Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/24 12:0 a.m.80 views

JVN#31459091: WordPress plugin "Simple Custom CSS and JS" vulnerable to cross-site scripting

The WordPress plugin "Simple Custom CSS and JS" provided by SilkyPress contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided b...

6.1CVSS6AI score0.01466EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/21 4:39 a.m.2 views

gSOAP vulnerable to stack-based buffer overflow

Overview gSOAP library provided by Genivia contains a stack-based buffer overflowCWE-121. Processing a crafted SOAP message sent by a remote attacker may result in code execution. Impact Processing a crafted SOAP message sent by a remote attacker may result in code execution. Solution Update to t...

8.1CVSS7.5AI score0.21894EPSS
Exploits2References19
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/20 5:13 a.m.6 views

Multiple vulnerabilities in multiple Buffalo wireless LAN routers

Overview WMR-433 and WMR-433W provided by BUFFALO INC. are wireless LAN routers. WMR-433 and WMR-433W contain multiple vulnerabilities listed below. Cross-site Request Forgery CWE-352 - CVE-2017-2273 Reflected Cross-site Scripting CWE-79 - CVE-2017-2274 Manabu Kobayashi reported this vulnerabilit...

8.8CVSS6.7AI score0.0085EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/20 5:12 a.m.6 views

Multiple Buffalo wireless LAN access point devices do not properly perform authentication

Overview WAPM-1166D and WAPM-APG600H provided by BUFFALO INC. are wireless LAN access point devices. WAPM-1166D and WAPM-APG600H do not properly perform authentication CWE-287. SASABE Tetsuro of The University of Tokyo reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

10CVSS6.8AI score0.0402EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/20 12:0 a.m.72 views

JVN#48413726: Multiple vulnerabilities in multiple Buffalo wireless LAN routers

WMR-433 and WMR-433W provided by BUFFALO INC. are wireless LAN routers. WMR-433 and WMR-433W contain multiple vulnerabilities listed below. Cross-site Request Forgery CWE-352 - CVE-2017-2273 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L| Base Score: 4.3...

8.8CVSS7.4AI score0.0085EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/20 12:0 a.m.52 views

JVN#48823557: Multiple Buffalo wireless LAN access point devices do not properly perform authentication

WAPM-1166D and WAPM-APG600H provided by BUFFALO INC. are wireless LAN access point devices. WAPM-1166D and WAPM-APG600H do not properly perform authentication CWE-287. Impact An attacker who can access the device may log in via telnet without authentication and access the configuration interface ...

10CVSS9.5AI score0.0402EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/19 6:44 a.m.2 views

Multiple Vulnerabilities in Hitachi Automation Director and Hitachi Infrastructure Analytics Advisor

Overview Multiple vulnerabilities have been found in Hitachi Automation Director and Hitachi Infrastructure Analytics Advisor. Impact They may conduct the attacks listed below. Cross-site Scripting XXE XML External Entity Open Redirect Solution Please refer to the 'Vendor Information' section for...

6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/19 6:7 a.m.6 views

SONY Portable Wireless Server WG-C10 fails to restrict access permissions

Overview Portable Wireless Server WG-C10 provided by Sony Corporation fails to restrict access permissions CWE-284. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

9.1CVSS6.3AI score0.01075EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/19 6:7 a.m.4 views

Multiple vulnerabilities SONY Portable Wireless Server WG-C10

Overview Portable Wireless Server WG-C10 provided by Sony Corporation contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2017-2275 Buffer overflow CWE-119 - CVE-2017-2276 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...

9CVSS8.3AI score0.01933EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/19 12:0 a.m.71 views

JVN#14151222: Multiple vulnerabilities SONY Portable Wireless Server WG-C10

Portable Wireless Server WG-C10 provided by Sony Corporation contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2017-2275 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:P/I:P/A:P|...

9CVSS7.9AI score0.01933EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/19 12:0 a.m.58 views

JVN#77412145: SONY Portable Wireless Server WG-C10 fails to restrict access permissions

Portable Wireless Server WG-C10 provided by Sony Corporation fails to restrict access permissions CWE-284. Impact An authenticated attacker may obtain or alter information stored in the external storage connected to product. Solution Apply a Workaround The following workarounds may mitigate the...

9.1CVSS9AI score0.01075EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/14 4:38 a.m.5 views

Self-Extracting Encrypted Files created by AttacheCase may insecurely load Dynamic Link Libraries

Overview AttacheCase is an open source file encryption software provided by HiBARA Software. It can also create self-extracting encrypted files. Self-extracting encrypted files created by AttacheCase contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link...

9.3CVSS6.8AI score0.0108EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/14 12:0 a.m.83 views

JVN#61502349: Self-Extracting Encrypted Files created by AttacheCase may insecurely load Dynamic Link Libraries

AttacheCase is an open source file encryption software provided by HiBARA Software. It can also create self-extracting encrypted files. Self-extracting encrypted files created by AttacheCase contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries...

9.3CVSS7.6AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/13 5:35 a.m.5 views

FileCapsule Deluxe Portable and Encrypted Files in Self-Decryption Format created by FileCapsule Deluxe Portable may insecurely load Dynamic Link Libraries

Overview FileCapsule Deluxe Portable is a file encryption software. FileCapsule Deluxe Portable contains the following vulnerabilities. FileCapsule Deluxe Portable insecurely load Dynamic Link Libraries CWE-427 - CVE-2017-2265, CVE-2017-2267, CVE-2017-2269 Encrypted files in self-decryption forma...

9.3CVSS6.9AI score0.01059EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/13 12:0 a.m.119 views

JVN#42031953: FileCapsule Deluxe Portable and Encrypted Files in Self-Decryption Format created by FileCapsule Deluxe Portable may insecurely load Dynamic Link Libraries

FileCapsule Deluxe Portable is a file encryption software. FileCapsule Deluxe Portable contains the following vulnerabilities. FileCapsule Deluxe Portable insecurely load Dynamic Link Libraries CWE-427 - CVE-2017-2265, CVE-2017-2267, CVE-2017-2269 Version| Vector| Score ---|---|--- CVSS v3|...

9.3CVSS7.6AI score0.01059EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/12 5:42 a.m.6 views

Installer of Yahoo! Toolbar (for Internet explorer) may insecurely load Dynamic Link Libraries

Overview Installer of Yahoo! Toolbar for Internet explorer contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

9.3CVSS7.1AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/12 12:0 a.m.100 views

JVN#02852421: Installer of Yahoo! Toolbar (for Internet explorer) may insecurely load Dynamic Link Libraries

Installer of Yahoo! Toolbar for Internet explorer contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the Latest Installer Use the...

9.3CVSS7.7AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/11 4:48 a.m.2 views

Installers of Mozilla Firefox and Thunderbird for Windows may insecurely load Dynamic Link Libraries

Overview Installers of Mozilla Firefox and Thunderbird for Windows provided by Mozilla Foundation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated...

7.8CVSS8.7AI score0.01407EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/11 12:0 a.m.106 views

JVN#81676004: Installers of Mozilla Firefox and Thunderbird for Windows may insecurely load Dynamic Link Libraries

Installers of Mozilla Firefox and Thunderbird for Windows provided by Mozilla Foundation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer...

7.8CVSS8.6AI score0.01407EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/10 4:57 a.m.3 views

Self-Extracting Archives created by File Compact may insecurely load Dynamic Link Libraries

Overview File Compact provided by SOURCENEXT CORPORATION is compression/decompression software. It can also create self-extracting archive files. Self-extracting archive files created by File Compact contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link...

9.3CVSS6.8AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/10 12:0 a.m.88 views

JVN#29939155: Self-Extracting Archives created by File Compact may insecurely load Dynamic Link Libraries

File Compact provided by SOURCENEXT CORPORATION is compression/decompression software. It can also create self-extracting archive files. Self-extracting archive files created by File Compact contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries...

9.3CVSS7.7AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/07 6:47 a.m.5 views

Microsoft IME may insecurely load Dynamic Link Libraries

Overview Microsoft IME, bundled with Microsoft Windows, contains an issue in loading DLLs. When some application programs are invoked, they may initiate Microsoft IME. This IME, when initiated, checks a certain registry key for a file path to a DLL file and loads it. This registry key does not...

7.8CVSS7AI score0.02181EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/07 5:18 a.m.6 views

Installers of Lhaz and Lhaz+, and Self-Extracting Archives created by Lhaz or Lhaz+ may insecurely load Dynamic Link Libraries

Overview Lhaz and Lhaz+ provided by Chitora soft contain the following vulnerabilities. Installers of Lhaz and Lhaz+ insecurely load Dynamic Link Libraries CWE-427 - CVE-2017-2246, CVE-2017-2248 Self-extracting archive files created by Lhaz or Lhaz+ insecurely load Dynamic Link Libraries CWE-427 ...

9.3CVSS7.1AI score0.01059EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/07 12:0 a.m.89 views

JVN#21369452: Installers of Lhaz and Lhaz+, and Self-Extracting Archives created by Lhaz or Lhaz+ may insecurely load Dynamic Link Libraries

Lhaz and Lhaz+ provided by Chitora soft contain the following vulnerabilities. Installers of Lhaz and Lhaz+ insecurely load Dynamic Link Libraries CWE-427 - CVE-2017-2246, CVE-2017-2248 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H| Base Score: 7.8 CVSS...

9.3CVSS7.7AI score0.01059EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/07 12:0 a.m.76 views

JVN#21627267: Microsoft IME may insecurely load Dynamic Link Libraries

Microsoft IME, bundled with Microsoft Windows, contains an issue in loading DLLs. When some application programs are invoked, they may initiate Microsoft IME. This IME, when initiated, checks a certain registry key for a file path to a DLL file and loads it. This registry key does not exist by...

7.8CVSS8.1AI score0.02181EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/06 4:41 a.m.10 views

WordPress plugin "Shortcodes Ultimate" vulnerable to directory traversal

Overview The WordPress plugin "Shortcodes Ultimate" contains a directory traversal vulnerability CWE-22 in the Examples page. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Arbitrary local files o...

5CVSS6.3AI score0.02571EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/06 12:0 a.m.62 views

JVN#63249051: WordPress plugin "Shortcodes Ultimate" vulnerable to directory traversal

The WordPress plugin "Shortcodes Ultimate" contains a directory traversal vulnerability CWE-22 in the Examples page. Impact Arbitrary local files on the server may be accessed by a logged-in user. Solution Update the Software Update to the latest version according to the information provided by t...

5CVSS4.9AI score0.02571EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/04 5:43 a.m.2 views

Installer of Douro Kouji Kanseizutou Check Program may insecurely load Dynamic Link Libraries

Overview Installer of Douro Kouji Kanseizutou Check Program provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. and BlackWingCat of Pink...

7.8CVSS7.2AI score0.01124EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/04 5:43 a.m.3 views

Installer of Douroshisetu Kihon Data Sakusei System may insecurely load Dynamic Link Libraries

Overview The installer of Douroshisetu Kihon Data Sakusei System provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this...

7.8CVSS7AI score0.01057EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/04 5:2 a.m.3 views

WordPress plugin "Responsive Lightbox" vulnerable to cross-site scripting

Overview The WordPress plugin "Responsive Lightbox" provided by dFactory contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

6.1CVSS5.9AI score0.0145EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/04 4:59 a.m.3 views

MFC-J960DWN vulnerable to cross-site request forgery

Overview MFC-J960DWN provided by BROTHER INDUSTRIES, LTD. is a MultiFunction Printer. MFC-J960DWN contains a cross-site request forgery vulnerability CWE-352. Taiga Asano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.8CVSS6.5AI score0.00722EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/04 12:0 a.m.88 views

JVN#82120115: Installer of Douro Kouji Kanseizutou Check Program may insecurely load Dynamic Link Libraries

Installer of Kouji Kanseizutou Check Program provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user...

7.8CVSS7.8AI score0.01124EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/04 12:0 a.m.99 views

JVN#39819446: WordPress plugin "Responsive Lightbox" vulnerable to cross-site scripting

The WordPress plugin "Responsive Lightbox" provided by dFactory contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

6.1CVSS6AI score0.0145EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/04 12:0 a.m.108 views

JVN#95996423: MFC-J960DWN vulnerable to cross-site request forgery

MFC-J960DWN provided by BROTHER INDUSTRIES, LTD. is a MultiFunction Printer. MFC-J960DWN contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page, unintended operations such as changing settings of the device may be performed. Solution Apply a Workaroun...

8.8CVSS8.6AI score0.00722EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/04 12:0 a.m.85 views

JVN#20409270: Installer of Douroshisetu Kihon Data Sakusei System may insecurely load Dynamic Link Libraries

The installer of Douroshisetu Kihon Data Sakusei System provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege o...

7.8CVSS7.7AI score0.01057EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/03 6:23 a.m.4 views

Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon provided by Cybozu, Inc. contains a cross-site scripting in the application menu. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact An arbitrary script may be executed on the logged-in user's web browser. Solution Upda...

4.8CVSS6.1AI score0.00603EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/03 6:22 a.m.2 views

Cybozu Garoon vulnerable to session fixation

Overview Cybozu Garoon provided by Cybozu, Inc. contains a session fixation. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact A remote unauthenticated attacker may perform unintended operation with the logged-in user's privilege. Solution...

5.8CVSS6.8AI score0.00851EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/03 6:22 a.m.4 views

Cybozu Garoon fails to restrict access permission

Overview Cybozu Garoon provided by Cybozu, Inc. contains an improper access restriction. Jun Kokatsu of KDDI Singapore Dubai Branch reported vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. Impact When a logged-in user accesses ...

5.8CVSS6.5AI score0.00849EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/03 5:14 a.m.1 views

Installer and self-extracting archive containing the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system may insecurely load Dynamic Link Libraries

Overview The installer and the self-extracting archive including the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability...

9.3CVSS6.9AI score0.01231EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/03 12:0 a.m.86 views

JVN#06337557: Installer and self-extracting archive containing the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system may insecurely load Dynamic Link Libraries

The installer and the self-extracting archive including the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the us...

9.3CVSS7.7AI score0.01231EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/03 12:0 a.m.312 views

JVN#43534286: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Improper access restriction CWE-284 - CVE-2017-2144 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L| Base Score: 5.4 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:P| Base Score: 4.0...

5.8CVSS5.8AI score0.00851EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/30 6:56 a.m.3 views

Cross-site Scripting Vulnerability in multiple Hitachi products

Overview A cross-site scripting vulnerability was found in uCosminexus Portal Framework, Groupmax Collaboration, Hitachi Navigation Platform and JP1/Navigation Platform. Impact Remote users can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor...

4.7CVSS6.3AI score
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/30 6:55 a.m.4 views

Multiple Vulnerabilities in Hitachi IT Operations Director and JP1/IT Desktop Management

Overview A cross-site scripting and an XML external entity XXE vulnerability have been found in Hitachi IT Operations Director, JP1/IT Desktop Management - Manager and JP1/IT Desktop Management 2 - Manager. Impact An attacker may conduct a cross-site scripting attack and a XML external entity XXE...

8.1CVSS6.3AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/30 6:55 a.m.4 views

Vulnerability in Cosminexus HTTP Server and Hitachi Web Server

Overview A vulnerability CVE-2016-8743 exists in Cosminexus HTTP Server and Hitachi Web Server. Impact An attacker may have unspecified impact. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.5CVSS9.4AI score0.13252EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/30 5:19 a.m.4 views

Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice may insecurely load Dynamic Link Libraries

Overview Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc., Yuji Tounai of NTT Communications...

9.3CVSS7AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/30 5:18 a.m.2 views

Installer of PDF Digital Signature Plugin provided by the Ministry of Justice may insecurely load Dynamic Link Libraries

Overview Installer of PDF Digital Signature Plugin provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation and Eili Masami of Tachibana Lab. reported this...

9.3CVSS7AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/30 12:0 a.m.63 views

JVN#23389212: Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice may insecurely load Dynamic Link Libraries

Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the...

9.3CVSS7.7AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/30 12:0 a.m.80 views

JVN#45134765: Installer of PDF Digital Signature Plugin provided by the Ministry of Justice may insecurely load Dynamic Link Libraries

Installer of PDF Digital Signature Plugin provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use...

9.3CVSS7.7AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/28 7:40 a.m.5 views

Installer of Setup file of advance preparation for e-Tax software (WEB version) may insecurely load Dynamic Link Libraries

Overview Installer of Setup file of advance preparation for e-Tax software WEB version provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. BlackWingCat of Pink Flying Whale reported this vulnerability to IPA...

7.8CVSS7.2AI score0.01109EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/28 1:28 a.m.4 views

Non-documented developer's screen in Toshiba Lighting & Technology Corporation Home gateway

Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains non-documented developer's screen. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

9.8CVSS6.8AI score0.01786EPSS
Exploits0References5
Total number of security vulnerabilities5625