Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/05 12:0 a.m.53 views

JVN#01837169: Installer of WinShot may insecurely load Dynamic Link Libraries

Installer of WinShot contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use ZIP file format WinShot When using WinShot, download the...

9.3CVSS7.6AI score0.01076EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/02 4:45 a.m.3 views

Multiple vulnerabilities in Jubatus

Overview Jubatus provided by Jubatus Community contains multiple vulnerabilities listed below. Arbitrary code execution - CVE-2018-0524 Directory traversal CWE-22 - CVE-2018-0525 Symantec Japan, Inc. Advisory Services Team reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...

7.5CVSS8.2AI score0.02509EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/02 12:0 a.m.61 views

JVN#56132776: Multiple vulnerabilities in Jubatus

Jubatus provided by Jubatus Community contains multiple vulnerabilities listed below. Arbitrary code execution - CVE-2018-0524 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 5.6 CVSS v2| AV:N/AC:M/Au:N/C:P/I:P/A:P| Base Score: 6.8 Directory...

7.5CVSS6.9AI score0.02509EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/26 5:10 a.m.3 views

Multiple vulnerabilities in WXR-1900DHP2

Overview WXR-1900DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. Missing Authentication for Critical Function CWE-306 - CVE-2018-0521 Buffer Overflow CWE-119 - CVE-2018-0522 OS Command Injection CWE-78 - CVE-2018-0523 Taizoh...

8.8CVSS7.8AI score0.01364EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/26 12:0 a.m.89 views

JVN#97144273: Multiple vulnerabilities in WXR-1900DHP2

WXR-1900DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. Missing Authentication for Critical Function CWE-306 - CVE-2018-0521 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score:...

8.8CVSS9.1AI score0.01364EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/22 6:29 a.m.0 views

Multiple vulnerabilities in FS010W

Overview FS010W provided by FUJI SOFT INCORPORATED is a WiFi router. FS010W contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2018-0519 Cross-site request forgery CWE-352 - CVE-2018-0520 Manabu Kobayashi reported these vulnerabilities to IPA. JPCERT/CC...

8.8CVSS6.5AI score0.00658EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/22 6:29 a.m.8 views

LINE for iOS fails to verify SSL server certificates

Overview LINE for iOS provided by LINE Corporation fails to verify SSL server certificates due to the vulnerability existed in the Third Party SDK which is incorporated in the application. LINE Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...

5.9CVSS6.4AI score0.00603EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/20 12:0 a.m.44 views

JVN#75453852: LINE for iOS fails to verify SSL server certificates

LINE for iOS provided by LINE Corporation fails to verify SSL server certificates due to the vulnerability existed in the Third Party SDK which is incorporated in the application. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. According to the...

5.9CVSS5.4AI score0.00603EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/20 12:0 a.m.60 views

JVN#83834277: Multiple vulnerabilities in FS010W

FS010W provided by FUJI SOFT INCORPORATED is a WiFi router. FS010W contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2018-0519 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.3 CVSS v2|...

8.8CVSS7AI score0.00658EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/15 7:39 a.m.1 views

Insecure DLL Loading issue in multiple Trend Micro products

Overview Multiple products provided by Trend Micro Incorporated contain an insecure DLL loading issue CWE-427. When invoking the installers of other applications while the concerned products are installed to the PC, the DLL placed in the same directory as the the installers of the other...

7.8CVSS6.9AI score0.01566EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/15 12:0 a.m.59 views

JVN#28865183: Insecure DLL Loading issue in multiple Trend Micro products

Multiple products provided by Trend Micro Incorporated contain an insecure DLL loading issue CWE-427. When invoking the installers of other applications while the concerned products are installed to the PC, the DLL placed in the same directory as the the installers of the other applications may b...

7CVSS6.9AI score0.01566EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/14 5:59 a.m.2 views

XXE Vulnerability in Hitachi Device Manager

Overview An XXE XML External Entity Vulnerability was found in Hitachi Device Manager. This vulnerability only affects the Linux cluster environment. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section fo...

7.8CVSS6.5AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/14 5:58 a.m.2 views

Multiple Vulnerabilities in Hitachi Command Suite

Overview Multiple vulnerabilities have been found in Hitachi Command Suite. Cross-site Scripting Open Redirect Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

6.1CVSS6.8AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/13 6:43 a.m.3 views

Application and self-extracting archive containing the application of "FLET'S v4 / v6 address selection tool" may insecurely load Dynamic Link Libraries

Overview Application and self-extracting archive containing the application of "FLET'S v4 / v6 address selection tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili...

7.8CVSS7.1AI score0.00928EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/13 6:37 a.m.2 views

Installer of "FLET'S Azukeru Backup Tool" may insecurely load Dynamic Link Libraries

Overview "FLET'S Azukeru Backup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION is software to automatically back up files in the user's computer to "FLET'S Azukeru" service. Installer of "FLET'S Azukeru Backup Tool" contains an issue with the DLL search path, which may lead to...

7.8CVSS6.8AI score0.00928EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/13 12:0 a.m.31 views

JVN#87403477: Application and self-extracting archive containing the application of "FLET'S v4 / v6 address selection tool" may insecurely load Dynamic Link Libraries

Application and self-extracting archive containing the application of "FLET'S v4 / v6 address selection tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitra...

7.8CVSS7.8AI score0.00928EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/13 12:0 a.m.43 views

JVN#04564808: Installer of ”FLET'S Azukeru Backup Tool” may insecurely load Dynamic Link Libraries

"FLET'S Azukeru Backup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION is software to automatically back up files in the user's computer to "FLET'S Azukeru" service. Installer of "FLET'S Azukeru Backup Tool" contains an issue with the DLL search path, which may lead to insecurel...

7.8CVSS7.7AI score0.00928EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/08 3:21 a.m.4 views

MP Form Mail CGI eCommerce Edition vulnerable to OS command injection

Overview MP Form Mail CGI eCommerce Edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce Edition contains an OS command injection vulnerability CWE-78. Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...

10CVSS7.6AI score0.02337EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/08 12:0 a.m.39 views

JVN#15462187: MP Form Mail CGI eCommerce Edition vulnerable to OS command injection

MP Form Mail CGI eCommerce Edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce Edition contains an OS command injection vulnerability CWE-78. Impact A remote attacker may execute an arbitrary OS command. Solution Update the Software Update t...

10CVSS9.8AI score0.02337EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/06 6:5 a.m.5 views

The installer of Anshin net security for Windows may insecurely load Dynamic Link Libraries

Overview Anshin net security for Windows provided by KDDI CORPORATION is an Internet Security suite. The installer of Anshin net security for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab...

7.8CVSS6.8AI score0.00927EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/06 5:22 a.m.2 views

Multiple I-O DATA network devices incorporating "MagicalFinder" vulnerable to OS command injection

Overview "MagicalFinder" provided by I-O DATA DEVICE, INC. is a IP address setting tool to for I-O DATA network devices such as routers, network cameras, strages, etc. Multiple I-O DATA network devices that incorporate "MagicalFinder" contain an OS command injection vulnerability CWE-78. Taizo...

7.7CVSS7.5AI score0.00668EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/06 12:0 a.m.35 views

JVN#36048131: Multiple I-O DATA network devices incorporating "MagicalFinder" vulnerable to OS command injection

"MagicalFinder" provided by I-O DATA DEVICE, INC. is a IP address setting tool to for I-O DATA network devices such as routers, network cameras, strages, etc. Multiple I-O DATA network devices that incorporate "MagicalFinder" contain an OS command injection vulnerability CWE-78. Impact An attacke...

7.7CVSS6.9AI score0.00668EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/06 12:0 a.m.32 views

JVN#70615027: The installer of Anshin net security for Windows may insecurely load Dynamic Link Libraries

Anshin net security for Windows provided by KDDI CORPORATION is an Internet Security suite. The installer of Anshin net security for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with...

7.8CVSS7.7AI score0.00927EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/02 4:39 a.m.3 views

WordPress plugin "MTS Simple Booking C" vulnerable to cross-site scripting

Overview The WordPress plugin "MTS Simple Booking C" provided by MT Systems Co., Ltd. contains a stored cross-site scripting vulnerability CWE-79. Daichi Takaki of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to...

6.1CVSS5.8AI score0.00776EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/02 3:28 a.m.3 views

Spring Security and Spring Framework vulnerable to authentication bypass

Overview Spring Framework and Spring Security provided by Pivotal Software, Inc. contain an authentication bypass vulnerability. Macchinetta Framework Development Team : NTT COMWARE, NTT DATA Corporation, and NTT reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5.3CVSS6.9AI score0.02857EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/02 12:0 a.m.53 views

JVN#15643848: Spring Security and Spring Framework vulnerable to authentication bypass

Spring Framework and Spring Security provided by Pivotal Software, Inc. contain an authentication bypass vulnerability. Impact A remote attacker can bypass authentication. As a result, the attacker gains access to the server and information may be disclosed. Solution Update the Software Update to...

5.3CVSS5.7AI score0.02857EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/02 12:0 a.m.58 views

JVN#99312352: WordPress plugin "MTS Simple Booking C" vulnerable to cross-site scripting

The WordPress plugin "MTS Simple Booking C" provided by MT Systems Co., Ltd. contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user who logged-in as an administrator. Solution Update the plugin Update the plugin accordi...

6.1CVSS6AI score0.00776EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/01 4:58 a.m.4 views

Multiple vulnerabilities in epg search result viewer(kkcald)

Overview epg search result viewerkkcald provided by kkcal contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2018-0508 Cross-site request forgery CWE-352 - CVE-2018-0509 Buffer overflow CWE-121 - CVE-2018-0510 Kusano Kazuhiko reported this vulnerability to IPA...

9.8CVSS7.1AI score0.02033EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/01 12:0 a.m.86 views

JVN#91393903: Multiple vulnerabilities in epg search result viewer(kkcald)

epg search result viewerkkcald provided by kkcal contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2018-0508 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/AU:N/C:N/I:P/A:N| Base Score:...

9.8CVSS8.2AI score0.02033EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/01/31 4:43 a.m.4 views

Deep Discovery Email Inspector vulnerable to arbitrary code execution

Overview Deep Discovery Email Inspector provided by Trend Micro Incorporated contains an arbitrary code execution vulnerability due to an issue in uploading files. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact An...

10CVSS8AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/01/30 3:30 a.m.2 views

WordPress plugin "WP Retina 2x" vulnerable to cross-site scripting

Overview The WordPress plugin "WP Retina 2x" contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on a...

6.1CVSS5.9AI score0.00918EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/01/30 12:0 a.m.64 views

JVN#30636823: WordPress plugin "WP Retina 2x" vulnerable to cross-site scripting

The WordPress plugin "WP Retina 2x" contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the developer. Products Affected ...

6.1CVSS6AI score0.00918EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/01/22 5:17 a.m.5 views

The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" may insecurely load Dynamic Link Libraries

Overview The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Librarie...

9.3CVSS6.8AI score0.00912EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/01/22 12:0 a.m.57 views

JVN#26255241: The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" may insecurely load Dynamic Link Libraries

The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact...

9.3CVSS7.7AI score0.00912EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/01/19 5:19 a.m.4 views

Nootka App for Android vulnerable to OS command injection

Overview Nootka App for Android provided by SeeLook contains an OS command injection vulnerability CWE-78. Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

10CVSS7.7AI score0.02277EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/01/19 5:19 a.m.4 views

GroupSession vulnerable to open redirect

Overview GroupSession provided by Japan Total System Co.,Ltd. is an open source groupware. GroupSession contains an open redirect vulnerability CWE-601. Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

6.1CVSS6.7AI score0.00769EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/01/19 12:0 a.m.66 views

JVN#26200083: GroupSession vulnerable to open redirect

GroupSession provided by Japan Total System Co.,Ltd. is an open source groupware. GroupSession contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted page, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishi...

6.1CVSS6.2AI score0.00769EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/01/19 12:0 a.m.64 views

JVN#10103841: Nootka App for Android vulnerable to OS command injection

Nootka App for Android provided by SeeLook contains an OS command injection vulnerability CWE-78. Impact A remote attacker may execute an arbitrary OS command. Solution Update the Application Update to the latest version according to the information provided by the developer. Products Affected...

10CVSS9.6AI score0.02277EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/01/17 7:15 a.m.4 views

Multiple vulnerabilities in Deep Discovery Email Inspector

Overview Deep Discovery Email Inspector provided by Trend Micro Incorporated contains multiple vulnerabilities. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact The possible impacts are as follows: A user may execute arbitrary...

7.7AI score
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/01/17 7:15 a.m.4 views

Trend Micro Control Manager vulnerable to SQL injection

Overview Trend Micro Control Manager contains multiple SQL injection vulnerabilities. This advisory refers to the vulnerabilities that are disclosed on the TippingPoint Zero Day Initiative advisories listed below. TippingPoint Zero Day Initiative...

9AI score
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/01/12 6:32 a.m.4 views

AssetView and AssetView PLATINUM contain multiple vulnerabilities

Overview AssetView and AssetView PLATINUM provided by Hammock Corporation contain 2 vulnerabilities listed below. Use of Hard-coded Cryptographic Key CWE-321 - CVE-2017-10866 Improper Input Validation CWE-20 - CVE-2017-10867 Muneaki Nishimura of of Recruit Technologies Co.,Ltd. RED TEAM reported...

8.8CVSS7.5AI score
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/01/12 6:7 a.m.2 views

Cross-site Scripting Vulnerability in Fujitsu NetCOBOL

Overview A cross-site scripting vulnerability was found in MeFt/Web Service manager function in Fujitsu NetCOBOL. Impact By creating a malicious webpage that exploits this vulnerability, an attacker could execute arbitrary code on the user's computer used to access the malicious webpage. Solution...

3.5CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/01/12 5:58 a.m.2 views

Cross-site Scripting Vulnerability in Fujitsu Interstage List Works

Overview A cross-suite scripting vulnerability has been found in web functionality of Fujitsu Interstage List Works. Impact By creating a malicious webpage that exploits this vulnerability, an attacker could execute arbitrary code on the user's computer used to access the malicious webpage...

6.1CVSS7.2AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/01/11 5:18 a.m.3 views

Lhaplus vulnerable to improper verification when expanding ZIP64 archives

Overview Lhaplus is file compression/decompression software. Lhaplus does not treat ZIP64 archives properly when expanding. Koji Ando of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

4.3CVSS6.4AI score0.00634EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/01/11 12:0 a.m.55 views

JVN#57842148: Lhaplus vulnerable to improper verification when expanding ZIP64 archives

Lhaplus is file compression/decompression software. Lhaplus does not treat ZIP64 archives properly when expanding. Impact An unintended content may be extracted from a crafted ZIP64 archive. Solution Update the Software Update to the latest version according to the information provided by the...

4.3CVSS3.8AI score0.00634EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/12/25 5:0 a.m.12 views

MQTT.js issue in handling PUBLISH packets

Overview MQTT.js is a client library for MQTT. MQTT.js contains an issue in handling PUBLISH packets sent from an MQTT Broker. Masataka Sakaguchi, Bintatsu Noda and Hisashi Kojima of Fujitsu Laboratories Ltd.reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

6.5CVSS6.9AI score0.02214EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/12/25 12:0 a.m.76 views

JVN#45494523: MQTT.js issue in handling PUBLISH packets

MQTT.js is a client library for MQTT. MQTT.js contains an issue in handling PUBLISH packets sent from an MQTT Broker. Impact Receiving a large number of packets from an MQTT broker may result in a denial-of-service DoS condition. Solution Update MQTT.js and rebuild the application Developers of...

6.5CVSS6.3AI score0.02214EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/12/22 6:50 a.m.5 views

The installer of Music Center for PC may insecurely load Dynamic Link Libraries

Overview Music Center for PC provided by Sony Video & Sound Products Inc. is a file management tool. The installer of Music Center for PC contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Note that this vulnerability is different from...

9.3CVSS6.9AI score0.01944EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/12/22 6:50 a.m.3 views

The installer of Content Manager Assistant for PlayStation may insecurely load Dynamic Link Libraries

Overview Content Manager Assistant for PlayStation provided by Sony Interactive Entertainment Inc. is a data transfer tool. The installer of Content Manager Assistant for PlayStation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427...

7.8CVSS6.8AI score0.00865EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/12/22 12:0 a.m.105 views

JVN#60695371: The installer of Music Center for PC may insecurely load Dynamic Link Libraries

Music Center for PC provided by Sony Video & Sound Products Inc. is a file management tool. The installer of Music Center for PC contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privileg...

9.3CVSS7.7AI score0.01944EPSS
Exploits0
Total number of security vulnerabilities5625