NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年10月6日20:10

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
243451 3.5 LOW
node_access_product_project node_access_product Cross-site scripting (XSS) vulnerability in the Node Access Product module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-3386 2016-12-6 12:00 2015-04-22 表示 GitHub Exploit DB Packet Storm
243452 3.5 LOW
taxonomy_tools_project taxonomy_tools Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Tools module before 7.x-1.4 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via a (1) node or (2… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-3387 2016-12-6 12:00 2015-04-22 表示 GitHub Exploit DB Packet Storm
243453 5.8 MEDIUM
balanced commerce_balanced_payments Cross-site request forgery (CSRF) vulnerability in the Commerce Balanced Payments module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete th… CWE-352
同一生成元ポリシー違反 		CVE-2015-3388 2016-12-6 12:00 2015-04-22 表示 GitHub Exploit DB Packet Storm
243454 4.3 MEDIUM
yiiframework yiiframework Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-3397 2016-12-6 12:00 2015-05-14 表示 GitHub Exploit DB Packet Storm
243455 4.0 MEDIUM
certify_project certify The Certify module before 6.x-2.3 for Drupal does not properly perform node access checks, which allows remote authenticated users to bypass intended access restrictions and obtain sensitive PDF cert… CWE-200
情報漏えい 		CVE-2015-3404 2016-12-6 12:00 2015-04-23 表示 GitHub Exploit DB Packet Storm
243456 7.5 HIGH
quassel-irc
debian 		quassel
debian_linux 		Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash… CWE-89
SQLインジェクション 		CVE-2015-3427 2016-12-6 12:00 2015-05-14 表示 GitHub Exploit DB Packet Storm
243457 10.0 HIGH
samsung samsung_security_manager Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request. CWE-264
認可・権限・アクセス制御 		CVE-2015-3435 2016-12-6 12:00 2015-05-2 表示 GitHub Exploit DB Packet Storm
243458 6.6 MEDIUM
zarafa zarafa_collaboration_platform provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-loc… CWE-59
リンク解釈の問題 		CVE-2015-3436 2016-12-6 12:00 2015-06-9 表示 GitHub Exploit DB Packet Storm
243459 4.3 MEDIUM
wordpress
debian 		wordpress
debian_linux 		Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a (1) four-byt… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-3438 2016-12-6 12:00 2015-08-5 表示 GitHub Exploit DB Packet Storm
243460 4.0 MEDIUM
ローカル 		ibm websphere_mq The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore … CWE-255
CWE-200
証明書・パスワード管理
情報漏えい 		CVE-2015-2012 2016-12-6 11:59 2016-02-9 表示 GitHub Exploit DB Packet Storm
243461 5.0 MEDIUM
lenovo thinkserver_system_manager_baseboard_management_controller_firmware The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of serv… CWE-20
不適切な入力確認 		CVE-2015-3323 2016-12-6 11:59 2015-04-17 表示 GitHub Exploit DB Packet Storm
243462 4.3 MEDIUM
lenovo thinkserver_system_manager_baseboard_management_controller_firmware The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "… CWE-310
暗号の問題 		CVE-2015-3324 2016-12-6 11:59 2015-04-17 表示 GitHub Exploit DB Packet Storm
243463 6.4 MEDIUM
pocoproject poco_c\+\+_libraries The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are r… CWE-310
暗号の問題 		CVE-2014-0350 2016-12-6 11:59 2014-04-26 表示 GitHub Exploit DB Packet Storm
243464 7.2 HIGH
comodo geekbuddy Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC server, which allows local users to gain privileges by connecting to the server. CWE-264
認可・権限・アクセス制御 		CVE-2014-7872 2016-12-6 11:59 2015-06-9 表示 GitHub Exploit DB Packet Storm
243465 5.0 MEDIUM
ecryptfs ecryptfs-utils eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack. CWE-255
証明書・パスワード管理 		CVE-2014-9687 2016-12-6 11:59 2015-03-16 表示 GitHub Exploit DB Packet Storm
243466 6.8 MEDIUM
novell apache_http_server
netware 		Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified … NVD-CWE-Other
CVE-2006-6675 2016-12-6 11:59 2006-12-21 表示 GitHub Exploit DB Packet Storm
243467 5.4 MEDIUM
ネットワーク 		oracle peoplesoft_enterprise_peopletools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integri… NVD-CWE-noinfo
CVE-2016-3442 2016-12-3 12:27 2016-04-21 表示 GitHub Exploit DB Packet Storm
243468 6.9 MEDIUM
ネットワーク 		oracle applications_framework Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity … NVD-CWE-noinfo
CVE-2016-3447 2016-12-3 12:27 2016-04-21 表示 GitHub Exploit DB Packet Storm
243469 9.0 CRITICAL
ネットワーク 		oracle database Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknow… NVD-CWE-noinfo
CVE-2016-3454 2016-12-3 12:27 2016-04-21 表示 GitHub Exploit DB Packet Storm
243470 8.6 HIGH
ネットワーク 		oracle outside_in_technology Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availabil… NVD-CWE-noinfo
CVE-2016-3455 2016-12-3 12:27 2016-04-21 表示 GitHub Exploit DB Packet Storm
243471 4.6 MEDIUM
ネットワーク 		oracle peoplesoft_enterprise_human_capital_management_eperformance Unspecified vulnerability in the PeopleSoft Enterprise HCM ePerformance component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vecto… NVD-CWE-noinfo
CVE-2016-3457 2016-12-3 12:27 2016-04-21 表示 GitHub Exploit DB Packet Storm
243472 5.4 MEDIUM
ネットワーク 		oracle peoplesoft_enterprise_human_capital_management_eperformance Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to… NVD-CWE-noinfo
CVE-2016-3460 2016-12-3 12:27 2016-04-21 表示 GitHub Exploit DB Packet Storm
243473 5.5 MEDIUM
ローカル 		oracle solaris Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Network Configuration Service. NVD-CWE-noinfo
CVE-2016-3462 2016-12-3 12:27 2016-04-21 表示 GitHub Exploit DB Packet Storm
243474 6.1 MEDIUM
ネットワーク 		oracle flexcube_direct_banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.3 allows remote attackers to affect confidentiality and integrity via vectors rela… NVD-CWE-noinfo
CVE-2016-3463 2016-12-3 12:27 2016-04-21 表示 GitHub Exploit DB Packet Storm
243475 5.7 MEDIUM
ネットワーク 		oracle flexcube_direct_banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.3 allows remote authenticated users to affect confidentiality via vectors related … NVD-CWE-noinfo
CVE-2016-3464 2016-12-3 12:27 2016-04-21 表示 GitHub Exploit DB Packet Storm
243476 9.1 CRITICAL
ネットワーク 		oracle field_service Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors relat… NVD-CWE-noinfo
CVE-2016-3466 2016-12-3 12:27 2016-04-21 表示 GitHub Exploit DB Packet Storm
243477 8.8 HIGH
ローカル 		xen
fedoraproject
oracle 		xen
fedora
vm_server 		Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. CWE-264
NVD-CWE-Other
認可・権限・アクセス制御 		CVE-2016-3960 2016-12-3 12:27 2016-04-19 表示 GitHub Exploit DB Packet Storm
243478 8.8 HIGH
ローカル 		xen
fedoraproject
oracle 		xen
fedora
vm_server 		<a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a> CWE-264
NVD-CWE-Other
認可・権限・アクセス制御 		CVE-2016-3960 2016-12-3 12:27 2016-04-19 表示 GitHub Exploit DB Packet Storm
243479 4.9 MEDIUM
ネットワーク 		dell openmanage_server_administrator Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file param… CWE-22
パス・トラバーサル 		CVE-2016-4004 2016-12-3 12:27 2016-04-13 表示 GitHub Exploit DB Packet Storm
243480 5.9 MEDIUM
ネットワーク 		wireshark wireshark Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (… CWE-119
バッファエラー 		CVE-2016-4417 2016-12-3 12:27 2016-05-1 表示 GitHub Exploit DB Packet Storm
243481 5.9 MEDIUM
ネットワーク 		wireshark wireshark epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application … CWE-119
バッファエラー 		CVE-2016-4418 2016-12-3 12:27 2016-05-1 表示 GitHub Exploit DB Packet Storm
243482 5.9 MEDIUM
ネットワーク 		wireshark wireshark epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption… CWE-20
不適切な入力確認 		CVE-2016-4421 2016-12-3 12:27 2016-05-1 表示 GitHub Exploit DB Packet Storm
243483 5.3 MEDIUM
ネットワーク 		ibm sterling_b2b_integrator IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. CWE-255
証明書・パスワード管理 		CVE-2016-5890 2016-12-3 12:27 2016-11-30 表示 GitHub Exploit DB Packet Storm
243484 8.6 HIGH
ネットワーク 		s9y serendipity In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code. CWE-918
サーバサイドリクエストフォージェリ 		CVE-2016-9752 2016-12-3 12:27 2016-12-1 表示 GitHub Exploit DB Packet Storm
243485 6.5 MEDIUM
ネットワーク 		siemens simatic_s7_cpu_1200_firmware Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program block" protection mechanism via unspecified vectors. CWE-254
セキュリティ機能 		CVE-2016-2846 2016-12-3 12:26 2016-03-16 表示 GitHub Exploit DB Packet Storm
243486 8.1 HIGH
ネットワーク 		ibm ims_enterprise_suite IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. CWE-200
CWE-284
情報漏えい
不適切なアクセス制御 		CVE-2016-2887 2016-12-3 12:26 2016-12-1 表示 GitHub Exploit DB Packet Storm
243487 5.3 MEDIUM
ネットワーク 		ibm bigfix_remote_control Multiple unspecified vulnerabilities in IBM BigFix Remote Control before 9.1.3 allow remote attackers to obtain sensitive information via unknown vectors. CWE-200
情報漏えい 		CVE-2016-2940 2016-12-3 12:26 2016-11-30 表示 GitHub Exploit DB Packet Storm
243488 1.9 LOW
ローカル 		ibm bigfix_remote_control IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by leveraging unspecified privileges to read a log file. CWE-532
ログファイルからの情報漏えい 		CVE-2016-2943 2016-12-3 12:26 2016-11-30 表示 GitHub Exploit DB Packet Storm
243489 9.8 CRITICAL
ネットワーク 		ibm bigfix_remote_control IBM BigFix Remote Control before 9.1.3 does not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. CWE-287
不適切な認証 		CVE-2016-2944 2016-12-3 12:26 2016-11-30 表示 GitHub Exploit DB Packet Storm
243490 7.8 HIGH
ローカル 		ibm bigfix_remote_control IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors. CWE-798
ハードコードされた認証情報の使用 		CVE-2016-2948 2016-12-3 12:26 2016-11-30 表示 GitHub Exploit DB Packet Storm
243491 3.3 LOW
ローカル 		ibm bigfix_remote_control IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session. CWE-200
情報漏えい 		CVE-2016-2949 2016-12-3 12:26 2016-11-30 表示 GitHub Exploit DB Packet Storm
243492 6.5 MEDIUM
ネットワーク 		ibm bigfix_remote_control SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. CWE-89
SQLインジェクション 		CVE-2016-2950 2016-12-3 12:26 2016-11-30 表示 GitHub Exploit DB Packet Storm
243493 3.7 LOW
ネットワーク 		ibm bigfix_remote_control IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the … CWE-310
暗号の問題 		CVE-2016-2951 2016-12-3 12:26 2016-11-30 表示 GitHub Exploit DB Packet Storm
243494 3.7 LOW
ネットワーク 		ibm bigfix_remote_control IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP. CWE-200
情報漏えい 		CVE-2016-2952 2016-12-3 12:26 2016-11-30 表示 GitHub Exploit DB Packet Storm
243495 8.8 HIGH
ネットワーク 		ibm bigfix_remote_control Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequence… CWE-352
同一生成元ポリシー違反 		CVE-2016-2963 2016-12-3 12:26 2016-11-30 表示 GitHub Exploit DB Packet Storm
243496 6.4 MEDIUM
ネットワーク 		dropbear_ssh_project dropbear_ssh CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data. NVD-CWE-Other
CVE-2016-3116 2016-12-3 12:26 2016-03-22 表示 GitHub Exploit DB Packet Storm
243497 6.4 MEDIUM
ネットワーク 		dropbear_ssh_project dropbear_ssh <a href="https://cwe.mitre.org/data/definitions/93.html">CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a> NVD-CWE-Other
CVE-2016-3116 2016-12-3 12:26 2016-03-22 表示 GitHub Exploit DB Packet Storm
243498 6.1 MEDIUM
ネットワーク 		blackberry enterprise_server Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-3126 2016-12-3 12:26 2016-04-23 表示 GitHub Exploit DB Packet Storm
243499 5.4 MEDIUM
ネットワーク 		fourkitchens
fedoraproject 		block_class
fedora 		Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitra… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-3144 2016-12-3 12:26 2016-04-16 表示 GitHub Exploit DB Packet Storm
243500 3.4 LOW
ローカル 		siemens apogee_insight Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors. CWE-200
情報漏えい 		CVE-2016-3155 2016-12-3 12:26 2016-03-18 表示 GitHub Exploit DB Packet Storm