Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/26 5:58 a.m.•2 views

LINE MUSIC for Android fails to verify SSL server certificates

Overview LINE MUSIC for Android provided by LINE MUSIC CORPORATION fails to verify SSL server certificates CWE-295. LINE MUSIC CORPORATION reported this vulnerability to JPCERT/CC to notify users of respective solutions through JVN. Impact A man-in-the-middle attack may allow an attacker to...

7.4CVSS6.5AI score0.00633EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/26 12:0 a.m.•698 views

JVN#16933564: LINE MUSIC for Android fails to verify SSL server certificates

LINE MUSIC for Android provided by LINE MUSIC CORPORATION fails to verify SSL server certificates CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information...

7.4CVSS6.9AI score0.00633EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/24 5:43 a.m.•4 views

The installers of multiple Canon IT Solutions Inc. software programs may insecurely load Dynamic Link Libraries

Overview The installers of multiple software programs provided by Canon IT Solutions Inc. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC...

9.3CVSS7.1AI score0.01134EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/24 12:0 a.m.•533 views

JVN#41452671: The installers of multiple Canon IT Solutions Inc. software programs may insecurely load Dynamic Link Libraries

The installers of multiple software programs provided by Canon IT Solutions Inc. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Us...

9.3CVSS7.7AI score0.01134EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/23 5:28 a.m.•3 views

Installer of ChatWork Desktop App for Windows may insecurely load Dynamic Link Libraries

Overview Installer of ChatWork Desktop App for Windows provided by ChatWork Co,. LTD. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Hamasaki Hiroki of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC...

7.8CVSS6.8AI score0.00796EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/23 12:0 a.m.•541 views

JVN#39171169: Installer of ChatWork Desktop App for Windows may insecurely load Dynamic Link Libraries

Installer of ChatWork Desktop App for Windows provided by ChatWork Co,. LTD. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use t...

7.8CVSS7.7AI score0.00796EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/20 6:41 a.m.•2 views

WL-330NUL vulnerable to cross-site request forgery

Overview WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a cross-site request forgery vulnerability CWE-352. Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

8.8CVSS6.5AI score0.00558EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/20 6:41 a.m.•6 views

DLL planting vulnerability in multiple Yayoi 17 Series products

Overview Multiple Yayoi 17 Series products provided by Yayoi Co., Ltd. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA. JPCERT/CC coordinate...

7.8CVSS7AI score0.0119EPSS
Exploits4References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/20 12:0 a.m.•549 views

JVN#06813756: DLL planting vulnerability in multiple Yayoi 17 Series products

Multiple Yayoi 17 Series products provided by Yayoi Co., Ltd. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the running application. Solution Update the Software Apply the...

7.8CVSS7.7AI score0.0119EPSS
Exploits4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/20 12:0 a.m.•540 views

JVN#71329812: WL-330NUL vulnerable to cross-site request forgery

WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in the management screen, unintended operations may be performed on the device. Solution Update the...

8.8CVSS8.6AI score0.00558EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/18 6:35 a.m.•3 views

Multiple vulnerabilities in ORCA(Online Receipt Computer Advantage)

Overview ORCAOnline Receipt Computer Advantage provided by ORCA Management Organization Co., Ltd contains vulnerabilities listed below. OS command injection CWE-78 - CVE-2018-0643 Buffer overflow CWE-119 - CVE-2018-0644 IoT x Security Hackathon 2016 all participants reported this vulnerability to...

7.4CVSS7.7AI score0.0101EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/18 6:35 a.m.•2 views

Movable Type plugin MTAppjQuery vulnerable to PHP code execution

Overview MTAppjQuery provided by bit part LLC is a plugin for Movable Type. An older version PHP library Uploadify is incorporated in MTAppjQuery v1.8.1 and earlier versions and the older versions of Uploadify contains unrestricted upload of arbitrary file CWE-434, which may lead to arbitrary PHP...

9.8CVSS7.9AI score0.02409EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/18 12:0 a.m.•519 views

JVN#62423700: Movable Type plugin MTAppjQuery vulnerable to PHP code execution

MTAppjQuery provided by bit part LLC is a plugin for Movable Type. An older version PHP library Uploadify is incorporated in MTAppjQuery v1.8.1 and earlier versions and the older versions of Uploadify contains unrestricted upload of arbitrary file CWE-434, which may lead to arbitrary PHP code...

9.8CVSS9.8AI score0.02409EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/18 12:0 a.m.•554 views

JVN#37376131: Multiple vulnerabilities in ORCA(Online Receipt Computer Advantage)

ORCAOnline Receipt Computer Advantage provided by ORCA Management Organization Co., Ltd contains vulnerabilities listed below. OS command injectionCWE-78 - CVE-2018-0643 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L| Base Score: 4.1 CVSS v2|...

7.4CVSS7AI score0.0101EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/17 3:27 a.m.•3 views

WordPress plugin "FV Flowplayer Video Player" vulnerable to cross-site scripting

Overview The WordPress plugin "FV Flowplayer Video Player" provided by Foliovision contains a cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

6.1CVSS6AI score0.01044EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/17 12:0 a.m.•539 views

JVN#70246549: WordPress plugin "FV Flowplayer Video Player" vulnerable to cross-site scripting

The WordPress plugin "FV Flowplayer Video Player" provided by Foliovision contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the plugin Update the plugin according to the information provided by the developer...

6.1CVSS6AI score0.01044EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/13 5:47 a.m.•5 views

Explzh vulnerable to directory traversal

Overview Explzh is a file compression/extraction software supporting multiple file formats. Explzh contains a directory traversal vulnerability CWE-22. Explzh is not vulnerable to relative path traversal but to absolute path traversal. Therefore, an attacker may create new files or overwrite...

7.8CVSS6.8AI score0.01951EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/13 12:0 a.m.•525 views

JVN#55813866: Explzh vulnerable to directory traversal

Explzh is a file compression/extraction software supporting multiple file formats. Explzh contains a directory traversal vulnerability CWE-22. Explzh is not vulnerable to relative path traversal but to absolute path traversal. Therefore, an attacker may create new files or overwrite existing file...

7.8CVSS7.7AI score0.01951EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/12 6:4 a.m.•5 views

Multiple vulnerabilities in Aterm HC100RC

Overview Aterm HC100RC provided by NEC Corporation contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2018-0634, CVE-2018-0635, CVE-2018-0636, CVE-2018-0637, CVE-2018-0638, CVE-2018-0639 Buffer Overflow CWE-119 - CVE-2018-0640, CVE-2018-0641 Taizoh Tsukamoto of Mits...

9CVSS7.5AI score0.018EPSS
Exploits0References20
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/12 6:4 a.m.•2 views

Multiple vulnerabilities in Aterm W300P

Overview Aterm W300P provided by NEC Corporation contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2018-0629, CVE-2018-0630, CVE-2018-0631 Buffer Overflow CWE-119 - CVE-2018-0632, CVE-2018-0633 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this...

9CVSS7.5AI score0.018EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/12 6:4 a.m.•1 views

Multiple OS command injection vulnerabilities in Aterm WG1200HP

Overview Aterm WG1200HP provided by NEC Corporation contains multiple OS command injection vulnerabilities CWE-78. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

9CVSS7.6AI score0.01399EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/12 12:0 a.m.•553 views

JVN#26629618: Multiple vulnerabilities in Aterm W300P

Aterm W300P provided by NEC Corporation contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2018-0629, CVE-2018-0630, CVE-2018-0631 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2|...

9CVSS7.7AI score0.018EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/12 12:0 a.m.•532 views

JVN#00401783: Multiple OS command injection vulnerabilities in Aterm WG1200HP

Aterm WG1200HP provided by NEC Corporation contains multiple OS command injection vulnerabilities CWE-78. Impact A user who can access the product with administrative privileges may execute an arbitrary OS command. Solution Update the Firmware Apply the latest firmware update according to the...

9CVSS7.5AI score0.01399EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/12 12:0 a.m.•573 views

JVN#84825660: Multiple vulnerabilities in Aterm HC100RC

Aterm HC100RC provided by NEC Corporation contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2018-0634, CVE-2018-0635, CVE-2018-0636, CVE-2018-0637, CVE-2018-0638, CVE-2018-0639 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H...

9CVSS7.6AI score0.018EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/06 5:36 a.m.•2 views

DHC Online Shop App for Android fails to verify SSL server certificates

Overview DHC Online Shop App for Android provided by DHC Corporation fails to verify SSL server certificates. Sho Ueshima and Tsuyoshi Ogawa of SIE Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

7.4CVSS6.5AI score0.00607EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/06 5:36 a.m.•3 views

The installers of multiple Logicool software programs may insecurely load Dynamic Link Libraries

Overview The installers of multiple software programs provided by Logicool Co. Ltd contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427 . Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinat...

7.8CVSS7.1AI score0.00882EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/06 12:0 a.m.•491 views

JVN#52574492: The installers of multiple Logicool software programs may insecurely load Dynamic Link Libraries

The installers of multiple software programs provided by Logicool Co. Ltd contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries(CWE-427). Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the...

7.8CVSS7.7AI score0.00882EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/06 12:0 a.m.•491 views

JVN#77409513: DHC Online Shop App for Android fails to verify SSL server certificates

DHC Online Shop App for Android provided by DHC Corporation fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provid...

7.4CVSS7.2AI score0.00607EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/03 4:42 a.m.•2 views

Installer of Glary Utilities may insecurely load Dynamic Link Libraries

Overview Installer of Glary Utilities provided by Glarysoft Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...

7.8CVSS6.9AI score0.00794EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/03 12:0 a.m.•440 views

JVN#84967039: Installer of Glary Utilities may insecurely load Dynamic Link Libraries

Installer of Glary Utilities provided by Glarysoft Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer U...

7.8CVSS7.7AI score0.00794EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/02 6:22 a.m.•4 views

Cybozu Garoon vulnerable to SQL injection

Overview Cybozu Garoon provided by Cybozu, Inc. contains an SQL injection vulnerability CWE-89 in application "Notifications". Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security...

8.8CVSS7.8AI score0.01153EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/02 6:22 a.m.•3 views

Multiple vulnerabilities in Calsos CSDX and CSDJ series products

Overview Calsos CSDX and CSDJ series products provided by NEC Platforms, Ltd. contain multiple vulnerabilities listed below. Access Restriction Bypass CWE-284 - CVE-2018-0613 Cross-site scripting CWE-79 - CVE-2018-0614 NEC Platforms, Ltd. reported this vulnerability to JPCERT/CC to notify users o...

8.8CVSS6.6AI score0.01078EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/02 12:0 a.m.•255 views

JVN#13415512: Cybozu Garoon vulnerable to SQL injection

Cybozu Garoon provided by Cybozu, Inc. contains an SQL injection vulnerability CWE-89 in application "Notifications". Impact A remote authenticated attacker may execute an arbitrary SQL command. Solution Update the Software Update to the latest version according to the information provided by the...

8.8CVSS8.7AI score0.01153EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/02 12:0 a.m.•267 views

JVN#63895206: Multiple vulnerabilities in Calsos CSDX and CSDJ series products

Calsos CSDX and CSDJ series products provided by NEC Platforms, Ltd. contain multiple vulnerabilities listed below. Access Restriction Bypass CWE-284 - CVE-2018-0613 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

8.8CVSS7.3AI score0.01078EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/06/28 3:30 a.m.•1 views

Mailman vulnerable to cross-site scripting

Overview Mailman provided by GNU Mailman contains a stored cross-site scripting vulnerability CWE-79. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

5.4CVSS5.9AI score0.02048EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/06/28 12:0 a.m.•186 views

JVN#00846677: Mailman vulnerable to cross-site scripting

Mailman provided by GNU Mailman contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected...

5.4CVSS5.7AI score0.02048EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/06/27 5:44 a.m.•3 views

MemoCGI vulnerable to directory traversal

Overview MemoCGI provided by ChamaNet contains a directory traversal vulnerability CWE-22. Ikuo Shoji reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote attacker may view files on the server. Solution...

7.5CVSS6.7AI score0.0218EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/06/27 12:0 a.m.•162 views

JVN#58362455: MemoCGI vulnerable to directory traversal

MemoCGI provided by ChamaNet contains a directory traversal vulnerability CWE-22. Impact A remote attacker may view files on the server. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected MemoCGI v2.1800 to v2.2200...

7.5CVSS7.5AI score0.0218EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/06/15 5:40 a.m.•4 views

ANA App for iOS fails to verify SSL server certificates

Overview ANA App for iOS provided by ALL NIPPON AIRWAYS CO., LTD fails to verify SSL server certificates CWE-295. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

7.4CVSS6.4AI score0.00503EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/06/15 5:36 a.m.•4 views

Chrome Extension "5000 trillion yen converter" vulnerable to cross-site scripting

Overview Chrome Extension "5000 trillion yen converter" provided by Owen contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the extension Update the extension according to the information provided by the...

6.1CVSS6.1AI score0.00781EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/06/15 12:0 a.m.•77 views

JVN#98975951: Chrome Extension "5000 trillion yen converter" vulnerable to cross-site scripting

Chrome Extension "5000 trillion yen converter" provided by Owen contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the extension Update the extension according to the information provided by the developer...

6.1CVSS6AI score0.00781EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/06/15 12:0 a.m.•81 views

JVN#71535108: ANA App for iOS fails to verify SSL server certificates

ANA App for iOS provided by ALL NIPPON AIRWAYS CO., LTD fails to verify SSL server certificates CWE-295. Impact A man-in-the-middle attack may allow an attacker to obtain and/or alter on a content of communication. Solution Update the Application Update to the latest version according to the...

7.4CVSS7AI score0.00503EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/06/13 6:11 a.m.•2 views

Local File Inclusion vulnerability in Zenphoto

Overview Zenphoto is a content management system CMS. Zenphoto contains a Local File Inclusion vulnerability. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Sensitive information may be obtained or...

7.2CVSS7.2AI score0.01846EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/06/13 12:0 a.m.•28 views

JVN#33124193: Local File Inclusion vulnerability in Zenphoto

Zenphoto is a content management system CMS. Zenphoto contains a Local File Inclusion vulnerability. Impact Sensitive information may be obtained or arbitrary code may be executed by a remote administrative user. Solution Update the Software Update to the latest version according to the informati...

7.2CVSS7.2AI score0.01846EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/06/12 5:44 a.m.•5 views

LINE for Windows may insecurely load Dynamic Link Libraries

Overview LINE for Windows provided by LINE Corporation specifies the path to read DLL when launching software. If a user launches LINE for Windows by clicking the specially crafted link prepared by a remote attacker, it may result in insecurely loading Dynamic Link Libraries CWE-427. LINE...

7.8CVSS6.9AI score0.00796EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/06/12 12:0 a.m.•57 views

JVN#92265618: LINE for Windows may insecurely load Dynamic Link Libraries

LINE for Windows provided by LINE Corporation specifies the path to read DLL when launching software. If a user launches LINE for Windows by clicking the specially crafted link prepared by a remote attacker, it may result in insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code...

7.8CVSS7.6AI score0.00796EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/06/04 5:10 a.m.•4 views

H2O vulnerable to buffer overflow

Overview H2O is open source web server software. H2O contains a buffer overflow vulnerability CWE-119 due to a processing flaw in the output of Access Log. Marlies Ruck of ForAllSecure reported this vulnerability to Kazuho Oku, and Kazuho Oku reported this vulnerability to IPA to notify users of...

9.8CVSS7.6AI score0.03815EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/06/04 12:0 a.m.•49 views

JVN#93226941: H2O vulnerable to buffer overflow

H2O is open source web server software. H2O contains a buffer overflow vulnerability CWE-119 due to a processing flaw in the output of Access Log. Impact A remote attacker may be able to cause a denial-of-service DoS condition or may execute arbitrary code. Solution Update the Software Update to...

9.8CVSS9.8AI score0.03815EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/31 5:7 a.m.•2 views

Multiple vulnerabilities in Pixelpost

Overview Pixelpost provided by Pixelpost.org contains multiple vulnerabilities listed below. Arbitrary code execution - CVE-2018-0604 Cross-site scripting CWE-79 - CVE-2018-0605 SQL injection CWE-89 - CVE-2018-0606 ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the...

7.2CVSS8.9AI score0.01796EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/31 12:0 a.m.•73 views

JVN#27978559: Multiple vulnerabilities in Pixelpost

Pixelpost provided by Pixelpost.org contains multiple vulnerabilities listed below. Arbitrary code execution - CVE-2018-0604 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L| Base Score: 4.7 CVSS v2| AV:N/AC:L/Au:S/C:P/I:P/A:P| Base Score: 6.5 Cross-site...

7.2CVSS7.7AI score0.01796EPSS
Exploits0
Total number of security vulnerabilities5625