Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/01/12 6:53 a.m.•4 views

The installer of SKYSEA Client View may insecurely load Dynamic Link Libraries

Overview SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. The installer of SKYSEA Client View contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. shogo kumamaru of LAC Co.,Ltd reported this...

7.8CVSS7AI score0.00321EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/01/12 12:0 a.m.•68 views

JVN#69635538: The installer of SKYSEA Client View may insecurely load Dynamic Link Libraries

SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. The installer of SKYSEA Client View contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of...

7.8CVSS7.8AI score0.00321EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/01/04 8:24 a.m.•4 views

Multiple NEC Products vulnerable to authentication bypass

Overview In Intelligent Platform Management Interface IPMI v1.5, Remote Management Control Protocol RMCP to access BMC through LAN is prescribed. Multiple NEC products which conduct RMCP access using IPMI over LAN contain an issue in implementations of the BMC firmware and when accessing BMC...

5.3CVSS6.9AI score
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/01/04 5:37 a.m.•5 views

Multiple vulnerabilities in UNIVERGE SV9500/SV8500 series

Overview Remote system maintenance feature of UNIVERGE SV9500/SV8500 series' Web based remote maintenance console contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2020-5685 Incorrect Implementation of Authentication Algorithm CWE-303 - CVE-2020-5686 NEC Platforms,...

10CVSS7.7AI score0.01803EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/01/04 12:0 a.m.•103 views

JVN#38752718: Multiple NEC Products vulnerable to authentication bypass

In Intelligent Platform Management Interface IPMI v1.5, Remote Management Control Protocol RMCP to access BMC through LAN is prescribed. Multiple NEC products which conduct RMCP access using IPMI over LAN contain an issue in implementations of the BMC firmware and when accessing BMC through RMCP...

9.8CVSS7.6AI score0.81802EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/01/04 12:0 a.m.•85 views

JVN#38784555: Multiple vulnerabilities in UNIVERGE SV9500/SV8500 series

Remote system maintenance feature of UNIVERGE SV9500/SV8500 series' Web based remote maintenance console contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2020-5685 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H| Base Score...

10CVSS9AI score0.01803EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/21 8:48 a.m.•3 views

Improper certificate validation vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer

Overview The Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer contains improper certificate validation vulnerability. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the...

6.9AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/21 8:48 a.m.•1 views

Cleartext Transmission of Sensitive Information Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer

Overview The Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer contains a cleartext transmission of sensitive information vulnerability due to incomplete document. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer t...

6.6AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/21 5:20 a.m.•5 views

Cross-site Scripting Vulnerability in Hitachi Command Suite

Overview A Cross-site Scripting vulnerability was found in Hitachi Command Suite. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

6.5AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/18 8:0 a.m.•3 views

Management software for NEC Storage disk array system vulnerable to improper server certificate verification

Overview Management software for NEC Storage disk array system provided by NEC Corporation is vulnerable to improper server certificate verification CWE-295. Masaaki KOBAYASHI reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.8CVSS6.5AI score0.00331EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/18 7:47 a.m.•2 views

Self-Extracting files created by multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries

Overview Self-Extracting files created by multiple SEIKO EPSON products contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...

9.3CVSS7AI score0.00866EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/18 12:0 a.m.•57 views

JVN#10100024: Management software for NEC Storage disk array system vulnerable to improper server certificate verification

Management software for NEC Storage disk array system provided by NEC Corporation is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication or alter the communication. Solution Update the...

5.8CVSS5AI score0.00331EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/18 12:0 a.m.•60 views

JVN#94244575: Self-Extracting files created by multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries

Self-Extracting files created by multiple SEIKO EPSON products contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the Self-Extracting files. Solution Update t...

9.3CVSS7.7AI score0.00866EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/15 6:41 a.m.•2 views

Multiple vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Denial-of-service DoS due to improper verification of input values CWE-400 - CVE-2020-5682 Directory traversal due to improper verification of uploaded files CWE-22 - CVE-2020-5683 These vulnerabilities were...

7.5CVSS6.7AI score0.02982EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/15 12:0 a.m.•56 views

JVN#94169589: Multiple vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Denial-of-service DoS due to improper verification of input values CWE-400 - CVE-2020-5682 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L| Base Score: 5.3 CVSS v2|...

7.5CVSS7.7AI score0.02982EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/11 7:59 a.m.•4 views

Multiple vulnerabilities in Aterm SA3500G

Overview Aterm SA3500G provided by NEC Corporation contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2020-5635 OS command injection CWE-78 - CVE-2020-5636 Improper Validation of Integrity Check Value CWE-354 - CVE-2020-5637 These vulnerabilities were reported by th...

8.8CVSS7.6AI score0.01021EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/11 6:9 a.m.•4 views

Apache Struts 2 vulnerable to remote code execution (S2-061)

Overview Apache Struts 2 provided by The Apache Software Foundation contains a remote code execution vulnerability due to improper input validation CWE-20. Masato Anzai of Aeye Security Lab, inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securi...

9.8CVSS8.1AI score0.95922EPSS
Exploits11References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/11 12:0 a.m.•52 views

JVN#55917325: Multiple vulnerabilities in Aterm SA3500G

Aterm SA3500G provided by NEC Corporation contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2020-5635 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2| AV:A/AC:L/Au:N/C:P/I:P/A:P| Base Score: 5.8 OS...

8.8CVSS7.7AI score0.01021EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/11 12:0 a.m.•60 views

JVN#43969166: Apache Struts 2 vulnerable to remote code execution (S2-061)

Apache Struts 2 provided by The Apache Software Foundation contains a remote code execution vulnerability due to improper input validation CWE-20. Impact A remote attacker may execute arbitrary code. Solution Update the software Update the software to the latest version according to the informati...

9.8CVSS9.7AI score0.95922EPSS
Exploits11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/10 6:21 a.m.•2 views

FileZen vulnerable to directory traversal

Overview FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains a directory traversal vulnerability CWE-22. Soliton Systems K.K. reported this vulnerability to IPA to notify users of its solution through JVN...

10CVSS7.3AI score0.05009EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/10 12:0 a.m.•48 views

JVN#12884935: FileZen vulnerable to directory traversal

FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains a directory traversal vulnerability CWE-22. Impact A remote attacker may upload an arbitrary file in the specific directory in the product. If a specialy...

10CVSS9.7AI score0.05009EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/08 3:34 a.m.•3 views

ServerProtect for Linux vulnerable to heap-based buffer overflow

Overview Kernel Hook Module for ServerProtect for Linux provided by Trend Micro Incorporated contains a heap-based buffer overflow vulnerability CWE-122. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. Impact An attacker who can...

6.7CVSS7.5AI score0.00665EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/07 7:34 a.m.•2 views

Apache Cordova Plugin camera vulnerable to information exposure

Overview Apache Cordova Plugin camera is a plugin for Apache Cordova applications, which provides an API for taking pictures and for choosing images from the system image library. Vulnerable versions of Apache Cordova Plugin camera, when used in Android applications, use the external storage on t...

4.3CVSS6.9AI score0.00732EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/07 12:0 a.m.•59 views

JVN#59779918: Apache Cordova Plugin camera vulnerable to information exposure

Apache Cordova Plugin camera is a plugin for Apache Cordova applications, which provides an API for taking pictures and for choosing images from the system image library. Vulnerable versions of Apache Cordova Plugin camera, when used in Android applications, use the external storage on the device...

3.3CVSS3.9AI score0.00732EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/03 9:15 a.m.•5 views

Multiple vulnerabilities in EC-CUBE

Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple vulnerabilities listed below. Clickjacking attacks CWE-1021 - CVE-2020-5679 Improper input validation CWE-20 - CVE-2020-5680 EC-CUBE CO.,LTD. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN...

7.5CVSS6.8AI score0.01367EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/03 8:54 a.m.•4 views

desknet's NEO vulnerable to cross-site scripting

Overview desknet's NEO provided by NEOJAPAN Inc. contains a stored cross-site scripting vulnerability CWE-79. Ryo Sato of BroadBand Security,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

6.1CVSS5.9AI score0.00772EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/03 12:0 a.m.•48 views

JVN#42199826: desknet's NEO vulnerable to cross-site scripting

desknet's NEO provided by NEOJAPAN Inc. contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged-in user's web browser. Solution Update the software Update the software to the latest version according to the information provided by the...

6.1CVSS6AI score0.00772EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/03 12:0 a.m.•83 views

JVN#24457594: Multiple vulnerabilities in EC-CUBE

EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple vulnerabilities listed below. Clickjacking attacks CWE-1021 - CVE-2020-5679 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score: 2.6 Imprope...

7.5CVSS6.8AI score0.01367EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/25 5:54 a.m.•3 views

Multiple vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Information disclosure CWE-200 - CVE-2020-5676 Reflected cross-site scripting vulnerability due to a flaw in processing input URLs CWE-79 - CVE-2020-5677 Stored cross-site scripting vulnerability due to a flaw...

7.5CVSS6AI score0.0177EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/25 12:0 a.m.•71 views

JVN#56450373: Multiple vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Information disclosure CWE-200 - CVE-2020-5676 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 5.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:N/A:N| Base Score: 5.0 Reflected...

7.5CVSS6.8AI score0.0177EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/24 5:32 a.m.•2 views

NETGEAR GS108Ev3 vulnerable to cross-site request forgery

Overview GS108Ev3 switching hub provided by NETGEAR contains a cross-site request forgery vulnerability CWE-352. Yuta Ikegami reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user views a malicious page...

6.5CVSS6.5AI score0.00628EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/24 12:0 a.m.•45 views

JVN#27806339: NETGEAR GS108Ev3 vulnerable to cross-site request forgery

GS108Ev3 switching hub provided by NETGEAR contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in to the management screen of the device, the product's settings may be changed without the user's intention or consent. Solution Update th...

6.5CVSS6.4AI score0.00628EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/20 6:39 a.m.•3 views

The installers of multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries

Overview The installers of multiple products by SEIKO EPSON CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wi...

7.8CVSS7.1AI score0.00341EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/20 12:0 a.m.•53 views

JVN#26835001: The installers of multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries

The installers of multiple products by SEIKO EPSON CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...

7.8CVSS7.5AI score0.00341EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/19 9:3 a.m.•3 views

Trend Micro Security 2020 (Consumer) is vulnerable to arbitrary file deletion

Overview Trend Micro Security 2020 Consumer provided by Trend Micro Incorporated contains an arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges. Trend Micro Incorporated...

6.3CVSS6.7AI score0.00298EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/19 5:33 a.m.•4 views

Hibernate ORM vulnerable to SQL injection

Overview Hibernate ORM is an ORM framework for Java. Hibernate ORM can be configured hibernate.usesqlcomments to true, which is false by default to add comments to generated SQL statements, aimed at debugging purpose. When hibernate.usesqlcomments is configured to true, malicious input may produc...

7.4CVSS7.2AI score0.02907EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/19 12:0 a.m.•75 views

JVN#90729322: Hibernate ORM vulnerable to SQL injection

Hibernate ORM is an ORM framework for Java. Hibernate ORM can be configured hibernate.usesqlcomments to true, which is false by default to add comments to generated SQL statements, aimed at debugging purpose. When hibernate.usesqlcomments is configured to true, malicious input may produce...

7.4CVSS7.5AI score0.02907EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/18 9:13 a.m.•3 views

Multiple vulnerabilities in KonaWiki3

Overview KonaWiki3 is a lightweight wiki clone that supports Japanese wiki notation. KonaWiki3 contains multiple vulnerabilities listed below. Path Traversal CWE-22 - CVE-2020-5670 Path Traversal CWE-22 - CVE-2020-5671 Stored Cross-site Scripting CWE-79 - CVE-2020-5672 Reflected Cross-site...

6.1CVSS6.1AI score
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/18 9:1 a.m.•3 views

Movable Type Premium vulnerable to cross-site scripting

Overview Movable Type Premium provided by Six Apart Ltd. contains a cross-site scripting vulnerability CWE-79. Six Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning...

6.1CVSS6AI score0.00585EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/18 12:0 a.m.•145 views

JVN#94245475: Movable Type Premium vulnerable to cross-site scripting

Movable Type Premium provided by Six Apart Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged-in user's web browser. Solution Update the software Update the software to the latest version according to the information provided by the...

5.4CVSS5.3AI score0.00585EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/12 5:58 a.m.•2 views

MELSEC iQ-R Series CPU Modules vulnerable to uncontrolled resource consumption

Overview MELSEC iQ-R series CPU modules provided by Mitsubishi Electric Corporation contain an uncontrolled resource consumption vulnerability CWE-400. According to the developer, in case of "To Use or Not to Use Web Server Settings" in the parameter of CPU modules are set to "Not Use", this issu...

7.5CVSS6.8AI score0.08397EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/12 12:0 a.m.•44 views

JVN#44764844: MELSEC iQ-R Series CPU Modules vulnerable to uncontrolled resource consumption

MELSEC iQ-R series CPU modules provided by Mitsubishi Electric Corporation contain an uncontrolled resource consumption vulnerability CWE-400. According to the developer, in case of "To Use or Not to Use Web Server Settings" in the parameter of CPU modules are set to "Not Use", this issue does no...

7.5CVSS7.5AI score0.08397EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/09 6:10 a.m.•3 views

Multiple vulnerabilities in XOOPS module "XooNIps"

Overview XOOPS module "XooNIps" contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2020-5659 Reflected cross-site scripting CWE-79 - CVE-2020-5662 Stored cross-site scripting CWE-79 - CVE-2020-5663 Deserialization of untrusted data CWE-502 - CVE-2020-5664 stypr of Flatt...

9.8CVSS7.1AI score0.02611EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/05 9:43 a.m.•1 views

Studyplus App uses a hard-coded API key for an external service

Overview Studyplus App provided by Studyplus Inc. uses a hard-coded API key for an external service CWE-798. Ryo Sato of BroadBand Security,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact API key for an...

5.5CVSS6.5AI score0.00271EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/05 2:43 a.m.•0 views

Cybozu Garoon vulnerable to improper input validation

Overview Cybozu Garoon provided by Cybozu, Inc. contains an improper input validation vulnerability CWE-20. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning...

6.5CVSS6.6AI score0.01669EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/05 12:0 a.m.•45 views

JVN#00414047: Studyplus App uses a hard-coded API key for an external service

Studyplus App provided by Studyplus Inc. uses a hard-coded API key for an external service CWE-798. Impact API key for an external service may be obtained by analyzing data in the app. Note that a user is not directly affected by this vulnerability. Solution Update the Application Update the...

5.5CVSS5.2AI score0.00271EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/04 12:0 a.m.•46 views

JVN#57942454: Cybozu Garoon vulnerable to improper input validation

Cybozu Garoon provided by Cybozu, Inc. contains an improper input validation vulnerability CWE-20. Impact A user who can login to the product may delete some data of the bulletin board. Solution Update the software and Apply the patch Update the software to Cybozu Garoon version 5.0.2, and then...

6.5CVSS6.5AI score0.01669EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/10/21 6:21 a.m.•1 views

Local File Inclusion vulnerability in OneThird CMS

Overview OneThird CMS provided SpiQe Software is a content management system CMS. OneThird CMS contains a Local File Inclusion vulnerability CWE-98. Impact Sensitive information may be obtained or arbitrary code may be executed by an unauthenticated remote attacker. Solution Update the Software...

9.8CVSS7.4AI score0.0238EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/10/21 5:50 a.m.•4 views

Multiple vulnerabilities in WordPress Plugin "Simple Download Monitor"

Overview WordPress Plugin "Simple Download Monitor" provided by Tips and Tricks HQ contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2020-5650 SQL Injection CWE-89 - CVE-2020-5651 Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the...

8.8CVSS7.7AI score0.01487EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/10/21 12:0 a.m.•57 views

JVN#31425618: Multiple vulnerabilities in WordPress Plugin "Simple Download Monitor"

WordPress Plugin "Simple Download Monitor" provided by Tips and Tricks HQ contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2020-5650 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

8.8CVSS7.7AI score0.01487EPSS
Exploits0
Total number of security vulnerabilities5625