Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/28 1:28 a.m.3 views

OS command injection vulnerability in Toshiba Lighting & Technology Corporation Home gateway

Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains OS command injection. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

10CVSS7.2AI score0.01979EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/28 1:28 a.m.3 views

Cross-site request forgery vulnerability in Toshiba Lighting & Technology Corporation Home gateway

Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains cross-site request forgery. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

8.8CVSS6.8AI score0.00769EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/28 1:23 a.m.6 views

Hard-coded credentials vulnerability in Toshiba Lighting & Technology Corporation Home gateway

Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains hard-coded credentials. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

9.8CVSS6.8AI score0.0142EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/28 1:23 a.m.3 views

Improper access control vulnerability in Toshiba Lighting & Technology Corporation Home gateway

Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains improper access control. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

9.8CVSS6.9AI score0.01483EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/28 12:0 a.m.52 views

JVN#79451345: Installer of Setup file of advance preparation for e-Tax software (WEB version) may insecurely load Dynamic Link Libraries

Installer of Setup file of advance preparation for e-Tax software WEB version provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoking the...

7.8CVSS7.8AI score0.01109EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/28 12:0 a.m.38 views

JVN#21174546: Marp vulnerable to improper access control in JavaScript execution

Marp is a tool to create a presentation PDF with Markdown. Marp executes JavaScript inside the Markdown contents. Marp allows JavaScript to access local resources and files CWE-284. Impact When reading specially crafted Markdown contents, local files may be accessed and leaked to an external...

6.8CVSS5.1AI score0.00519EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/27 12:0 a.m.48 views

JVN#85901441: Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway

Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. Non-documented developer's screen CWE-912 - CVE-2017-2234 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N| Base Score: 2.4 CVSS v2|...

10CVSS10AI score0.01979EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/26 5:28 a.m.3 views

Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology may insecurely load Dynamic Link Libraries

Overview Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology MEXT contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this...

9.8CVSS6.8AI score0.01468EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/26 12:0 a.m.56 views

JVN#01775119: Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology may insecurely load Dynamic Link Libraries

Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology MEXT contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user running...

9.8CVSS9.4AI score0.01468EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/23 5:38 a.m.14 views

Installer of Charamin OMP may insecurely load Dynamic Link Libraries

Overview The installer of Charamin OMP provided by Charamin steering committee contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

7.8CVSS7AI score0.00909EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/23 12:0 a.m.45 views

JVN#09293613: Installer of Charamin OMP may insecurely load Dynamic Link Libraries

The installer of Charamin OMP provided by Charamin steering committee contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...

7.8CVSS7.7AI score0.00909EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/21 9:15 a.m.3 views

[Simeji for Windows] installer may insecurely load Dynamic Link Libraries

Overview Simeji for Windows installer provided by Baidu Japan Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

9.3CVSS7.2AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/21 4:45 a.m.1 views

HOME SPOT CUBE2 vulnerable to improper authentication in WebUI

Overview HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains improper authentication in WebUI. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

8.8CVSS6.9AI score0.01033EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/21 4:45 a.m.5 views

HOME SPOT CUBE2 vulnerable to OS command injection in WebUI

Overview HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains OS command injection in WebUI. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

8.8CVSS7.5AI score0.00909EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/21 4:44 a.m.4 views

HOME SPOT CUBE2 vulnerable to buffer overflow in WebUI

Overview HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains buffer overflow in WebUI. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

8.8CVSS7.4AI score0.01087EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/21 4:44 a.m.3 views

HOME SPOT CUBE2 vulnerable to OS command injection in clock settings

Overview HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains OS command injection in clock settings. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

8CVSS7.5AI score0.00849EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/20 4:59 a.m.3 views

Multiple I-O DATA network camera products vulnerable to cross-site request forgery

Overview Multiple network camera products provided by I-O DATA DEVICE, INC. contains a cross-site request forgery vulnerability CWE-352. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securi...

8.8CVSS6.7AI score0.00913EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/20 4:58 a.m.5 views

WordPress plugin "Event Calendar WD" vulnerable to cross-site scripting

Overview The WordPress plugin "Event Calendar WD" provided by Web-Dorado contains a cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script ma...

6.1CVSS6AI score0.01466EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/20 12:0 a.m.40 views

JVN#65411235: Multiple I-O DATA network camera products vulnerable to cross-site request forgery

Multiple network camera products provided by I-O DATA DEVICE, INC. contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Firmware Apply the appropriate firmware update...

8.8CVSS8.8AI score0.00913EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/20 12:0 a.m.92 views

JVN#24348065: Multiple vulnerabilities in HOME SPOT CUBE2

HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains multiple vulnerabilities listed below. OS command injection in Clock Settings CWE-78 - CVE-2017-2183 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score...

8.8CVSS9.2AI score0.01087EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/20 12:0 a.m.37 views

JVN#73550134: WordPress plugin "Event Calendar WD" vulnerable to cross-site scripting

The WordPress plugin "Event Calendar WD" provided by Web-Dorado contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the developer...

6.1CVSS6AI score0.01466EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/15 5:32 a.m.1 views

WordPress plugin "WP Job Manager" fails to restrict access permissions

Overview The WordPress plugin "WP Job Manager" provided by Automattic Inc. fails to restrict access permissions. Katsunori Kumagai of Kumasan, LLC. reported this issue to IPA under Information Security Early Warning Partnership. Impact A remote unauthenticated attacker may upload an image file to...

5.3CVSS7.1AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/15 12:0 a.m.29 views

JVN#56787058: WordPress plugin "WP Job Manager" fails to restrict access permissions

The WordPress plugin "WP Job Manager" provided by Automattic Inc. fails to restrict access permissions. Impact A remote unauthenticated attacker may upload an image file to the server. Solution Update the plugin Update the plugin according to the information provided by the developer. According t...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/13 5:50 a.m.3 views

Source code security studying tool iCodeChecker vulnerable to cross-site scripting

Overview Source code security studying tool iCodeChecker provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a cross-site scripting vulnerability CWE-79. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with...

6.1CVSS6.4AI score0.00713EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/13 5:50 a.m.4 views

WordPress plugin "WP-Members" vulnerable to cross-site scripting

Overview The WordPress plugin "WP-Members" contains a cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on a logged in...

6.1CVSS6AI score0.01766EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/13 5:11 a.m.3 views

Open redirect vulnerability in WordPress plugin "WordPress Download Manager"

Overview The WordPress plugin "WordPress Download Manager" provided by W3 Eden, Inc. contains an open redirect vulnerability CWE-601. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

6.1CVSS6.6AI score0.01476EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/13 5:11 a.m.2 views

Cross-site scripting vulnerability in WordPress plugin "WordPress Download Manager"

Overview The WordPress plugin "WordPress Download Manager" provided by W3 Eden, Inc. contains a cross-site scripting vulnerability CWE-79. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

6.1CVSS6AI score0.01432EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/13 4:51 a.m.4 views

Installer of QuickTime for Windows may insecurely load Dynamic Link Libraries

Overview Installer of QuickTime for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

7.8CVSS7AI score0.00733EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/13 12:0 a.m.46 views

JVN#51355647: WordPress plugin "WP-Members" vulnerable to cross-site scripting

The WordPress plugin "WP-Members" contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the developer. Products Affected WP-Members...

6.1CVSS6AI score0.01766EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/13 12:0 a.m.39 views

JVN#94771799: Installer of QuickTime for Windows may insecurely load Dynamic Link Libraries

Installer of QuickTime for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Do not use Installer of QuickTime for Windows T...

7.8CVSS7.7AI score0.00733EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/13 12:0 a.m.42 views

JVN#25078144: Source code security studying tool iCodeChecker vulnerable to cross-site scripting

Source code security studying tool iCodeChecker provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Source code security studying tool...

6.1CVSS6.2AI score0.00713EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/13 12:0 a.m.48 views

JVN#79738260: Multiple vulnerabilities in WordPress plugin "WordPress Download Manager"

The WordPress plugin "WordPress Download Manager" provided by W3 Eden, Inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2017-2216 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

6.1CVSS6.6AI score0.01476EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/12 5:49 a.m.1 views

Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely invoke an executable file

Overview Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency contains an issue with the search path for executable files, which may lead to insecurely invoking an executable file. Note that this vulnerability is different from JVN7551446...

7.8CVSS7.1AI score0.01374EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/12 4:36 a.m.6 views

Cybozu KUNAI for Android vulnerable to cross-site scripting

Overview Cybozu KUNAI for Android is mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android contains a cross-site scripting vulnerability CWE-79 due to an issue in mobile view mode. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its...

6.1CVSS6AI score0.00762EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/12 12:0 a.m.63 views

JVN#56588965: Cybozu KUNAI for Android vulnerable to cross-site scripting

Cybozu KUNAI for Android is mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android contains a cross-site scripting vulnerability CWE-79 due to an issue in mobile view mode. Impact An arbitrary script may be executed on the user's web browser. Solution Update the...

6.1CVSS6AI score0.00762EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/12 12:0 a.m.60 views

JVN#27198823: Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely invoke an executable file

Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency contains an issue with the search path for executable files, which may lead to insecurely invoking an executable file. Impact This vulnerability can be exploited when the following...

7.8CVSS7.8AI score0.01374EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/09 6:59 a.m.5 views

Installer of "Setup file of advance preparation" may insecurely load Dinamic Link Libraries

Overview "Setup file of advance preparation" provided by National Tax Agency is software to setup the environment which is required to use "filing assistance on the NTA website". "Setup file of advance preparation"contains an issue with the DLL search path, which may lead to insecurely loading...

7.8CVSS6.9AI score0.01128EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/09 6:48 a.m.4 views

Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) may insecurely load Dynamic Link Libraries

Overview Installer of Denshinouhin Check System for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eili Masami of Tachibana Lab. and BlackWingCat of Pink Flying Whale...

7.8CVSS6.9AI score0.00911EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/09 4:49 a.m.4 views

Installer of CASL II simulator(self-extract format) may insecurely load Dynamic Link Libraries

Overview Installer of CASL II simulatorself-extract format provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Yuji Tounai of NTT Communications Corporation reported this...

7.8CVSS7.1AI score0.00911EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/09 12:0 a.m.37 views

JVN#34508179: Installer of "Setup file of advance preparation" may insecurely load Dinamic Link Libraries

"Setup file of advance preparation" provided by National Tax Agency is software to setup the environment which is required to use "filing assistance on the NTA website". "Setup file of advance preparation" contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Li...

7.8CVSS7.7AI score0.01128EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/09 12:0 a.m.42 views

JVN#65154137: Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) may insecurely load Dynamic Link Libraries

Installer of Denshinouhin Check System for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoking the...

7.8CVSS7.7AI score0.00911EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/09 12:0 a.m.46 views

JVN#67305782: Installer of CASL II simulator(self-extract format) may insecurely load Dynamic Link Libraries

Installer of CASL II simulatorself-extract format provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoking t...

7.8CVSS7.7AI score0.00911EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/08 6:31 a.m.1 views

The installer of SemiDynaEXE provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries

Overview The installer of SemiDynaEXE SemiDynaEXE2008.EXE provided by Geospatial Information Authority of Japan GSI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA...

9.3CVSS7.2AI score0.01059EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/08 6:31 a.m.5 views

The installer of TKY2JGD provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries

Overview The installer of TKY2JGD TKY2JGD1379.EXE provided by Geospatial Information Authority of Japan GSI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC...

9.3CVSS7.2AI score0.01059EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/08 6:31 a.m.3 views

The installer of PatchJGD(Hyoko) provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries

Overview The installer of PatchJGDHyoko PatchJGDh101.EXE provided by Geospatial Information Authority of Japan GSI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA...

9.3CVSS7.2AI score0.01059EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/08 6:31 a.m.3 views

The installer of PatchJGD provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries

Overview The installer of PatchJGD PatchJGD101.EXE provided by Geospatial Information Authority of Japan GSI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC...

9.3CVSS7.2AI score0.00893EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/08 12:0 a.m.55 views

JVN#52691241: Multiple installers of the software provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries

Multiple installers of the software provided by Geospatial Information Authority of Japan GSI contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer...

9.3CVSS7.5AI score0.01059EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/08 12:0 a.m.46 views

JVN#31236539: [Simeji for Windows(β)] installer may insecurely load Dynamic Link Libraries

Simeji for Windowsβ installer provided by Baidu Japan Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Do not use Simeji for...

9.3CVSS7.8AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/07 5:54 a.m.3 views

AppCheck may insecurely invoke an executable file

Overview AppCheck provided by JIRANSOFT JAPAN, INC. is an anti-ransomware software. AppCheck and its installer contains an issue with the search path for executable files, which may lead to insecurely invoke an executable file CWE-427. Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc...

9.3CVSS6.9AI score0.01651EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/07 12:0 a.m.31 views

JVN#99737748: AppCheck may insecurely invoke an executable file

AppCheck provided by JIRANSOFT JAPAN, INC. is an anti-ransomware software. AppCheck and its installer contains an issue with the search path for executable files, which may lead to insecurely invoke an executable file CWE-427. Impact Arbitrary code may be executed with the privilege of the user...

9.3CVSS8.6AI score0.01651EPSS
Exploits0
Total number of security vulnerabilities5625