - CVE-2022-47317 Michael Heinzl reported these vulnerabilities to...

7.8CVSS7.5AI score0.00253EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/04 5:16 a.m.•3 views

Multiple vulnerabilities in Fuji Electric V-SFT and TELLUS

Overview V-SFT and TELLUS provided by FUJI ELECTRIC CO., LTD. contain multiple vulnerabilities listed below. Out-of-bounds Read CWE-125 - CVE-2022-46360 Out-of-bounds Write CWE-787 - CVE-2022-43448 Michael Heinzl reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the develope...

7.8CVSS7.6AI score0.00243EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/26 7:21 a.m.•4 views

Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service

Overview Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Privilege escalation and file deletion in Damage Cleanup Engine compone...

7.8CVSS7.1AI score0.00649EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/21 5:23 a.m.•1 views

Installers generated by Squirrel.Windows may insecurely load Dynamic Link Libraries

Overview Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427...

7.8CVSS6.8AI score0.00393EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/21 5:13 a.m.•3 views

+Message App improper handling of Unicode control characters

Overview +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links CWE-451. Akaki Tsunoda reported this vulnerability to IPA. JPCERT/CC...

5.4CVSS6.5AI score0.00488EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/21 12:0 a.m.•46 views

JVN#43561812: +Message App improper handling of Unicode control characters

+Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links CWE-451. Impact A spoofed URL may be displayed and phishing attacks may be...

5.4CVSS5.1AI score0.00488EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/21 12:0 a.m.•37 views

JVN#29902403: Installers generated by Squirrel.Windows may insecurely load Dynamic Link Libraries

Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact...

7.8CVSS7.8AI score0.00393EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/20 6:32 a.m.•2 views

Use-after-free vulnerability in Omron CX-Drive

Overview CX-Drive provided by Omron Corporation contains a use-after-free vulnerability CWE-416. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact By having a user to open a specially crafted file, arbitrary code may be executed. Solution...

7.8CVSS7.1AI score0.00237EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/20 3:12 a.m.•4 views

Command injection vulnerability in SHARP Multifunctional Products (MFP)

Overview SHARP Multifunctional Products MFP contain a command injection vulnerability CWE-77, CVE-2022-45796. The OS layer is affected beyond the web application component, however treating the web application component as separate from the OS layer, 'Scope' is analyzed as 'S:C'. Sharp reported...

9.1CVSS7.5AI score0.03232EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/19 4:47 a.m.•1 views

Corel Roxio Creator LJB starts a program with an unquoted file path

Overview Roxio Creator LJB provided by Corel Corporation starts another program with an unquoted file path CWE-428. Haruka Hino of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Since a...

8.2CVSS6.6AI score0.00431EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/19 4:39 a.m.•3 views

Zenphoto vulnerable to cross-site scripting

Overview Zenphoto contains a stored cross-site scripting vulnerability CWE-79. Terada Yu of Fujitsu System Integration Laboratories reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...

6.1CVSS5.9AI score0.00742EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/19 12:0 a.m.•38 views

JVN#13075438: Corel Roxio Creator LJB starts a program with an unquoted file path

Roxio Creator LJB provided by Corel Corporation starts another program with an unquoted file path CWE-428. Impact Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of t...

6.7CVSS6.4AI score0.00431EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/19 12:0 a.m.•29 views

JVN#06093462: Zenphoto vulnerable to cross-site scripting

Zenphoto contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is using the product. Solution Update the software Update the software to the latest version according to the information provided by the developer...

6.1CVSS4.9AI score0.00742EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/16 4:29 a.m.•3 views

Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)

Overview CONPROSYS HMI System CHS provided by Contec Co., Ltd. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2022-44456 Use of Default Credentials CWE-1392 - CVE-2023-22331 Use of Password Hash Instead of Password for Authentication CWE-836 - CVE-2023-22334...

10CVSS7.2AI score0.69877EPSS
Exploits0References19
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/15 6:18 a.m.•4 views

Multiple vulnerabilities in DENSHI NYUSATSU CORE SYSTEM

Overview DENSHI NYUSATSU CORE SYSTEM provided by Japan Construction Information Center contains multiple vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2022-41993 Cross-site scripting vulnerability CWE-79 - CVE-2022-46287 Open redirect vulnerability CWE-601 -...

6.1CVSS6.4AI score0.00549EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/15 12:0 a.m.•79 views

JVN#96321933: Multiple vulnerabilities in DENSHI NYUSATSU CORE SYSTEM

DENSHI NYUSATSU CORE SYSTEM provided by Japan Construction Information Center contains multiple vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2022-41993 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS...

6.1CVSS6.6AI score0.00549EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/13 5:5 a.m.•4 views

Redmine vulnerable to cross-site scripting

Overview Redmine contains a cross-site scripting vulnerability CWE-79 caused by improper Textile processing. Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6AI score0.00429EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/13 12:0 a.m.•25 views

JVN#60211811: Redmine vulnerable to cross-site scripting

Redmine contains a cross-site scripting vulnerability CWE-79 caused by improper Textile processing. Impact An arbitrary script may be executed on the web browser of the user using the product. Solution Update the Software Update the software to the latest version according to the information...

6.1CVSS6AI score0.00429EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/12 6:28 a.m.•3 views

Multiple vulnerabilities in Buffalo network devices

Overview Multiple network devices provided by BUFFALO INC. contain multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2022-43466 OS Command Injection CWE-78 - CVE-2022-43443 Hidden Functionality CWE-912 - CVE-2022-43486 Chuya Hayakawa of 00One, Inc. reported these...

8.8CVSS7.8AI score0.0079EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/07 8:30 a.m.•3 views

Information Exposure Vulnerability in JP1/Automatic Operation

Overview An information exposure vulnerability CVE-2022-34881 exists in JP1/Automatic Operation. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate...

3.3CVSS6.6AI score0.00166EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/06 6:8 a.m.•3 views

Contec SolarView Compact vulnerable to cross-site scripting

Overview SolarView Compact provided by Contec Co., Ltd. is PV Measurement System. SolarView Compact contains a cross-site scripting vulnerability CWE-79, CVE-2022-44355 in Check Network Communication Page of the product's web server. As of 2022 December 5, a Proof-of-Concept PoC code exploiting...

6.1CVSS6.3AI score0.01644EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/02 5:57 a.m.•4 views

Multiple vulnerabilities in UNIMO Technology digital video recorders

Overview Multiple digital video recorders provided by UNIMO Technology Co., Ltd contain multiple vulnerabilities listed below. Improper Authentication CWE-287 - CVE-2022-44620 OS Command Injection CWE-78 - CVE-2022-44606 Hidden Functionality CWE-912 - CVE-2022-43464 The reporter states that attac...

8.8CVSS7.8AI score0.0147EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/11/28 6:40 a.m.•4 views

Multiple vulnerabilities in OMRON CX-Programmer

Overview CX-Programmer provided by Omron Corporation contains multiple vulnerabilities listed below. Use-after-free CWE-416 - CVE-2022-43508, CVE-2023-22277, CVE-2023-22317, CVE-2023-22314 Out-of-bounds Write CWE-787 - CVE-2022-43509 Stack-based Buffer Overflow CWE-121 - CVE-2022-43667 Michael...

7.8CVSS7.7AI score0.00268EPSS
Exploits0References18
Total number of security vulnerabilities5625