Japan Vulnerability Notes

JVN adopts CVSS version 3 now

Past Announcements

Recent Vulnerability Notes

JVN#92765814:

Multiple vulnerabilities in baserCMS [September 29, 2016 12:00]

JVN#72559412:

ManageEngine ServiceDesk Plus uses an insecure method for cookie generation [September 29, 2016 12:00]

JVN#89726415:

ManageEngine ServiceDesk Plus fails to restrict access permissions [September 29, 2016 12:00]

JVN#50347324:

ManageEngine ServiceDesk Plus vulnerable to cross-site scripting [September 29, 2016 12:00]

JVN#46087986:

Multiple plugins for Geeklog IVYWE edition vulnerable to cross-site scripting [September 23, 2016 12:00]

JVN#49343562:

Money Forward Apps for Android vulnerability that allows unintended operations [September 20, 2016 12:00]

JVN#61297210:

Money Forward Apps for Android vulnerable in the WebView class [September 20, 2016 12:00]

JVN#98126322:

Trend Micro Internet Security vulnerability where files may be excluded as scan targets [September 16, 2016 12:00]

JVN#74244518:

Splunk Enterprise and Splunk Light vulnerable to cross-site scripting [September 16, 2016 12:00]

JVN#64800312:

Splunk Enterprise and Splunk Light vulnerable to open redirect [September 16, 2016 12:00]

JVN#39926655:

Splunk Enterprise and Splunk Light vulnerable to open redirect [September 16, 2016 12:00]

JVN#71462075:

Splunk Enterprise and Splunk Lite vulnerable to cross-site scripting [September 16, 2016 12:00]

JVN#89379547:

Apache Commons FileUpload vulnerable to denial-of-service (DoS) [September 15, 2016 16:00]

JVN#94779084:

H2O use of externally-controlled format string [September 15, 2016 12:00]

JVN#18926672:

Zend Framework vulnerable to SQL injection [September 15, 2016 12:00]

Past Vulnerability Notes

JVNTR-2011-05:: Apache HTTPD 1.3/2.x Range header DoS vulnerability (CVE-2011-3192, JVNVU#405811)

JVNTR-2011-02:: Java Double.parseDouble denial of service (Aka. "2.2250738585072011e-308" issue ) (CVE-2010-4476)

JVNTR-2011-01:: Microsoft Windows graphics engine thumbnail stack buffer overflow (CVE-2010-3970, JVNVU#106516)

JVNTR-2010-26:: Apple Quicktime Updates for Multiple Vulnerabilities (CVE-2010-1818, JVNVU#997815)

JVNTR-2010-25:: Adobe Flash Vulnerabilities (CVE-2010-2884, TA10-263A)

JVN provided by
JPCERT/CC
IPA

Related Associations
JEITA
JISA
CSAJ
JNSA

Partners
CERT/CC
CPNI