Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/04/01 12:0 a.m.•127 views

JVN#01119243: API server used by JR East Japan train operation information push notification App for Android fails to restrict access permissions

JR East Japan train operation information push notification App for Android provided by East Japan Railway Company fails to restrict access permissions CWE-284. The application is no longer available/supported, and its service was ended in 2019 march 23. Impact A remote attacker may obtain or alt...

9.1CVSS9AI score0.01921EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/03/27 5:41 a.m.•2 views

PowerAct Pro Master Agent for Windows fails to restrict acess permissions

Overview PowerAct Pro Master Agent for Windows provided by OMRON SOCIAL SOLUTIONS Co.,Ltd. fails to restrict access permissions. Hosono, Akane reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user with an...

6.5CVSS6.7AI score0.01336EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/03/27 12:0 a.m.•113 views

JVN#63981842: PowerAct Pro Master Agent for Windows fails to restrict acess permissions

PowerAct Pro Master Agent for Windows provided by OMRON SOCIAL SOLUTIONS Co.,Ltd. fails to restrict access permissions. Impact A user with an Windows general user acccount may alter or edit a file which the user does not have a permission to access. Solution Update the Software Update the softwar...

6.5CVSS4.1AI score0.01336EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/03/19 6:51 a.m.•3 views

"an" App for iOS vulnerable to directory traversal

Overview "an" App for iOS provided by PERSOL CAREER CO., LTD. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this Vuerability to IPA. JPCERT/CC...

7.5CVSS6.7AI score0.03027EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/03/19 12:0 a.m.•181 views

JVN#60497148: "an" App for iOS vulnerable to directory traversal

"an" App for iOS provided by PERSOL CAREER CO., LTD. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device. As a...

8.6CVSS7.7AI score0.03305EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/03/15 8:3 a.m.•1 views

KinagaCMS vulnerable to cross-site scripting

Overview KinagaCMS is an opensource Contents Management System CMS. KinagaCMS uses the old version of Bootstrap thus inherits multiple cross-site scripting vulnerabilities CWE-79: CVE-2018-14040, CVE-2018-14041, CVE-2019-8331 existed in Bootstrap. Project Kinaga reported this vulnerability to IPA...

6.1CVSS6.2AI score
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/03/15 12:0 a.m.•242 views

JVN#06527859: KinagaCMS vulnerable to cross-site scripting

KinagaCMS is an opensource Contents Management System CMS. KinagaCMS uses the old version of Bootstrap thus inherits multiple cross-site scripting vulnerabilities CWE-79: CVE-2018-14040, CVE-2018-14041, CVE-2019-8331 existed in Bootstrap. Impact The information on the system may be obtained or...

6.1CVSS6.7AI score0.1686EPSS
Exploits3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/03/12 5:28 a.m.•2 views

iChain Insurance Wallet App for iOS vulnerable to directory traversal

Overview iChain Insurance Wallet App for iOS provided by iChain, Inc. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/C...

8.6CVSS6.7AI score0.03305EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/03/12 12:0 a.m.•131 views

JVN#11622218: iChain Insurance Wallet App for iOS vulnerable to directory traversal

iChain Insurance Wallet App for iOS provided by iChain, Inc. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device...

8.6CVSS7.7AI score0.03305EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/03/05 5:18 a.m.•3 views

Dradis Community Edition and Dradis Professional Edition vulnerable to cross-site scripting

Overview Dradis Community Edition and Dradis Professional Edition provided by Security Roots Ltd contain a cross-site scripting vulnerability CWE-79. Ohji Kashiwazaki of Ierae Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

5.4CVSS6AI score0.0082EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/03/05 12:0 a.m.•135 views

JVN#40288903: Dradis Community Edition and Dradis Professional Edition vulnerable to cross-site scripting

Dradis Community Edition and Dradis Professional Edition provided by Security Roots Ltd contain a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest version of software according to the...

5.4CVSS5.3AI score0.0082EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/28 6:57 a.m.•2 views

WordPress plugin "Smart Forms" vulnerable to cross-site request forgery

Overview The WordPress plugin "Smart Forms" provided by RedNao contains a cross-site request forgery vulnerability CWE-352. Masaki Saito of TDU Cryptography Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

8.8CVSS6.6AI score0.0116EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/28 6:52 a.m.•3 views

Windows 7 may insecurely load Dynamic Link Libraries

Overview In standard DLL files provided by Windows 7, there are some DLL files read from the same directory where the program resides when executing the program CWE-427. Microsoft states that the root cause of this vulnerability is "Application Directory App Dir DLL planting", thus there is no pl...

7.8CVSS7AI score0.04605EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/28 12:0 a.m.•105 views

JVN#97656108: WordPress plugin "Smart Forms" vulnerable to cross-site request forgery

The WordPress plugin "Smart Forms" provided by RedNao contains a cross-site request forgery vulnerability CWE-352. Impact Unintended operations may be performed if a user logs into the WordPress administration screen and browses a malicious page. Those operations may include generating new forms,...

8.8CVSS8.6AI score0.0116EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/28 12:0 a.m.•120 views

JVN#69181574: Windows 7 may insecurely load Dynamic Link Libraries

In standard DLL files provided by Windows 7, there are some DLL files read from the same directory where the program resides when executing the program CWE-427. Microsoft states that the root cause of this vulnerability is "Application Directory App Dir DLL planting" , thus there is no plan to...

7.8CVSS7.7AI score0.04605EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/28 12:0 a.m.•137 views

JVN#79543573: The installer of Microsoft Teams may insecurely load Dynamic Link Libraries

The installer of Microsoft Teams contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Microsoft states that the root cause of this vulnerability is "Application Directory App Dir DLL planting" , thus there is no plan to release any...

7.8CVSS7.7AI score0.04605EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/27 8:14 a.m.•4 views

Multiple vulnerabilities in Nablarch

Overview Nablarch provided by TIS Inc. contains multiple vulnerabilities listed below. The vulnerability in the function of generic formatter by XXE attacks CWE-611 - CVE-2019-5918 An incomplete cryptography of the data store function by using hidden tag CWE-310 - CVE-2019-5919 TIS Inc. reported...

9.1CVSS6.8AI score0.01863EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/27 12:0 a.m.•144 views

JVN#56542712: Multiple vulnerabilities in Nablarch

Nablarch provided by TIS Inc. contains multiple vulnerabilities listed below. The vulnerability in the function of generic formatter by XXE attacks CWE-611 - CVE-2019-5918 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H| Base Score: 8.2 CVSS v2|...

9.1CVSS9.5AI score0.01863EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/26 5:46 a.m.•3 views

WordPress plugin "FormCraft" vulnerable to cross-site request forgery

Overview The WordPress plugin "FormCraft" provided by nCrafts contains a cross-site request forgery vulnerability CWE-352. Masaki Saito of TDU Cryptography Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

8.8CVSS6.6AI score0.00833EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/26 12:0 a.m.•89 views

JVN#83501605: WordPress plugin "FormCraft" vulnerable to cross-site request forgery

The WordPress plugin "FormCraft" provided by nCrafts contains a cross-site request forgery vulnerability CWE-352. Impact Unintended operations may be performed if a user logs into the WordPress administration screen and browses a malicious page. Those operations may include generating new forms,...

8.8CVSS8.6AI score0.00833EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/25 8:13 a.m.•1 views

DoS Vulnerability in JP1/Base

Overview A DoS Vulnerability was found in JP1/Base. Impact An attacker may conduct denial-of-service attacks. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/20 7:59 a.m.•1 views

azure-umqtt-c vulnerable to denial-of-service (DoS)

Overview azure-umqtt-c contains a denial-of-service DoS vulnerability CWE-400. Masataka Sakaguchi, Bintatsu Noda and Hisashi Kojima of FUJITSU LABORATORIES LTD. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

7.5CVSS6.6AI score0.2142EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/20 12:0 a.m.•121 views

JVN#05875753: azure-umqtt-c vulnerable to denial-of-service (DoS)

azure-umqtt-c contains a denial-of-service DoS vulnerability CWE-400. Impact An attacker may be able to cause a denial-of-service DoS. Solution Apply the update Update azure-umqtt-c according to the information provided by the developer. Products Affected azure-umqtt-c that was available through...

7.5CVSS7.3AI score0.2142EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/18 6:16 a.m.•5 views

Installer of Adobe Creative Cloud Desktop Application may insecurely load Dynamic Link Libraries

Overview Installer of Creative Cloud Desktop Application provided by Adobe contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Tomohisa Hasegawa of Canon Marketing Japan Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wit...

7.8CVSS7AI score0.03279EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/18 12:0 a.m.•139 views

JVN#50810870: Installer of Adobe Creative Cloud Desktop Application may insecurely load Dynamic Link Libraries

Installer of Creative Cloud Desktop Application provided by Adobe contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...

7.8CVSS7.7AI score0.03279EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/12 8:23 a.m.•3 views

A vulnerability in V20 PRO L-01J that may cause a crash

Overview V20 PRO L-01J provided by NTT DOCOMO, INC. is an Android smartphone. V20 PRO L-01J contains a flaw in processing connection using Wi-Fi CERTIFIED Passpoint which may result in the device to crash when Poasspoint is enabled. Hiroyuki Harada of Sapporo Gakuin University, Masashi Honma of...

5.7CVSS6.5AI score0.00475EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/12 12:0 a.m.•130 views

JVN#40439414: A vulnerability in V20 PRO L-01J that may cause a crash

V20 PRO L-01J provided by NTT DOCOMO, INC. is an Android smartphone. V20 PRO L-01J contains a flaw in processing connection using Wi-Fi CERTIFIED Passpoint which may result in the device to crash when Poasspoint is enabled. Impact If an attacker sets up a specially crafted Passpoint applied acces...

5.7CVSS5AI score0.00475EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/06 6:45 a.m.•3 views

OpenAM (Open Source Edition) vulnerable to open redirect

Overview OpenAM Open Source Edition contains an open redirect vulnerability. Norihito Aimoto of Open Source Solution Technology Corporation reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developers. Impact When accessing a specially crafted page, the user may be redirect...

6.1CVSS6.7AI score0.01099EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/06 12:0 a.m.•116 views

JVN#43193964: OpenAM (Open Source Edition) vulnerable to open redirect

OpenAM Open Source Edition contains an open redirect vulnerability. Impact When accessing a specially crafted page, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Apply the Patch Patch for this vulnerability has been...

6.1CVSS6.3AI score0.01099EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/05 5:9 a.m.•2 views

POWER EGG vulnerability where EL expression may be executed

Overview POWER EGG provided by D-CIRCLE inc. is an integrated collaboration tool. POWER EGG contains a vulnerability where an arbitray EL expression may be executed CWE-20. Touma Hatano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

9.8CVSS7.1AI score0.01479EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/05 12:0 a.m.•168 views

JVN#63860183: POWER EGG vulnerability where EL expression may be executed

POWER EGG provided by D-CIRCLE inc. is an integrated collaboration tool. POWER EGG contains a vulnerability where an arbitray EL expression may be executed CWE-20. Impact A remote attacker may execute an arbitrary EL expression from the server where the product is running. As a result, an arbitra...

9.8CVSS9.7AI score0.01479EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/01/31 6:46 a.m.•3 views

UNLHA32.DLL, UNARJ32.DLL, LHMelting and LMLzh32.DLL may insecurely load Dynamic Link Libraries

Overview UNLHA32.DLL, UNARJ32.DLL, LHMelting and LMLzh32.DLL provided by Micco contain vulnerabilities listed below. Self-Extracting Archives created by UNLHA32.DLL may insecurely load Dynamic Link Libraries CWE-427 - CVE-2018-16189 Insecurely load specific DLL file in the same directory CWE-427 ...

7.8CVSS7AI score0.00944EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/01/31 6:35 a.m.•4 views

The installers of UNLHA32.DLL, UNARJ32.DLL and LHMelting may insecurely load Dynamic Link Libraries

Overview The installers of UNLHA32.DLL, UNARJ32.DLL and LHMelting provided by Micco use the old version of Self-Extracting Archives created by UNLHA32.DLL. They contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427, CVE-2018-16189. Eili...

7.8CVSS6.9AI score0.00944EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/01/31 12:0 a.m.•172 views

JVN#83826673: The installers of UNLHA32.DLL, UNARJ32.DLL and LHMelting may insecurely load Dynamic Link Libraries

The installers of UNLHA32.DLL, UNARJ32.DLL and LHMelting provided by Micco use the old version of Self-Extracting Archives created by UNLHA32.DLL. They contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427, CVE-2018-16189. Impact Arbitrary...

7.8CVSS7.5AI score0.00944EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/01/31 12:0 a.m.•165 views

JVN#52168232: UNLHA32.DLL, UNARJ32.DLL, LHMelting and LMLzh32.DLL may insecurely load Dynamic Link Libraries

UNLHA32.DLL, UNARJ32.DLL, LHMelting and LMLzh32.DLL provided by Micco contain vulnerabilities listed below. Self-Extracting Archives created by UNLHA32.DLL may insecurely load Dynamic Link Libraries CWE-427 - CVE-2018-16189 Version| Vector| Score ---|---|--- CVSS v3|...

7.8CVSS7.9AI score0.00944EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/01/24 6:37 a.m.•2 views

HOUSE GATE App for iOS vulnerable to directory traversal

Overview HOUSE GATE App for iOS provided by HOUSE GATE inc. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...

8.6CVSS6.8AI score0.03305EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/01/24 12:0 a.m.•39 views

JVN#98505783: HOUSE GATE App for iOS vulnerable to directory traversal

HOUSE GATE App for iOS provided by HOUSE GATE inc. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device. As a...

8.6CVSS7.7AI score0.03305EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/01/22 2:47 a.m.•3 views

Information Disclosure Vulnerability in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor

Overview An Information Disclosure Vulnerability was found in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official...

5.3CVSS6.5AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/01/22 2:47 a.m.•3 views

Cross-site Scripting Vulnerability in Hitachi Device Manager

Overview A Cross-site Scripting Vulnerability was found in Hitachi Device Manager. Impact Remote users can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

4.7CVSS6.6AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/01/10 6:45 a.m.•2 views

WordPress plugin "spam-byebye" vulnerable to cross-site scripting

Overview The WordPress plugin "spam-byebye" contains a reflected cross-site scripting vulnerability CWE-79 qw3rTyTy reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the...

6.1CVSS5.9AI score0.00952EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/01/10 12:0 a.m.•78 views

JVN#58010349: WordPress plugin "spam-byebye" vulnerable to cross-site scripting

The WordPress plugin "spam-byebye" contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who can access the setup page of the affected plugin. Solution Update the plugin Update the plugin according to the...

6.1CVSS6AI score0.00952EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/26 7:36 a.m.•3 views

GROWI vulnerable to cross-site scripting

Overview GROWI provided by WESEEK, Inc. contains a cross-site scripting vulnerability CWE-79. The settings option for enabling and disabling the measures against cross-site scripting "Enable XSS prevention" option was introduced in v3.1.12. However, there was an issue with the implementation wher...

5.4CVSS5.5AI score0.00678EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/26 3:9 a.m.•1 views

Clickjacking Vulnerability in Hitachi Automation Director

Overview A Clickjacking Vulnerability was found in Hitachi Automation Director. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

4.3CVSS6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/26 12:0 a.m.•71 views

JVN#96493183: GROWI vulnerable to cross-site scripting

GROWI provided by WESEEK, Inc. contains a cross-site scripting vulnerability CWE-79. The settings option for enabling and disabling the measures against cross-site scripting "Enable XSS prevention" option was introduced in v3.1.12. However, there was an issue with the implementation where the...

5.4CVSS5.3AI score0.00678EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/25 7:19 a.m.•4 views

WordPress plugin "Google XML Sitemaps" vulnerable to cross-site scripting

Overview The WordPress plugin "Google XML Sitemaps" provided by Arne Brachhold contains a stored cross-site scripting vulnerability CWE-79. takagisan reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact In the ca...

4.8CVSS5.8AI score0.00678EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/25 7:18 a.m.•2 views

Installer of Mapping Tool may insecurely load Dynamic Link Libraries

Overview Installer of Mapping Tool provided by Japan Atomic Energy Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Takashi Sugawara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...

7.8CVSS7AI score0.00985EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/25 12:0 a.m.•97 views

JVN#27052429: WordPress plugin "Google XML Sitemaps" vulnerable to cross-site scripting

The WordPress plugin "Google XML Sitemaps" provided by Arne Brachhold contains a stored cross-site scripting vulnerability CWE-79. Impact In the case where multiple administrators manage the WordPress site with the affected plugin, an administrator with malicious intent may embed an arbitrary...

4.8CVSS4.8AI score0.00678EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/25 12:0 a.m.•78 views

JVN#33677949: Installer of Mapping Tool may insecurely load Dynamic Link Libraries

Installer of Mapping Tool provided by Japan Atomic Energy Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...

7.8CVSS7.7AI score0.00985EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/21 5:17 a.m.•7 views

cordova-plugin-ionic-webview vulnerable to path traversal

Overview cordova-plugin-ionic-webview provided by npm, Inc. contains a path traversal vulnerability CWE-22 . This vulnerability was first reported to npm, Inc. by the below reporters then also reported to IPA. Based on the coordination request made by the reporters, JPCERT/CC coordinated with npm...

8.6CVSS6.8AI score0.03305EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/21 5:10 a.m.•4 views

PgpoolAdmin fails to restrict access permissions

Overview PgpoolAdmin provided by PgPool Global Development Group fails to restrict access permissions CWE-264. Fotios Rogkotis of DarkMatter reported this vulnerability to PgPool Global Development Group, and PgPool Global Development Group reported this vulnerability to IPA to notify users of it...

9.8CVSS7AI score0.0172EPSS
Exploits0References5
Total number of security vulnerabilities5625