Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/21 12:0 a.m.•91 views

JVN#69812763: cordova-plugin-ionic-webview vulnerable to path traversal

cordova-plugin-ionic-webview provided by npm, Inc. contains a path traversal vulnerability CWE-22 . Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device. As a result, contents of the file may be disclosed. Solution Recreate iOS application...

8.6CVSS8.3AI score0.03305EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/21 12:0 a.m.•122 views

JVN#13199224: PgpoolAdmin fails to restrict access permissions

PgpoolAdmin provided by PgPool Global Development Group fails to restrict access permissions CWE-264. Impact A remote attacker may bypass the login authentication and obtain the administrative privilege of the PostgreSQL database. Solution Update the Software Update to the latest version accordin...

9.8CVSS9.7AI score0.0172EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/19 6:20 a.m.•3 views

Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway

Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. Improper access control CWE-284 - CVE-2018-16197 Hidden functionality CWE-912 - CVE-2018-16198 Cross-site scripting CWE-79 - CVE-2018-16199 OS command injection CWE-78 -...

8.8CVSS7.2AI score0.00788EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/19 12:0 a.m.•108 views

JVN#99810718: Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway

Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. Improper access control CWE-284 - CVE-2018-16197 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 6.3 CVSS v2|...

8.8CVSS8.1AI score0.00788EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/14 5:53 a.m.•3 views

Multiple vulnerabilities in Aterm WF1200CR and Aterm WG1200CR

Overview Aterm WF1200CR and Aterm WG1200CR provided by NEC Corporation contain multiple vulnerabilities listed below. Information disclosure CWE-200 - CVE-2018-16192 Stored cross-site scripting CWE-79 - CVE-2018-16193 OS command injection CWE-78 - CVE-2018-16194 OS command injection in SOAP...

9CVSS6.6AI score0.01399EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/14 12:0 a.m.•118 views

JVN#87535892: Multiple vulnerabilities in Aterm WF1200CR and Aterm WG1200CR

Aterm WF1200CR and Aterm WG1200CR provided by NEC Corporation contain multiple vulnerabilities listed below. Information disclosure CWE-200 - CVE-2018-16192 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 4.3 CVSS v2|...

9CVSS7.1AI score0.01399EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/10 5:26 a.m.•2 views

Multiple vulnerabilities in Cybozu Remote Service

Overview Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Upload of arbitrary files in logo setting screen CWE-434 - CVE-2018-16169 Directory traversal in used device management screen CWE-22 - CVE-2018-16170 Directory traversal in client certificates...

8.8CVSS7.2AI score0.01857EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/10 5:14 a.m.•2 views

Cybozu Garoon access restriction bypass vulnerability

Overview Single sign-on function of Cybozu Garoon provided by Cybozu, Inc. contains a restriction bypass vulnerability CWE-284. Kanta Nishitani reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...

7.5CVSS6.6AI score0.01392EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/10 12:0 a.m.•77 views

JVN#25385698: Cybozu Garoon access restriction bypass vulnerability

Single sign-on function of Cybozu Garoon provided by Cybozu, Inc. contains a restriction bypass vulnerability CWE-284. Impact An attacker who can access the product may bypass authentication of Single sign-on function and view the information which is available only for sign-on users. Solution...

7.5CVSS7.6AI score0.01392EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/10 12:0 a.m.•92 views

JVN#23161885: Multiple vulnerabilities in Cybozu Remote Service

Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Upload of arbitrary files in logo setting screen CWE-434 - CVE-2018-16169 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

8.8CVSS7.8AI score0.01857EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/07 5:30 a.m.•2 views

Multiple vulnerabilities in i-FILTER

Overview i-FILTER provided by Digital Arts Inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2018-16180 HTTP header injection CWE-113 - CVE-2018-16181 Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

6.1CVSS7.1AI score0.00833EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/07 12:0 a.m.•73 views

JVN#32155106: Multiple vulnerabilities in i-FILTER

i-FILTER provided by Digital Arts Inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2018-16180 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 HTTP...

6.1CVSS6.9AI score0.00833EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/06 7:19 a.m.•3 views

Multiple vulnerabilities in multiple SEIKO EPSON printers and scanners

Overview Multiple printers and scanners provided by SEIKO EPSON CORPORATION contain multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2018-0688 HTTP header injection CWE-113 - CVE-2018-0689 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability t...

8.8CVSS7.7AI score0.01642EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/06 12:0 a.m.•78 views

JVN#89767228: Multiple vulnerabilities in multiple SEIKO EPSON printers and scanners

Multiple printers and scanners provided by SEIKO EPSON CORPORATION contain multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2018-0688 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N|...

8.8CVSS7.8AI score0.01642EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/04 7:53 a.m.•2 views

Problem with directory permissions in JP1/Operations Analytics

Overview A problem with directory permissions was found in JP1/Operations Analytics. Impact Regarding the impact of the vulnarability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

5.6CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/04 7:53 a.m.•2 views

Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor

Overview Multiple vulnerabilities have been found in Hitachi Infrastructure Analytics Advisor. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate acti...

4.9CVSS7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/29 5:45 a.m.•2 views

Panasonic applications register unquoted service paths

Overview Some pre-installed applications on Panasonic PCs register Windows services with unquoted file paths CWE-428. Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Panasonic Corporation coordinated under the Information...

8.4CVSS6.5AI score0.01329EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/29 12:0 a.m.•97 views

JVN#36895151: Panasonic applications register unquoted service paths

Some pre-installed applications on Panasonic PCs register Windows services with unquoted file paths CWE-428. Impact If a malicious executable is placed on a certain path, it may be executed with the elevated privilege. Solution Update the Software Apply "Remediate Service Path Vulnerability...

7.8CVSS7.4AI score0.01329EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/28 8:27 a.m.•3 views

The installer of MARKET SPEED may insecurely load Dynamic Link Libraries

Overview The installer of MARKET SPEED provided by Rakuten Securities, Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Takashi Sugawara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.8CVSS7AI score0.00796EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/28 8:24 a.m.•3 views

EC-CUBE vulnerable to open redirect

Overview EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an open redirect vulnerability CWE-601. LOCKON CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and LOCKON CO.,LTD...

6.1CVSS6.6AI score0.01297EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/28 12:0 a.m.•112 views

JVN#78422300: The installer of MARKET SPEED may insecurely load Dynamic Link Libraries

The installer of MARKET SPEED provided by Rakuten Securities, Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...

7.8CVSS7.7AI score0.00796EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/28 12:0 a.m.•123 views

JVN#25359688: EC-CUBE vulnerable to open redirect

EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted page, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a...

6.1CVSS6.1AI score0.01297EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/27 6:26 a.m.•2 views

Multiple vulnerabilities in RICOH Interactive Whiteboard

Overview RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. Command injection CWE-94 - CVE-2018-16184 Missing file signature - CVE-2018-16185 Hard-coded credentials for the administrator settings screen - CVE-2018-16186 The server...

10CVSS8.3AI score0.04317EPSS
Exploits0References15
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/27 12:0 a.m.•157 views

JVN#55263945: Multiple vulnerabilities in RICOH Interactive Whiteboard

RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. Command injection CWE-94 - CVE-2018-16184 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2| AV:N/AC:L/AU:N/C:C/I:C/A:C| Bas...

10CVSS8AI score0.04317EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/20 12:0 a.m.•314 views

JVN#65082538: Multiple vulnerabilities in Panasonic BN-SDWBP3

BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below. Improper Authentication CWE-287 - CVE-2018-0676 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score:...

8.8CVSS7.9AI score0.0112EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/19 6:44 a.m.•6 views

Mizuho Bank Mizuho Direct App for Android fails to verify SSL server certificates

Overview Mizuho Bank Mizuho Direct App for Android fails to verify SSL server certificates. Mizuho Bank Mizuho Direct App for Android provided by Mizuho Bank, Ltd. fails to verify SSL server certificates CWE-295. Reo Yoshida reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the...

5.9CVSS6.6AI score0.00547EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/15 8:16 a.m.•3 views

Multiple Vulnerabilities in JP1/VERITAS

Overview Multiple vulnerabilities have been found in JP1/VERITAS. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

10CVSS7AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/14 6:42 a.m.•4 views

Cybozu Dezie vulnerable to directory traversal

Overview Cybozu Dezie provided by Cybozu, Inc. contains a directory traversal vulnerability CWE-22 due to a flaw in processing parameter of the HTTP request. Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its...

9.1CVSS6.8AI score0.02121EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/14 6:38 a.m.•2 views

Multiple directory traversal vulnerabilities in Cybozu Office

Overview Cybozu Office provided by Cybozu, Inc. contains multiple directory traversal vulnerabilities below. Directory traversal vulnerability due to a flaw in processing parameter of the HTTP request CWE-22 - CVE-2018-0703 Directory traversal vulnerability due to a flaw in processing parameter...

8.6CVSS7AI score0.01947EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/14 6:34 a.m.•2 views

Cybozu Mailwise vulnerable to directory traversal

Overview Cybozu Mailwise provided by Cybozu, Inc. contains a directory traversal vulnerability CWE-22 due to a flaw in processing parameter of the HTTP request. Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of it...

8.6CVSS6.8AI score0.01947EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/14 12:0 a.m.•421 views

JVN#15232217: Multiple directory traversal vulnerabilities in Cybozu Office

Cybozu Office provided by Cybozu, Inc. contains multiple directory traversal vulnerabilities below. Directory traversal vulnerability due to a flaw in processing parameter of the HTTP request CWE-22 - CVE-2018-0703 Version| Vector| Score ---|---|--- CVSS v3|...

7.5CVSS7.8AI score0.01947EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/14 12:0 a.m.•407 views

JVN#16697622: Cybozu Dezie vulnerable to directory traversal

Cybozu Dezie provided by Cybozu, Inc. contains a directory traversal vulnerability CWE-22 due to a flaw in processing parameter of the HTTP request. Impact A remote attacker may delete arbitrary files on the server. Solution Update the Software Update to the latest version according to the...

9.1CVSS9.2AI score0.02121EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/14 12:0 a.m.•426 views

JVN#83739174: Cybozu Mailwise vulnerable to directory traversal

Cybozu Mailwise provided by Cybozu, Inc. contains a directory traversal vulnerability CWE-22 due to a flaw in processing parameter of the HTTP request. Impact A remote attacker may delete arbitrary files on the server. Solution Update the Software Update to the latest version according to the...

7.5CVSS7.5AI score0.01947EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/09 7:13 a.m.•5 views

Multiple vulnerabilities in WordPress plugin "LearnPress"

Overview WordPress LMS plugin "LearnPress" contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2018-16173 Open Redirect CWE-601 - CVE-2018-16174 SQL Injection CWE-89 - CVE-2018-16175 Daiki Sueyoshi of Cryptography Laboratory, Department of Information and Communicati...

7.2CVSS7.8AI score0.01306EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/09 7:13 a.m.•3 views

The installer of Windows10 Fall Creators Update Modify module for Security Measures tool may insecurely load Dynamic Link Libraries

Overview The installer of Windows10 Fall Creators Update Modify module for Security Measures tool provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Tomohisa Hasegawa of Canon...

7.8CVSS6.9AI score0.00365EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/09 12:0 a.m.•541 views

JVN#15709478: The installer of Windows10 Fall Creators Update Modify module for Security Measures tool may insecurely load Dynamic Link Libraries

The installer of Windows10 Fall Creators Update Modify module for Security Measures tool provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be execut...

7.8CVSS7.7AI score0.00365EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/09 12:0 a.m.•527 views

JVN#85760090: Multiple vulnerabilities in WordPress plugin "LearnPress"

WordPress LMS plugin "LearnPress" contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2018-16173 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score: 2.6 Open...

7.2CVSS7.3AI score0.01306EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/02 5:56 a.m.•2 views

WordPress plugin "Event Calendar WD" vulnerable to cross-site scripting

Overview The WordPress plugin "Event Calendar WD" provided by Web-Dorado contains a stored cross-site scripting vulnerability CWE-79. Yuta Kitaoka of TokyoDenkiUniversity Cryptography Lab reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.4CVSS5.9AI score0.01204EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/02 5:42 a.m.•2 views

Mail app for iOS vulnerable to denial-of-service (DoS)

Overview Mail app for iOS provided by Apple contains a denial-of-service DoS vulnerability due to an issue in the handling of a maliciously crafted S/MIME signed message. Yukinobu Nagayasu of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.5CVSS6.2AI score0.00913EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/02 12:0 a.m.•553 views

JVN#75738023: WordPress plugin "Event Calendar WD" vulnerable to cross-site scripting

The WordPress plugin "Event Calendar WD" provided by Web-Dorado contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged-in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

5.4CVSS5.3AI score0.01204EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/02 12:0 a.m.•580 views

JVN#96551318: Mail app for iOS vulnerable to denial-of-service (DoS)

Mail app for iOS provided by Apple contains a denial-of-service DoS vulnerability due to an issue in the handling of a maliciously crafted S/MIME signed message. Impact Mail app may continuously crash when a maliciously crafted S/MIME signed message is listed on it. Solution Update iOS Update iOS...

5.5CVSS5.7AI score0.00913EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/29 4:36 a.m.•1 views

Confluence Server vulnerable to script injection

Overview User Macros of Confluence Server provided by Atlassian Pty Ltd. contains a script injection vulnerability CWE-74. Kanta Nishitani of Information Science College reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.8CVSS7AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/29 12:0 a.m.•527 views

JVN#37943805: Confluence Server vulnerable to script injection

User Macros of Confluence Server provided by Atlassian Pty Ltd. contains a script injection vulnerability CWE-74. Impact When the administrator embeds a malicious script into User Macros, the embedded script may be executed on the user's web browser. Solution Update the Software Update to the...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/26 7:16 a.m.•3 views

Multiple vulnerabilities in OpenDolphin

Overview OpenDolphin provided by Life Sciences Computing Corporation contains multiple vulnerabilities listed below. Privilege escalation - CVE-2018-16161 Information disclosure CWE-200 - CVE-2018-16162 Restrict access permissions failure CWE-284 - CVE-2018-16163 Symantec Japan, Inc. Advisory...

9CVSS6.9AI score0.01317EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/26 12:0 a.m.•558 views

JVN#59394343: Multiple vulnerabilities in OpenDolphin

OpenDolphin provided by Life Sciences Computing Corporation contains multiple vulnerabilities listed below. Privilege escalation - CVE-2018-16161 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2| AV:N/AC:L/AU:S/C:P/I:P/A:P| Base...

9CVSS8AI score0.01317EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/24 7:13 a.m.•4 views

BlueStacks App Player fails to restrict access permissions

Overview BlueStacks App Player fails to restrict access permissions CWE-284. Masaki Kubo and Yoshiki Mori of Cybersecurity Laboratory, National Institute of Information and Communications Technology reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

8.8CVSS6.7AI score0.00571EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/24 7:7 a.m.•5 views

SecureCore Standard Edition vulnerable to authentication bypass

Overview SecureCore Standard Edition provided by Feitian Japan Co., Ltd. contains an authentication bypass vulnerability CWE-287. Daisuke Ota of BizReach, inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

7.8CVSS6.7AI score0.00334EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/24 12:0 a.m.•579 views

JVN#60702986: BlueStacks App Player fails to restrict access permissions

BlueStacks App Player fails to restrict access permissions CWE-284. Impact A user with access to the network that is connected to the affected product may gain unauthorized access. Solution Update the Software Windows users should update to the latest version of software according to the...

8.8CVSS8.6AI score0.00571EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/24 12:0 a.m.•554 views

JVN#21528670: SecureCore Standard Edition vulnerable to authentication bypass

SecureCore Standard Edition provided by Feitian Japan Co., Ltd. contains an authentication bypass vulnerability CWE-287. Impact An attacker may bypass the product's authentication and log in to a Windows PC. Solution Update the Software Update the software to the latest version according to the...

7.8CVSS7.7AI score0.00334EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/23 6:15 a.m.•2 views

Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor

Overview Multiple vulnerabilities have been found in Hitachi Infrastructure Analytics Advisor. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate acti...

9.8CVSS7AI score0.04767EPSS
Exploits0References4
Total number of security vulnerabilities5625