Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/07/13 5:25 a.m.2 views

Server Side Request Forgery Vulnerability in Hitachi Ops Center Analyzer viewpoint

Overview A Server Side Request Forgery Vulnerability was found in Hitachi Ops Center Analyzer viewpoint. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/07/09 6:46 a.m.4 views

Multiple vulnerabilities in TCP/IP function on Mitsubishi Electric GOT2000 series

Overview TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series GT27, GT25, and GT23 contains multiple vulnerabilities listed below. Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-119 - CVE-2020-5595 Session Fixation CWE-384 - CVE-2020-5596 NUL...

10CVSS6.9AI score0.03489EPSS
Exploits1References21
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/07/09 6:8 a.m.3 views

SHIRASAGI vulnerable to open redirect

Overview SHIRASAGI provided by SHIRASAGI Project contains an open redirect vulnerability CWE-601. Ryoya Koyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When...

6.1CVSS6.5AI score0.01204EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/07/09 12:0 a.m.42 views

JVN#55657988: SHIRASAGI vulnerable to open redirect

SHIRASAGI provided by SHIRASAGI Project contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the...

6.1CVSS6.1AI score0.01204EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/07/08 7:4 a.m.3 views

Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of the Java object

Overview Android App "Mercari" Japan version provided by Mercari, Inc. contains vulnerability that an arbitrary Java method execution CWE-749 due to inadequate restrictions on addJavascriptInterface of WebView class. Taichi Kotake of Akatsuki Inc. reported this vulnerability to IPA. JPCERT/CC...

8.1CVSS7.4AI score0.01996EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/07/08 12:0 a.m.105 views

JVN#93167107: Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of Java object

Android App "Mercari" Japan version provided by Mercari, Inc. contains vulnerability which may allow arbitrary Java method execution CWE-749 due to inadequate restrictions on addJavascriptInterface of WebView class. Impact An arbitrary method of a Java object may be executed by a remote attacker...

8.1CVSS8.1AI score0.01996EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/29 7:17 a.m.3 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu, Inc. has released security updates for Cybozu Garoon. CyVDB-2083 Vulnerability in Single sign-on settings to avoid viewing and operation privileges - CVE-2020-5580 CyVDB-2451 Path traversal vulnerability on the portal - CVE-2020-5581 CyVDB-2097 Vulnerability to bypass operation...

8.5CVSS6.6AI score0.018EPSS
Exploits0References24
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/29 3:25 a.m.0 views

DoS Vulnerability in Hitachi Device Manager

Overview A DoS Vulnerability was found in Hitachi Device Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/29 12:0 a.m.88 views

JVN#55497111: Multiple vulnerabilities in Cybozu Garoon

Cybozu, Inc. has released security updates for Cybozu Garoon. CyVDB-2083 Vulnerability in Single sign-on settings to avoid viewing and operation privileges - CVE-2020-5580 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N| Base Score: 8.5 CVSS v2|...

8.1CVSS6AI score0.018EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/24 5:25 a.m.2 views

Chrome Extension for e-Tax Reception System vulnerable to arbitrary command execution

Overview Chrome Extension for e-Tax Reception System provided by National Tax Agency is an extension to use the e-Tax Reception System on Google Chrome and/or Chromium-based versions of Microsoft Edge. When a user runs a Chrome Extension for e-Tax Reception System, a specially crafted parameter b...

8.8CVSS7AI score0.01587EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/24 1:32 a.m.1 views

Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series vulnerable to cleartext transmission of sensitive information

Overview Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series contain a vulnerability that allows cleartext transmission of sensitive information CWE-319 between CPU modules and GX Works3 and/or GX Works2. Impact If this vulnerability is exploited, disclosure or alteration of information,...

10CVSS6.5AI score0.01296EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/24 12:0 a.m.45 views

JVN#40039627: Chrome Extension for e-Tax Reception System vulnerable to arbitrary command execution

Chrome Extension for e-Tax Reception System provided by National Tax Agency is an extension to use the e-Tax Reception System on Google Chrome and/or Chromium-based versions of Microsoft Edge. When a user runs a Chrome Extension for e-Tax Reception System, a specially crafted parameter by an...

8.8CVSS8.7AI score0.01587EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/22 6:40 a.m.1 views

Vulnerability in Cosminexus HTTP Server

Overview A vulnerability CVE-2019-1551 exists in Cosminexus HTTP Server. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

5.3CVSS8AI score0.14298EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/18 4:48 a.m.5 views

EC-CUBE vulnerable to directory traversal

Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains a directory traversal vulnerability CWE-22. EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LTD. coordinated under the Information Security Early Warning...

8.1CVSS6.8AI score0.02059EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/18 12:0 a.m.34 views

JVN#77458946: EC-CUBE vulnerable to directory traversal

EC-CUBE provided by EC-CUBE CO.,LTD. contains a directory traversal vulnerability CWE-22. Impact A user who can login to the management screen of the product may delete arbitrary files and/or directories on the server. Solution Update the Software The update for EC-CUBE 4 is available. Update the...

8.1CVSS8.1AI score0.02059EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/15 7:29 a.m.2 views

Path Traversal Vulnerability in Hitachi Automation Director and Hitachi Ops Center Automator

Overview A Path Traversal Vulnerability was found in Hitachi Automation Director and Hitachi Ops Center Automator. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and...

6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/11 8:17 a.m.4 views

Multiple vulnerabilities in Zenphoto

Overview Zenphoto is a content management system CMS. Zenphoto contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2020-5592 Code Injection CWE-94 - CVE-2020-5593 Tomohisa Maeda of Panasonic Corporation, Product Security Center reported this vulnerability to IPA...

8.8CVSS6.9AI score0.01166EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/11 12:0 a.m.49 views

JVN#32252648: Multiple vulnerabilities in Zenphoto

Zenphoto is a content management system CMS. Zenphoto contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2020-5592 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base...

8.8CVSS7.4AI score0.01166EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/09 6:49 a.m.2 views

Multiple SONY Wireless Headphones allow improper Bluetooth pairing

Overview Multiple SONY Wireless Headphones have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing. National Institute of Technology, Tokyo College reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warni...

8.8CVSS6.7AI score0.00582EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/09 12:0 a.m.72 views

JVN#67447798: Multiple SONY Wireless Headphones allow improper Bluetooth pairing

Multiple SONY Wireless Headphones have vulnerability that someone within the Bluetooth range can make the Bluetooth pairingCWE-306. Impact When using the product, someone within the Bluetooth range may make the Bluetooth pairing and operate such as changing volume of the product. Solution Update...

8.8CVSS8.7AI score0.00582EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/05 6:16 a.m.3 views

XACK DNS vulnerable to denial-of-service (DoS)

Overview XACK DNS is DNS server software provided by XACK, Inc. XACK DNS contains a denial-of-service DoS vulnerability due to an issue commonly referred to as NXNSAttack. XACK, Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and XACK, Inc. coordinat...

8.6CVSS6.8AI score0.01639EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/05 12:0 a.m.117 views

JVN#40208370: XACK DNS vulnerable to denial-of-service (DoS)

XACK DNS is DNS server software provided by XACK, Inc. XACK DNS contains a denial-of-service DoS vulnerability due to an issue commonly referred to as NXNSAttack. Impact A remote attacker may be able to cause denial-of-service DoS conditions listed below. The performance of the recursive resolver...

8.6CVSS8AI score0.10593EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/29 6:40 a.m.3 views

Multiples security updates for multiple Cybozu products

Overview Cybozu, Inc. has released multiple security updates for multiple Cybozu products. CyVDB-2465 Credential Disclosure Vulnerability - CVE-2020-5572 CyVDB-2484 Credential Disclosure Vulnerability - CVE-2020-5573 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported these...

4.6CVSS6.7AI score0.00335EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/29 12:0 a.m.121 views

JVN#78745667: Multiples security updates for multiple Cybozu products

Cybozu, Inc. has released multiple security updates for multiple Cybozu products. CyVDB-2465 Credential Disclosure Vulnerability - CVE-2020-5572 CyVDB-2484 Credential Disclosure Vulnerability - CVE-2020-5573 Impact A user who can login to the product may obtain sensitive information registered in...

4.6CVSS4.6AI score0.00335EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/25 7:17 a.m.1 views

Privilege escalation vulnerability in Hitachi Ops Center Common Services

Overview A privilege escalation vulnerability was found in Hitachi Ops Center Common Services Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate actio...

7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/25 6:9 a.m.2 views

Cybozu Desktop for Windows vulenerable to arbitrary code execution

Overview Cybozu Desktop for Windows provided by Cybozu, Inc. contains an arbitrary code execution vulnerability due to the improper data processing when applying the software update. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to Cybozu, Inc. and...

9.8CVSS7.7AI score0.02932EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/25 12:0 a.m.106 views

JVN#59552136: Cybozu Desktop for Windows vulenerable to arbitrary code execution

Cybozu Desktop for Windows provided by Cybozu, Inc. contains an arbitrary code execution vulnerability due to the improper data processing when applying the software update. Impact A remote attacker may excecute arbitrary code through an attack, such as a man-in-the-middle MITM, subdomain takeove...

9.8CVSS9.7AI score0.02932EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/19 7:7 a.m.5 views

WordPress Plugin "Paid Memberships Pro" vulnerable to SQL injection

Overview WordPress Plugin "Paid Memberships Pro" contains an SQL injection vulnerability CWE-89. Kenichi Okuno of Mitsui Bussan Secure Directions, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

7.2CVSS7.5AI score0.0119EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/19 7:4 a.m.5 views

Panasonic Video Insight VMS vulnerable to arbitrary code execution

Overview Video Insight VMS provided by Panasonic Corporation contains an arbitrary code execution vulnerability CWE-94. Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Panasonic Corporation coordinated under the Information...

9.8CVSS7.6AI score0.01717EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/19 1:38 a.m.1 views

DoS Vulnerability in JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2

Overview A DoS vulnerability was found in JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasu...

6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/19 1:33 a.m.0 views

Multiple Vulnerabilities in Hitachi Compute Systems Manager

Overview Multiple vulnerabilities have been found in Hitachi Compute Systems Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/19 12:0 a.m.131 views

JVN#20248858: WordPress Plugin "Paid Memberships Pro" vulnerable to SQL injection

WordPress Plugin "Paid Memberships Pro" contains an SQL injection vulnerability CWE-89. Impact An attacker who can access the administrative page of Paid Membership Pro may obtain and/or alter the information stored in the database. Solution Update the plugin Update the plugin according to the...

7.2CVSS7.1AI score0.0119EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/19 12:0 a.m.92 views

JVN#96646182: Panasonic Video Insight VMS vulnerable to arbitrary code execution

Video Insight VMS provided by Panasonic Corporation contains an arbitrary code execution vulnerability CWE-94. Impact An arbitrary code may be executed by a remote attacker. Solution Update the software Update the software to the latest version according to the information provided by the...

9.8CVSS9.7AI score0.01717EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/13 9:6 a.m.3 views

BookStack vulnerable to cross-site scripting

Overview BookStack contains a cross-site scripting vulnerability CWE-79. Kenichi Okuno of Mitsui Bussan Secure Directions, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...

6.3CVSS6.2AI score0.00782EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/13 8:59 a.m.2 views

Multiple vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. HTML attribute value injection vulnerability CWE-74 - CVE-2020-5574 Cross-site scripting due to a flaw in processing multiple query strings CWE-79 - CVE-2020-5575 Cross-site request forgery CWE-352 -...

8.8CVSS7.2AI score0.01733EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/13 12:0 a.m.60 views

JVN#28806943: Multiple vulnerabilities in Movable Type

Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. HTML attribute value injection vulnerability CWE-74 - CVE-2020-5574 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N...

8.8CVSS7.3AI score0.01733EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/13 12:0 a.m.69 views

JVN#41035278: BookStack vulnerable to cross-site scripting

BookStack contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update the software to the latest version according to the information provided by the developer. The developer states as follows; Aft...

6.3CVSS5.4AI score0.00782EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/11 6:16 a.m.4 views

PALLET CONTROL vulnerable to arbitrary code execution

Overview PALLET CONTROL provided by JAL Information Technology Co., Ltd. is IT asset management software. PALLET CONTROL contains an arbitrary code execution vulnerability due to improper file access permission CWE-284. Yoshimasa Obana reported this vulnerability to IPA. JPCERT/CC coordinated wit...

7.8CVSS7.8AI score0.00384EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/11 12:0 a.m.70 views

JVN#61849442: PALLET CONTROL vulnerable to arbitrary code execution

PALLET CONTROL provided by JAL Information Technology Co., Ltd. is IT asset management software. PALLET CONTROL contains an arbitrary code execution vulnerability due to improper file access permission CWE-284. Impact A user who can login to the computer where the vulnerable product is installed...

7.8CVSS7.9AI score0.00384EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/04/28 6:49 a.m.2 views

Sales Force Assistant vulnerable to cross-site scripting

Overview Sales Force Assistant provided by NI Consulting CO.,Ltd. contains a cross-site scripting vulnerability CWE-79. Masanobu Miyagi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may...

5.4CVSS6AI score0.00849EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/04/28 5:48 a.m.4 views

Cybozu Garoon contains multiple vulnerabilities

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Authentication bypass in the API used to specify the fields CWE-287 - CVE-2020-5563 Cross-site scripting in the application "E-mail" CWE-79 - CVE-2020-5564 Input validation bypass in the applications...

7.5CVSS6.8AI score0.01434EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/04/28 3:21 a.m.2 views

Directory Permission Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer

Overview A directory permission vulnerability was found in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official...

6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/04/28 12:0 a.m.69 views

JVN#47668991: Sales Force Assistant vulnerable to cross-site scripting

Sales Force Assistant provided by NI Consulting CO.,Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser while logging in Sales Force Assistant. Solution Update the Software Update the software to the latest version...

5.4CVSS5.3AI score0.00849EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/04/27 12:0 a.m.114 views

JVN#35649781: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Authentication bypass in the API used to specify the fields CWE-287 - CVE-2020-5563 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 5.3 CVSS v2|...

7.5CVSS6.1AI score0.01434EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/04/24 6:32 a.m.3 views

Multiple SHARP Android devices vulnerable to information disclosure

Overview Multiple SHARP Android devices contain an information disclosure vulnerability CWE-200. Impact Sensitive information of the device may be obtained by the other android application installed in the device. Solution Update the Firmware Update the firmware to the latest version according to...

7.5CVSS6.3AI score0.01203EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/04/23 12:0 a.m.63 views

JVN#93064451: Multiple SHARP Android devices vulnerable to information disclosure

Multiple SHARP Android devices contain an information disclosure vulnerability CWE-200. Impact Sensitive information of the device may be obtained by the other android application installed in the device. Solution Update the Firmware Update the firmware to the latest version according to the...

7.5CVSS7.2AI score0.01203EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/04/20 8:13 a.m.3 views

Toshiba Electronic Devices & Storage software registers unquoted service paths

Overview Some of Toshiba Electronic Devices & Storage software registers Windows services with unquoted file paths CWE-428. Toshiba Electronic Devices & Storage Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and TOSHIBA ELECTRONIC DEVIC...

8.4CVSS6.8AI score0.00345EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/04/20 12:0 a.m.85 views

JVN#13467854: Toshiba Electronic Devices & Storage software registers unquoted service paths

Some of Toshiba Electronic Devices & Storage software registers Windows services with unquoted file paths CWE-428. Impact When a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service. Solution The...

8.4CVSS8.5AI score0.00345EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/04/08 7:12 a.m.2 views

Multiple vulnerabilities in EasyBlocks IPv6

Overview EasyBlocks IPv6 provided by Plat'Home Co., Ltd. contains multiple vulnerabilities listed below. Cross site request forgeryCWE-352 - CVE-2020-5549 Session fixation CWE-384 - CVE-2020-5550 Hideki SAKAMOTO of Tsukuba Secure Network Research reported this vulnerability to IPA. JPCERT/CC...

8.8CVSS6.7AI score0.0186EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/04/08 12:0 a.m.68 views

JVN#89224521: Multiple vulnerabilities in EasyBlocks IPv6

EasyBlocks IPv6 provided by Plat'Home Co., Ltd. contains multiple vulnerabilities listed below. Cross site request forgeryCWE-352 - CVE-2020-5549 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base...

8.8CVSS8.5AI score0.0186EPSS
Exploits0
Total number of security vulnerabilities5625