Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/20 8:28 a.m.4 views

Multiple vulnerabilities in Cybozu Office

Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-839CyVDB-2300CyVDB-3109 Browse restriction bypass vulnerability in Cabinet CWE-284 - CVE-2022-32283 CyVDB-1795 Operation restriction bypass vulnerability in Project CWE-285 - CVE-2022-32544...

6.5CVSS7AI score0.00759EPSS
Exploits0References30
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/20 12:0 a.m.102 views

JVN#20573662: Multiple vulnerabilities in Cybozu Office

Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-839CyVDB-2300CyVDB-3109 Browse restriction bypass vulnerability in Cabinet CWE-284 - CVE-2022-32283 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N| Base Score: 4....

6.5CVSS5.7AI score0.00759EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/14 6:59 a.m.4 views

U-Boot squashfs filesystem implementation vulnerable to heap-based buffer overflow

Overview U-Boot is a boot loader for multiple platforms, and squashfs filesystem feature is provided since v2020.10-rc2 commit c5100613. squashfs filesystem implementation of U-Boot contains a heap-based buffer overflow vulnerability CWE-122 due to a defect in the metadata reading process...

7.8CVSS7.6AI score0.00516EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/12 4:47 a.m.3 views

Django Extract and Trunc functions vulnerable to SQL injection

Overview Django provided by Django Software Foundation is a Web application framework. Extract and Trunc functions of Django used to treat date data contain an SQL injection vulnerabilityCWE-89. Takuto Yoshikai of Aeye Security Lab reported this vulnerability to the developer and coordinated. Aft...

9.8CVSS7.8AI score0.73274EPSS
Exploits3References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/12 12:0 a.m.51 views

JVN#12610194: Django Extract and Trunc functions vulnerable to SQL injection

Django provided by Django Software Foundation is a Web application framework. Extract and Trunc functions of Django used to treat date data contain an SQL injection vulnerability CWE-89. Impact An attacker may execute an arbitrary SQL command. Data in websites built using the product may be alter...

9.8CVSS9.7AI score0.73274EPSS
Exploits3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/08 4:42 a.m.2 views

Passage Drive vulnerable to insufficient data verification

Overview Passage Drive provided by Yokogawa Rental & Lease Corporation contains an insufficient data verification vulnerability for interprocess communication CWE-20. Yokogawa Rental & Lease Corporation reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and...

9.3CVSS7AI score0.00201EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/08 12:0 a.m.41 views

JVN#23766146: Passage Drive vulnerable to insufficient data verification

Passage Drive provided by Yokogawa Rental & Lease Corporation contains an insufficient data verification vulnerability for interprocess communication CWE-20. Impact By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where the...

7.8CVSS7.8AI score0.00201EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/04 5:17 a.m.6 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-2909 Operation restriction bypass in multiple applications CWE-285 - CVE-2022-30602 CyVDB-3042 Information disclosure in multiple applications CWE-200 - CVE-2022-29512 CyVDB-3111 Improper input...

8.1CVSS6.5AI score0.01049EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/04 5:12 a.m.2 views

LiteCart vulnerable to cross-site scripting

Overview LiteCart contains a cross-site scripting vulnerability CWE-79. Satoshi Horikoshi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the web browser of the user wh...

6.1CVSS6AI score0.01049EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/04 12:0 a.m.33 views

JVN#32625020: LiteCart vulnerable to cross-site scripting

LiteCart contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the web site using the product. Solution Update the software Update the software to the latest version according to the information provided by...

6.1CVSS6AI score0.01049EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/04 12:0 a.m.86 views

JVN#14077132: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-2909 Operation restriction bypass in multiple applications CWE-285 - CVE-2022-30602 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L| Base Score: 5.4 CVSS v2|...

8.1CVSS6AI score0.01049EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/29 4:42 a.m.3 views

HOME SPOT CUBE2 vulnerable to OS command injection

Overview HOME SPOT CUBE2 provided by KDDI CORPORATION contains an OS command injection vulnerability CWE-78 due to improper processing of data received from DHCP server. Alice Rose reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...

8.8CVSS7.5AI score0.00939EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/29 12:0 a.m.38 views

JVN#41017328: HOME SPOT CUBE2 vulnerable to OS command injection

HOME SPOT CUBE2 provided by KDDI CORPORATION contains an OS command injection vulnerability CWE-78 due to improper processing of data received from DHCP server. Impact An arbitrary OS command may be executed on the product if a malicious DHCP server is placed on the WAN side of the product...

8.8CVSS8.9AI score0.00939EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/24 5:21 a.m.3 views

L2Blocker Sensor setup screen vulnerable to authentication bypass

Overview L2Blocker provided by SOFTCREATE CORP. contains a vulnerability CWE-288 in which the login authentication is bypassed by using alternative paths or channels for Sensor. Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

8.1CVSS6.7AI score0.00393EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/24 12:0 a.m.36 views

JVN#51464799: L2Blocker Sensor setup screen vulnerable to authentication bypass

L2Blocker provided by SOFTCREATE CORP. contains a vulnerability CWE-288 in which the login authentication is bypassed by using alternative paths or channels for Sensor. Impact An attacker who can access the device may perform an unauthorized login and obtain the stored information or cause a...

8.1CVSS8.1AI score0.00393EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/23 5:21 a.m.4 views

web2py vulnerable to open redirect

Overview web2py contains an open redirect vulnerability CWE-601. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When accessing a specially crafted URL, t...

6.1CVSS6.6AI score0.01443EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/23 12:0 a.m.32 views

JVN#02158640: web2py vulnerable to open redirect

web2py contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update the software to the latest version accordi...

6.1CVSS6.1AI score0.01443EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/17 3:26 a.m.3 views

Gitlab vulnerable to server-side request forgery

Overview Gitlab contains a server-side request forgery vulnerability CWE-918 through the Project Import feature. Kanta Nishitani of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to the developer and coordinated. After coordination was completed, this case was reported to IPA, and...

8.1CVSS6.7AI score0.00828EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/17 12:0 a.m.42 views

JVN#93667442: Gitlab vulnerable to server-side request forgery

Gitlab contains a server-side request forgery vulnerability CWE-918 through the Project Import feature. Impact The vulnerability allows an attacker to make arbitrary HTTP/HTTPS or git requests inside a GitLab instance's network. Solution Update the software Update the software to the latest versi...

8.1CVSS6.3AI score0.00828EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/15 8:47 a.m.4 views

Growi vulnerable to weak password requirements

Overview GROWI provided by WESEEK, Inc. contains a weak password requirements vulnerability CWE-521, CVE-2022-1236. 418sec first reported this vulnerability to JPCERT/CC, then JPCERT/CC contacted WSEEK, Inc. as a coordinator. After the coordination between 418sec and WESEEK, Inc. was completed,...

6.5CVSS6.7AI score0.00535EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/15 3:28 a.m.4 views

FreeBSD vulnerable to denial-of-service (DoS)

Overview FreeBSD contains a denial-of-service DoS vulnerability CWE-400 due to improper handling of TSopt on TCP connections. Impact A remote attacker may be able to cause a denial-of-service DoS condition. Solution Update the software Update the software to the latest version according to the...

7.5CVSS6.6AI score0.0073EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/15 12:0 a.m.35 views

JVN#20930118: FreeBSD vulnerable to denial-of-service (DoS)

FreeBSD contains a denial-of-service DoS vulnerability CWE-400 due to improper handling of TSopt on TCP connections. Impact A remote attacker may be able to cause a denial-of-service DoS condition. Solution Update the software Update the software to the latest version according to the information...

7.5CVSS7.4AI score0.0073EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/14 4:46 a.m.2 views

Cisco Catalyst 2940 Series Switches vulnerable to cross-site scripting

Overview Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc., with firmware versions prior to 12.250SY, improperly processes user input and generates error pages, leading to a cross-site scripting vulnerability CWE-79. The vulnerability has been addressed on 12.250SY released in...

6.1CVSS6.1AI score0.00576EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/14 12:0 a.m.47 views

JVN#94363766: Cisco Catalyst 2940 Series Switches vulnerable to cross-site scripting

Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc., with firmware versions prior to 12.250SY, improperly processes user input and generates error pages, leading to a cross-site scripting vulnerability CWE-79. The vulnerability has been addressed on 12.250SY released in 2011 Cisco...

6.1CVSS6.1AI score0.00576EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/09 4:31 a.m.3 views

SHIRASAGI vulnerable to cross-site scripting

Overview SHIRASAGI provided by SHIRASAGI Project contains a cross-site scripting vulnerability CWE-79. hibiki moriyama of STNet, Incorporated reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary scri...

6.1CVSS6.2AI score0.00963EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/09 12:0 a.m.33 views

JVN#32962443: SHIRASAGI vulnerable to cross-site scripting

SHIRASAGI provided by SHIRASAGI Project contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is using the product. Solution Update the Software Update to the latest version according to the information provided by the...

6.1CVSS6.2AI score0.00963EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/03 3:17 a.m.3 views

Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service

Overview Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Privilege escalation and arbitrary DLL loading due to an incorrect...

7.8CVSS7.1AI score0.00398EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/01 7:12 a.m.5 views

T&D Data Server and THERMO RECORDER DATA SERVER contain a directory traversal vulnerability.

Overview T Data Server and THERMO RECORDER DATA SERVER provided by T Corporation contain a directory traversal vulnerability CWE-22. Shun Asai of FiveDrive, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

7.5CVSS6.7AI score0.03234EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/01 4:39 a.m.4 views

WordPress Plugin "Modern Events Calendar Lite" vulnerable to cross-site scripting

Overview WordPress Plugin "Modern Events Calendar Lite" provided by Webnus contains a stored cross-site scripting vulnerability CWE-79. Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

5.4CVSS5.9AI score0.00529EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/01 12:0 a.m.29 views

JVN#04155116: WordPress Plugin "Modern Events Calendar Lite" vulnerable to cross-site scripting

WordPress Plugin "Modern Events Calendar Lite" provided by Webnus contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the website using the plugin. Solution Update the plugin Update the plugin to t...

5.4CVSS5.2AI score0.00529EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/01 12:0 a.m.32 views

JVN#28659051: T&D Data Server and THERMO RECORDER DATA SERVER vulnerable to directory traversal

T&D Data Server and THERMO RECORDER DATA SERVER provided by T&D Corporation contain a directory traversal vulnerability CWE-22. Impact Arbitrary files on the server may be viewed by a remote attacker. Solution Update the software Update the software to the latest version according to the...

7.5CVSS7.5AI score0.03234EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/27 7:9 a.m.3 views

RevoWorks incomplete filtering of MS Office v4 macros

Overview RevoWorks SCVX, RevoWorks Browser and RevoWorks Desktop provided by J's Communication Co., Ltd. enables users to execute web browsers, accessing drives, folders, files and registries in a sandboxed environment. Users can download files from the internet to the sandboxed environment,...

7.8CVSS6.5AI score0.00579EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/27 6:48 a.m.4 views

Mobaoku-Auction & Flea Market App for iOS vulnerable to improper server certificate verification

Overview Mobaoku-Auction & Flea Market App for iOS provided by DeNA Co., Ltd. is vulnerable to improper server certificate verification CWE-295. Okazawa Yoshihiro reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

4.8CVSS6.4AI score0.00344EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/27 6:39 a.m.3 views

Multiple vulnerabilities in Fuji Electric V-SFT

Overview Multiple vulnerabilities listed below exist in the simulator module contained in the graphic editor "V-SFT" provided by FUJI ELECTRIC CO., LTD. Out-of-bounds Write CWE-787 - CVE-2022-30538 Out-of-bounds Read CWE-125 - CVE-2022-30546 Heap-based Buffer Overflow CWE-122 - CVE-2022-26302 Use...

7.8CVSS7.4AI score0.00855EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/27 6:37 a.m.4 views

Multiple vulnerabilities in Fuji Electric V-SFT, V-Server and V-Server Lite

Overview Multiple vulnerabilities listed below exist in the simulator module contained in the graphic editor "V-SFT" and the remote monitoring software "V-Server" and "V-Server Lite" provided by FUJI ELECTRIC CO., LTD. Out-of-bounds Read in V-SFT CWE-125 - CVE-2022-29506 Out-of-bounds Read in...

7.8CVSS7.5AI score0.00874EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/27 6:28 a.m.4 views

Multiple vulnerabilities in CONTEC SolarView Compact

Overview SolarView Compact provided by CONTEC CO., LTD. is PV Measurement System. SolarView Compact contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2022-29303 Improper validation of input values on the send test mail console of the product's web server may result...

10CVSS8AI score0.99273EPSS
Exploits20References17
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/27 12:0 a.m.47 views

JVN#27256219: RevoWorks incomplete filtering of MS Office v4 macros

RevoWorks SCVX, RevoWorks Browser and RevoWorks Desktop provided by J's Communication Co., Ltd. enables users to execute web browsers, accessing drives, folders, files and registries in a sandboxed environment. Users can download files from the internet to the sandboxed environment, sanitizing...

7.8CVSS7.5AI score0.00579EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/27 12:0 a.m.42 views

JVN#13878856: Mobaoku-Auction & Flea Market App for iOS vulnerable to improper server certificate verification

Mobaoku-Auction & Flea Market App for iOS provided by DeNA Co., Ltd. is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the application Update the application to the...

4.3CVSS3.8AI score0.00344EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/24 6:27 a.m.4 views

Trend Micro Password Manager vulnerable to privilege escalation

Overview Trend Micro Incorporated has released a security update for Trend Micro Password Manager. Trend Micro Incorporated reported the vulnerability to JPCERT/CC to notify users of the solutions through JVN. Impact A non-administrative user of the system where the affected product is installed...

7.8CVSS7.1AI score0.00422EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/24 6:0 a.m.2 views

WordPress plugin "WP Statistics" vulnerable to cross-site scripting

Overview WordPress plugin "WP Statistics" provided by VeronaLabs contains a cross-site scripting vulnerability CWE-79. Shogo Kumamaru of LAC CyberLink Co., Ltd reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

6.1CVSS6AI score0.00969EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/24 12:0 a.m.28 views

JVN#15241647: WordPress plugin "WP Statistics" vulnerable to cross-site scripting

WordPress plugin "WP Statistics" provided by VeronaLabs contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the web site using the product. Solution Update the plugin Update the plugin according to th...

6.1CVSS6AI score0.00969EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/20 8:4 a.m.7 views

Spring Security OAuth (spring-security-oauth2) vulnerable to denial-of-service (DoS)

Overview Spring Security OAuth spring-security-oauth2 provided by VMware, Inc. contains a denial-of-service vulnerability due to uncontrolled resource consumption CWE-400. Note that Spring Security OAuth spring-security-oauth2 is no longer supported, therefore Spring Security has been developed a...

6.5CVSS6.6AI score0.01234EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/20 12:0 a.m.57 views

JVN#15317878: Spring Security OAuth (spring-security-oauth2) vulnerable to denial-of-service (DoS)

Spring Security OAuth spring-security-oauth2 provided by VMware, Inc. contains a denial-of-service vulnerability due to uncontrolled resource consumption CWE-400. Note that Spring Security OAuth spring-security-oauth2 is no longer supported, therefore Spring Security has been developed as the...

7.5CVSS6.7AI score0.06001EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/19 6:13 a.m.3 views

Multiple vulnerabilities in Rakuten Casa

Overview Rakuten Casa provided by Rakuten Mobile, Inc. contains multiple vulnerabilities listed below. Use of Hard-coded Credentials CWE-798 - CVE-2022-29525 Improper Access Control CWE-284 - CVE-2022-28704 Improper Access Control CWE-284 - CVE-2022-26834 CVE-2022-29525 Narumi Hirai of LAC Co.,...

9.8CVSS7.1AI score0.02452EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/19 12:0 a.m.58 views

JVN#46892984: Multiple vulnerabilities in Rakuten Casa

Rakuten Casa provided by Rakuten Mobile, Inc. contains multiple vulnerabilities listed below. Use of Hard-coded Credentials CWE-798 - CVE-2022-29525 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N| Base Score: 5.9 CVSS v2| AV:N/AC:M/Au:N/C:C/I:N/A:N| Base...

9.8CVSS8AI score0.02452EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/16 5:25 a.m.4 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1584CyVDB-2670 Operation restriction bypass vulnerability in Bulletin CWE-285 - CVE-2022-28718 CyVDB-1865CyVDB-2692 Operation restriction bypass vulnerability in Workflow CWE-285 - CVE-2022-27661...

8.1CVSS6.6AI score0.01049EPSS
Exploits0References40
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/16 12:0 a.m.99 views

JVN#73897863: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1584CyVDB-2670 Operation restriction bypass vulnerability in Bulletin CWE-285 - CVE-2022-28718 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N| Base Score: 4.3 CVS...

8.1CVSS6AI score0.01049EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/13 7:45 a.m.2 views

Strapi vulnerable to cross-site scripting

Overview Strapi contains a stored cross-site scripting vulnerability CWE-79 in the file upload function. Yuta Morioka of Information Science College reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitra...

5.4CVSS5.9AI score0.00712EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/13 7:31 a.m.4 views

EC-CUBE plugin "Easy Blog for EC-CUBE4" vulnerable to cross-site request forgery

Overview EC-CUBE plugin "Easy Blog for EC-CUBE4" provided by COREMOBILE Co. Ltd. contains a cross-site request forgery vulnerability CWE-352. Furukawa Natsumi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

4.3CVSS6.5AI score0.00431EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/13 7:24 a.m.3 views

Installer of Trend Micro HouseCall for Home Networks may insecurely load Dynamic Link Libraries

Overview Trend Micro Incorporated has released a security update for HouseCall for Home Networks. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact Installer of Trend Micro HouseCall for Home Networks contains an issue with the D...

7.8CVSS7.3AI score0.00272EPSS
Exploits0References4
Total number of security vulnerabilities5625