Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/25 5:15 a.m.3 views

Cybozu Remote Service vulnerable to Uncontrolled Resource Consumption

Overview Cybozu Remote Service provided by Cybozu, Inc. is vulnerable to uncontrolled resource consumption CWE-400. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A logged-in user may consume huge storage space, resulting to a...

7.5CVSS6.6AI score0.00854EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/25 4:42 a.m.1 views

Multiple cross-site scripting vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in User management CWE-79 - CVE-2022-39325 Stored cross-site scripting vulnerability in Permission Settings CWE-79 - CVE-2022-41994...

6.1CVSS6AI score0.00586EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/25 12:0 a.m.43 views

JVN#87895771: Cybozu Remote Service vulnerable to Uncontrolled Resource Consumption

Cybozu Remote Service provided by Cybozu, Inc. is vulnerable to uncontrolled resource consumption CWE-400. Impact A logged-in user may consume huge storage space, resulting to a denial-of-service DoS condition. Solution Update the Software Update to the latest version according to the information...

7.5CVSS7.5AI score0.00854EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/25 12:0 a.m.50 views

JVN#53682526: Multiple cross-site scripting vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in User management CWE-79 - CVE-2022-39325 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base...

6.1CVSS5.5AI score0.00586EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/24 5:46 a.m.1 views

TP-Link RE300 V1 tdpServer vulnerable to improper processing of its input

Overview tdpServer of TP-Link RE300 V1 improperly processes its input, possibly resulting to crash CWE-228. Tomoya Kitagawa and Toshiki Takatera of Ricerca Security, Inc. reported this vulnerability to the developer and coordinated. After coordination was completed, this case was reported to...

5.5CVSS6.7AI score0.00175EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/24 12:0 a.m.35 views

JVN#29657972: TP-Link RE300 V1 tdpServer vulnerable to improper processing of its input

tdpServer of TP-Link RE300 V1 improperly processes its input, possibly resulting to crash CWE-228. Impact An attacker may be able to cause a denial-of-service DoS condition of the product's OneMesh function. Solution Update the software Update the software to the latest version according to the...

5.5CVSS5.3AI score0.00175EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/21 9:25 a.m.4 views

Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service

Overview Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Information disclosure due to Out-of-Bounds read vulnerabilities...

7.8CVSS7AI score0.00767EPSS
Exploits0References25
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/21 6:31 a.m.5 views

Typora fails to properly neutralize JavaScript code.

Overview Typora fails to properly neutralize JavaScript code CWE-116. Eiji Mori of Flatt Security Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Opening a file with the affected product may lead to...

6.1CVSS6.8AI score0.00357EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/21 12:0 a.m.26 views

JVN#26044739: Typora fails to properly neutralize JavaScript code

Typora fails to properly neutralize JavaScript code CWE-116. Impact Opening a file with the affected product may lead to execute the JavaScript code inside the file. Solution Update the Software Update the software to the latest version according to the information provided by the developer. The...

6.1CVSS6.3AI score0.00357EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/18 6:14 a.m.3 views

WordPress Plugin "WordPress Popular Posts" accepts untrusted external inputs to update certain internal variables

Overview WordPress Plugin "WordPress Popular Posts" provided by Hector Cabrera accepts untrusted external inputs to update certain internal variables CWE-454. Tsubasa Iinuma of Origami Systems reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

7.5CVSS6.6AI score0.00846EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/18 12:0 a.m.83 views

JVN#13927745: WordPress Plugin "WordPress Popular Posts" accepts untrusted external inputs to update certain internal variables

WordPress Plugin "WordPress Popular Posts" provided by Hector Cabrera accepts untrusted external inputs to update certain internal variables CWE-454. Impact The number of views for an article may be manipulated through a crafted input. Solution Update the plugin Update the plugin according to the...

7.5CVSS7.3AI score0.00846EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/17 2:15 a.m.3 views

RICOH Aficio SP 4210N vulnerable to cross-site scripting

Overview Aficio SP 4210N provided by RICOH COMPANY, LTD. contains a cross-site scripting vulnerability CWE-79 in Web Image Monitor. Yudai Morii, Takaya Noma, Hiroki Yasui, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC...

4.8CVSS6AI score0.00598EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/16 8:7 a.m.19 views

Multiple vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Improper Validation of Syntactic Correctness of Input CWE-1286 - CVE-2022-45113 Cross-site Scripting CWE-79 - CVE-2022-45122 Improper Neutralization of Server-Side Includes SSI Within a Web Page CWE-9...

7.5CVSS6.7AI score0.00972EPSS
Exploits1References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/16 12:0 a.m.29 views

JVN#24659622: RICOH Aficio SP 4210N vulnerable to cross-site scripting

Aficio SP 4210N provided by RICOH COMPANY, LTD. contains a cross-site scripting vulnerability CWE-79 in Web Image Monitor. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege. Solution Update the firmware...

4.8CVSS4.9AI score0.00598EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/16 12:0 a.m.34 views

JVN#37014768: Multiple vulnerabilities in Movable Type

Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Improper Validation of Syntactic Correctness of Input CWE-1286 - CVE-2022-45113 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7 CVSS v2|...

7.2CVSS7.1AI score0.00972EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/14 7:45 a.m.3 views

TERASOLUNA Global Framework and TERASOLUNA Server Framework for Java (Rich) vulnerable to ClassLoader manipulation

Overview The past versions of TERASOLUNA Global Framework and TERASOLUNA Server Framework for Java Rich are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability. According to the developer, this vulnerability is...

9.8CVSS7AI score0.00407EPSS
Exploits1References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/14 12:0 a.m.66 views

JVN#54728399: TERASOLUNA Global Framework and TERASOLUNA Server Framework for Java (Rich) vulnerable to ClassLoader manipulation

The past versions of TERASOLUNA Global Framework and TERASOLUNA Server Framework for Java Rich are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability. According to the developer, this vulnerability is caused by ...

7.8CVSS7.8AI score0.00407EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/10 4:40 a.m.2 views

Aiphone Video Multi-Tenant System Entrance Stations vulnerable to information disclosure

Overview Video Multi-Tenant System Entrance Stations provided by AIPHONE CO., LTD. contain an information disclosure vulnerability CWE-200. Cameron Palmer of PROMON reported this vulnerability to Aiphone Co., Ltd. and coordinated. Aiphone Co., Ltd. and JPCERT/CC published respective advisories in...

6.5CVSS6.1AI score0.00295EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/10 12:46 a.m.3 views

Multiple vulnerabilities in OMRON products

Overview Machine automation controller NJ/NX series, Automation software "Sysmac Studio", and programmable terminal PT NA series provided by OMRON Corporation contain multiple vulnerabilities in the communication function. The vulnerabilities are as follows. Use of Hard-coded Credentials CWE-798 ...

9.4CVSS7.4AI score0.01769EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/10 12:0 a.m.27 views

JVN#75437943: Aiphone Video Multi-Tenant System Entrance Stations vulnerable to information disclosure

Video Multi-Tenant System Entrance Stations provided by AIPHONE CO., LTD. contain an information disclosure vulnerability CWE-200. Impact An attacker who can obtain specific information of the product and access the product may obtain sensitive information stored in the device. Solution Use the...

6.5CVSS6.2AI score0.00295EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/08 6:7 a.m.2 views

WordPress Plugin "Salon booking system" vulnerable to cross-site scripting

Overview WordPress Plugin "Salon booking system" contains a cross-site scripting vulnerability CWE-79. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6AI score0.00785EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/08 5:59 a.m.4 views

Multiple vulnerabilities in WordPress

Overview WordPress contains multiple vulnerabilities listed below which are to the WordPress Post by Email Feature. Stored Cross-site scripting CWE-79 - CVE-2022-43497 Stored Cross-site scripting CWE-79 - CVE-2022-43500 Improper authentication CWE-287 - CVE-2022-43504 Toshitsugu Yoneyama of Mitsu...

6.1CVSS6.9AI score0.01404EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/08 12:0 a.m.40 views

JVN#59663854: WordPress Plugin "Salon booking system" vulnerable to cross-site scripting

WordPress Plugin "Salon booking system" contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the WordPress administrative page where the product is installed. Solution Update the plugin Update the plug...

6.1CVSS6AI score0.00785EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/08 12:0 a.m.179 views

JVN#09409909: Multiple vulnerabilities in WordPress

WordPress contains multiple vulnerabilities listed below which are to the WordPress Post by Email Feature. Stored Cross-site scripting CWE-79 - CVE-2022-43497 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

6.1CVSS6.7AI score0.01404EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/01 5:51 a.m.3 views

Multiple vulnerabilities in the web interfaces of Kyocera Document Solutions MFPs and printers

Overview The web interface "Command Center" of multiple MFPs and printers provided by KYOCERA Document Solutions Inc. contain multiple vulnerabilities listed below. Session Information Easily Guessable CWE-287 - CVE-2022-41798 Missing authorization CWE-425 - CVE-2022-41807 Stored cross-site...

6.5CVSS6.4AI score0.00823EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/01 12:0 a.m.46 views

JVN#46345126: Multiple vulnerabilities in the web interfaces of Kyocera Document Solutions MFPs and printers

The web interface "Command Center" of multiple MFPs and printers provided by KYOCERA Document Solutions Inc. contain multiple vulnerabilities listed below. Session Information Easily Guessable CWE-287 - CVE-2022-41798 Version| Vector| Score ---|---|--- CVSS v3|...

6.5CVSS6.4AI score0.00823EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/28 6:12 a.m.3 views

Multiple vulnerabilities in FUJI SOFT network devices

Overview USB dongle +F FS040U and mobile routers +F FS020W/+F FS030W/+F FS040W provided by FUJI SOFT INCORPORATED contain multiple vulnerabilities listed below. Plaintext Storage of a Password CWE-256 - CVE-2022-43442 Cross-Site Request Forgery CWE-352 - CVE-2022-43470 Tomohisa Hasegawa of Canon ...

7.3CVSS6.8AI score0.00295EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/28 12:0 a.m.49 views

JVN#74285622: Multiple vulnerabilities in FUJI SOFT network devices

USB dongle +F FS040U and mobile routers +F FS020W/+F FS030W/+F FS040W provided by FUJI SOFT INCORPORATED contain multiple vulnerabilities listed below. Plaintext Storage of a Password CWE-256 - CVE-2022-43442 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...

7.3CVSS6.3AI score0.00295EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/25 6:10 a.m.4 views

Multiple vulnerabilities in SHIRASAGI

Overview SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2022-43479 Stored Cross-site Scripting CWE-79 - CVE-2022-43499 SHIGA TAKUMA of BroadBand Security, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with th...

6.1CVSS6.6AI score0.00918EPSS
Exploits2References10
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/25 12:0 a.m.40 views

JVN#86350682: Multiple vulnerabilities in SHIRASAGI

SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2022-43479 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 Stored...

6.1CVSS6.3AI score0.00918EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/20 7:58 a.m.8 views

Multiple vulnerabilities in nadesiko3

Overview Nadesiko3 provided by kujirahand contains multiple vulnerabilities listed below. OS command injection vulnerability in processing compression and decompression CWE-78 - CVE-2022-41642 Improper check or handling of exceptional conditions in nako3edit CWE-703 - CVE-2022-41777 OS command...

9.8CVSS7.9AI score0.02067EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/20 7:18 a.m.5 views

Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service

Overview Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Privilege escalation due to a Time-of-check Time-of-use TOCTOU Race...

9.1CVSS7.2AI score0.00971EPSS
Exploits0References20
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/20 12:0 a.m.85 views

JVN#56968681: Multiple vulnerabilities in nadesiko3

Nadesiko3 provided by kujirahand contains multiple vulnerabilities listed below. OS command injection vulnerability in processing compression and decompression CWE-78 - CVE-2022-41642 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2...

9.8CVSS9.4AI score0.02067EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/19 7:23 a.m.2 views

Stack-based buffer overflow vulnerability in Yokogawa Test & Measurement WTViewerE

Overview WTViewerE provided by Yokogawa Test & Measurement Corporation contains a stack-based buffer overflow vulnerability CWE-121. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact Processing a long file name may cause the product to crash...

9.8CVSS7.1AI score0.00777EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/19 5:8 a.m.2 views

Lemon8 App fails to restrict access permissions

Overview Lemon8 by ByteDance K.K. provides the function to access a requested URL using Custom URL Scheme/DeepLink. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Ryo Sato of BroadBand Security,Inc. reported this...

6.5CVSS6.6AI score0.00858EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/19 12:0 a.m.42 views

JVN#10921428: Lemon8 App fails to restrict access permissions

Lemon8 by ByteDance K.K. provides the function to access a requested URL using Custom URL Scheme/DeepLink. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an arbitrar...

6.5CVSS6.2AI score0.00858EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/14 4:57 a.m.2 views

Android App "IIJ SmartKey" vulnerable to information disclosure

Overview Android App "IIJ SmartKey" provided by Internet Initiative Japan Inc. contains an information disclosure vulnerability CWE-200. Naoaki Iwakiri reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Under...

7.5CVSS6.3AI score0.00608EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/14 12:0 a.m.30 views

JVN#74534998: Android App "IIJ SmartKey" vulnerable to information disclosure

Android App "IIJ SmartKey" provided by Internet Initiative Japan Inc. contains an information disclosure vulnerability CWE-200. Impact Under certain conditions, an attacker may obtain a one-time password issued by the product. Solution Update the application Update the application to the latest...

7.5CVSS7.2AI score0.00608EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/13 8:27 a.m.5 views

Multiple vulnerabilities in SVMPC1 and SVMPC2

Overview SVMPC1 and SVMPC2 provided by Daikin Holdings Singapore Pte Ltd. contain multiple vulnerabilities listed below. Use of hard-coded password CWE-259 - CVE-2022-41653 Improper access control CWE-284 - CVE-2022-38355 Impact Exploiting these vulnerabilities may allow an attacker on the same L...

9.8CVSS7.1AI score0.00697EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/11 8:49 a.m.3 views

bingo!CMS vulnerable to authentication bypass

Overview bingo!CMS provided by Shift Tech Inc. contains an authentication bypass vulnerability CWE-288 in some of the management functions. Shift Tech Inc. states that attacks exploiting this vulnerability have been observed. Shift Tech Inc. reported this vulnerability to IPA to notify users of i...

9.8CVSS7.3AI score0.01078EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/11 8:2 a.m.2 views

Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security agents for Windows

Overview Trend Micro Incorporated has released a security update for Trend Micro Deep Security and Cloud One - Workload Security agents for Windows. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Information disclosure due...

7.8CVSS6.7AI score0.00417EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/11 6:8 a.m.3 views

The installer of Sony Content Transfer may insecurely load Dynamic Link Libraries

Overview The installer of Content Transfer for Windows provided by Sony Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Tomohisa Hasegawa of Canon IT Solutions Inc. reported this vulnerability to IPA. JPCERT/CC coordinat...

7.8CVSS7.1AI score0.00204EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/11 12:0 a.m.35 views

JVN#74592196: bingo!CMS vulnerable to authentication bypass

bingo!CMS provided by Shift Tech Inc. contains an authentication bypass vulnerability CWE-288 in some of the management functions. Shift Tech Inc. states that attacks exploiting this vulnerability have been observed. Impact Accessing a specific URL directly may allow a remote unauthenticated...

9.8CVSS9.8AI score0.01078EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/11 12:0 a.m.43 views

JVN#40620121: The installer of Sony Content Transfer may insecurely load Dynamic Link Libraries

The installer of Content Transfer for Windows provided by Sony Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privileges of the installer. Solution Do not execute the...

7.8CVSS7.8AI score0.00204EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/07 5:30 a.m.5 views

Growi vulnerable to improper access control

Overview GROWI provided by WESEEK, Inc. contains an improper access control vulnerability CWE-284. Kenta Yamamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A us...

6.5CVSS6.6AI score0.00782EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/07 12:0 a.m.28 views

JVN#00845253: Growi vulnerable to improper access control

GROWI provided by WESEEK, Inc. contains an improper access control vulnerability CWE-284. Impact A user who can login to the affected product may download the markdown data from the pages set to private by the other users. Solution Update the software Update the software to the following versions...

6.5CVSS6.3AI score0.00782EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/06 4:5 a.m.5 views

IPFire WebUI vulnerable to cross-site scripting

Overview The web user interface of IPFire provided by IPFire Project contains multiple stored cross-site scripting vulnerabilities CWE-79. This analysis assumes a scenario where one administrative user prepares malicious content, and then another administrative user accesses this content, resulti...

4.8CVSS6AI score0.00681EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/06 12:0 a.m.33 views

JVN#15411362: IPFire WebUI vulnerable to cross-site scripting

The web user interface of IPFire provided by IPFire Project contains multiple stored cross-site scripting vulnerabilities CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is using the product. Solution Update the Software Update the Software to the latest...

4.8CVSS5.2AI score0.00681EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/05 8:44 a.m.3 views

Multiple vulnerabilities in Buffalo network devices

Overview Multiple network devices provided by Buffalo Inc. contain multiple vulnerabilities listed below. Hidden Functionality CWE-912 - CVE-2022-39044 Use of Hard-coded Credentials CWE-798 - CVE-2022-34840 Authentication Bypass CWE-288 - CVE-2022-4096 Chuya Hayakawa of 00One, Inc. reported these...

8.8CVSS7.7AI score0.01435EPSS
Exploits1References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/05 8:28 a.m.2 views

Privilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenter

Overview A privilege escalation vulnerability CVE-2022-2637 exists in Hitachi Storage Plug-in for VMware vCenter. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and ta...

8.8CVSS7.1AI score0.00461EPSS
Exploits0References4
Total number of security vulnerabilities5625