Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/02/10 12:0 a.m.•91 views

JVN#34535327: HtmlUnit vulenerable to arbitrary code execution

HtmlUnit is a Java-based library which provides web browser functionality to Java programs, and it supports JavaScript evaluation with embedded Mozilla Rhino engine. Mozilla Rhino engine offers a feature to make Java objects available from JavaScript. HtmlUnit initializes Rhino engine improperly,...

8.1CVSS8AI score0.04719EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/02/06 3:29 a.m.•3 views

Movable Type vulnerable to cross-site scripting

Overview Movable Type provided by Six Apart Ltd. contains a cross-site scripting vulnerability CWE-79 in block editor and rich text editor. Six Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the...

6.1CVSS6AI score0.00839EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/02/06 12:0 a.m.•50 views

JVN#94435544: Movable Type vulnerable to cross-site scripting

Movable Type provided by Six Apart Ltd. contains a cross-site scripting vulnerability CWE-79 in block editor and rich text editor. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Software Update to the latest version according to the information...

6.1CVSS6AI score0.00839EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/02/05 4:51 a.m.•2 views

Ghostscript access restriction bypass vulnerability

Overview Ghostscript provided by Artifex Software Inc. contains an access restriction bypass vulnerability CWE-284. Hiroki MATSUKUMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

8.8CVSS6.8AI score0.03434EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/02/05 12:0 a.m.•86 views

JVN#52486659: Ghostscript access restriction bypass vulnerability

Ghostscript provided by Artifex Software Inc. contains an access restriction bypass vulnerability CWE-284. Impact By Ghostscript processing a specially crafted file, arbitrary command may be executed with the privilege of Ghostscript. Solution Update the Software Update the software according to...

8.8CVSS8AI score0.03434EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/01/31 3:30 a.m.•4 views

AWMS Mobile App vulnerable to improper server certificate verification

Overview AWMS Mobile App is vulnerable to improper server certificate verification CWE-295. Dai Nakamura of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5.9CVSS6.6AI score0.00497EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/01/31 12:0 a.m.•66 views

JVN#00014057: AWMS Mobile App vulnerable to improper server certificate verification

AWMS Mobile App is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the developer...

5.9CVSS5.3AI score0.00497EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/01/28 6:59 a.m.•6 views

Android App "MyPallete" vulnerable to improper server certificate verification

Overview Android App "MyPallete" developed by NTT Data Corporation is used by several financial institutions as Android applications for their customers. "MyPallete" is vulnerable to improper server certificate verification CWE-295 and to improper host-matching validation CWE-297. Dai Nakamura of...

7.4CVSS6.6AI score0.01175EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/01/28 12:0 a.m.•53 views

JVN#28845872: Android App "MyPallete" vulnerable to improper server certificate verification

Android App "MyPallete" developed by NTT Data Corporation is used by several financial institutions as Android applications for their customers. "MyPallete" is vulnerable to improper server certificate verification CWE-295 and to improper host-matching validation CWE-297. Impact A man-in-the-midd...

7.4CVSS7.3AI score0.01175EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/01/21 4:55 a.m.•4 views

Multiple Fuji Xerox mobile applications fails to verify SSL server certificates

Overview Multiple Fuji Xerox mobile applications fail to verify SSL server certificates CWE-295. Hirotaka Niisato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an...

7.4CVSS6.5AI score0.0052EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/01/21 12:0 a.m.•86 views

JVN#66435380: Multiple Fuji Xerox mobile applications fails to verify SSL server certificates

Multiple Fuji Xerox mobile applications fail to verify SSL server certificates CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...

7.4CVSS7AI score0.0052EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/01/17 6:8 a.m.•2 views

Trend Micro Password Manager vulnerable to information disclosure

Overview Password Manager provided by Trend Micro Incorporated generates a key pair and a root certificate on product installation. The generated private key is not properly protected and any non-administrative user can retrieve the private key CWE-200. Note that this vulnerability is different...

5.5CVSS6.5AI score0.00472EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/01/17 6:1 a.m.•2 views

Trend Micro Password Manager vulnerable to information disclosure

Overview Password Manager provided by Trend Micro Incorporated contains an information disclosure vulnerability CWE-200. Under certain conditions, the information ID, password etc. managed by Password Manager are kept on the memory in plaintext. They may be retrieved when the memory scan is done...

5.6CVSS6.2AI score0.00976EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/01/17 12:0 a.m.•83 views

JVN#49593434: Trend Micro Password Manager vulnerable to information disclosure

Password Manager provided by Trend Micro Incorporated contains an information disclosure vulnerability CWE-200. Under certain conditions, the information ID, password etc. managed by Password Manager are kept on the memory in plaintext. They may be retrieved when the memory scan is done. Impact A...

5.5CVSS5.2AI score0.00976EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/01/17 12:0 a.m.•102 views

JVN#37183636: Trend Micro Password Manager vulnerable to information disclosure

Password Manager provided by Trend Micro Incorporated generates a key pair and a root certificate on product installation. The generated private key is not properly protected and any non-administrative user can retrieve the private key CWE-200. Impact A malicious user who obtains the private key...

5.5CVSS5.2AI score0.00472EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/01/10 5:48 a.m.•5 views

Junos OS vulnerable to directory traversal

Overview Junos OS contains a directory traversal vulnerability CWE-22. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Files on the server may be...

8.1CVSS6.6AI score0.00931EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/01/10 5:48 a.m.•5 views

Junos OS vulnerable to cross-site scripting

Overview Junos OS contains a cross-site scripting vulnerability CWE-79. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...

7.5CVSS6.1AI score0.00881EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/01/10 12:0 a.m.•90 views

JVN#21753370: Junos OS vulnerable to cross-site scripting

Junos OS contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's J-Web screen. Solution Update the Software Update the software to the latest version according to the information provided by the developer. Apply a Workaround Applying...

7.5CVSS6.6AI score0.00881EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/01/10 12:0 a.m.•93 views

JVN#07375820: Junos OS vulnerable to directory traversal

Junos OS contains a directory traversal vulnerability CWE-22. Impact Files on the server may be viewed or deleted by an authenticated J-web user. According to the developer, this issue does not affect system files that can be accessed only by root user. Solution Update the Software Update the...

8.1CVSS6.5AI score0.00931EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/01/08 5:22 a.m.•3 views

F-RevoCRM vulnerable to cross-site scripting

Overview F-RevoCRM provided by ThinkingReed inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the Patch Apply the patch according to the information provided by the developer. Apply Workaround Applying t...

6.1CVSS6.1AI score0.00781EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/01/08 12:0 a.m.•87 views

JVN#97325754: F-RevoCRM vulnerable to cross-site scripting

F-RevoCRM provided by ThinkingReed inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the Patch Apply the patch according to the information provided by the developer. Apply Workaround Applying the...

6.1CVSS6.2AI score0.00781EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/24 7:2 a.m.•3 views

Multiple Vulnerabilities in Hitachi Automation Director

Overview Multiple vulnerabilities have been found in Hitachi Automation Director. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/24 7:2 a.m.•7 views

Multiple Vulnerabilities in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor

Overview Multiple vulnerabilities have been found in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor. We would like to thank Piotr Madej ING Tech Poland for reporting the relevant issues. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory...

6.5CVSS7.1AI score0.00872EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/24 7:1 a.m.•1 views

DoS Vulnerability in Hitachi Compute Systems Manager

Overview A DoS vulnerability was found in Hitachi Compute Systems Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/20 6:43 a.m.•4 views

Multiple vulnerabilities in a-blog cms

Overview a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2019-6033 Script injection due to a flaw in processing cookie CWE-74 - CVE-2019-6034 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this...

6.1CVSS6.7AI score0.00781EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/20 12:0 a.m.•121 views

JVN#10377257: Multiple vulnerabilities in a-blog cms

a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2019-6033 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3...

6.1CVSS6.7AI score0.00781EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/19 4:59 a.m.•4 views

Android App "NTV News24" fails to verify SSL server certificates

Overview Android App "NTV News24" provided by Nippon Television Network Corporation fails to verify SSL server certificates CWE-295. Shinnosuke Tokusho of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA...

7.4CVSS6.5AI score0.0052EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/19 12:0 a.m.•85 views

JVN#01236065: Android App "NTV News24" fails to verify SSL server certificates

Android App "NTV News24" provided by Nippon Television Network Corporation fails to verify SSL server certificates CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to th...

7.4CVSS7.2AI score0.0052EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/17 4:55 a.m.•2 views

Multiple vulnerabilities in Cybozu Office

Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Directory traversal in the "Customapp" function CWE-22 - CVE-2019-6022 Browse restriction bypass in the application "Address" CWE-284 - CVE-2019-6023 Two vulnerabilities were reported by the following...

7.7CVSS7AI score0.02021EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/17 12:0 a.m.•66 views

JVN#79854355: Multiple vulnerabilities in Cybozu Office

Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Directory traversal in the "Customapp" function CWE-22 - CVE-2019-6022 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N| Base Score: 7.7 CVSS v2|...

6.5CVSS5.7AI score0.02021EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/12 6:0 a.m.•4 views

Athenz vulnerable to open redirect

Overview Athenz provided by Verizon Media contains an open redirect vulnerability CWE-601. Akaki Tsunoda reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When accessing a specially crafted URL, the user may b...

6.1CVSS6.5AI score0.01119EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/12 5:55 a.m.•3 views

Multiple vulnerabilities in "Custom Body Class"

Overview WordPress Plugin "Custom Body Class" provided by Andrei Lupu contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6029 Cross-site Request Forgery CWE-352 - CVE-2019-6030 Shirai Masatake of Cryptography Laboratory,Department of Information and Communicati...

8.8CVSS6.7AI score0.00937EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/12 12:0 a.m.•82 views

JVN#57070811: Athenz vulnerable to open redirect

Athenz provided by Verizon Media contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update the software to...

6.1CVSS6.1AI score0.01119EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/12 12:0 a.m.•79 views

JVN#26847507: Multiple vulnerabilities in "Custom Body Class"

WordPress Plugin "Custom Body Class" provided by Andrei Lupu contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6029 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N|...

8.8CVSS7.5AI score0.00937EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/11 12:56 a.m.•4 views

Kinza vulnerable to cross-site scripting

Overview Kinza provided by Dayz Inc. contains a cross-site scripting vulnerability CWE-79. RyotaK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If CSP Content Security Policy on the affected product is...

6.1CVSS6AI score0.00781EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/10 12:0 a.m.•29 views

JVN#63047298: Kinza vulnerable to cross-site scripting

Kinza provided by Dayz Inc. contains a cross-site scripting vulnerability CWE-79. Impact If CSP Content Security Policy on the affected product is disabled, an arbitrary script may be executed on the web browser of the user who uses RSS reader. Solution Update the Software Update to the latest...

6.1CVSS6.1AI score0.00781EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/03 4:34 a.m.•3 views

Multiple MOTEX products vulnerable to privilege escalation

Overview LanScope Cat and LanScope An provided by MOTEX Inc. contain a privilege escalation vulnerability. Mitsuaki Mitch Shiraishi of Secureworks Japan and Yoshimasa Obana reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

7.8CVSS7.3AI score0.00419EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/02 12:0 a.m.•76 views

JVN#49068796: Multiple MOTEX products vulnerable to privilege escalation

LanScope Cat and LanScope An provided by MOTEX Inc. contain a privilege escalation vulnerability. Impact An user who can login to the PC where the vulnerable product is installed may obtain unauthorized privileges and execute arbitrary code. Solution Update the Software Update to the latest versi...

7.8CVSS8AI score0.00419EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/11/27 1:31 a.m.•2 views

STAMP Workbench installer may insecurely load Dynamic Link Libraries

Overview STAMP Workbench is a modeling tool for STAMP provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA. It is distirbuted as a ZIP archive or an Windows executable installer. The Windows executable installer contains an issue with the DLL search path, which may lead to insecurely...

7.8CVSS6.9AI score0.00755EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/11/26 9:16 a.m.•3 views

WordPress Plugin "WP Spell Check" vulnerable to cross-site request forgery

Overview WordPress Plugin "WP Spell Check" provided by Tips and Tricks HQ contains a cross-site request forgery vulnerability CWE-352. Takuya Yamaguchi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University directly reported these vulnerabilities...

8.8CVSS6.7AI score0.00678EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/11/26 12:0 a.m.•39 views

JVN#26838191: WordPress Plugin "WP Spell Check" vulnerable to cross-site request forgery

WordPress Plugin "WP Spell Check" provided by WP Spell Check contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the information...

8.8CVSS8.6AI score0.00678EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/11/26 12:0 a.m.•39 views

JVN#19386781: STAMP Workbench installer may insecurely load Dynamic Link Libraries

STAMP Workbench is a modeling tool for STAMP provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA. It is distirbuted as a ZIP archive or an Windows executable installer. The Windows executable installer contains an issue with the DLL search path, which may lead to insecurely loading...

7.8CVSS7.7AI score0.00755EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/11/13 4:59 a.m.•11 views

Movable Type vulnerable to open redirect

Overview Movable Type provided by Six Apart Ltd. contains an open redirect vulnerability CWE-601. Hidetomo Hosono of EG Secure Solutions Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When accessing a...

6.1CVSS6.6AI score0.00851EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/11/13 12:0 a.m.•49 views

JVN#65280626: Movable Type vulnerable to open redirect

Movable Type provided by Six Apart Ltd. contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update the...

6.1CVSS6.3AI score0.00851EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/11/11 5:10 a.m.•1 views

Arbitrary File Deletion Vulnerability in Hitachi Command Suite

Overview An arbitrary file deletion vulnerability was found in Hitachi Command Suite. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/11/11 5:9 a.m.•1 views

DoS Vulnerability in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor

Overview A DoS vulnerability was found in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/11/11 5:9 a.m.•3 views

Information Disclosure Vulnerability in Hitachi Command Suite

Overview An Information Disclosure Vulnerability was found in Hitachi Command Suite. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.5CVSS6.5AI score0.01376EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/11/07 5:50 a.m.•2 views

Rakuma App vulnerable to authentication information disclosure

Overview Rakuma App provided by Rakuten, Inc. contains an authentication information disclosure vulnerability CWE-200. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.5CVSS6.3AI score0.02039EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/11/07 12:0 a.m.•92 views

JVN#41566067: Rakuma App vulnerable to authentication information disclosure

Rakuma App provided by Rakuten, Inc. contains an authentication information disclosure vulnerability CWE-200. Impact If a malicious application created by the third party with a purpose to attack a Rakuma user is installed in the Rakuma user's mobile device, it may obtain Rakuma user's...

6.5CVSS6.1AI score0.02039EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/10/30 1:59 a.m.•1 views

Trend Micro OfficeScan vulnerable to directory traversal

Overview Trend Micro OfficeScan contains a directory traversal vulnerability CWE-22. If this vulnerability is exploited, an authenticated user on the administrative console of the affected product may upload an arbitrary zip file to the specific folder, then extract and execute it. Trend Micro...

8.8CVSS7.3AI score0.25125EPSS
Exploits0References5
Total number of security vulnerabilities5625