Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/30 12:0 a.m.51 views

JVN#88993473: Multiple vulnerabilities in multiple ELECOM LAN routers

Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Buffer overflow CWE-121 - CVE-2021-20852 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:P/I:P/A:P| Base Score...

8.8CVSS7.6AI score0.00585EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/29 4:52 a.m.4 views

Trend Micro Antivirus for MAC vulnerable to improper access controls

Overview Trend Micro Incorporated has released a security update for Trend Micro Antivirus for MAC. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A user who can login to the system where the affected product is installed may...

7.8CVSS7.2AI score0.00322EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/26 5:59 a.m.4 views

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2021-41243 Arbitrary code upload vulnerability in Database restore CWE-434 - CVE-2021-41279 CVE-2021-41243 Akagi Yusuke of NTT-ME CORPORATION reported this...

9.1CVSS8AI score0.02174EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/26 12:0 a.m.41 views

JVN#81376414: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2021-41243 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2| AV:N/AC:L/Au:S/C:C/I:C/A:C| Base Score: 9.0...

9.1CVSS8.9AI score0.02174EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/25 5:31 a.m.3 views

WordPress Plugin "Browser and Operating System Finder" vulnerable to cross-site request forgery

Overview WordPress Plugin "Browser and Operating System Finder" provided by Aftab Muni contains a cross-site request forgery vulnerability CWE-352. imai shinpei of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported and coordinated with...

8.8CVSS6.6AI score0.00759EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/25 12:0 a.m.33 views

JVN#93562098: WordPress Plugin "Browser and Operating System Finder" vulnerable to cross-site request forgery

WordPress Plugin "Browser and Operating System Finder" provided by Aftab Muni contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin...

8.8CVSS8.7AI score0.00759EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/24 6:47 a.m.2 views

PowerCMS XMLRPC API vulnerable to OS command injection

Overview PowerCMS XMLRPC API provided by Alfasado Inc. contains an OS command injection vulnerability CWE-78. Alfasado Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Alfasado Inc. coordinated under the Information Security Early Warning...

9.8CVSS7.6AI score0.01486EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/24 12:0 a.m.36 views

JVN#17645965: PowerCMS XMLRPC API vulnerable to OS command injection

PowerCMS XMLRPC API provided by Alfasado Inc. contains an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed by a remote attacker. Solution In the case that not using XMLRPC API: If using as CGI/FCGI Delete mt-xmlrpc.cgi or remove execute permission to...

9.8CVSS9.7AI score0.01486EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/22 7:10 a.m.1 views

Multiple Vulnerabilities in JP1/Automatic Operation

Overview Multiple vulnerabilities have been found in JP1/Automatic Operation. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/16 4:42 a.m.3 views

WordPress Plugin "Push Notifications for WordPress (Lite)" vulnerable to cross-site request forgery

Overview WordPress Plugin "Push Notifications for WordPress Lite" provided by Delite Studio contains a cross-site request forgery vulnerability CWE-352. Ten Katouno of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported and coordinated...

8.8CVSS6.6AI score0.00653EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/16 4:38 a.m.2 views

rwtxt vulnerable to cross-site scripting

Overview rwtxt provided by Zack Scholl is a light-weight content management system CMS that enables to share and/or view any text saved online. rwtxt contains a cross-site scripting vulnerability CWE-79. Ito Reo of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/C...

6.1CVSS5.9AI score0.00877EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/16 12:0 a.m.47 views

JVN#85492429: WordPress Plugin "Push Notifications for WordPress (Lite)" vulnerable to cross-site request forgery

WordPress Plugin "Push Notifications for WordPress Lite" provided by Delite Studio contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in, unintended operations may be performed. Solution Update the...

8.8CVSS8.7AI score0.00653EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/16 12:0 a.m.38 views

JVN#22515597: rwtxt vulnerable to cross-site scripting

rwtxt provided by Zack Scholl is a light-weight content management system CMS that enables to share and/or view any text saved online. rwtxt contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the website...

6.1CVSS6AI score0.00877EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/12 6:7 a.m.3 views

Unlimited Sitemap Generator vulnerable to cross-site request forgery

Overview Unlimited Sitemap Generator provided by XML-Sitemaps contains a cross-site request forgery vulnerability CWE-352. Kanta Nishitani of Ierae Security, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

8.8CVSS6.5AI score0.00507EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/12 2:41 a.m.3 views

Cross-site Scripting Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer

Overview A Cross-site Scripting vulnerability was found in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official...

6.4AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/12 12:0 a.m.33 views

JVN#58407606: Unlimited Sitemap Generator vulnerable to cross-site request forgery

Unlimited Sitemap Generator provided by XML-Sitemaps contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the software Update the software to the latest version according to th...

8.8CVSS8.6AI score0.00507EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/11 6:9 a.m.4 views

Multiple vulnerabilities in EC-CUBE 2 series

Overview EC-CUBE 2 series provided by EC-CUBE CO.,LTD. contains multiple vulnerabilities listed below. Improper access control in Management screen CWE-284 - CVE-2021-20841 Cross-site request forgery vulnerability in Management screen CWE-352 - CVE-2021-20842 EC-CUBE CO.,LTD. reported these...

6.5CVSS7.1AI score0.01276EPSS
Exploits2References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/11 12:0 a.m.41 views

JVN#75444925: Multiple vulnerabilities in EC-CUBE 2 series

EC-CUBE 2 series provided by EC-CUBE CO.,LTD. contains multiple vulnerabilities listed below. Improper access control in Management screen CWE-284 - CVE-2021-20841 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2|...

6.5CVSS7.1AI score0.01276EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/10 5:26 a.m.2 views

WordPress Plugin "Booking Package - Appointment Booking Calendar System" vulnerable to cross-site scripting

Overview WordPress Plugin "Booking Package - Appointment Booking Calendar System" provided by Saasproject contains a cross-site scripting vulnerability CWE-79 due to the flaw in handling some URL query parameters. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IP...

6.1CVSS6AI score0.01243EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/10 12:0 a.m.31 views

JVN#68066589: WordPress Plugin "Booking Package - Appointment Booking Calendar System" vulnerable to cross-site scripting

WordPress Plugin "Booking Package - Appointment Booking Calendar System" provided by Saasproject contains a cross-site scripting vulnerability CWE-79 due to the flaw in handling some URL query parameters. Impact An arbitrary script may be executed on the web browser of the user who is accessing t...

6.1CVSS6AI score0.01243EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/05 6:4 a.m.2 views

File Permission Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center

Overview A file permission vulnerability was found in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for...

6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/01 6:56 a.m.1 views

Authentication Bypass Vulnerability in Hitachi Device Manager

Overview An Authentication Bypass Vulnerability was found in Hitachi Device Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/29 6:22 a.m.4 views

Multiple vulnerabilities in CLUSTERPRO X and EXPRESSCLUSTER X

Overview CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain multiple vulnerabilities listed below. Buffer overflow in the Disk Agent CWE-119 - CVE-2021-20700, CVE-2021-20701 Buffer overflow in the Transaction Server CWE-119 - CVE-2021-20702, CVE-2021-20703 Buffer overflow in th...

10CVSS8.1AI score0.02131EPSS
Exploits0References20
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/29 6:11 a.m.2 views

Android App "Mercari (Merpay) - Marketplace and Mobile Payments App" (Japan version) vulnerable to improper handling of Intent

Overview Android App "Mercari Merpay - Marketplace and Mobile Payments App" Japan version provided by Mercari, Inc. is vulnerable to improper handling of Intent CWE-939. RyotaK reported this vulnerability to Mercari, Inc. and Mercari, Inc. reported it to JPCERT/CC to disclose the vulnerability...

7.5CVSS6.6AI score0.01329EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/29 5:58 a.m.5 views

ESET Cyber Security and ESET Endpoint series vulnerable to denial-of-service (DoS)

Overview ESET Cyber Security and ESET Endpoint series are antivirus software. ESET Cyber Security and ESET Endpoint series for macOS contain a denial-of-service DoS vulnerability CWE-404. Zhou Tingrui of Kaijo Junior & Senior High School reported this vulnerability to the developer and IPA...

5.5CVSS6.5AI score0.00219EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/29 12:0 a.m.94 views

JVN#69304877: Multiple vulnerabilities in CLUSTERPRO X and EXPRESSCLUSTER X

CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain multiple vulnerabilities listed below. Buffer overflow in the Disk Agent CWE-119 - CVE-2021-20700、CVE-2021-20701 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2|...

9.8CVSS9.4AI score0.02131EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/29 12:0 a.m.47 views

JVN#49465877: Android App "Mercari (Merpay) - Marketplace and Mobile Payments App" (Japan version) vulnerable to improper handling of Intent

Android App "Mercari Merpay - Marketplace and Mobile Payments App" Japan version provided by Mercari, Inc. is vulnerable to improper handling of Intent CWE-939. Impact If a user who is using the vulnerable application accesses a malicious page, the malicious page can launch an arbitrary Activity ...

7.5CVSS7.4AI score0.01329EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/29 12:0 a.m.42 views

JVN#60553023: ESET Cyber Security and ESET Endpoint series vulnerable to denial-of-service (DoS)

ESET Cyber Security and ESET Endpoint series are antivirus software. ESET Cyber Security and ESET Endpoint series for macOS contain a denial-of-service DoS vulnerability CWE-404. Impact If it is exploited, an attacker may cause a denial-of-service DoS to stop the applications and all daemons of t...

5.5CVSS5.3AI score0.00219EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/28 6:3 a.m.3 views

Multiple improper restriction of XML external entity reference (XXE) vulnerabilities in Office Server Document Converter

Overview Office Server Document Converter provided by Antenna House, Inc. contains multiple improper restriction of XML external entity reference XXE vulnerabilities listed below. Improper restriction of XML external entity reference XXE CWE-611 - CVE-2021-20838 Resource exhaustion in the PDF...

7.5CVSS6.8AI score0.01471EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/28 12:0 a.m.58 views

JVN#33453839: Multiple improper restriction of XML external entity reference (XXE) vulnerabilities in Office Server Document Converter

Office Server Document Converter provided by Antenna House, Inc. contains multiple improper restriction of XML external entity reference XXE vulnerabilities listed below. Improper restriction of XML external entity reference XXE CWE-611 - CVE-2021-20838 Resource exhaustion in the PDF convert...

7.5CVSS7AI score0.01471EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/26 3:35 a.m.2 views

Trend Micro Endpoint security products for enterprises vulnerable to privilege escalation

Overview Trend Micro Incorporated has released security updates for Endpoint security products for enterprises. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact An attacker may obtain administrative privileges and an arbitrary...

6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/20 8:38 a.m.3 views

Movable Type XMLRPC API vulnerable to OS command injection

Overview Movable Type XMLRPC API provided by Six Apart Ltd. contains an OS command injection vulnerability CWE-78. Sending a specially crafted message by POST method to Movavle Type XMLRPC API may allow arbitrary OS command execution. Updated on 2021 November 10 As of 2021 November 10, a...

9.8CVSS7.9AI score0.88144EPSS
Exploits11References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/20 12:0 a.m.119 views

JVN#41119755: Movable Type XMLRPC API vulnerable to OS command injection

Movable Type XMLRPC API provided by Six Apart Ltd. contains an OS command injection vulnerability CWE-78. Sending a specially crafted message by POST method to Movavle Type XMLRPC API may allow arbitrary OS command execution. 【Updated on 2021 November 10】 As of 2021 November 10, a Proof-of-Concep...

9.8CVSS9.8AI score0.88144EPSS
Exploits11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/18 6:26 a.m.4 views

OMRON CX-Supervisor vulnerable to out-of-bounds read

Overview CX-Supervisor provided by OMRON Corporation contains an out-of-bounds read vulnerability CWE-125, CVE-2021-20836. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If a user of the product has access to change system settings and...

6.5CVSS7.3AI score0.0078EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/18 5:58 a.m.4 views

128 Technology Session Smart Router vulnerable to authentication bypass

Overview 128 Technology Session Smart Router provided by 128 Technology contains an authentication bypass vulnerability CWE-287. Genta Kataoka of IERAE SECURITY INC. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

9.8CVSS7.4AI score0.01666EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/18 12:0 a.m.42 views

JVN#85073657: 128 Technology Session Smart Router vulnerable to authentication bypass

128 Technology Session Smart Router provided by 128 Technology contains an authentication bypass vulnerability CWE-287. Impact A remote attacker may bypass the authentication and execute an arbitrary OS command with the root privilege. Solution Update the software Update the software to the lates...

9.8CVSS9.9AI score0.01666EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/11 9:7 a.m.7 views

Apache HTTP Server vulnerable to directory traversal

Overview Apache HTTP Server provided by The Apache Software Foundation contains a directory traversal vulnerability CWE-22. Shungo Kumasaka of Internet Initiative Japan Inc. reported this vulnerability to the developer, and also to IPA in order to notify users of its solution through JVN. JPCERT/...

9.8CVSS8.9AI score0.99964EPSS
Exploits174References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/08 5:32 a.m.2 views

Nike App fails to restrict custom URL schemes properly

Overview Nike App by Nike, Inc. provides the function to access a requested URL using Custom URL Scheme. The app does not restrict access to the function properly CWE-939 which may be exploited to direct the app to access any sites. Impact A remote attacker may lead a user to access an arbitrary...

6.1CVSS6.7AI score0.01157EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/08 12:0 a.m.45 views

JVN#89126639: Nike App fails to restrict custom URL schemes properly

Nike App by Nike, Inc. provides the function to access a requested URL using Custom URL Scheme. The app does not restrict access to the function properly CWE-939 which may be exploited to direct the app to access any sites. Impact A remote attacker may lead a user to access an arbitrary website v...

6.1CVSS6AI score0.01157EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/08 12:0 a.m.70 views

JVN#51106450: Apache HTTP Server vulnerable to directory traversal

Apache HTTP Server provided by The Apache Software Foundation contains a directory traversal vulnerability CWE-22. Impact A remote attacker may access the unprotected files in "require all denied" placed outside of the document root. Moreover, if CGI scripts are enabled, arbitrary code may be...

9.8CVSS9.2AI score0.99992EPSS
Exploits174
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/05 6:37 a.m.2 views

Information Disclosure Vulnerability in Hitachi Tuning Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer

Overview Hitachi Tuning Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer contains information disclosure vulnerability. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section...

6.3AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/01 5:42 a.m.6 views

Trend Micro ServerProtect family vulnerable to authentication bypass

Overview Trend Micro Incorporated has released security updates for ServerProtect family. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A remote attacker may bypass authentication for the products. For more information, refer...

10CVSS7AI score0.09019EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/30 7:3 a.m.5 views

Multiple vulnerabilities in Cybozu Remote Service

Overview Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-525 Cross-site request forgery vulnerability in the management screen CWE-352 - CVE-2021-20795 CyVDB-1742 Path traversal vulnerability in the management screen CWE-22 - CVE-2021-20796...

8.8CVSS7.2AI score0.01468EPSS
Exploits0References36
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/30 4:56 a.m.3 views

Trend Micro HouseCall for Home Networks vulnerable to privilege escalation

Overview Trend Micro Incorporated has released a security update for HouseCall for Home Networks. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A user who can log in to the product may obtain administrative privileges. As a...

7CVSS7.2AI score0.00533EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/30 12:0 a.m.78 views

JVN#52694228: Multiple vulnerabilities in Cybozu Remote Service

Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-525 Cross-site request forgery vulnerability in the management screen CWE-352 - CVE-2021-20795 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N| Base Score:...

8.8CVSS7AI score0.01468EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/28 6:18 a.m.6 views

SNKRDUNK Market Place App for iOS vulnerable to improper server certificate verification

Overview SNKRDUNK Market Place App for iOS provided SODA, Inc. is vulnerable to improper server certificate verification CWE-295. Okazawa Yoshihiro of Cryptography Laboratory , Information and Communication Engineering ,Graduate School of Engineering , Tokyo Denki University reported this...

7.4CVSS6.5AI score0.0047EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/28 6:11 a.m.2 views

WordPress Plugin "OG Tags" vulnerable to cross-site request forgery

Overview WordPress Plugin "OG Tags" provided by Mario Valney contains a cross-site request forgery vulnerability CWE-352. Ryota Nakazato of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported and coordinated with the developer to fix...

8.8CVSS6.6AI score0.00716EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/28 5:27 a.m.2 views

InBody App vulnerable to information disclosure

Overview InBody App provided by InBody Japan Inc. works with the household body composition analyzer InBody Dial manufactured and sold by InBody Japan Inc., and as a part of its functions, it manages and stores data such as weight, BMI, skeletal muscle mass, and fat mass measured by InBody Dial...

5.3CVSS6.2AI score0.00753EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/28 12:0 a.m.31 views

JVN#63023305: InBody App vulnerable to information disclosure

InBody App provided by InBody Japan Inc. works with the household body composition analyzer InBody Dial manufactured and sold by InBody Japan Inc., and as a part of its functions, it manages and stores data such as weight, BMI, skeletal muscle mass, and fat mass measured by InBody Dial. InBody Ap...

5.3CVSS4.9AI score0.00753EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/28 12:0 a.m.21 views

JVN#29428319: WordPress Plugin "OG Tags" vulnerable to cross-site request forgery

WordPress Plugin "OG Tags" provided by Mário Valney contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according...

8.8CVSS8.7AI score0.00716EPSS
Exploits0
Total number of security vulnerabilities5625