Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/27 6:36 a.m.3 views

Multiple vulnerabilities in Hikari Denwa router/Home GateWay

Overview Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-5985 Cross-site Request Forgery CWE-352 - CVE-2019-5986...

8.8CVSS6.6AI score0.0089EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/27 12:0 a.m.384 views

JVN#43172719: Multiple vulnerabilities in Hikari Denwa router/Home GateWay

Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-5985 Version| Vector| Score ---|---|--- CVSS v3|...

8.8CVSS7.4AI score0.0089EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/24 5:27 a.m.1 views

WordPress Plugin "Custom CSS Pro" vulnerable to cross-site request forgery

Overview WordPress Plugin "Custom CSS Pro" provided by WaspThemes contains a cross-site request forgery vulnerability CWE-352. Dai Nakamura of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University directly reported this vulnerability to the develop...

8.8CVSS6.5AI score0.01008EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/24 5:22 a.m.3 views

WordPress Plugin "HTML5 Maps" vulnerable to cross-site request forgery

Overview WordPress Plugin "HTML5 Maps" provided by Fla-Shop.com contains a cross-site request forgery vulnerability CWE-352. Daisuke Shimizu of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University directly reported this vulnerability to the...

8.8CVSS6.5AI score0.01008EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/24 12:0 a.m.196 views

JVN#29933378: WordPress Plugin "Custom CSS Pro" vulnerable to cross-site request forgery

WordPress Plugin "Custom CSS Pro" provided by WaspThemes contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the information provided...

8.8CVSS8.5AI score0.01008EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/24 12:0 a.m.201 views

JVN#49575131: WordPress Plugin ”HTML5 Maps” vulnerable to cross-site request forgery

WordPress Plugin ”HTML5 Maps” provided by Fla-Shop.com contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the information provided b...

8.8CVSS8.5AI score0.01008EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/21 5:22 a.m.3 views

Multiple vulnerabilities in VAIO Update

Overview VAIO Update provided by Sony Corporation contains multiple vulnerabilities listed below. Improper authorization process CWE-285 - CVE-2019-5981 Improper verification of download file CWE-669 - CVE-2019-5982 Device Security reported this vulnerability to IPA. JPCERT/CC coordinated with th...

7.8CVSS6.8AI score0.00944EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/21 12:0 a.m.313 views

JVN#13555032: Multiple vulnerabilities in VAIO Update

VAIO Update provided by Sony Corporation contains multiple vulnerabilities listed below. Improper authorization process CWE-285 - CVE-2019-5981 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H| Base Score: 7.8 CVSS v2| AV:N/AC:M/Au:N/C:P/I:P/A:P| Base Score...

7.8CVSS7.8AI score0.00944EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/19 5:13 a.m.3 views

WordPress Plugin "Personalized WooCommerce Cart Page" vulnerable to cross-site request forgery

Overview WordPress Plugin "Personalized WooCommerce Cart Page" provided by N-MEDIA contains a cross-site request forgery vulnerability CWE-352. Akira Yamasaki of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University directly reported this...

8.8CVSS6.5AI score0.01047EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/19 12:0 a.m.173 views

JVN#88804335: WordPress Plugin "Personalized WooCommerce Cart Page” vulnerable to cross-site request forgery

WordPress Plugin "Personalized WooCommerce Cart Page” provided by N-MEDIA contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the...

8.8CVSS8.5AI score0.01047EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/17 5:55 a.m.1 views

WordPress Plugin "Related YouTube Videos" vulnerable to cross-site request forgery

Overview WordPress Plugin "Related YouTube Videos" provided by Chris Doerr contains a cross-site request forgery vulnerability CWE-352. Shoichiro Ishikawa of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University directly reported this vulnerability...

8.8CVSS6.5AI score0.01017EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/17 12:0 a.m.209 views

JVN#31406910: WordPress Plugin "Related YouTube Videos" vulnerable to cross-site request forgery

WordPress Plugin "Related YouTube Videos" provided by Chris Doerr contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the information...

8.8CVSS8.6AI score0.01017EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/13 4:57 a.m.4 views

A map plugin for Mincraft server "Dynmap" fails to restrict access permissions

Overview A map plugin for Mincraft server "Dynmap" fails to restrict access permissions CWE-284. RyotaK directly reported this vulnerability to the developer and coordinated on his own. After coordination was completed, this case was reported to IPA, and JPCERT/CC coordinated with the developer f...

5.3CVSS6.8AI score0.01595EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/13 12:0 a.m.253 views

JVN#89046645: A map plugin for Minecraft server "Dynmap" fails to restrict access permissions

A map plugin for Minecraft server "Dynmap" fails to restrict access permissions CWE-284. Impact Under the circumstance where a user is required to login Dynmap, a remote attacker may bypass the login authentication and be able to see a map image that requires authentication. Solution Update the...

5.3CVSS5.3AI score0.01595EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/12 5:21 a.m.2 views

WordPress Plugin "Contest Gallery" vulnerable to cross-site request forgery

Overview WordPress Plugin "Contest Gallery" provided by Contest-Gallery contains a cross-site request forgery vulnerability CWE-352. Okazawa Yoshihiro of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University directly reported this vulnerability to...

8.8CVSS6.5AI score0.01036EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/12 12:0 a.m.185 views

JVN#80925867: WordPress Plugin "Contest Gallery” vulnerable to cross-site request forgery

WordPress Plugin "Contest Gallery” provided by Contest-Gallery contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the information...

8.8CVSS8.5AI score0.01036EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/10 6:33 a.m.2 views

Multiple vulnerabilities in WordPress Plugin "Online Lesson Booking"

Overview WordPress Plugin "Online Lesson Booking" provided by SUKIMALAB.COM contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2019-5972 Cross-site request forgery vulnerability CWE-352 - CVE-2019-5973 Natsumi Matsuoka of Cryptography...

8.8CVSS6.2AI score0.01596EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/10 6:31 a.m.2 views

Multiple vulnerabilities in WordPress Plugin "Attendance Manager"

Overview WordPress Plugin "Attendance Manager" provided by SUKIMALAB.COM contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2019-5970 Cross-site request forgery vulnerability CWE-352 - CVE-2019-5971 Natsumi Matsuoka of Cryptography...

8.8CVSS6.2AI score0.01596EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/10 12:0 a.m.176 views

JVN#96988995: Multiple vulnerabilities in WordPress Plugin "Online Lesson Booking"

WordPress Plugin "Online Lesson Booking" provided by SUKIMALAB.COM contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2019-5972 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

8.8CVSS7.9AI score0.01596EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/10 12:0 a.m.195 views

JVN#95685939: Multiple vulnerabilities in WordPress Plugin "Attendance Manager"

WordPress Plugin "Attendance Manager" provided by SUKIMALAB.COM contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2019-5970 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

8.8CVSS7.5AI score0.01596EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/07 6:18 a.m.3 views

Multiple vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Cross-site request forgery vulnerability in the process of updating user's "Basic Info" CWE-352 - CVE-2019-5968 Open redirect vulnerability in the process of login CWE-601 - CVE-2019-5969 Security Group of...

8.8CVSS6.8AI score0.01133EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/07 6:9 a.m.2 views

Joruri CMS 2017 vulnerable to cross-site scripting

Overview Joruri CMS 2017 provided by SiteBridge Inc. contains a cross-site scripting vulnerability CWE-79. Yuji Tounai of Mercari, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may...

6.1CVSS6.1AI score0.0104EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/07 6:3 a.m.2 views

Multiple vulnerabilities in Joruri Mail

Overview Joruri Mail provided by SiteBridge Inc. contains multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2019-5965 Session Management CWE-639 - CVE-2019-5966 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

6.1CVSS6.7AI score0.01133EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/07 12:0 a.m.243 views

JVN#29188908: Joruri CMS 2017 vulnerable to cross-site scripting

Joruri CMS 2017 provided by SiteBridge Inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affect...

6.1CVSS6.1AI score0.0104EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/07 12:0 a.m.242 views

JVN#84876282: Multiple vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Cross-site request forgery vulnerability in the process of updating user's "Basic Info" CWE-352 - CVE-2019-5968 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N| Base Score: 4.3...

8.8CVSS7.4AI score0.01133EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/07 12:0 a.m.240 views

JVN#58052567: Multiple vulnerabilities in Joruri Mail

Joruri Mail provided by SiteBridge Inc. contains multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2019-5965 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score: 2.6 Session...

6.1CVSS6.5AI score0.01133EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/03 4:55 a.m.3 views

Vulnerability in Cosminexus HTTP Server and Hitachi Web Server

Overview A vulnerability CVE-2019-0220 exists in Cosminexus HTTP Server and Hitachi Web Server. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate...

5.3CVSS6.8AI score0.1786EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/31 4:51 a.m.4 views

Multiple vulnerabilities in WordPress Plugin "Zoho SalesIQ"

Overview WordPress Plugin "Zoho SalesIQ" provided by Zoho SalesIQ Team contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-5962 Cross-site Request Forgery CWE-352 - CVE-2019-5963 Kouhei Ikeda of Cryptography Laboratory,Department of Information and Communication...

8.8CVSS6.6AI score0.01587EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/31 12:0 a.m.203 views

JVN#88962935: Multiple vulnerabilities in WordPress Plugin "Zoho SalesIQ"

WordPress Plugin "Zoho SalesIQ" provided by Zoho SalesIQ Team contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-5962 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N|...

8.8CVSS7.4AI score0.01587EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/24 6:13 a.m.2 views

Android App "Tootdon for Mastodon" fails to verify SSL server certificates

Overview Android App "Tootdon for Mastodon" provided by Tsukurito, Inc. fails to verify SSL server certificates CWE-295. Gomasy reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may...

7.4CVSS6.5AI score0.00643EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/24 12:0 a.m.170 views

JVN#57806517: Android App "Tootdon for Mastodon" fails to verify SSL server certificates

Android App "Tootdon for Mastodon" provided by Tsukurito, Inc. fails to verify SSL server certificates CWE-295. Impact A man-in-the-middle attack may allow an attacker to obtain and/or alter a content of communication. Solution Update the Application Update to the latest version according to the...

7.4CVSS7.1AI score0.00643EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/23 5:10 a.m.1 views

WordPress plugin "WP Open Graph" vulnerable to cross-site request forgery

Overview WordPress plugin "WP Open Graph" provided by Custom4Web contains a cross-site request forgery vulnerability CWE-352. Koichi Kuriyama of Cryptography Laboratory,Department ofInformation and Communication Engineering,Tokyo Denki University directly reported this vulnerability to the...

8.8CVSS6.5AI score0.00555EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/23 12:0 a.m.141 views

JVN#33652328: WordPress plugin "WP Open Graph" vulnerable to cross-site request forgery

WordPress plugin "WP Open Graph" provided by Custom4Web contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the information provided ...

8.8CVSS8.6AI score0.00555EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/22 5:37 a.m.3 views

Apache Camel vulnerable to XML external entity injection (XXE)

Overview Apache Camel provided by The Apache Software Foundation contains an XML external entity injection XXE vulnerability CWE-611 due to using an outdated vulnerable JSON-lib library. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...

7.5CVSS7.2AI score0.08463EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/22 12:0 a.m.164 views

JVN#71498764: Apache Camel vulnerable to XML external entity injection (XXE)

Apache Camel provided by The Apache Software Foundation contains an XML external entity injection XXE vulnerability CWE-611 due to using an outdated vulnerable JSON-lib library. Impact By processing a specially crafted request, an arbitrary file on the server may be read. Solution Update the...

7.5CVSS7.6AI score0.08463EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/20 6:38 a.m.3 views

DoS Vulnerability in Hitachi IT Operations Director, JP1/IT Desktop Management - Manager and JP1/IT Desktop Management 2 - Manager

Overview A DoS Vulnerability was found in Hitachi IT Operations Director, JP1/IT Desktop Management - Manager and JP1/IT Desktop Management 2 - Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section...

6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/13 6:25 a.m.2 views

Multiple Vulnerabilities in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor

Overview Multiple vulnerabilities have been found in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure...

7.1AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/10 5:55 a.m.2 views

Electronic reception and examination of application for radio licenses Offline may insecurely load Dynamic Link Libraries

Overview Electronic reception and examination of application for radio licenses Offline contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privileges of the running software. Solution Upda...

7.8CVSS6.9AI score0.00944EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/10 5:49 a.m.2 views

Installer of Electronic reception and examination of application for radio licenses Online may insecurely load Dynamic Link Libraries

Overview Installer of Electronic reception and examination of application for radio licenses Online contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the...

7.8CVSS7.1AI score0.00944EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/10 4:55 a.m.2 views

CREATE SD official App for Android fails to restrict access permissions

Overview CREATE SD official App for Android provided by CREATE SD CO., LTD. implements the function to access a requested URL using an Intent. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an Intent from an arbitrary App and t...

5.8CVSS6.8AI score0.01133EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/10 12:0 a.m.178 views

JVN#69903953: Electronic reception and examination of application for radio licenses Offline may insecurely load Dynamic Link Libraries

Electronic reception and examination of application for radio licenses Offline contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privileges of the running software. Solution Update the...

7.8CVSS7.7AI score0.00944EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/10 12:0 a.m.165 views

JVN#87655507: CREATE SD official App for Android fails to restrict access permissions

CREATE SD official App for Android provided by CREATE S・D CO., LTD. implements the function to access a requested URL using an Intent. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an Intent from an arbitrary App and to access...

5.8CVSS5.6AI score0.01133EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/10 12:0 a.m.170 views

JVN#91361851: Installer of Electronic reception and examination of application for radio licenses Online may insecurely load Dynamic Link Libraries

Installer of Electronic reception and examination of application for radio licenses Online contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer...

7.8CVSS7.7AI score0.00944EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/04/25 8:13 a.m.4 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Cross-site scripting in the additional processing of Customize Item function CWE-79 - CVE-2019-5928 Cross-site scripting in the application "Memo" CWE-79 - CVE-2019-5929 Browse restriction bypass in th...

9.8CVSS7.3AI score0.02138EPSS
Exploits0References71
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/04/25 6:13 a.m.1 views

Multiple Vulnerabilities in Cosminexus

Overview Cosminexus Developer's Kit for Java and Hitachi Developer's Kit for Java contain the following vulnerabilities: CVE-2019-2602, CVE-2019-2684, CVE-2019-2697, CVE-2019-2698 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the...

8.1CVSS8.9AI score0.37618EPSS
Exploits2References10
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/04/25 12:0 a.m.107 views

JVN#58849431: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Cross-site scripting in the additional processing of Customize Item function CWE-79 - CVE-2019-5928 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS...

9.8CVSS7.4AI score0.02138EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/04/03 5:58 a.m.0 views

GNU Wget vulnerable to buffer overflow

Overview GNU Wget contains a buffer overflow vulnerability CWE-119. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacker may be able to cause a denial-of-service DoS or may execute an...

9.8CVSS9.4AI score0.05751EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/04/03 12:0 a.m.185 views

JVN#25261088: GNU Wget vulnerable to buffer overflow

GNU Wget contains a buffer overflow vulnerability CWE-119. Impact An attacker may be able to cause a denial-of-service DoS or may execute an arbitrary code. Solution Apply the update Update GNU Wget according to the information provided by the developer. Products Affected GNU Wget 1.20.1 and earl...

9.8CVSS9.7AI score0.05751EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/04/02 5:18 a.m.2 views

The installer of Microsoft Teams may insecurely load Dynamic Link Libraries

Overview The installer of Microsoft Teams contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Microsoft states that the root cause of this vulnerability is "Application Directory App Dir DLL planting", thus there is no plan to release a...

7.8CVSS7AI score0.04605EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/04/01 6:42 a.m.3 views

API server used by JR East Japan train operation information push notification App for Android fails to restrict access permissions

Overview JR East Japan train operation information push notification App for Android provided by East Japan Railway Company fails to restrict access permissions CWE-284. The application is no longer available/supported, and its service was ended in 2019 march 23. Tomoya Takahashi of TCU...

9.1CVSS6.6AI score0.01921EPSS
Exploits0References5
Total number of security vulnerabilities5625