Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/25 12:0 a.m.•40 views

JVN#25336719: namshi/jose fails to verify token signatures

namshi/jose is a PHP library for handling JSON Web Tokens JWT. namshi/jose contains a vulnerability in processing JWT headers where it fails to verify token signatures. Impact Specially crafted tokens may be validated as token data with valid signatures. Solution Update the Software Update to the...

5CVSS6.1AI score0.01385EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/23 3:29 a.m.•2 views

Symfony vulnerable to code injection

Overview Symfony is an open source web application framework provided by SensioLabs. Symfony contains a code injection vulnerability. Applications with ESI support enabled and using the Symfony built-in reverse proxy the HttpCache class are affected. Takeshi Terada of Mitsui Bussan Secure...

6.8CVSS7.3AI score0.01365EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/23 12:0 a.m.•38 views

JVN#19578958: Symfony vulnerable to code injection

Symfony is an open source web application framework provided by SensioLabs. Symfony contains a code injection vulnerability. Applications with ESI support enabled and using the Symfony built-in reverse proxy the HttpCache class are affected. Impact Arbitrary PHP code may be executed on the server...

6.8CVSS6.4AI score0.01365EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/18 5:14 a.m.•5 views

Ruby on Rails library Paperclip vulnerable to cross-site scripting

Overview Paperclip provided by thoughtbot is a library to upload files in Ruby on Rails. Paperclip contains a persistent cross-site scripting vulnerability CWE-79. MORI Shingo of DeNA Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

4.3CVSS6.2AI score0.02121EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/18 12:0 a.m.•46 views

JVN#83881261: Ruby on Rails library Paperclip vulnerable to cross-site scripting

Paperclip provided by thoughtbot is a library to upload files in Ruby on Rails. Paperclip contains a persistent cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to t...

4.3CVSS8.8AI score0.02121EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/12 5:13 a.m.•2 views

MilkyStep fails to restrict access permissions

Overview MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions against the management function for user information CWE-284. Note that this vulnerability is different from JVN16409640 or JVN74280258. Kusano Kazuhik...

6.5CVSS6.6AI score0.012EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/12 5:12 a.m.•2 views

BloBee vulnerable to arbitrary file creation

Overview BloBee provided by CGI RESCUE is a bulletin board software. BloBee contains a vulnerability that may allow a remote attacker to create arbitrary files CWE-20. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

7.5CVSS7.2AI score0.02673EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/12 5:11 a.m.•6 views

LoadLibrary function in Microsoft Windows fails to validate input properly

Overview The LoadLibrary function in Microsoft Windows fails to validate input properly. As a result, it may load a specially crafted DLL file CWE-114. Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...

7.6CVSS7AI score0.01996EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/12 12:0 a.m.•26 views

JVN#24336273: BloBee vulnerable to arbitrary file creation

BloBee provided by CGI RESCUE is a bulletin board software. BloBee contains a vulnerability that may allow a remote attacker to create arbitrary files CWE-20. Impact An arbitrary file created by an attacker may result in arbitrary code being executed on the server. Solution Update the Software...

7.5CVSS6.9AI score0.02673EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/12 12:0 a.m.•55 views

JVN#18146081: LoadLibrary function in Microsoft Windows fails to validate input properly

The LoadLibrary function in Microsoft Windows fails to validate input properly. As a result, it may load a specially crafted DLL file CWE-114. Impact An arbitrary code may be executed as a result of an application loads a specially crafted DLL file. Solution Update the Software This issue was...

6.9CVSS6.4AI score0.01996EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/12 12:0 a.m.•29 views

JVN#19732015: MilkyStep fails to restrict access permissions

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions against the management function for user information CWE-284. Impact A non-administrative user may be able to change administrative user credentials. Solution...

6.5CVSS5.9AI score0.012EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 5:16 a.m.•5 views

MilkyStep fails to restrict access permissions

Overview MilkyStep provided by Igreks Inc. fails to restrict access permissions. Note that this vulnerability is different from JVN16409640. MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions CWE-264. Kusano...

6.4CVSS6.6AI score0.01553EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 5:15 a.m.•2 views

MilkyStep vulnerable to cross-site scripting

Overview MilkyStep provided by Igreks Inc. contains a cross-site scripting vulnerability. MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a cross-site scripting vulnerability CWE-79. Kusano Kazuhiko reported this vulnerability to IPA...

4.3CVSS6AI score0.01184EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 5:15 a.m.•4 views

MilkyStep vulnerable to SQL injection

Overview MilkyStep provided by Igreks Inc. contains a SQL injection vulnerability. MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a SQL injection vulnerability CWE-89. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC...

7.5CVSS7.9AI score0.01285EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 5:2 a.m.•5 views

MilkyStep vulnerable to OS command injection

Overview MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains an OS command injection vulnerability CWE-78. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

7.5CVSS7.4AI score0.01615EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 4:45 a.m.•1 views

MilkyStep vulnerable to cross-site request forgery

Overview MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a cross-site request forgery vulnerability CWE-352. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

6.8CVSS6.5AI score0.00656EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 4:43 a.m.•3 views

MilkyStep fails to restrict access permissions

Overview MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions CWE-264. Note that this vulnerability is different from JVN74280258. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the...

5CVSS6.6AI score0.01385EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 12:0 a.m.•31 views

JVN#05559185: MilkyStep vulnerable to OS command injection

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed by an attacker. Solution Update the Software Update to the latest version according to the...

7.5CVSS7AI score0.01615EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 12:0 a.m.•36 views

JVN#12241436: MilkyStep vulnerable to cross-site request forgery

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Software Update to...

6.8CVSS6.3AI score0.00656EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 12:0 a.m.•35 views

JVN#74280258: MilkyStep fails to restrict access permissions

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions CWE-264. Impact A remote attacker may alter product settings. Solution Update the Software Update to the latest version according to the information provided by...

6.4CVSS6.1AI score0.01553EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 12:0 a.m.•31 views

JVN#20879350: MilkyStep vulnerable to cross-site scripting

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to th...

4.3CVSS5.9AI score0.01184EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 12:0 a.m.•31 views

JVN#52478686: MilkyStep vulnerable to SQL injection

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a SQL injection vulnerability CWE-89. Impact An attacker who can access the product may execute an arbitrary SQL command. Solution Update the Software Update to the latest version accordin...

7.5CVSS7.4AI score0.01285EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 12:0 a.m.•26 views

JVN#16409640: MilkyStep fails to restrict access permissions

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions CWE-264. Impact A remote attacker may obtain files managed by the product. Solution Update the Software Update to the latest version according to the informatio...

5CVSS6.1AI score0.01385EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/05 5:16 a.m.•3 views

Multiple Buffalo wireless LAN routers vulnerable to OS command injection

Overview Multiple wireless LAN routers provided by BUFFALO INC. contain an OS command injection vulnerability. Masashi Sakai, Satoshi Ogawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An authenticated...

7.7CVSS7.8AI score0.0107EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/05 5:14 a.m.•8 views

NetFlow Analyzer vulnerable to cross-site request forgery

Overview NetFlow Analyzer provided by Zoho Corporation contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, various administrative functions may be performed. Solution Update the software build and apply the patch Update the software to bui...

6.8CVSS6.5AI score0.02009EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/05 5:2 a.m.•4 views

NetFlow Analyzer fails to restrict access permissions

Overview NetFlow Analyzer provided by Zoho Corporation fails to restrict access permissions. Tomoshige Hasegawa, Akihito Mukai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Administrative operations, for...

7.5CVSS6.6AI score0.03409EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/05 4:59 a.m.•4 views

NetFlow Analyzer vulnerable to cross-site scripting

Overview NetFlow Analyzer provided by Zoho Corporation contains a cross-site scripting vulnerability. Tomoshige Hasegawa, Akihito Mukai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may...

4.3CVSS6.1AI score0.02106EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/05 12:0 a.m.•34 views

JVN#50447904: Multiple Buffalo wireless LAN routers vulnerable to OS command injection

Multiple wireless LAN routers provided by BUFFALO INC. contain an OS command injection vulnerability. Impact An authenticated attacker may be able to execute arbitrary OS commands. Solution Update the Firmware Apply the appropriate firmware update provided by the developer. Products Affected...

7.7CVSS7.6AI score0.0107EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/05 12:0 a.m.•33 views

JVN#98447310: NetFlow Analyzer vulnerable to cross-site scripting

NetFlow Analyzer provided by Zoho Corporation is a traffic analysis tool. NetFlow Analyzer contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software build and apply the patch Update the software to build 10250...

4.3CVSS5.9AI score0.02106EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/05 12:0 a.m.•42 views

JVN#25598413: NetFlow Analyzer fails to restrict access permissions

NetFlow Analyzer provided by Zoho Corporation is a traffic analysis tool. NetFlow Analyzer fails to restrict access permissions. Impact Administrative operations, for example, changing passwords or user account deletion may be performed by a user with guest privileges. In addition, information...

7.5CVSS6.4AI score0.03409EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/05 12:0 a.m.•47 views

JVN#79284156: NetFlow Analyzer vulnerable to cross-site request forgery

NetFlow Analyzer provided by Zoho Corporation is a traffic analysis tool. NetFlow Analyzer contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, various administrative functions may be performed. Solution Update the software build and apply...

6.8CVSS6.3AI score0.02009EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/03 6:1 a.m.•4 views

F21 JWT fails to verify token signatures

Overview JWT provided by F21 is a PHP library for handling JSON Web Tokens. php-jwt contains a vulnerability where it fails to verify token signatures. Toshiharu Sugiyama of DeNA Co., Ltd. and Shuntaro Maeda reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5CVSS6.6AI score0.03773EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/03 5:59 a.m.•2 views

"Open Explorer Beta" App for Android vulnerable to directory traversal

Overview "Open Explorer Beta" App for Android provided by brandroid.org contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with t...

6.4CVSS6.9AI score0.01883EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/03 12:0 a.m.•26 views

JVN#95246510: "Open Explorer Beta" App for Android vulnerable to directory traversal

"Open Explorer Beta" App for Android provided by brandroid.org contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the...

6.4CVSS6.5AI score0.01883EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/03 12:0 a.m.•48 views

JVN#06120222: F21 JWT fails to verify token signatures

JWT provided by F21 is a PHP library for handling JSON Web Tokens. JWT contains a vulnerability where it fails to verify token signatures. Impact Specially crafted tokens may be validated as token data with valid signatures. Solution Update the Software Update to the latest version according to t...

5CVSS6.2AI score0.03773EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/28 4:42 a.m.•3 views

ZenPhoto20 vulnerable to cross-site scripting

Overview ZenPhoto20 is a content management system CMS. ZenPhoto20 contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing encoded user-supplied input. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

4.3CVSS6AI score0.01181EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/28 4:42 a.m.•3 views

Zenphoto vulnerable to cross-site scripting

Overview Zenphoto is a content management system CMS. Zenphoto contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing encoded user-supplied input. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

4.3CVSS6AI score0.01194EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/28 12:0 a.m.•32 views

JVN#51176150: ZenPhoto20 vulnerable to cross-site scripting

ZenPhoto20 is a content management system CMS. ZenPhoto20 contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing encoded user-supplied input. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...

4.3CVSS5.8AI score0.01181EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/28 12:0 a.m.•29 views

JVN#68452022: Zenphoto vulnerable to cross-site scripting

Zenphoto is a content management system CMS. Zenphoto contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing encoded user-supplied input. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...

4.3CVSS5.8AI score0.01194EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/27 5:43 a.m.•2 views

Apache Sling API and Servlets Post components vulnerable to cross-site scripting

Overview Apache Sling is an open source web application framework provided by The Apache Software Foundation. Sling API and Servlet Post components included in Apache Sling contain a cross-site scripting vulnerability CWE-79 in the error page and the generation of the job completion. MORI Shingo...

4.3CVSS6AI score0.06297EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/27 12:0 a.m.•48 views

JVN#61328139: Apache Sling API and Servlets Post components vulnerable to cross-site scripting

Apache Sling is an open source web application framework provided by The Apache Software Foundation. Sling API and Servlet Post components included in Apache Sling contain a cross-site scripting vulnerability CWE-79 in the error page and the generation of the job completion. Impact An arbitrary...

4.3CVSS5.7AI score0.06297EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/22 5:15 a.m.•1 views

SXF Common Library vulnerable to buffer overflow

Overview SXF Common Library contains a buffer overflow vulnerability. akirayou of Nico-TECH reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact By processing a specially crafted CAD file, arbitrary code may be...

6.8CVSS7.5AI score0.02781EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/22 12:0 a.m.•41 views

JVN#93976566: SXF Common Library vulnerable to buffer overflow

SXF Common Library contains a buffer overflow vulnerability due to a flaw in processing an input data CWE-121. Impact By processing a specially crafted CAD file, arbitrary code may be executed. Solution Update the Software Update to the latest version according to the information provided by the...

6.8CVSS7.2AI score0.02781EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/21 7:37 a.m.•2 views

Information Disclosure Vulnerability in JP1/Integrated Management - Universal CMDB

Overview An information disclosure vulnerability was found in JP1/Integrated Management - Universal CMDB. Impact When UCMDB server uses UD probe DFM probe, malicious remote users can acquire data stored in UD probe DFM probe, by sending crafted HTTP request to server. Solution Please refer to the...

5.8CVSS6.3AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/21 7:36 a.m.•3 views

Problem with directory permissions in JP1/Automatic Operation

Overview There is a problem of permissions on file transfer directory in JP1/Automatic Operation. Impact Malicious local users might refer or modify transferred files. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

3.3CVSS6.5AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/20 5:34 a.m.•4 views

mt-phpincgi vulnerable to PHP object injection

Overview mt-phpincgi is script that runs Movable Type templates as PHP. mt-phpincgi contains a PHP object Injection vulnerability. According to the reporter, attacks that attempt to exploit this vulnerability have been confirmed. Impact Arbitrary PHP code may be executed on the server by an...

7.5CVSS7.3AI score0.01749EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/20 12:0 a.m.•28 views

JVN#64459670: mt-phpincgi vulnerable to PHP object injection

mt-phpincgi is script that runs Movable Type templates as PHP. mt-phpincgi contains a PHP object Injection vulnerability. According to the reporter, attacks that attempt to exploit this vulnerability have been confirmed. Impact Arbitrary PHP code may be executed on the server by an unauthenticate...

7.5CVSS7AI score0.01749EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/19 4:40 a.m.•3 views

BGA32.DLL and QBga32.DLL contain multiple vulnerabilities

Overview BGA32.DLL is a compression/decompression library for gza and bza-format files. BGA32.DLL contains multiple vulnerabilities including a buffer overflow because it utilizes vulnerable zlib and bzip2 libraries. QBga32.DLL, which is a wrapper of BGA32.DLL, is also affected. KONDOU, Kazuhiro...

7.5CVSS9.8AI score0.2554EPSS
Exploits4References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/19 12:0 a.m.•41 views

JVN#78689801: BGA32.DLL and QBga32.DLL contain multiple vulnerabilities

BGA32.DLL is a compression/decompression library for gza and bza-format files. BGA32.DLL contains multiple vulnerabilities including a buffer overflow because it utilizes vulnerable zlib and bzip2 libraries. QBga32.DLL, which is a wrapper of BGA32.DLL, is also affected. Impact Decompressing a...

7.5CVSS9.4AI score0.2554EPSS
Exploits4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/15 3:23 a.m.•1 views

"Honda Moto LINC" App for Android fails to verify SSL server certificates

Overview "Honda Moto LINC" App for Android fails to verify SSL server certificates. Yasuyuki KOBAYASHI reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attacker to...

5.9CVSS6.5AI score0.00696EPSS
Exploits0References5
Total number of security vulnerabilities5625