Vulnerability Reports

2022

2022/12/01 JVNVU#94514762:

Multiple vulnerabilities in UNIMO Technology digital video recorders

2022/11/25 JVNVU#92877622:

Multiple vulnerabilities in OMRON CX-Programmer

2022/11/25 JVN#87895771:

Cybozu Remote Service vulnerable to Uncontrolled Resource Consumption

2022/11/25 JVN#53682526:

Multiple cross-site scripting vulnerabilities in baserCMS

2022/11/24 JVN#29657972:

TP-Link RE300 V1 tdpServer vulnerable to improper processing of its input

2022/11/21 JVN#26044739:

Typora fails to properly neutralize JavaScript code

2022/11/18 JVN#13927745:

WordPress Plugin "WordPress Popular Posts" accepts untrusted external inputs to update certain internal variables

2022/11/18 JVNVU#90082799:

Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service

2022/11/16 JVN#24659622:

RICOH Aficio SP 4210N vulnerable to cross-site scripting

2022/11/16 JVN#37014768:

Multiple vulnerabilities in Movable Type

2022/11/15 JVNVU#98082029:

Realtek chip deadlock vulnerability (CVE-2022-34326) in Mitsubishi Electric consumer electronics products

2022/11/14 JVN#54728399:

TERASOLUNA Global Framework and TERASOLUNA Server Framework for Java (Rich) vulnerable to ClassLoader manipulation

2022/11/14 JVNVU#97968855:

Multiple vulnerabilities in Hitachi Kokusai Network products for monitoring system(Camera, Encoder, Decoder)

2022/11/10 JVN#75437943:

Aiphone Video Multi-Tenant System Entrance Stations vulnerable to information disclosure

2022/11/08 JVN#59663854:

WordPress Plugin "Salon booking system" vulnerable to cross-site scripting

2022/11/08 JVN#09409909:

Multiple vulnerabilities in WordPress

2022/11/01 JVN#46345126:

Multiple vulnerabilities in the web interfaces of Kyocera Document Solutions MFPs and printers

2022/10/28 JVN#74285622:

Multiple vulnerabilities in FUJI SOFT network devices

2022/10/25 JVN#86350682:

Multiple vulnerabilities in SHIRASAGI

2022/10/20 JVN#56968681:

Multiple vulnerabilities in nadesiko3

2022/10/19 JVNVU#97131578:

Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service

2022/10/19 JVN#10921428:

Lemon8 App fails to restrict access permissions

2022/10/18 JVNVU#99955870:

Stack-based buffer overflow vulnerability in Yokogawa Test & Measurement WTViewerE

2022/10/14 JVN#74534998:

Android App "IIJ SmartKey" vulnerable to information disclosure

2022/10/12 JVNVU#93424017:

Multiple vulnerabilities in SVMPC1 and SVMPC2

2022/10/11 JVN#74592196:[Critical]

bingo!CMS vulnerable to authentication bypass

2022/10/11 JVN#40620121:

The installer of Sony Content Transfer may insecurely load Dynamic Link Libraries

2022/10/07 JVNVU#99960963:

Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security agents for Windows

2022/10/07 JVN#00845253:

Growi vulnerable to improper access control

2022/10/06 JVN#15411362:

IPFire WebUI vulnerable to cross-site scripting

2022/10/04 JVNVU#92805279:

Multiple vulnerabilities in Buffalo network devices

2022/09/30 JVN#78862034:

BookStack vulnerable to cross-site scripting

2022/09/15 JVN#21213852:

Multiple vulnerabilities in EC-CUBE

2022/09/15 JVN#30900552:

EC-CUBE plugin "Product Image Bulk Upload Plugin" vulnerable to insufficient verification in uploading files

2022/09/15 JVNVU#99326969:

OpenAM (OpenAM Consortium Edition) vulnerable to open redirect

2022/09/14 JVN#36454862:[Critical]

Multiple vulnerabilities in Trend Micro Apex One and Trend Micro Apex One as a Service

2022/09/09 JVN#48120704:

Movable Type plugin A-Form vulnerable to cross-site scripting

2022/09/05 JVN#34205166:

SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure

2022/09/02 JVN#76024879:

PowerCMS XMLRPC API vulnerable to command injection

2022/09/01 JVNVU#98305100:

Multiple vulnerabilities in Contec FLEXLAN FX3000 and FX2000 series

2022/08/31 JVNVU#90766406:

Multiple vulnerabilities in PLANEX Network camera products

2022/08/29 JVN#44721267:

Installer of Ricoh Device Software Manager may insecurely load Dynamic Link Libraries

2022/08/29 JVN#45473612:

Multiple vulnerabilities in CentreCOM AR260S V2

2022/08/24 JVN#57728859:

Movable Type XMLRPC API vulnerable to command injection

2022/08/24 JVN#46239102:

Multiple vulnerabilities in Exment

2022/08/23 JVNVU#96002401:

Multiple vulnerabilities in PukiWiki

2022/08/23 JVN#43979089:

PukiWiki vulnerable to cross-site scripting

2022/08/22 JVNVU#90821877:

UNIMO Technology digital video recorders vulnerable to missing authentication for critical functions

2022/08/22 JVNVU#98291763:

PLANEX MZK-DP150N contains hidden administrative functionality

2022/08/17 JVNVU#93109244:

Multiple vulnerabilities in Trend Micro Security

2022/08/17 JVNVU#96643038:

Trend Micro Endpoint security products for enterprises vulnerable to Link Following Local Privilege Escalation

2022/08/04 JVN#42883072:

Kaitai Struct: compiler vulnerable to denial-of-service (DoS)

2022/07/29 JVN#17625382:

Multiple vulnerabilities in Nintendo Wi-Fi Network Adaptor WAP-001

2022/07/28 JVN#57073973:

"JustSystems JUST Online Update for J-License" starts a program with an unquoted file path

2022/07/27 JVNVU#93696585:

CONTEC SolarView Compact vulnerable to insufficient verification in uploading files

2022/07/27 JVN#81563390:

"Hulu / フールー" App for iOS vulnerable to improper server certificate verification

2022/07/27 JVN#40907489:

"Hulu / フールー" App for Android uses a hard-coded API key for an external service

2022/07/25 JVN#77850327:

WordPress Plugin "Newsletter" vulnerable to cross-site scripting

2022/07/25 JVN#30454777:

Multiple vulnerabilities in untangle

2022/07/22 JVN#75063798:

Booked vulnerable to open redirect

2022/07/20 JVN#20573662:

Multiple vulnerabilities in Cybozu Office

2022/07/12 JVN#12610194:

Django Extract and Trunc functions vulnerable to SQL injection

2022/07/12 JVNVU#97846460:

U-Boot squashfs filesystem implementation vulnerable to heap-based buffer overflow

2022/07/08 JVN#23766146:

Passage Drive vulnerable to insufficient data verification

2022/07/04 JVN#14077132:

Multiple vulnerabilities in Cybozu Garoon

2022/07/04 JVN#32625020:

LiteCart vulnerable to cross-site scripting

2022/07/01 JVNVU#97050784:

Multiple vulnerabilities in OMRON products

2022/06/29 JVN#41017328:

HOME SPOT CUBE2 vulnerable to OS command injection

2022/06/24 JVN#51464799:

L2Blocker Sensor setup screen vulnerable to authentication bypass

2022/06/23 JVN#02158640:

web2py vulnerable to open redirect

2022/06/17 JVN#93667442:

Gitlab vulnerable to server-side request forgery

2022/06/15 JVN#20930118:

FreeBSD vulnerable to denial-of-service (DoS)

2022/06/14 JVN#94363766:

Cisco Catalyst 2940 Series Switches vulnerable to cross-site scripting

2022/06/14 JVNVU#96438711:

Growi vulnerable to weak password requirements

2022/06/09 JVN#32962443:

SHIRASAGI vulnerable to cross-site scripting

2022/06/02 JVNVU#90675050:

Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service

2022/06/01 JVN#28659051:

T&D Data Server and THERMO RECORDER DATA SERVER vulnerable to directory traversal

2022/06/01 JVN#04155116:

WordPress Plugin "Modern Events Calendar Lite" vulnerable to cross-site scripting

2022/05/27 JVN#27256219:

RevoWorks incomplete filtering of MS Office v4 macros

2022/05/27 JVN#13878856:

Mobaoku-Auction & Flea Market App for iOS vulnerable to improper server certificate verification

2022/05/26 JVNVU#93134398:

Multiple vulnerabilities in Fuji Electric V-SFT, V-Server and V-Server Lite

2022/05/26 JVNVU#99188133:

Multiple vulnerabilities in Fuji Electric V-SFT

2022/05/26 JVNVU#92327282:

Multiple vulnerabilities in CONTEC SolarView Compact

2022/05/24 JVN#15241647:

WordPress plugin "WP Statistics" vulnerable to cross-site scripting

2022/05/23 JVNVU#92641706:

Trend Micro Password Manager vulnerable to privilege escalation

2022/05/20 JVN#15317878:

Spring Security OAuth (spring-security-oauth2) vulnerable to denial-of-service (DoS)

2022/05/19 JVN#46892984:

Multiple vulnerabilities in Rakuten Casa

2022/05/16 JVN#73897863:

Multiple vulnerabilities in Cybozu Garoon

2022/05/13 JVN#44550983:

Strapi vulnerable to cross-site scripting

2022/05/13 JVN#46241173:

EC-CUBE plugin "Easy Blog for EC-CUBE4" vulnerable to cross-site request forgery

2022/05/12 JVNVU#93434935:

Installer of Trend Micro HouseCall for Home Networks may insecurely load Dynamic Link Libraries

2022/05/11 JVN#60037444:

Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries

2022/05/11 JVNVU#95992089:

Command injection vulnerability in QNAP VioStar series NVR

2022/05/10 JVN#60801132:

GENEREX RCCMD vulnerable to directory traversal

2022/05/09 JVN#96561229:[Critical]

Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM

2022/05/09 JVN#50337155:

KOYO Electronics Screen Creator Advance2 vulnerable to authentication bypass

2022/05/09 JVN#58266015:

Multiple vulnerabilities in multiple MEIKYO ELECTRIC products

2022/04/22 JVN#54857505:

Hammock AssetView missing authentication for critical functions

2022/04/15 JVN#31606885:

WordPress Plugin "MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership" vulnerable to cross-site request forgery

2022/04/06 JVNVU#97833256:

Trend Micro Antivirus for Mac vulnerable to privilege escalation

2022/03/30 JVN#59576930:

Zero-channel BBS Plus vulnerable to cross-site scripting

2022/03/30 JVN#42543427:

WordPress Plugin "Advanced Custom Fields" vulnerable to missing authorization

2022/03/30 JVN#10140834:

AttacheCase may insecurely load Dynamic Link Libraries

2022/03/30 JVNVU#99107357:[Critical]

Trend Micro Apex Central and Trend Micro Apex Central as a Service vulnerable to improper check for file contents

2022/03/22 JVNVU#94900322:

Netcommunity OG410X and OG810X VoIP gateway/Hikari VoIP adapter for business offices vulnerable to OS command injection

2022/03/16 JVN#21234459:

Multiple vulnerabilities in KINGSOFT "WPS Office" and "KINGSOFT Internet Security"

2022/03/15 JVN#87751554:

Multiple vulnerabilities in pfSense

2022/03/11 JVNVU#99391968:

Installer of Trend Micro Portable Security may insecurely load Dynamic Link Libraries

2022/03/10 JVNVU#96777901:

Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries

2022/03/10 JVN#72801744:

UNIVERGE WA Series vulnerable to OS command injection

2022/03/08 JVNVU#90673830:

Installer of WPS Office for Windows misconfigures the ACL for the installation directory

2022/03/04 JVN#33214411:

i-FILTER vulnerable to improper check for certificate revocation

2022/03/04 JVNVU#90121984:

Multiple vulnerabilities in OMRON CX-Programmer

2022/03/03 JVN#85572374:

pfSense-pkg-WireGuard vulnerable to directory traversal

2022/03/03 JVN#89524240:

MarkText vulnerable to cross-site scripting

2022/03/03 JVN#87683137:

Norton Security for Mac improperly processes ICMP packets

2022/03/02 JVNVU#92972528:

Multiple vulnerabilities in Trend Micro ServerProtect

2022/03/01 JVNVU#96994445:

Multiples security updates for Trend Micro Endpoint security products for enterprises (March 2022)

2022/02/22 JVN#67108459:

EC-CUBE plugin "Mail Magazine Management Plugin" vulnerable to cross-site request forgery

2022/02/22 JVN#53871926:

EC-CUBE improperly handles HTTP Host header values

2022/02/18 JVN#14706307:

Multiple vulnerabilities in a-blog cms

2022/02/17 JVNVU#95075478:

Trend Micro Antivirus for MAC vulnerable to privilege escalation

2022/02/17 JVN#00095004:

Multiple vulnerabilities in phpUploader

2022/02/09 JVN#12969207:

HPE Agentless Management registers unquoted service paths

2022/02/08 JVN#17482543:

Multiple vulnerabilities in multiple ELECOM LAN routers

2022/02/07 JVN#95898697:

Multiple ESET products for macOS vulnerable to improper server certificate verification

2022/02/04 JVN#67396225:

CSV+ vulnerable to cross-site scripting

2022/01/25 JVN#70100915:

Multiple vulnerabilities in TransmitMail

2022/01/24 JVNVU#95024141:

Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux

2022/01/21 JVNVU#94151526:

GROWI vulnerable to authorization bypass through user-controlled key

2022/01/20 JVN#16690037:

Multiple cross-site scripting vulnerabilities in php_mailform

2022/01/19 JVN#64806328:

Canon laser printers and small office multifunctional printers vulnerable to cross-site scripting

2022/01/13 JVN#19826500:

PASSWORD MANAGER "MIRUPASS" PW10 / PW20 missing encryption

2022/01/13 JVN#81479705:

Label printers "TEPRA" PRO SR5900P / SR-R7900P vulnerable to insufficiently protected credentials

2022/01/12 JVN#49047921:

Jimoty App for Android uses a hard-coded API key for an external service

2022/01/12 JVN#72788165:

Multiple vulnerabilities in WordPress Plugin "Quiz And Survey Master"

2021

2021/12/24 JVNVU#95192472:

Multiple vulnerabilities in KONICA MINOLTA MFPs and printing systems

2021/12/24 JVNVU#92279973:

Multiple vulnerabilities in IDEC PLCs

2021/12/23 JVNVU#94883311:

TP-Link TL-WR802N V4(JP) vulnerable to OS command injection

2021/12/22 JVN#66422035:

Android Apps developed using Yappli fails to restrict custom URL schemes properly

2021/12/22 JVNVU#95429813:

Multiple vulnerabilities in QNAP VioStar NVR

2021/12/20 JVN#79798166:

Multiple vulnerabilities in GroupSession

2021/12/17 JVN#13464252:

UNIVERGE DT Series vulnerable to missing encryption of sensitive data

2021/12/08 JVNVU#98117192:

Multiple vulnerabilities in Trend Micro Security 2021 family (Consumer)

2021/12/02 JVN#09136401:

Multiple missing authorization vulnerabilities in WordPress Plugin "Advanced Custom Fields"