Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/06 12:0 a.m.86 views

JVN#42880365: WordPress Plugin "WordPress Email Template Designer - WP HTML Mail" vulnerable to cross-site request forgery

WordPress Plugin "WordPress Email Template Designer - WP HTML Mail" provided by codemiq contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in to the affected system with an administrative privilege, unintended operations may be...

8.8CVSS8.5AI score0.0087EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/05 5:28 a.m.4 views

A-Stage SCT-40CM01SR and AT-40CM01SR vulnerable to authentication bypass

Overview SCT-40CM01SR and AT-40CM01SR provided by A-Stage Inc. are liquid crystal televisions. SCT-40CM01SR and AT-40CM01SR contain an authentication bypass vulnerability CWE-287. Shinnosuke Tokusho reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

9.8CVSS7.2AI score0.0129EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/05 12:0 a.m.82 views

JVN#21636825: A-Stage SCT-40CM01SR and AT-40CM01SR vulnerable to authentication bypass

SCT-40CM01SR and AT-40CM01SR provided by A-Stage Inc. are liquid crystal televisions. SCT-40CM01SR and AT-40CM01SR contain an authentication bypass vulnerability CWE-287. Impact An attacker who can access the device may log in via telnet without authentication and execute an arbitrary command...

9.8CVSS9.8AI score0.0129EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/01 6:49 a.m.3 views

EC-CUBE fails to restrict access permissions

Overview EC-CUBE provided by EC-CUBE CO.,LTD. fails to restrict access permissions CWE-284 . EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LTD. coordinated under the Information Security Early Warning Partnership...

7.5CVSS6.6AI score0.02071EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/01 12:0 a.m.59 views

JVN#57942445: EC-CUBE fails to restrict access permissions

EC-CUBE provided by EC-CUBE CO.,LTD. fails to restrict access permissions CWE-284 . Impact A remote attacker may obtain sensitive information. Solution Update the Softwere Update the software according to the information provided by the developer. The developer has released EC-CUBE 4.0.6-p1 that...

7.5CVSS7.4AI score0.02071EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/30 5:32 a.m.6 views

boastMachine vulnerable to cross-site scripting

Overview boastMachine provided by knadh contains a cross-site scripting vulnerability CWE-79. Daiki Fukumori reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the user's...

6.1CVSS6.2AI score0.0449EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/30 5:21 a.m.6 views

IkaIka RSS Reader vulnerable to cross-site scripting

Overview IkaIka RSS Reader contains a cross-site scripting vulnerability CWE-79, due to the improper processing of RSS registration. LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a malicio...

6.1CVSS6.2AI score0.00788EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/30 2:36 a.m.8 views

WordPress Plugin "WordPress Popular Posts" vulnerable to cross-site scripting

Overview WordPress Plugin "WordPress Popular Posts" provided by Hector Cabrera contains a cross-site scripting vulnerability CWE-79. Yu Iwama of Secure Sky Technology Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.4CVSS6.2AI score0.01442EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/30 12:0 a.m.28 views

JVN#65660590: boastMachine vulnerable to cross-site scripting

boastMachine provided by knadh contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Stop using "boastMachine" The developer states that the product is no longer supported, therefore stop using the product. Products...

4.3CVSS6AI score0.0449EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/30 12:0 a.m.38 views

JVN#15185184: IkaIka RSS Reader vulnerable to cross-site scripting

IkaIka RSS Reader contains a cross-site scripting vulnerability CWE-79, due to the improper processing of RSS registration. Impact If a malicious RSS feed is loaded into the product, an arbitrary script may be executed on the web browser where the product is running. Solution Do not use IkaIka RS...

6.1CVSS6.1AI score0.00788EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/23 6:15 a.m.5 views

Multiple cross-site scripting vulnerabilities in EC-CUBE

Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20750 Cross-site scripting vulnerability CWE-79 - CVE-2021-20751 hibiki moriyama of STNet, Incorporated reported these...

6.1CVSS6.4AI score0.01557EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/23 12:0 a.m.58 views

JVN#63066062: WordPress Plugin "WordPress Popular Posts" vulnerable to cross-site scripting

WordPress Plugin "WordPress Popular Posts" provided by Hector Cabrera contains a cross-site scripting vulnerability CWE-79. Impact A user with the administrative privilege may unintentionally execute a script on his/her web browser. Solution Update the plugin Update the plugin according to the...

5.4CVSS5.3AI score0.01442EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/23 12:0 a.m.80 views

JVN#95292458: Multiple cross-site scripting vulnerabilities in EC-CUBE

EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20750 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

6.1CVSS6.6AI score0.01557EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/22 6:6 a.m.2 views

Inkdrop vulnerable to OS command injection

Overview Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains an OS command injection vulnerability CWE-78. Eiji Mori of Flatt Security Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

9.3CVSS7.8AI score0.00964EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/22 6:6 a.m.2 views

WordPress plugin "Fudousan plugin" series vulnerable to cross-site scripting

Overview Some of WordPress plugin "Fudousan plugin" series provided by nendeb contain a cross-site scripting vulnerability CWE-79. Yu Iwama of Secure Sky Technology Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.4CVSS6AI score0.00989EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/22 12:0 a.m.175 views

JVN#93799513: WordPress plugin "Fudousan plugin" series vulnerable to cross-site scripting

Some of WordPress plugin "Fudousan plugin" series provided by nendeb contain a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who accessed the site using the product. Solution Update the plugin Update the plugin according to th...

5.4CVSS5.2AI score0.00989EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/22 12:0 a.m.68 views

JVN#29949691: Inkdrop vulnerable to OS command injection

Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains an OS command injection vulnerability CWE-78. Impact If a file or code snippet containing an invalid iframe is loaded into Inkdrop, an arbitrary OS command may be executed on the system where it runs. Solution Update the...

9.3CVSS7.9AI score0.00964EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/18 6:45 a.m.2 views

Hitachi Virtual File Platform vulnerable to OS command injection

Overview Hitachi Virtual File Platform provided by Hitachi contains an OS command injection vulnerability CWE-78 due to a flaw in processing parameters of the HTTP requests. Hiroki MATSUKUMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

9CVSS7.6AI score0.0311EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/18 12:0 a.m.77 views

JVN#21298724: Hitachi Virtual File Platform vulnerable to OS command injection

Hitachi Virtual File Platform provided by Hitachi contains an OS command injection vulnerability CWE-78 due to a flaw in processing parameters of the HTTP requests. Impact A remote attacker who can log in to the product may execute an arbitrary OS command with root privilege. Solution Update the...

9CVSS8.9AI score0.0311EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/17 6:11 a.m.2 views

Hitachi Application Server Help vulnerable cross-site scripting

Overview Hitachi Application Server Help contains a cross-site scripting vulnerability CWE-79. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrar...

6.1CVSS6AI score0.00754EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/17 12:0 a.m.67 views

JVN#03776901: Hitachi Application Server Help vulnerable cross-site scripting

Hitachi Application Server Help contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the appropriate latest version of the help according to the information provided by the developer. Product...

6.1CVSS6.1AI score0.00754EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/16 7:18 a.m.4 views

Multiple cross-site scripting vulnerabilities in multiple EC-CUBE plugins provided by EC-CUBE

Overview Multiple EC-CUBE plugins provided by EC-CUBE CO.,LTD. contain multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20742 Cross-site scripting vulnerability CWE-79 - CVE-2021-20743 Cross-site scripting vulnerability CWE-79 -...

7.1CVSS6.3AI score0.00757EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/15 7:9 a.m.4 views

Multiple ETUNA EC-CUBE plugins vulnerable to cross-site scripting

Overview Multiple EC-CUBE plugins provided by ETUNA contain a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE. As of 2021 June 15, an attack exploting this vulnerability has been observed in the wil...

6.1CVSS5.9AI score0.01121EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/15 12:0 a.m.75 views

JVN#57524494: Multiple cross-site scripting vulnerabilities in multiple EC-CUBE plugins provided by EC-CUBE

Multiple EC-CUBE plugins provided by EC-CUBE CO.,LTD. contain multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20742 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L| Base Score: 7.1 CVSS v2|...

6.1CVSS6.5AI score0.00757EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/15 12:0 a.m.39 views

JVN#79254445: Multiple ETUNA EC-CUBE plugins vulnerable to cross-site scripting

Multiple EC-CUBE plugins provided by ETUNA contain a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE. As of 2021 June 15, an attack exploting this vulnerability has been observed in the wild. Impact...

6.1CVSS6.1AI score0.01121EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/14 6:10 a.m.1 views

Asken App for Android fails to restrict custom URL schemes properly

Overview Asken App for Android by asken Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access ...

6.1CVSS6.8AI score0.00821EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/14 6:10 a.m.5 views

Multiple vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. NoSQL injection CWE-943 - CVE-2021-20736 Improper authentication CWE-287 - CVE-2021-20737 Impact The expected impact depends on each vulnerability, but it may be affected as follows. A user who can access the...

9.1CVSS7.1AI score0.01307EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/14 12:0 a.m.75 views

JVN#95457785: Multiple vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. NoSQL injection CWE-943 - CVE-2021-20736 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 7.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5 Improper...

9.1CVSS7.7AI score0.01307EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/14 12:0 a.m.75 views

JVN#38034268: あすけん App for Android fails to restrict custom URL schemes properly

あすけん App for Android by asken Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an arbitra...

6.1CVSS6.2AI score0.00821EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/11 6:24 a.m.4 views

WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting

Overview WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a stored cross-site scripting vulnerability CWE-79. Yu Iwama of Secure Sky Technology Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.1CVSS5.8AI score0.01044EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/11 12:0 a.m.67 views

JVN#70566757: WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting

WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a stored cross-site scripting vulnerability CWE-79. Impact If a user views a malicious page while logged in to the affected system with the administrative privilege, an arbitrary script may be executed. Solution Update the...

6.1CVSS6AI score0.01044EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/08 3:21 a.m.1 views

urllib3 vulnerable to Regular expression Denial-of-Service (ReDoS)

Overview urllib3 contains a Regular expression Denial-of-Service DoS vulnerability. urllib3, an HTTP client module for Python, contains a Regular expression Denial-of-Service ReDoS vulnerability CWE-400, CVE-2021-33503 due to catastrophic backtracking while processing a malicious URL. Nariyoshi...

7.5CVSS9.2AI score0.03273EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/03 5:5 a.m.4 views

ATOM - Smart life App vulnerable to improper server certificate verification

Overview ATOM - Smart life App provided by ATOM tech Inc. is vulnerable to improper server certificate verification CWE-295. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.9CVSS6.6AI score0.00486EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/03 12:0 a.m.61 views

JVN#64064138: ATOM - Smart life App vulnerable to improper server certificate verification

ATOM - Smart life App provided by ATOM tech Inc. is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update the application to the latest version...

5.9CVSS5.3AI score0.00486EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/02 6:46 a.m.1 views

goo blog App fails to restrict custom URL schemes properly

Overview goo blog App by NTT Resonant Incorporated provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-284 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to...

5.3CVSS6.7AI score0.00993EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/02 12:0 a.m.59 views

JVN#91691168: goo blog App fails to restrict custom URL schemes properly

goo blog App by NTT Resonant Incorporated provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-284 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an...

5.3CVSS5.1AI score0.00993EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/01 6:18 a.m.1 views

Multiple vulnerabilities in Buffalo WSR-1166DHP3 and WSR-1166DHP4 routers

Overview Buffalo WSR-1166DHP3 and WSR-1166DHP4 routers provided by Buffalo Inc. contain multiple vulnerabilities listed below. Improper access control CWE-284 - CVE-2021-20730 OS command injection CWE-78 - CVE-2021-20731 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC...

8.8CVSS8AI score0.00593EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/26 5:50 a.m.3 views

Zettlr vulnerable to cross-site scripting

Overview Zettlr provided by Hendrik Erz is a Markdown editor. Zettlr contains a cross-site scripting vulnerability CWE-79. Eiji Mori of flatt security Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If ...

6.1CVSS6.2AI score0.01036EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/26 12:0 a.m.50 views

JVN#98239374: Zettlr vulnerable to cross-site scripting

Zettlr provided by Hendrik Erz is a Markdown editor. Zettlr contains a cross-site scripting vulnerability CWE-79. Impact If a file or code snippet containing an invalid iframe is loaded into Zettlr, an arbitrary script may be executed on the system where it runs. Solution Update the Software Upda...

6.1CVSS6.1AI score0.01036EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/25 5:11 a.m.0 views

Hitachi Ops Center Analyzer vulnerability of communication using a certificate not intended by the user

Overview Hitachi Ops Center Analyzer has a vulnerability of communication using a certificate not intended by the user. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure...

6.9AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/21 7:34 a.m.1 views

The installers of ScanSnap Manager may insecurely load Dynamic Link Libraries

Overview The installers of ScanSnap Manager provided by FUJITSU LIMITED contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wi...

7.8CVSS7.1AI score0.0044EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/21 7:7 a.m.3 views

Installer of Overwolf may insecurely load Dynamic Link Libraries

Overview Overwolf is a software framework for creating applications for games. The Overwolf Installer contains an issue with the DLL search path CWE-427, which may lead to insecurely loading Dynamic Link Libraries stored in the same directory where the installer resides. Shogo kumamaru of LAC Co....

7.8CVSS6.8AI score0.00292EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/21 6:38 a.m.2 views

Multiple cross-site scripting vulnerabilities in multiple PHP Factory products

Overview Multiple products provided by PHP Factory contain multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability CWE-79 - CVE-2021-20723 Reflected cross-site scripting vulnerability in the admin page CWE-79 - CVE-2021-20724 Reflected cross-site...

6.1CVSS6.5AI score0.00777EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/21 5:21 a.m.2 views

QND vulnerable to privilege escalation

Overview QND provided by QualitySoft Corporation contains a privilege escalation vulnerability CWE-268. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. RedTeam reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

7.8CVSS6.7AI score0.0022EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/21 12:0 a.m.62 views

JVN#78254777: Installer of Overwolf may insecurely load Dynamic Link Libraries

Overwolf is a software framework for creating applications for games. The Overwolf Installer contains an issue with the DLL search path CWE-427, which may lead to insecurely loading Dynamic Link Libraries stored in the same directory where the installer resides. Impact Arbitrary code may be...

7.8CVSS7.7AI score0.00292EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/21 12:0 a.m.77 views

JVN#53910556: Multiple cross-site scripting vulnerabilities in multiple PHP Factory products

Multiple products provided by PHP Factory contain multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability CWE-79 - CVE-2021-20723 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.7 CVSS v2|...

6.1CVSS6.6AI score0.00777EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/21 12:0 a.m.59 views

JVN#65733194: The installers of ScanSnap Manager may insecurely load Dynamic Link Libraries

The installers of ScanSnap Manager provided by FUJITSU LIMITED contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...

7.8CVSS7.8AI score0.0044EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/21 12:0 a.m.71 views

JVN#74686032: QND vulnerable to privilege escalation

QND provided by QualitySoft Corporation contains a privilege escalation vulnerability CWE-268. Impact A user who can log in to the PC where the product's Windows client is installed may obtain administrative privileges. As a result, sensitive information may be modified/obtained or unintended...

7.8CVSS7.7AI score0.0022EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/14 6:35 a.m.5 views

mod_auth_openidc vulnerable to denial-of-service (DoS)

Overview modauthopenidc provided by ZmartZone is an OpenID Connect's Relying Party module for Apache HTTP Server. This module contains a denial-of-service DoS vulnerability CWE-400. Tatsuhiko Yasumatsu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

7.5CVSS6.7AI score0.03395EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/14 6:26 a.m.4 views

Multiple vulnerabilities in Cisco Small Business Series Wireless Access Points

Overview Cisco Small Business Series Wireless Access Points provided by Cisco Systems, Inc. contain multiple vulnerabilities listed below. Improper access control CWE-284 - CVE-2021-1400 Command injection CWE-78 - CVE-2021-1401 Shuto Imai of LAC Co., Ltd. reported this vulnerability to IPA...

9CVSS7.4AI score0.02034EPSS
Exploits0References8
Total number of security vulnerabilities5625