Search
Find a vulnerability
Search criteria
24 vulnerabilities by Ricoh Co., Ltd
JVNDB-2026-000085
Vulnerability from jvndb - Published: 2026-06-15 15:30 - Updated:2026-06-15 15:30
Severity
Summary
Privilege escalation vulnerability in multiple RICOH and KONICA MINOLTA JAPAN printer drivers
Details
Multiple printer drivers provided by RICOH and KONICA MINOLTA JAPAN contain the following vulnerability:
- Privilege escalation (CWE-427) - CVE-2026-50100
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000085.html",
"dc:date": "2026-06-15T15:30+09:00",
"dcterms:issued": "2026-06-15T15:30+09:00",
"dcterms:modified": "2026-06-15T15:30+09:00",
"description": "Multiple printer drivers provided by RICOH and KONICA MINOLTA JAPAN contain the following vulnerability:\u003ca href=\u0027https://cwe.mitre.org/data/definitions/427.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003ePrivilege escalation (CWE-427) - CVE-2026-50100\u003c/li\u003e\u003c/ul\u003eRicoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000085.html",
"sec:cpe": [
{
"#text": "cpe:/a:misc:konicaminolta_multiple_product",
"@product": "(multiple product)",
"@vendor": "KONICA MINOLTA JAPAN, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/a:ricoh:multiple_product",
"@product": "(multiple product)",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000085",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN55319858/index.html",
"@id": "JVN#55319858",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-50100",
"@id": "CVE-2026-50100",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Privilege escalation vulnerability in multiple RICOH and KONICA MINOLTA JAPAN printer drivers"
}
JVNDB-2026-000066
Vulnerability from jvndb - Published: 2026-04-30 17:02 - Updated:2026-04-30 17:02
Severity
Summary
Open redirect vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor
Details
Web Image Monitor provided by Ricoh Company, Ltd. is a web server that is included in and runs on laser printers and MFPs (multifunction printers).
Web Image Monitor contains the vulnerability listed below.
- Open redirect (CWE-601) - CVE-2026-41226
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000066.html",
"dc:date": "2026-04-30T17:02+09:00",
"dcterms:issued": "2026-04-30T17:02+09:00",
"dcterms:modified": "2026-04-30T17:02+09:00",
"description": "Web Image Monitor provided by Ricoh Company, Ltd. is a web server that is included in and runs on laser printers and MFPs (multifunction printers).\r\nWeb Image Monitor contains the vulnerability listed below.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/601.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eOpen redirect (CWE-601) - CVE-2026-41226\u003c/li\u003e\u003c/ul\u003eTony Kirkland of Sixgen Inc reported this vulnerability to Ricoh Company, Ltd. directly and coordinated. After the coordination, Ricoh Company, Ltd. reported this case to IPA under Information Security Early Warning Partnership, and JPCERT/CC coordinated with Ricoh Company, Ltd. for JVN publication.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000066.html",
"sec:cpe": {
"#text": "cpe:/a:ricoh:web_image_monitor",
"@product": "Web Image Monitor",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000066",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN65118274/index.html",
"@id": "JVN#65118274",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-41226",
"@id": "CVE-2026-41226",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Open redirect vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor"
}
JVNDB-2026-000028
Vulnerability from jvndb - Published: 2026-02-20 12:31 - Updated:2026-02-20 12:31
Severity
Summary
Installer for Job log aggregation/analysis software RICOH Job Log Aggregation Tool may insecurely load Dynamic Link Libraries
Details
The installer for Job log aggregation/analysis software RICOH Job Log Aggregation Tool contains the following vulnerability related to the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
- Uncontrolled search path element (CWE-427) - CVE-2026-26050
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000028.html",
"dc:date": "2026-02-20T12:31+09:00",
"dcterms:issued": "2026-02-20T12:31+09:00",
"dcterms:modified": "2026-02-20T12:31+09:00",
"description": "The installer for Job log aggregation/analysis software RICOH Job Log Aggregation Tool contains the following vulnerability related to the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/427.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eUncontrolled search path element (CWE-427) - CVE-2026-26050\u003c/li\u003e\u003c/ul\u003eKazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000028.html",
"sec:cpe": {
"#text": "cpe:/a:ricoh:job_log_aggregation%2Fanalysis_software_ricoh_job_log_aggregation_tool",
"@product": "Job log aggregation/analysis software RICOH Job Log Aggregation Tool",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000028",
"sec:references": [
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/jp/JVN69531868/index.html",
"@id": "JVN#69531868",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-26050",
"@id": "CVE-2026-26050",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer for Job log aggregation/analysis software RICOH Job Log Aggregation Tool may insecurely load Dynamic Link Libraries"
}
JVNDB-2026-002119
Vulnerability from jvndb - Published: 2026-01-30 11:26 - Updated:2026-01-30 11:26
Severity
Summary
Multiple vulnerabilities in BROTHER MFPs (multifunction printers)
Details
Multiple MFPs provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities listed below.
- Improper certificate validation (CWE-295) - CVE-2025-53869
- Hidden Functionality (CWE-912) - CVE-2025-55704
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-002119.html",
"dc:date": "2026-01-30T11:26+09:00",
"dcterms:issued": "2026-01-30T11:26+09:00",
"dcterms:modified": "2026-01-30T11:26+09:00",
"description": "Multiple MFPs provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities listed below.\u003cul\u003e\u003cli\u003eImproper certificate validation (CWE-295) - CVE-2025-53869\u003c/li\u003e\u003cli\u003eHidden Functionality (CWE-912) - CVE-2025-55704\u003c/li\u003e\u003c/ul\u003eAnton Fabricius of SySS GmbH reported these vulnerabilities to the developer.\r\nJPCERT/CC coordinated between the reporter and the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-002119.html",
"sec:cpe": [
{
"#text": "cpe:/a:brother:multiple_products",
"@product": "(Multiple Products)",
"@vendor": "Brother Industries",
"@version": "2.2"
},
{
"#text": "cpe:/a:ricoh:multiple_product",
"@product": "(multiple product)",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:konicaminolta:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "KONICA MINOLTA, INC.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-002119",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU92878805/index.html",
"@id": "JVNVU#92878805",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-53869",
"@id": "CVE-2025-53869",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-55704",
"@id": "CVE-2025-55704",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/295.html",
"@id": "CWE-295",
"@title": "Improper Certificate Validation(CWE-295)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/912.html",
"@id": "CWE-912",
"@title": "Hidden Functionality(CWE-912)"
}
],
"title": "Multiple vulnerabilities in BROTHER MFPs (multifunction printers)"
}
JVNDB-2026-000003
Vulnerability from jvndb - Published: 2026-01-09 18:17 - Updated:2026-01-09 18:17
Severity
Summary
RICOH Streamline NX vulnerable to improper authorization
Details
RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability.
- Improper authorization (CWE-639) - CVE-2026-21409
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000003.html",
"dc:date": "2026-01-09T18:17+09:00",
"dcterms:issued": "2026-01-09T18:17+09:00",
"dcterms:modified": "2026-01-09T18:17+09:00",
"description": "RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability.\u003cul\u003e\u003cli\u003eImproper authorization (CWE-639) - CVE-2026-21409\u003c/li\u003e\u003c/ul\u003eRicoh Company, Ltd. reported this vulnerability to IPA to notify the users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000003.html",
"sec:cpe": {
"#text": "cpe:/a:ricoh:streamline_nx",
"@product": "Ricoh Streamline NX",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.9",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000003",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN12770174/index.html",
"@id": "JVN#12770174",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-21409",
"@id": "CVE-2026-21409",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "RICOH Streamline NX vulnerable to improper authorization"
}
JVNDB-2025-000077
Vulnerability from jvndb - Published: 2025-09-08 13:42 - Updated:2025-09-24 16:53
Severity
Summary
RICOH Streamline NX vulnerable to tampering with operation history
Details
RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability.
* Use of Less Trusted Source (CWE-348) - CVE-2025-58422
Ricoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN.
JPCERT/CC and Ricoh Company, Ltd. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000077.html",
"dc:date": "2025-09-24T16:53+09:00",
"dcterms:issued": "2025-09-08T13:42+09:00",
"dcterms:modified": "2025-09-24T16:53+09:00",
"description": "RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability.\r\n\r\n* Use of Less Trusted Source (CWE-348) - CVE-2025-58422\r\n\r\nRicoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN.\r\nJPCERT/CC and Ricoh Company, Ltd. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000077.html",
"sec:cpe": {
"#text": "cpe:/a:ricoh:streamline_nx",
"@product": "Ricoh Streamline NX",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
"sec:cvss": {
"@score": "3.1",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000077",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN75307484/index.html",
"@id": "JVN#75307484",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-58422",
"@id": "CVE-2025-58422",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "RICOH Streamline NX vulnerable to tampering with operation history"
}
JVNDB-2025-000046
Vulnerability from jvndb - Published: 2025-06-30 15:45 - Updated:2025-06-30 15:45
Severity
Summary
SLNX Help Documentation of RICOH Streamline NX vulnerable to reflected cross-site scripting
Details
SLNX Help Documentation of RICOH Streamline NX provided by Ricoh Company, Ltd. contains a reflected cross-site scripting vulnerability.
- Reflected cross-site scripting via a specific parameter (CWE-79) - CVE-2025-41439
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000046.html",
"dc:date": "2025-06-30T15:45+09:00",
"dcterms:issued": "2025-06-30T15:45+09:00",
"dcterms:modified": "2025-06-30T15:45+09:00",
"description": "SLNX Help Documentation of RICOH Streamline NX provided by Ricoh Company, Ltd. contains a reflected cross-site scripting vulnerability.\r\n\r\n\u003cul\u003e\u003cli\u003eReflected cross-site scripting via a specific parameter (CWE-79) - CVE-2025-41439\u003c/li\u003e\u003c/ul\u003e\r\n\r\nMatteo Santini reported this vulnerability to Ricoh Company, Ltd. directly and coordinated. After the coordination, Ricoh Company, Ltd. reported this case to IPA under Information Security Early Warning Partnership, and JPCERT/CC coordinated with Ricoh Company, Ltd. for JVN publication.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000046.html",
"sec:cpe": {
"#text": "cpe:/a:ricoh:streamline_nx",
"@product": "Ricoh Streamline NX",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000046",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN24333956/index.html",
"@id": "JVN#24333956",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-41439",
"@id": "CVE-2025-41439",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "SLNX Help Documentation of RICOH Streamline NX vulnerable to reflected cross-site scripting"
}
JVNDB-2025-000039
Vulnerability from jvndb - Published: 2025-06-13 16:09 - Updated:2025-06-13 16:09
Severity
Summary
Multiple vulnerabilities in RICOH Streamline NX PC Client
Details
RICOH Streamline NX PC Client provided by Ricoh Company, Ltd. contains multiple vulnerabilities listed below.
- External control of file name or path (CWE-73) - CVE-2025-36506
- Path traversal (CWE-22) - CVE-2025-46783
- Use of less trusted source (CWE-348) - CVE-2025-48825
References
| Type | URL | |
|---|---|---|
|
|
||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000039.html",
"dc:date": "2025-06-13T16:09+09:00",
"dcterms:issued": "2025-06-13T16:09+09:00",
"dcterms:modified": "2025-06-13T16:09+09:00",
"description": "RICOH Streamline NX PC Client provided by Ricoh Company, Ltd. contains multiple vulnerabilities listed below.\u003cul\u003e\u003cli\u003eExternal control of file name or path (CWE-73) - CVE-2025-36506\u003c/li\u003e\u003cli\u003ePath traversal (CWE-22) - CVE-2025-46783\u003c/li\u003e\u003cli\u003eUse of less trusted source (CWE-348) - CVE-2025-48825\u003c/li\u003e\u003c/ul\u003e\r\nRicoh Company, Ltd. reported these vulnerabilities to IPA to notify users of its solution through JVN.\r\nJPCERT/CC and Ricoh Company, Ltd. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000039.html",
"sec:cpe": [
{
"#text": "cpe:/a:ricoh:streamline_nx_v3_pc_client",
"@product": "RICOH Streamline NX V3 PC Client",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:ricoh:streamline_nx_v3_pc_client",
"@product": "RICOH Streamline NX V3 PC Client",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000039",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN27937557/index.html",
"@id": "JVN#27937557",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-36506",
"@id": "CVE-2025-36506",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-46783",
"@id": "CVE-2025-46783",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-48825",
"@id": "CVE-2025-48825",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in RICOH Streamline NX PC Client"
}
JVNDB-2024-000117
Vulnerability from jvndb - Published: 2024-10-31 16:44 - Updated:2025-05-19 17:59
Severity
Summary
Stack-based buffer overflow vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor
Details
Web Image Monitor provided by Ricoh Company, Ltd. is an web server included and runs in laser printers and MFPs (multifunction printers).
Web Image Monitor contains a stack-based buffer overflow vulnerability (CWE-121) due to inappropriate parsing process of HTTP request.
Zhihong Tian, Hui Lu, Guocheng Wu, and Xingchi Chen of the Cyberspace Advanced Technology Institute of Guangzhou University reported this vulnerability to Ricoh Company, Ltd. directly and coordinated.
After the coordination, Ricoh Company, Ltd. reported this case to IPA under Information Security Early Warning Partnership, and JPCERT/CC coordinated with Ricoh Company, Ltd. for JVN publication.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000117.html",
"dc:date": "2025-05-19T17:59+09:00",
"dcterms:issued": "2024-10-31T16:44+09:00",
"dcterms:modified": "2025-05-19T17:59+09:00",
"description": "Web Image Monitor provided by Ricoh Company, Ltd. is an web server included and runs in laser printers and MFPs (multifunction printers).\r\nWeb Image Monitor contains a stack-based buffer overflow vulnerability (CWE-121) due to inappropriate parsing process of HTTP request.\r\n\r\nZhihong Tian, Hui Lu, Guocheng Wu, and Xingchi Chen of the Cyberspace Advanced Technology Institute of Guangzhou University reported this vulnerability to Ricoh Company, Ltd. directly and coordinated.\r\nAfter the coordination, Ricoh Company, Ltd. reported this case to IPA under Information Security Early Warning Partnership, and JPCERT/CC coordinated with Ricoh Company, Ltd. for JVN publication.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000117.html",
"sec:cpe": {
"#text": "cpe:/a:ricoh:web_image_monitor",
"@product": "Web Image Monitor",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.7",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000117",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN87770340/index.html",
"@id": "JVN#87770340",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-47939",
"@id": "CVE-2024-47939",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Stack-based buffer overflow vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor"
}
JVNDB-2024-000083
Vulnerability from jvndb - Published: 2024-08-06 15:13 - Updated:2024-08-06 15:13
Severity
Summary
Firmware update for RICOH JavaTM Platform resets the TLS configuration
Details
JavaTM Platform provided by Ricoh Company, Ltd. is the execution environment for firmware extensions of Ricoh MFPs and printers, providing TLS (Transport Layer Security) communication mechanism.
When the firmware for JavaTM Platform is updated from Ver.12.89 or earlier versions to a newer version, the TLS configuration is reset to "TLS 1.0: enabled" and "TLS 1.1: enabled" (CWE-1188).
Ricoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000083.html",
"dc:date": "2024-08-06T15:13+09:00",
"dcterms:issued": "2024-08-06T15:13+09:00",
"dcterms:modified": "2024-08-06T15:13+09:00",
"description": "JavaTM Platform provided by Ricoh Company, Ltd. is the execution environment for firmware extensions of Ricoh MFPs and printers, providing TLS (Transport Layer Security) communication mechanism.\r\nWhen the firmware for JavaTM Platform is updated from Ver.12.89 or earlier versions to a newer version, the TLS configuration is reset to \"TLS 1.0: enabled\" and \"TLS 1.1: enabled\" (CWE-1188).\r\n\r\nRicoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000083.html",
"sec:cpe": {
"#text": "cpe:/a:ricoh:javatm_platform",
"@product": "JavaTM Platform",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.4",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000083",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN78728294/index.html",
"@id": "JVN#78728294",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-41995",
"@id": "CVE-2024-41995",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Firmware update for RICOH JavaTM Platform resets the TLS configuration"
}
JVNDB-2024-000070
Vulnerability from jvndb - Published: 2024-07-10 14:16 - Updated:2024-07-10 14:16
Severity
Summary
Out-of-bounds write vulnerability in Ricoh MFPs and printers
Details
MFPs (multifunction printers) and printers provided by Ricoh Company, Ltd. contain an out-of-bounds write vulnerability (CWE-787).
Ricoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000070.html",
"dc:date": "2024-07-10T14:16+09:00",
"dcterms:issued": "2024-07-10T14:16+09:00",
"dcterms:modified": "2024-07-10T14:16+09:00",
"description": "MFPs (multifunction printers) and printers provided by Ricoh Company, Ltd. contain an out-of-bounds write vulnerability (CWE-787).\r\n \r\nRicoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000070.html",
"sec:cpe": {
"#text": "cpe:/a:ricoh:multiple_product",
"@product": "(multiple product)",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
"sec:cvss": {
"@score": "8.2",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000070",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN14294633/index.html",
"@id": "JVN#14294633",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-39927",
"@id": "CVE-2024-39927",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Out-of-bounds write vulnerability in Ricoh MFPs and printers"
}
JVNDB-2024-000061
Vulnerability from jvndb - Published: 2024-06-18 14:56 - Updated:2024-06-18 14:56
Severity
Summary
Multiple vulnerabilities in Ricoh Streamline NX PC Client
Details
Ricoh Streamline NX PC Client provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below.
* [ricoh-2024-000004] Improper restriction of communication channel to intended endpoints (CWE-923) - CVE-2024-36252
* [ricoh-2024-000005] Use of hard-coded credentials (CWE-798) - CVE-2024-36480
* [ricoh-2024-000006] Use of potentially dangerous function (CWE-676) - CVE-2024-37124
* [ricoh-2024-000007] Use of potentially dangerous function (CWE-676) - CVE-2024-37387
CVE-2024-36252
Cai, Qi Qi of Siemens China Cybersecurity Testing Center - Shadowless Lab reported this vulnerability to RICOH COMPANY, LTD. and coordinated. After the coordination was completed, RICOH COMPANY, LTD. reported the case to IPA to notify users of the solution through JVN.
CVE-2024-36480, CVE-2024-37124, CVE-2024-37387
Abian Blome of Siemens Energy reported these vulnerabilities to RICOH COMPANY, LTD. and coordinated. After the coordination was completed, RICOH COMPANY, LTD. reported the case to IPA to notify users of the solution through JVN.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000061.html",
"dc:date": "2024-06-18T14:56+09:00",
"dcterms:issued": "2024-06-18T14:56+09:00",
"dcterms:modified": "2024-06-18T14:56+09:00",
"description": "Ricoh Streamline NX PC Client provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below.\r\n\r\n* [ricoh-2024-000004] Improper restriction of communication channel to intended endpoints (CWE-923) - CVE-2024-36252\r\n* [ricoh-2024-000005] Use of hard-coded credentials (CWE-798) - CVE-2024-36480\r\n* [ricoh-2024-000006] Use of potentially dangerous function (CWE-676) - CVE-2024-37124\r\n* [ricoh-2024-000007] Use of potentially dangerous function (CWE-676) - CVE-2024-37387\r\n\r\nCVE-2024-36252\r\nCai, Qi Qi of Siemens China Cybersecurity Testing Center - Shadowless Lab reported this vulnerability to RICOH COMPANY, LTD. and coordinated. After the coordination was completed, RICOH COMPANY, LTD. reported the case to IPA to notify users of the solution through JVN.\r\n\r\nCVE-2024-36480, CVE-2024-37124, CVE-2024-37387\r\nAbian Blome of Siemens Energy reported these vulnerabilities to RICOH COMPANY, LTD. and coordinated. After the coordination was completed, RICOH COMPANY, LTD. reported the case to IPA to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000061.html",
"sec:cpe": {
"#text": "cpe:/a:ricoh:streamline_nx_pc_client",
"@product": "RICOH Streamline NX PC Client",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000061",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN00442488/index.html",
"@id": "JVN#00442488",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36252",
"@id": "CVE-2024-36252",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36480",
"@id": "CVE-2024-36480",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-37124",
"@id": "CVE-2024-37124",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-37387",
"@id": "CVE-2024-37387",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in Ricoh Streamline NX PC Client"
}
JVNDB-2023-002111
Vulnerability from jvndb - Published: 2023-06-15 16:06 - Updated:2024-05-23 15:45
Severity
Summary
Printer Driver Packager NX creates driver installation packages without modification detection
Details
Printer Driver Packager NX provided by Ricoh Company, Ltd. is a tool to create driver installation packages. A driver installation package is used to install and configure printer drivers on the target PCs.
The installation and configuration of printer drivers require an administrative privilege, and a created driver installation package can bundle administrative credentials in encrypted form enabling non-administrative users to install printer drivers without administrator's help.
The driver installation package, created by the affected version of Printer Driver Packager NX, fails to detect its modification (CWE-345) and may spawn an unexpected process with the administrative privilege.
Ricoh Company, Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
References
| Type | URL | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002111.html",
"dc:date": "2024-05-23T15:45+09:00",
"dcterms:issued": "2023-06-15T16:06+09:00",
"dcterms:modified": "2024-05-23T15:45+09:00",
"description": "Printer Driver Packager NX provided by Ricoh Company, Ltd. is a tool to create driver installation packages. A driver installation package is used to install and configure printer drivers on the target PCs.\r\nThe installation and configuration of printer drivers require an administrative privilege, and a created driver installation package can bundle administrative credentials in encrypted form enabling non-administrative users to install printer drivers without administrator\u0027s help.\r\n\r\nThe driver installation package, created by the affected version of Printer Driver Packager NX, fails to detect its modification (CWE-345) and may spawn an unexpected process with the administrative privilege.\r\n\r\nRicoh Company, Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002111.html",
"sec:cpe": {
"#text": "cpe:/a:ricoh:ridoc_ez_Installer_nx",
"@product": "Ridoc Ez Installer NX",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-002111",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU92207133/",
"@id": "JVNVU#92207133",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-30759",
"@id": "CVE-2023-30759",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-30759",
"@id": "CVE-2023-30759",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/345.html",
"@id": "CWE-345",
"@title": "Insufficient Verification of Data Authenticity(CWE-345)"
}
],
"title": "Printer Driver Packager NX creates driver installation packages without modification detection"
}
JVNDB-2022-000089
Vulnerability from jvndb - Published: 2022-11-17 11:15 - Updated:2022-11-17 11:15
Severity
Summary
RICOH Aficio SP 4210N vulnerable to cross-site scripting
Details
Aficio SP 4210N provided by RICOH COMPANY, LTD. contains a cross-site scripting vulnerability (CWE-79) in Web Image Monitor.
Yudai Morii, Takaya Noma, Hiroki Yasui, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000089.html",
"dc:date": "2022-11-17T11:15+09:00",
"dcterms:issued": "2022-11-17T11:15+09:00",
"dcterms:modified": "2022-11-17T11:15+09:00",
"description": "Aficio SP 4210N provided by RICOH COMPANY, LTD. contains a cross-site scripting vulnerability (CWE-79) in Web Image Monitor.\r\n\r\nYudai Morii, Takaya Noma, Hiroki Yasui, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000089.html",
"sec:cpe": {
"#text": "cpe:/o:ricoh:ipsio_sp_4210_firmware",
"@product": "IPSiO SP 4210",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000089",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN24659622/index.html",
"@id": "JVN#24659622",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-37406",
"@id": "CVE-2022-37406",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-37406",
"@id": "CVE-2022-37406",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "RICOH Aficio SP 4210N vulnerable to cross-site scripting"
}
JVNDB-2022-000067
Vulnerability from jvndb - Published: 2022-08-29 15:57 - Updated:2024-06-13 13:53
Severity
Summary
Installer of Ricoh Device Software Manager may insecurely load Dynamic Link Libraries
Details
Installer of Device Software Manager provided by RICOH COMPANY, LTD. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Tomohisa Hasegawa of Canon IT Solutions Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000067.html",
"dc:date": "2024-06-13T13:53+09:00",
"dcterms:issued": "2022-08-29T15:57+09:00",
"dcterms:modified": "2024-06-13T13:53+09:00",
"description": "Installer of Device Software Manager provided by RICOH COMPANY, LTD. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nTomohisa Hasegawa of Canon IT Solutions Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000067.html",
"sec:cpe": {
"#text": "cpe:/a:ricoh:device_software_manager",
"@product": "Installer of Device Software Manager",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000067",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN44721267/index.html",
"@id": "JVN#44721267",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-36403",
"@id": "CVE-2022-36403",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-36403",
"@id": "CVE-2022-36403",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer of Ricoh Device Software Manager may insecurely load Dynamic Link Libraries"
}
JVNDB-2019-014138
Vulnerability from jvndb - Published: 2020-02-25 15:47 - Updated:2020-02-25 15:47
Severity
Summary
Improper Authentication Vulnerability in RICOH printers
Details
Multiple RICOH printers contain Improper Authentication Vulnerability (CWE-287).
RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-014138.html",
"dc:date": "2020-02-25T15:47+09:00",
"dcterms:issued": "2020-02-25T15:47+09:00",
"dcterms:modified": "2020-02-25T15:47+09:00",
"description": "Multiple RICOH printers contain Improper Authentication Vulnerability (CWE-287).\r\n\r\nRICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-014138.html",
"sec:cpe": [
{
"#text": "cpe:/o:ricoh:sp_330dn_firmware",
"@product": "SP 330DN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_330sfn_firmware",
"@product": "SP 330SFN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_330sn_firmware",
"@product": "SP 330SN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_3710dn_firmware",
"@product": "SP 3710DN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_3710sf_firmware",
"@product": "SP 3710SF firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c250dn_firmware",
"@product": "SP C250DN",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c250sf_firmware",
"@product": "SP C250SF",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c252dn_firmware",
"@product": "SP C252DN",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c252sf_firmware",
"@product": "SP C252SF",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c260dnw_firmware",
"@product": "SP C260DNw firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "3.3",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-014138",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN52962201/index.html",
"@id": "JVN#52962201",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14306",
"@id": "CVE-2019-14306",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-14306",
"@id": "CVE-2019-14306",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
}
],
"title": "Improper Authentication Vulnerability in RICOH printers"
}
JVNDB-2019-014137
Vulnerability from jvndb - Published: 2020-02-25 15:44 - Updated:2020-02-25 15:44
Severity
Summary
Improper Access Control Vulnerability in RICOH printers
Details
Multiple RICOH printers contain Improper Access Control (CWE-284).
RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-014137.html",
"dc:date": "2020-02-25T15:44+09:00",
"dcterms:issued": "2020-02-25T15:44+09:00",
"dcterms:modified": "2020-02-25T15:44+09:00",
"description": "Multiple RICOH printers contain Improper Access Control (CWE-284).\r\n\r\nRICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-014137.html",
"sec:cpe": [
{
"#text": "cpe:/o:ricoh:sp_330dn_firmware",
"@product": "SP 330DN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_330sfn_firmware",
"@product": "SP 330SFN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_330sn_firmware",
"@product": "SP 330SN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_3710dn_firmware",
"@product": "SP 3710DN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_3710sf_firmware",
"@product": "SP 3710SF firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c250dn_firmware",
"@product": "SP C250DN",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c250sf_firmware",
"@product": "SP C250SF",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c252dn_firmware",
"@product": "SP C252DN",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c252sf_firmware",
"@product": "SP C252SF",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c260dnw_firmware",
"@product": "SP C260DNw firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.6",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-014137",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN52962201/index.html",
"@id": "JVN#52962201",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14302",
"@id": "CVE-2019-14302",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-14302",
"@id": "CVE-2019-14302",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Improper Access Control Vulnerability in RICOH printers"
}
JVNDB-2019-014437
Vulnerability from jvndb - Published: 2020-02-25 15:29 - Updated:2020-02-25 15:29
Severity
Summary
Privilege escalation vulnerability in multiple RICOH printer drivers
Details
Multiple RICOH printer drivers contain a privilege escalation vulnerability.
RICOH COMPANY, LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and [Name of company/Organization] coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-014437.html",
"dc:date": "2020-02-25T15:29+09:00",
"dcterms:issued": "2020-02-25T15:29+09:00",
"dcterms:modified": "2020-02-25T15:29+09:00",
"description": "Multiple RICOH printer drivers contain a privilege escalation vulnerability.\r\n\r\nRICOH COMPANY, LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and [Name of company/Organization] coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-014437.html",
"sec:cpe": [
{
"#text": "cpe:/a:ricoh:generic_pcl5_driver",
"@product": "Generic PCL5 Driver",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:ricoh:pcl6_%28pcl_xl%29_driver",
"@product": "PCL6 (PCL XL) Driver",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:ricoh:pcl6_driver_for_universal_print",
"@product": "PCL6 Driver for Universal Print",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:ricoh:pc_fax_generic_driver",
"@product": "PC FAX Generic Driver",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:ricoh:postscript3_driver",
"@product": "PostScript3 Driver",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:ricoh:ps_driver_for_universal_print",
"@product": "PS Driver for Universal Print",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:ricoh:rpcs_driver",
"@product": "RPCS Driver",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:ricoh:rpcs_raster_driver",
"@product": "RPCS Raster Driver",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-014437",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN15697526/index.html",
"@id": "JVN#15697526",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19363",
"@id": "CVE-2019-19363",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-19363",
"@id": "CVE-2019-19363",
"@source": "NVD"
},
{
"#text": "https://seclists.org/fulldisclosure/2020/Jan/34",
"@id": "CVE-2019-19363 - Local Privilege Escalation in many Ricoh Printer Drivers for Windows",
"@source": "Related document"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Privilege escalation vulnerability in multiple RICOH printer drivers"
}
JVNDB-2019-014031
Vulnerability from jvndb - Published: 2020-02-25 14:06 - Updated:2020-02-25 14:06
Severity
Summary
Cross-site Request Forgery Vulnerability in RICOH printers
Details
Multiple RICOH printers contain Cross-site Request Forgery (CWE-352).
RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-014031.html",
"dc:date": "2020-02-25T14:06+09:00",
"dcterms:issued": "2020-02-25T14:06+09:00",
"dcterms:modified": "2020-02-25T14:06+09:00",
"description": "Multiple RICOH printers contain Cross-site Request Forgery (CWE-352). \r\n\r\nRICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-014031.html",
"sec:cpe": [
{
"#text": "cpe:/o:ricoh:m_c250fwb_firmware",
"@product": "M C250FWB firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:m_c250fw_firmware",
"@product": "M C250FW firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:p_c300w_firmware",
"@product": "P C300W firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:p_c301w_firmware",
"@product": "P C301W firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_330sfn_firmware",
"@product": "SP 330SFN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_330sn_firmware",
"@product": "SP 330SN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c250dn_firmware",
"@product": "SP C250DN",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c250sf_firmware",
"@product": "SP C250SF",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c252dn_firmware",
"@product": "SP C252DN",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c252sf_firmware",
"@product": "SP C252SF",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-014031",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN52962201/index.html",
"@id": "JVN#52962201",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14304",
"@id": "CVE-2019-14304",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-14304",
"@id": "CVE-2019-14304",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Cross-site Request Forgery Vulnerability in RICOH printers"
}
JVNDB-2019-014136
Vulnerability from jvndb - Published: 2020-02-25 14:02 - Updated:2020-02-25 14:02
Severity
Summary
Information Disclosure Vulnerability in RICOH printers
Details
Multiple RICOH printers contain Information Disclosure (CWE-200).
RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-014136.html",
"dc:date": "2020-02-25T14:02+09:00",
"dcterms:issued": "2020-02-25T14:02+09:00",
"dcterms:modified": "2020-02-25T14:02+09:00",
"description": "Multiple RICOH printers contain Information Disclosure (CWE-200).\r\n\r\nRICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-014136.html",
"sec:cpe": [
{
"#text": "cpe:/o:ricoh:m_c250fwb_firmware",
"@product": "M C250FWB firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:m_c250fw_firmware",
"@product": "M C250FW firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:p_c300w_firmware",
"@product": "P C300W firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:p_c301w_firmware",
"@product": "P C301W firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_330sfn_firmware",
"@product": "SP 330SFN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_330sn_firmware",
"@product": "SP 330SN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c250dn_firmware",
"@product": "SP C250DN",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c250sf_firmware",
"@product": "SP C250SF",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c252dn_firmware",
"@product": "SP C252DN",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c252sf_firmware",
"@product": "SP C252SF",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "3.3",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-014136",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN52962201/index.html",
"@id": "JVN#52962201",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14301",
"@id": "CVE-2019-14301",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-14301",
"@id": "CVE-2019-14301",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Information Disclosure Vulnerability in RICOH printers"
}
JVNDB-2019-000067
Vulnerability from jvndb - Published: 2019-10-28 15:37 - Updated:2019-10-28 15:37
Severity
Summary
Library Information Management System LIMEDIO vulnerable to open redirect
Details
Library Information Management System LIMEDIO provided by RICOH COMPANY, LTD. contains an open redirect vulnerability (CWE-601).
Takeshi Imai of Internet Initiative Japan Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000067.html",
"dc:date": "2019-10-28T15:37+09:00",
"dcterms:issued": "2019-10-28T15:37+09:00",
"dcterms:modified": "2019-10-28T15:37+09:00",
"description": "Library Information Management System LIMEDIO provided by RICOH COMPANY, LTD. contains an open redirect vulnerability (CWE-601).\r\n\r\nTakeshi Imai of Internet Initiative Japan Inc. reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000067.html",
"sec:cpe": {
"#text": "cpe:/a:ricoh:limedio",
"@product": "Library Information Management System LIMEDIO",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000067",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN45633549/index.html",
"@id": "JVN#45633549",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6021",
"@id": "CVE-2019-6021",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6021",
"@id": "CVE-2019-6021",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Library Information Management System LIMEDIO vulnerable to open redirect"
}
JVNDB-2019-000058
Vulnerability from jvndb - Published: 2019-09-13 14:29 - Updated:2020-02-25 17:27
Severity
Summary
Multiple buffer overflow vulnerabilities in multiple Ricoh printers and Multifunction Printers (MFPs)
Details
Multiple printers and Multifunction Printers (MFPs) provided by RICOH COMPANY, LTD. contain multiple buffer overflows vulnerabilities listed below.
* Buffer overflow in parsing HTTP cookie header (CWE-119) - CVE-2019-14300
* Buffer overflow in parsing HTTP parameter setting for Wifi, mDNS, POP3, SMTP and alert (CWE-119) - CVE-2019-14305
* Buffer overflow in parsing HTTP parameter setting for SNMP (CWE-119) - CVE-2019-14307
* Buffer overflow in parsing LPD packet (CWE-119) - CVE-2019-14308
RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000058.html",
"dc:date": "2020-02-25T17:27+09:00",
"dcterms:issued": "2019-09-13T14:29+09:00",
"dcterms:modified": "2020-02-25T17:27+09:00",
"description": "Multiple printers and Multifunction Printers (MFPs) provided by RICOH COMPANY, LTD. contain multiple buffer overflows vulnerabilities listed below. \r\n* Buffer overflow in parsing HTTP cookie header (CWE-119) - CVE-2019-14300 \r\n* Buffer overflow in parsing HTTP parameter setting for Wifi, mDNS, POP3, SMTP and alert (CWE-119) - CVE-2019-14305 \r\n* Buffer overflow in parsing HTTP parameter setting for SNMP (CWE-119) - CVE-2019-14307 \r\n* Buffer overflow in parsing LPD packet (CWE-119) - CVE-2019-14308 \r\n\r\nRICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000058.html",
"sec:cpe": [
{
"#text": "cpe:/o:ricoh:sp_c250dn_firmware",
"@product": "SP C250DN",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c250sf_firmware",
"@product": "SP C250SF",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c252dn_firmware",
"@product": "SP C252DN",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c252sf_firmware",
"@product": "SP C252SF",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000058",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN11708203/index.html",
"@id": "JVN#11708203",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14300",
"@id": "CVE-2019-14300",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14305",
"@id": "CVE-2019-14305",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14307",
"@id": "CVE-2019-14307",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14308",
"@id": "CVE-2019-14308",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-14300",
"@id": "CVE-2019-14300",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-14305",
"@id": "CVE-2019-14305",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-14307",
"@id": "CVE-2019-14307",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-14308",
"@id": "CVE-2019-14308",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Multiple buffer overflow vulnerabilities in multiple Ricoh printers and Multifunction Printers (MFPs)"
}
JVNDB-2018-000124
Vulnerability from jvndb - Published: 2018-11-27 15:26 - Updated:2019-08-27 17:01
Severity
Summary
Multiple vulnerabilities in RICOH Interactive Whiteboard
Details
RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below.
* Command injection (CWE-94) - CVE-2018-16184
* Missing file signature - CVE-2018-16185
* Hard-coded credentials for the administrator settings screen - CVE-2018-16186
* The server certificate is self-signed - CVE-2018-16187
* SQL injection (CWE-89) - CVE-2018-16188
RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000124.html",
"dc:date": "2019-08-27T17:01+09:00",
"dcterms:issued": "2018-11-27T15:26+09:00",
"dcterms:modified": "2019-08-27T17:01+09:00",
"description": "RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below.\r\n* Command injection (CWE-94) - CVE-2018-16184\r\n* Missing file signature - CVE-2018-16185\r\n* Hard-coded credentials for the administrator settings screen - CVE-2018-16186\r\n* The server certificate is self-signed - CVE-2018-16187\r\n* SQL injection (CWE-89) - CVE-2018-16188\r\n\r\nRICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000124.html",
"sec:cpe": [
{
"#text": "cpe:/o:ricoh:d2200_firmware",
"@product": "RICOH Interactive Whiteboard D2200",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:d5500_firmware",
"@product": "RICOH Interactive Whiteboard D5500",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:d5510_firmware",
"@product": "RICOH Interactive Whiteboard D5510",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:d5520_firmware",
"@product": "RICOH Interactive Whiteboard D5520",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:d6500_firmware",
"@product": "RICOH Interactive Whiteboard D6500",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:d6510_firmware",
"@product": "RICOH Interactive Whiteboard D6510",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:d7500_firmware",
"@product": "RICOH Interactive Whiteboard D7500",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:d8400_firmware",
"@product": "RICOH Interactive Whiteboard D8400",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "10.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000124",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN55263945/index.html",
"@id": "JVN#55263945",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16184",
"@id": "CVE-2018-16184",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16185",
"@id": "CVE-2018-16185",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16186",
"@id": "CVE-2018-16186",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16187",
"@id": "CVE-2018-16187",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16188",
"@id": "CVE-2018-16188",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16184",
"@id": "CVE-2018-16184",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16185",
"@id": "CVE-2018-16185",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16186",
"@id": "CVE-2018-16186",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16187",
"@id": "CVE-2018-16187",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16188",
"@id": "CVE-2018-16188",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in RICOH Interactive Whiteboard"
}
JVNDB-2006-000617
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Multiple email clients vulnerable to directory traversal due to inappropriate unicode handling
Details
Some email clients contain a vulnerability when handling an attached file with a file name using unicode. This may result in a directory traversal attack or displaying a file name diffrently from the actual file name.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000617.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Some email clients contain a vulnerability when handling an attached file with a file name using unicode. This may result in a directory traversal attack or displaying a file name diffrently from the actual file name.",
"link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000617.html",
"sec:cpe": [
{
"#text": "cpe:/a:misc:paseri",
"@product": "Paseri",
"@vendor": "NIPPON CONTROL SYSTEM Corporation.",
"@version": "2.2"
},
{
"#text": "cpe:/a:ricoh:ridoc_document_router",
"@product": "Ridoc Document Router",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:rimarts_inc.:becky_internet_mail",
"@product": "Becky! Internet Mail",
"@vendor": "RIMARTS",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2006-000617",
"sec:references": {
"#text": "http://jvn.jp/en/jp/JVN84775942/index.html",
"@id": "JVN#84775942",
"@source": "JVN"
},
"title": "Multiple email clients vulnerable to directory traversal due to inappropriate unicode handling"
}