NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年10月7日5:11

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
243401 8.8 HIGH
ネットワーク 		mozilla firefox Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site tha… CWE-264
認可・権限・アクセス制御 		CVE-2016-1949 2016-12-6 12:07 2016-02-13 表示 GitHub Exploit DB Packet Storm
243402 7.5 HIGH
ネットワーク 		privoxy privoxy The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content. CWE-20
不適切な入力確認 		CVE-2016-1982 2016-12-6 12:07 2016-01-28 表示 GitHub Exploit DB Packet Storm
243403 7.5 HIGH
ネットワーク 		privoxy privoxy The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header. CWE-20
不適切な入力確認 		CVE-2016-1983 2016-12-6 12:07 2016-01-28 表示 GitHub Exploit DB Packet Storm
243404 9.8 CRITICAL
ネットワーク 		harman amx_firmware The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access v… CWE-255
証明書・パスワード管理 		CVE-2016-1984 2016-12-6 12:07 2016-01-22 表示 GitHub Exploit DB Packet Storm
243405 5.9 MEDIUM
ネットワーク 		hp hp-ux_ipfilter HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets. CWE-20
不適切な入力確認 		CVE-2016-1987 2016-12-6 12:07 2016-02-19 表示 GitHub Exploit DB Packet Storm
243406 6.5 MEDIUM
ネットワーク 		gnu
debian 		cpio
debian_linux 		The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file. CWE-119
バッファエラー 		CVE-2016-2037 2016-12-6 12:07 2016-02-23 表示 GitHub Exploit DB Packet Storm
243407 5.3 MEDIUM
ネットワーク 		adobe connect Adobe Connect before 9.5.2 allows remote attackers to spoof the user interface via unspecified vectors. CWE-254
CWE-20
セキュリティ機能
不適切な入力確認 		CVE-2016-0950 2016-12-6 12:06 2016-02-11 表示 GitHub Exploit DB Packet Storm
243408 8.8 HIGH
ネットワーク 		cisco application_control_engine_software The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with … CWE-78
OSコマンド・インジェクション 		CVE-2016-1297 2016-12-6 12:06 2016-02-26 表示 GitHub Exploit DB Packet Storm
243409 8.8 HIGH
ネットワーク 		cisco prime_security_manager
asa_cx_context-aware_security_software 		The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to c… CWE-284
不適切なアクセス制御 		CVE-2016-1301 2016-12-6 12:06 2016-02-7 表示 GitHub Exploit DB Packet Storm
243410 8.8 HIGH
ネットワーク 		cisco application_policy_infrastructure_controller
nx-os 		Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11… CWE-284
不適切なアクセス制御 		CVE-2016-1302 2016-12-6 12:06 2016-02-7 表示 GitHub Exploit DB Packet Storm
243411 6.1 MEDIUM
ネットワーク 		cisco unity_connection Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-1304 2016-12-6 12:06 2016-01-30 表示 GitHub Exploit DB Packet Storm
243412 6.1 MEDIUM
ネットワーク 		cisco application_policy_infrastructure_controller_enterprise_module Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vecto… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-1305 2016-12-6 12:06 2016-02-7 表示 GitHub Exploit DB Packet Storm
243413 5.4 MEDIUM
ネットワーク 		cisco finesse
unified_contact_center_express 		The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an… CWE-287
CWE-255
不適切な認証
証明書・パスワード管理 		CVE-2016-1307 2016-12-6 12:06 2016-02-7 表示 GitHub Exploit DB Packet Storm
243414 6.5 MEDIUM
ネットワーク 		cisco unified_communications_manager SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227. CWE-89
SQLインジェクション 		CVE-2016-1308 2016-12-6 12:06 2016-02-7 表示 GitHub Exploit DB Packet Storm
243415 6.1 MEDIUM
ネットワーク 		cisco webex_meetings_server Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy01… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-1309 2016-12-6 12:06 2016-02-7 表示 GitHub Exploit DB Packet Storm
243416 6.1 MEDIUM
ネットワーク 		cisco unity_connection Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy09033. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-1310 2016-12-6 12:06 2016-02-6 表示 GitHub Exploit DB Packet Storm
243417 6.1 MEDIUM
ネットワーク 		cisco jabber_guest Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, ak… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-1311 2016-12-6 12:06 2016-02-6 表示 GitHub Exploit DB Packet Storm
243418 5.3 MEDIUM
ネットワーク 		cisco telepresence_video_communication_server_software Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct r… CWE-200
情報漏えい 		CVE-2016-1316 2016-12-6 12:06 2016-02-9 表示 GitHub Exploit DB Packet Storm
243419 4.3 MEDIUM
ネットワーク 		cisco unified_communications_manager Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL… CWE-200
情報漏えい 		CVE-2016-1317 2016-12-6 12:06 2016-02-9 表示 GitHub Exploit DB Packet Storm
243420 6.1 MEDIUM
ネットワーク 		cisco application_policy_infrastructure_controller_enterprise_module Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via craft… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-1318 2016-12-6 12:06 2016-02-9 表示 GitHub Exploit DB Packet Storm
243421 5.3 MEDIUM
ネットワーク 		cisco unified_communications_manager_im_and_presence_service
unified_contact_center_express
unified_communications_manager
unity_connection 		Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified C… CWE-200
情報漏えい 		CVE-2016-1319 2016-12-6 12:06 2016-02-9 表示 GitHub Exploit DB Packet Storm
243422 5.8 MEDIUM
ネットワーク 		cisco universal_small_cell_firmware Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature a… CWE-200
情報漏えい 		CVE-2016-1321 2016-12-6 12:06 2016-02-16 表示 GitHub Exploit DB Packet Storm
243423 6.5 MEDIUM
隣接 		cisco ios Cisco IOS 15.2(4)E on Industrial Ethernet 2000 devices allows remote attackers to cause a denial of service (device reload) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuy27746. CWE-399
リソース管理の問題 		CVE-2016-1330 2016-12-6 12:06 2016-02-16 表示 GitHub Exploit DB Packet Storm
243424 6.1 MEDIUM
ネットワーク 		cisco emergency_responder Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 11.5(0.99833.5) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID C… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-1331 2016-12-6 12:06 2016-02-16 表示 GitHub Exploit DB Packet Storm
243425 6.5 MEDIUM
ネットワーク 		cisco ios Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid routers allows remote authenticated users to cause a denial of service (device reload) via an SNMP request for unspecified BRIDGE MIB OI… CWE-399
リソース管理の問題 		CVE-2016-1333 2016-12-6 12:06 2016-02-18 表示 GitHub Exploit DB Packet Storm
243426 5.3 MEDIUM
ネットワーク 		cisco small_business_wireless_access_points_firmware Cisco Small Business 500 Wireless Access Point devices with firmware 1.0.4.4 allow remote attackers to set the system time via a crafted POST request, aka Bug ID CSCuy01457. CWE-20
不適切な入力確認 		CVE-2016-1334 2016-12-6 12:06 2016-02-18 表示 GitHub Exploit DB Packet Storm
243427 9.8 CRITICAL
ネットワーク 		cisco nx-os Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID … CWE-255
CWE-264
証明書・パスワード管理
認可・権限・アクセス制御 		CVE-2016-1341 2016-12-6 12:06 2016-02-24 表示 GitHub Exploit DB Packet Storm
243428 6.8 MEDIUM
ローカル 		linux linux_kernel Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (… CWE-200
CWE-362
NVD-CWE-Other
情報漏えい
競合状態 		CVE-2016-0723 2016-12-6 12:05 2016-02-8 表示 GitHub Exploit DB Packet Storm
243429 6.8 MEDIUM
ローカル 		linux linux_kernel <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a> CWE-200
CWE-362
NVD-CWE-Other
情報漏えい
競合状態 		CVE-2016-0723 2016-12-6 12:05 2016-02-8 表示 GitHub Exploit DB Packet Storm
243430 5.3 MEDIUM
ネットワーク 		prosody prosody The generate_dialback function in the mod_dialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network… CWE-20
不適切な入力確認 		CVE-2016-0756 2016-12-6 12:05 2016-01-30 表示 GitHub Exploit DB Packet Storm
243431 7.5 HIGH
ネットワーク 		advantech webaccess Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request. CWE-119
バッファエラー 		CVE-2016-0860 2016-12-6 12:05 2016-01-15 表示 GitHub Exploit DB Packet Storm
243432 8.8 HIGH
ネットワーク 		adobe connect Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. CWE-352
同一生成元ポリシー違反 		CVE-2016-0948 2016-12-6 12:05 2016-02-11 表示 GitHub Exploit DB Packet Storm
243433 9.8 CRITICAL
ネットワーク 		adobe connect Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL. NVD-CWE-noinfo
CVE-2016-0949 2016-12-6 12:05 2016-02-11 表示 GitHub Exploit DB Packet Storm
243434 10.0 CRITICAL
ネットワーク 		radicale radicale The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name. CWE-20
不適切な入力確認 		CVE-2015-8747 2016-12-6 12:04 2016-02-4 表示 GitHub Exploit DB Packet Storm
243435 5.3 MEDIUM
ネットワーク 		radicale radicale Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*". CWE-264
認可・権限・アクセス制御 		CVE-2015-8748 2016-12-6 12:04 2016-02-4 表示 GitHub Exploit DB Packet Storm
243436 4.3 MEDIUM
dojotoolkit dojo Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-5654 2016-12-6 12:03 2015-10-11 表示 GitHub Exploit DB Packet Storm
243437 7.4 HIGH
ローカル 		rarlab winrar The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the u… CWE-264
認可・権限・アクセス制御 		CVE-2015-5663 2016-12-6 12:03 2015-12-30 表示 GitHub Exploit DB Packet Storm
243438 7.5 HIGH
ネットワーク 		cisco nx-os Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with … CWE-399
リソース管理の問題 		CVE-2015-6398 2016-12-6 12:03 2016-02-7 表示 GitHub Exploit DB Packet Storm
243439 5.3 MEDIUM
ネットワーク 		ibm integration_bus
websphere_message_broker 		IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the HTT… CWE-200
情報漏えい 		CVE-2015-7399 2016-12-6 12:03 2016-01-11 表示 GitHub Exploit DB Packet Storm
243440 7.5 HIGH
ネットワーク 		symantec encryption_management_server The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to obtain sensitive information about administrator accounts via a modified request. CWE-200
情報漏えい 		CVE-2015-8148 2016-12-6 12:03 2016-02-19 表示 GitHub Exploit DB Packet Storm
243441 7.5 HIGH
ネットワーク 		symantec encryption_management_server The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to cause a denial of service (heap memory corruption and service outage) via crafted request… CWE-119
バッファエラー 		CVE-2015-8149 2016-12-6 12:03 2016-02-19 表示 GitHub Exploit DB Packet Storm
243442 7.8 HIGH
ローカル 		symantec encryption_management_server Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file. CWE-264
認可・権限・アクセス制御 		CVE-2015-8150 2016-12-6 12:03 2016-02-19 表示 GitHub Exploit DB Packet Storm
243443 9.1 CRITICAL
ネットワーク 		symantec encryption_management_server Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access. CWE-78
OSコマンド・インジェクション 		CVE-2015-8151 2016-12-6 12:03 2016-02-19 表示 GitHub Exploit DB Packet Storm
243444 5.0 MEDIUM
debian
phpmailer_project 		debian_linux
phpmailer 		Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in clas… CWE-20
不適切な入力確認 		CVE-2015-8476 2016-12-6 12:03 2015-12-17 表示 GitHub Exploit DB Packet Storm
243445 10.0 HIGH
wavelink terminal_emulation Heap-based buffer overflow in the License Server (LicenseServer.exe) in Wavelink Terminal Emulation (TE) allows remote attackers to execute arbitrary code via a large HTTP header. CWE-119
バッファエラー 		CVE-2015-4059 2016-12-6 12:02 2015-05-30 表示 GitHub Exploit DB Packet Storm
243446 10.0 HIGH
wavelink connectpro Heap-based buffer overflow in the TermProxy (WLTermProxyService.exe) service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header. CWE-119
バッファエラー 		CVE-2015-4060 2016-12-6 12:02 2015-05-30 表示 GitHub Exploit DB Packet Storm
243447 10.0 HIGH
dell netvault_backup Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which trig… CWE-189
数値処理の問題 		CVE-2015-4067 2016-12-6 12:02 2015-05-30 表示 GitHub Exploit DB Packet Storm
243448 7.8 HIGH
arcserve arcserve_unified_data_protection The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolic… CWE-200
情報漏えい 		CVE-2015-4069 2016-12-6 12:02 2015-05-30 表示 GitHub Exploit DB Packet Storm
243449 3.5 LOW
arubanetworks clearpass_policy_manager Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified v… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-4132 2016-12-6 12:02 2015-05-28 表示 GitHub Exploit DB Packet Storm
243450 7.5 HIGH
milw0rm_project milw0rm_clone_script SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter. CWE-89
SQLインジェクション 		CVE-2015-4137 2016-12-6 12:02 2015-05-29 表示 GitHub Exploit DB Packet Storm