NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年10月7日5:11

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
243301	4.3	MEDIUM	mediawiki	mediawiki	Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-2941	2016-12-8 03:11	2015-04-13	表示	GitHub Exploit DB Packet Storm

243302	7.1	HIGH	mediawiki	mediawiki	MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested…	CWE-399 リソース管理の問題	CVE-2015-2942	2016-12-8 03:11	2015-04-13	表示	GitHub Exploit DB Packet Storm

243303	10.0	HIGH	google	android	libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724.	CWE-119 バッファエラー	CVE-2015-3868	2016-12-8 03:11	2015-10-7	表示	GitHub Exploit DB Packet Storm

243304	4.3	MEDIUM	blackberry	enterprise_server	The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attack…	CWE-254 セキュリティ機能	CVE-2015-4112	2016-12-8 03:11	2015-11-19	表示	GitHub Exploit DB Packet Storm

243305	3.6	LOW	gnu	parallel	GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.	CWE-59 リンク解釈の問題	CVE-2015-4155	2016-12-8 03:11	2015-06-2	表示	GitHub Exploit DB Packet Storm

243306	4.3	MEDIUM	siemens	climatix_bacnet\/ip	Cross-site scripting (XSS) vulnerability in the integrated web server on the Siemens Climatix BACnet/IP communication module with firmware before 10.34 allows remote attackers to inject arbitrary web…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-4174	2016-12-8 03:11	2015-06-28	表示	GitHub Exploit DB Packet Storm

243307	7.2	HIGH	cisco	unified_computing_system	Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795.	CWE-78 OSコマンド・インジェクション	CVE-2015-4183	2016-12-8 03:11	2015-06-17	表示	GitHub Exploit DB Packet Storm

243308	6.8	MEDIUM	mozilla	firefox	Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free…	CWE-362 競合状態	CVE-2015-2706	2016-12-8 03:10	2015-04-27	表示	GitHub Exploit DB Packet Storm

243309	5.0	MEDIUM	retrospect	retrospect retrospect_client	Retrospect and Retrospect Client before 10.0.2.119 on Windows, before 12.0.2.116 on OS X, and before 10.0.2.104 on Linux improperly generate password hashes, which makes it easier for remote attacker…	CWE-255 証明書・パスワード管理	CVE-2015-2864	2016-12-8 03:10	2015-09-21	表示	GitHub Exploit DB Packet Storm

243310	6.8	MEDIUM	hp	arcsight_smartconnectors	HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted…	CWE-310 暗号の問題	CVE-2015-2902	2016-12-8 03:10	2015-11-4	表示	GitHub Exploit DB Packet Storm

243311	6.8	MEDIUM	hp	arcsight_smartconnectors	<a href="https://cwe.mitre.org/data/definitions/295.html">CWE-295: Improper Certificate Validation</a>	CWE-310 暗号の問題	CVE-2015-2902	2016-12-8 03:10	2015-11-4	表示	GitHub Exploit DB Packet Storm

243312	6.9	MEDIUM	hp	arcsight_smartconnectors	The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of thi…	NVD-CWE-Other	CVE-2015-2903	2016-12-8 03:10	2015-11-4	表示	GitHub Exploit DB Packet Storm

243313	6.9	MEDIUM	hp	arcsight_smartconnectors	<a href="http://cwe.mitre.org/data/definitions/798.html" target="_blank">CWE-798: Use of Hard-coded Credentials</a>	NVD-CWE-Other	CVE-2015-2903	2016-12-8 03:10	2015-11-4	表示	GitHub Exploit DB Packet Storm

243314	3.3	LOW	networkmanager_project	networkmanager	The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit sett…	CWE-20 不適切な入力確認	CVE-2015-2924	2016-12-8 03:10	2015-11-17	表示	GitHub Exploit DB Packet Storm

243315	4.3	MEDIUM	mediawiki	mediawiki	Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script o…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-2931	2016-12-8 03:10	2015-04-13	表示	GitHub Exploit DB Packet Storm

243316	4.3	MEDIUM	mediawiki	mediawiki	Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-2932	2016-12-8 03:10	2015-04-13	表示	GitHub Exploit DB Packet Storm

243317	4.3	MEDIUM	mediawiki	mediawiki	Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-2933	2016-12-8 03:10	2015-04-13	表示	GitHub Exploit DB Packet Storm

243318	4.3	MEDIUM	mediawiki	mediawiki	MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote attackers to…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-2934	2016-12-8 03:10	2015-04-13	表示	GitHub Exploit DB Packet Storm

243319	5.0	MEDIUM	mediawiki	mediawiki	MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style el…	CWE-200 情報漏えい	CVE-2015-2935	2016-12-8 03:10	2015-04-13	表示	GitHub Exploit DB Packet Storm

243320	7.1	HIGH	mediawiki	mediawiki	MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to cause a denial of service (CPU consumption) via a long password.	CWE-399 リソース管理の問題	CVE-2015-2936	2016-12-8 03:10	2015-04-13	表示	GitHub Exploit DB Packet Storm

243321	7.5	HIGH	fedoraproject clamav	fedora clamav	ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."	CWE-119 バッファエラー	CVE-2015-1461	2016-12-8 03:09	2015-02-4	表示	GitHub Exploit DB Packet Storm

243322	7.5	HIGH	fedoraproject clamav	fedora clamav	ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."	CWE-119 バッファエラー	CVE-2015-1462	2016-12-8 03:09	2015-02-4	表示	GitHub Exploit DB Packet Storm

243323	5.0	MEDIUM	clamav fedoraproject	clamav fedora	ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."	CWE-17 コード	CVE-2015-1463	2016-12-8 03:09	2015-02-4	表示	GitHub Exploit DB Packet Storm

243324	6.8	MEDIUM ネットワーク	ibm	rational_quality_manager rational_rhapsody_design_manager rational_requirements_composer rational_engineering_lifecycle_manager rational_doors_next_generation rational_collaborative_li…	Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (R…	CWE-20 不適切な入力確認	CVE-2015-1928	2016-12-8 03:09	2016-01-3	表示	GitHub Exploit DB Packet Storm

243325	3.5	LOW	ibm	tivoli_common_reporting	Cross-site scripting (XSS) vulnerability in IBM Tivoli Common Reporting (TCR) 2.1 before IF13 and 2.1.1 before IF21, and TCR 3.1.x as used in Cognos Business Intelligence before 10.2 IF0015 and other…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-1969	2016-12-8 03:09	2015-10-4	表示	GitHub Exploit DB Packet Storm

243326	4.3	MEDIUM	ibm	websphere_application_server	CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.8 allows remote attackers to inject arbitra…	NVD-CWE-Other	CVE-2015-2017	2016-12-8 03:09	2015-11-9	表示	GitHub Exploit DB Packet Storm

243327	4.3	MEDIUM	ibm	websphere_application_server	<a href="http://cwe.mitre.org/data/definitions/113.html">CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')</a>	NVD-CWE-Other	CVE-2015-2017	2016-12-8 03:09	2015-11-9	表示	GitHub Exploit DB Packet Storm

243328	5.0	MEDIUM	debian mahara	debian_linux mahara	The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of…	CWE-287 CWE-16 CWE-284 不適切な認証環境設定不適切なアクセス制御	CVE-2012-2351	2016-12-8 02:43	2012-07-13	表示	GitHub Exploit DB Packet Storm

243329	5.4	MEDIUM	cisco	ios	The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device c…	CWE-284 CWE-20 不適切なアクセス制御不適切な入力確認	CVE-2011-4016	2016-12-8 02:36	2012-05-2	表示	GitHub Exploit DB Packet Storm

243330	10.0	HIGH	apache oracle	struts flexcube_private_banking mysql_enterprise_monitor webcenter_sites	Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.	NVD-CWE-noinfo CWE-16 CWE-284 環境設定不適切なアクセス制御	CVE-2013-4316	2016-12-8 02:34	2013-10-1	表示	GitHub Exploit DB Packet Storm

243331	5.0	MEDIUM	oracle mozilla	solaris firefox	The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute a…	CWE-264 認可・権限・アクセス制御	CVE-2015-0798	2016-12-7 22:36	2015-04-8	表示	GitHub Exploit DB Packet Storm

243332	7.2	HIGH	sun	sunos	Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via vectors related to CDE - Power Management Utility.	NVD-CWE-noinfo	CVE-2014-6521	2016-12-7 20:22	2015-01-21	表示	GitHub Exploit DB Packet Storm

243333	4.3	MEDIUM	mozilla	firefox	Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements assoc…	CWE-20 不適切な入力確認	CVE-2015-0810	2016-12-7 12:02	2015-04-1	表示	GitHub Exploit DB Packet Storm

243334	7.5	HIGH	mozilla	firefox	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe…	NVD-CWE-noinfo	CVE-2015-0814	2016-12-7 12:02	2015-04-1	表示	GitHub Exploit DB Packet Storm

243335	7.2	HIGH	sun	sunos	Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management Utility.	NVD-CWE-noinfo	CVE-2014-6510	2016-12-7 12:01	2015-01-21	表示	GitHub Exploit DB Packet Storm

243336	6.6	MEDIUM	sun	sunos	Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS).	NVD-CWE-noinfo	CVE-2014-6518	2016-12-7 12:01	2015-01-21	表示	GitHub Exploit DB Packet Storm

243337	4.9	MEDIUM	sun	sunos	Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6600 and CVE-2015-0397.	NVD-CWE-noinfo	CVE-2014-6570	2016-12-7 12:01	2015-01-22	表示	GitHub Exploit DB Packet Storm

243338	5.0	MEDIUM	sun	sunos	Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Network, a different vulnerability than CVE-2004-0230.	NVD-CWE-noinfo	CVE-2014-6575	2016-12-7 12:01	2015-01-22	表示	GitHub Exploit DB Packet Storm

243339	4.9	MEDIUM	sun	sunos	Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2015-0397.	NVD-CWE-noinfo	CVE-2014-6600	2016-12-7 12:01	2015-01-22	表示	GitHub Exploit DB Packet Storm

243340	7.2	HIGH	kde	plasma-desktop kde-workspace	The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument.	CWE-264 認可・権限・アクセス制御	CVE-2014-8651	2016-12-7 12:01	2014-12-7	表示	GitHub Exploit DB Packet Storm

243341	4.0	MEDIUM	redhat openstack	openstack image_registry_and_delivery_service_\(glance\)	OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image i…	CWE-399 リソース管理の問題	CVE-2014-9623	2016-12-7 12:01	2015-01-24	表示	GitHub Exploit DB Packet Storm

243342	9.0	HIGH	oracle	oracle_and_sun_systems_product_suite	Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows remote authenticated users to affect confidentiality, integrity, and availability vi…	NVD-CWE-noinfo	CVE-2014-4259	2016-12-7 12:00	2015-01-21	表示	GitHub Exploit DB Packet Storm

243343	4.3	MEDIUM	emc	documentum_wdk	Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4635	2016-12-7 12:00	2015-01-7	表示	GitHub Exploit DB Packet Storm

243344	6.8	MEDIUM	emc	documentum_wdk	Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perfor…	CWE-352 同一生成元ポリシー違反	CVE-2014-4636	2016-12-7 12:00	2015-01-7	表示	GitHub Exploit DB Packet Storm

243345	6.4	MEDIUM	emc	documentum_wdk	Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified par…	NVD-CWE-Other	CVE-2014-4637	2016-12-7 12:00	2015-01-7	表示	GitHub Exploit DB Packet Storm

243346	6.4	MEDIUM	emc	documentum_wdk	<a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>	NVD-CWE-Other	CVE-2014-4637	2016-12-7 12:00	2015-01-7	表示	GitHub Exploit DB Packet Storm

243347	5.0	MEDIUM	emc	documentum_wdk	EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors.	CWE-200 情報漏えい	CVE-2014-4638	2016-12-7 12:00	2015-01-7	表示	GitHub Exploit DB Packet Storm

243348	9.3	HIGH	malwarebytes	malwarebytes_anti-exploit malwarebytes_anti-malware	The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute …	CWE-345 データの信頼性についての不十分な検証	CVE-2014-4936	2016-12-7 12:00	2014-12-17	表示	GitHub Exploit DB Packet Storm

243349	6.5	MEDIUM	oracle	oracle_and_sun_systems_product_suite	Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vecto…	NVD-CWE-noinfo	CVE-2014-6480	2016-12-7 12:00	2015-01-21	表示	GitHub Exploit DB Packet Storm

243350	4.3	MEDIUM	sun	sunos	Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect confidentiality via vectors related to KSSL.	NVD-CWE-noinfo	CVE-2014-6481	2016-12-7 12:00	2015-01-21	表示	GitHub Exploit DB Packet Storm