Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Oct. 4, 2024, 10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
191911 5 警告 banex - Banex PHP MySQL Banner Exchange におけるデータベースのユーザ名およびパスワード等の重要な情報を取得される脆弱性 - CVE-2006-3965 2012-06-26 15:37 2006-08-1 Show GitHub Exploit DB Packet Storm
191912 7.5 危険 banex - Banex PHP MySQL Banner Exchange の members.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-3964 2012-06-26 15:37 2006-08-1 Show GitHub Exploit DB Packet Storm
191913 7.5 危険 banex - Banex PHP MySQL Banner Exchange における SQL インジェクションの脆弱性 - CVE-2006-3963 2012-06-26 15:37 2006-08-1 Show GitHub Exploit DB Packet Storm
191914 7.5 危険 bosdev - BosDev BosDates の payment.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-3957 2012-06-26 15:37 2006-08-1 Show GitHub Exploit DB Packet Storm
191915 7.5 危険 EFS Software - EFS Software Easy File Sharing FTP Server におけるスタックベースのバッファオーバーフローの脆弱性 - CVE-2006-3952 2012-06-26 15:37 2006-08-1 Show GitHub Exploit DB Packet Storm
191916 7.5 危険 AOL - America Online Security Edition で使用される AOL.YGP Pic Downloader YGPPDownload ActiveX におけるバッファオーバーフローの脆弱性 - CVE-2006-3888 2012-06-26 15:37 2006-10-10 Show GitHub Exploit DB Packet Storm
191917 7.5 危険 AOL - AOL YGP Screensaver ActiveX コントロール におけるバッファオーバーフローの脆弱性 - CVE-2006-3887 2012-06-26 15:37 2006-10-10 Show GitHub Exploit DB Packet Storm
191918 7.2 危険 アップル - AirPort ワイヤレスドライバ用の API における整数オーバーフローの脆弱性 - CVE-2006-3509 2012-06-26 15:37 2006-09-21 Show GitHub Exploit DB Packet Storm
191919 7.2 危険 アップル - AirPort ワイヤレスドライバ におけるヒープベースのバッファオーバーフローの脆弱性 - CVE-2006-3508 2012-06-26 15:37 2006-09-21 Show GitHub Exploit DB Packet Storm
191920 7.2 危険 アップル - AirPort ワイヤレスドライバにおけるスタックベースのバッファオーバーフローの脆弱性 - CVE-2006-3507 2012-06-26 15:37 2006-09-21 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Oct. 4, 2024, 5:52 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
901 - - - The goTenna Pro broadcast key name is always sent unencrypted and could reveal the location of operation. CWE-201
 Insertion of Sensitive Information Into Sent Data 		CVE-2024-47128 2024-09-30 21:46 2024-09-27 Show GitHub Exploit DB Packet Storm
902 - - - In the goTenna Pro there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing gotenna mesh networks. This vulner… CWE-1390
 Weak Authentication 		CVE-2024-47127 2024-09-30 21:46 2024-09-27 Show GitHub Exploit DB Packet Storm
903 - - - The goTenna Pro series does not use SecureRandom when generating its cryptographic keys. The random function in use is not suitable for cryptographic use. - CVE-2024-47126 2024-09-30 21:46 2024-09-27 Show GitHub Exploit DB Packet Storm
904 - - - The goTenna Pro series does not authenticate public keys which allows an unauthenticated attacker to intercept and manipulate messages. CWE-923
 Improper Restriction of Communication Channel to Intended Endpoints 		CVE-2024-47125 2024-09-30 21:46 2024-09-27 Show GitHub Exploit DB Packet Storm
905 - - - The goTenna pro series does not encrypt the callsigns of its users. These callsigns reveal information about the users and can also be leveraged for other vulnerabilities. CWE-319
Cleartext Transmission of Sensitive Information 		CVE-2024-47124 2024-09-30 21:46 2024-09-27 Show GitHub Exploit DB Packet Storm
906 - - - The goTenna Pro series use AES CTR mode for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to any attacker that can access the message. CWE-353
 Missing Support for Integrity Check 		CVE-2024-47123 2024-09-30 21:46 2024-09-27 Show GitHub Exploit DB Packet Storm
907 - - - In the goTenna Pro application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decry… CWE-922
 Insecure Storage of Sensitive Information 		CVE-2024-47122 2024-09-30 21:46 2024-09-27 Show GitHub Exploit DB Packet Storm
908 - - - The goTenna Pro series uses a weak password for the QR broadcast message. If the QR broadcast message is captured over RF it is possible to decrypt it and use it to decrypt all future and past messag… CWE-521
Weak Password Requirements  		CVE-2024-47121 2024-09-30 21:46 2024-09-27 Show GitHub Exploit DB Packet Storm
909 - - - LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting (XSS) on web pages where attacker-con… - CVE-2024-47075 2024-09-30 21:46 2024-09-27 Show GitHub Exploit DB Packet Storm
910 - - - Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unlo… - CVE-2024-45989 2024-09-30 21:46 2024-09-27 Show GitHub Exploit DB Packet Storm