NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年10月6日20:10

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
243651 7.8 HIGH
ローカル 		ibm informix_dynamic_server The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local use… CWE-284
不適切なアクセス制御 		CVE-2016-0226 2016-12-3 12:16 2016-03-29 表示 GitHub Exploit DB Packet Storm
243652 5.4 MEDIUM
ネットワーク 		ibm business_process_manager Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-0227 2016-12-3 12:16 2016-03-4 表示 GitHub Exploit DB Packet Storm
243653 6.1 MEDIUM
ネットワーク 		ibm websphere_application_server Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-0283 2016-12-3 12:16 2016-03-20 表示 GitHub Exploit DB Packet Storm
243654 6.5 MEDIUM
ネットワーク 		oracle peoplesoft_enterprise_human_capital_management_human_resources Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via vectors related to Fusio… NVD-CWE-noinfo
CVE-2016-0407 2016-12-3 12:16 2016-04-21 表示 GitHub Exploit DB Packet Storm
243655 5.4 MEDIUM
ネットワーク 		oracle peoplesoft_enterprise_peopletools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 through 8.55 allows remote authenticated users to affect confidentiality and integrity … NVD-CWE-noinfo
CVE-2016-0408 2016-12-3 12:16 2016-04-21 表示 GitHub Exploit DB Packet Storm
243656 5.4 MEDIUM
ネットワーク 		oracle business_intelligence Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affe… NVD-CWE-noinfo
CVE-2016-0468 2016-12-3 12:16 2016-04-21 表示 GitHub Exploit DB Packet Storm
243657 5.5 MEDIUM
ローカル 		oracle micros_c2 Unspecified vulnerability in the Oracle Retail MICROS C2 component in Oracle Retail Applications 9.89.0.0 allows local users to affect confidentiality via vectors related to POS. NVD-CWE-noinfo
CVE-2016-0469 2016-12-3 12:16 2016-04-21 表示 GitHub Exploit DB Packet Storm
243658 6.1 MEDIUM
ネットワーク 		oracle business_intelligence Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confide… NVD-CWE-noinfo
CVE-2016-0479 2016-12-3 12:16 2016-04-21 表示 GitHub Exploit DB Packet Storm
243659 4.7 MEDIUM
ネットワーク 		oracle solaris Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect integrity via vectors related to the Automated Installer sub-component. NVD-CWE-noinfo
CVE-2016-0623 2016-12-3 12:16 2016-04-21 表示 GitHub Exploit DB Packet Storm
243660 5.5 MEDIUM
ローカル 		oracle mysql Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to DML. NVD-CWE-noinfo
CVE-2016-0652 2016-12-3 12:16 2016-04-21 表示 GitHub Exploit DB Packet Storm
243661 5.5 MEDIUM
ローカル 		oracle mysql Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to FTS. NVD-CWE-noinfo
CVE-2016-0653 2016-12-3 12:16 2016-04-21 表示 GitHub Exploit DB Packet Storm
243662 5.5 MEDIUM
ローカル 		oracle mysql Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB, a different vulnerability than CVE-2016-0656. NVD-CWE-noinfo
CVE-2016-0654 2016-12-3 12:16 2016-04-21 表示 GitHub Exploit DB Packet Storm
243663 5.5 MEDIUM
ローカル 		oracle mysql Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB, a different vulnerability than CVE-2016-0654. NVD-CWE-noinfo
CVE-2016-0656 2016-12-3 12:16 2016-04-21 表示 GitHub Exploit DB Packet Storm
243664 5.5 MEDIUM
ローカル 		oracle mysql Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect confidentiality via vectors related to JSON. NVD-CWE-noinfo
CVE-2016-0657 2016-12-3 12:16 2016-04-21 表示 GitHub Exploit DB Packet Storm
243665 5.5 MEDIUM
ローカル 		oracle mysql Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Optimizer. NVD-CWE-noinfo
CVE-2016-0658 2016-12-3 12:16 2016-04-21 表示 GitHub Exploit DB Packet Storm
243666 5.5 MEDIUM
ローカル 		oracle mysql Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Optimizer. NVD-CWE-noinfo
CVE-2016-0659 2016-12-3 12:16 2016-04-21 表示 GitHub Exploit DB Packet Storm
243667 5.5 MEDIUM
ローカル 		oracle mysql Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Partition. NVD-CWE-noinfo
CVE-2016-0662 2016-12-3 12:16 2016-04-21 表示 GitHub Exploit DB Packet Storm
243668 4.7 MEDIUM
ローカル 		oracle mysql Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Performance Schema. NVD-CWE-noinfo
CVE-2016-0663 2016-12-3 12:16 2016-04-21 表示 GitHub Exploit DB Packet Storm
243669 4.3 MEDIUM
ネットワーク 		matroska libebml The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML … CWE-200
情報漏えい 		CVE-2015-8791 2016-12-3 12:14 2016-01-30 表示 GitHub Exploit DB Packet Storm
243670 7.5 HIGH
solarwinds log_and_event_manager The command line management console (CMC) in SolarWinds Log and Event Manager (LEM) before 6.2.0 allows remote attackers to execute arbitrary code via unspecified vectors involving the ping feature. CWE-264
認可・権限・アクセス制御 		CVE-2015-7840 2016-12-3 12:13 2015-10-16 表示 GitHub Exploit DB Packet Storm
243671 8.1 HIGH
ネットワーク 		sauter moduweb_vision Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password. CWE-287
CWE-254
不適切な認証
セキュリティ機能 		CVE-2015-7914 2016-12-3 12:13 2016-02-6 表示 GitHub Exploit DB Packet Storm
243672 9.8 CRITICAL
ネットワーク 		sauter moduweb_vision Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. CWE-255
CWE-200
証明書・パスワード管理
情報漏えい 		CVE-2015-7915 2016-12-3 12:13 2016-02-6 表示 GitHub Exploit DB Packet Storm
243673 8.0 HIGH
ネットワーク 		symantec endpoint_protection_manager Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for… CWE-352
同一生成元ポリシー違反 		CVE-2015-8152 2016-12-3 12:13 2016-03-18 表示 GitHub Exploit DB Packet Storm
243674 8.8 HIGH
ネットワーク 		symantec endpoint_protection_manager SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. CWE-89
SQLインジェクション 		CVE-2015-8153 2016-12-3 12:13 2016-03-18 表示 GitHub Exploit DB Packet Storm
243675 8.8 HIGH
ネットワーク 		symantec endpoint_protection_manager The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code… CWE-264
認可・権限・アクセス制御 		CVE-2015-8154 2016-12-3 12:13 2016-03-18 表示 GitHub Exploit DB Packet Storm
243676 6.1 MEDIUM
ネットワーク 		ibm business_process_manager Cross-site scripting (XSS) vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote attackers to inj… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-8524 2016-12-3 12:13 2016-02-29 表示 GitHub Exploit DB Packet Storm
243677 8.8 HIGH
ネットワーク 		cacti cacti SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in… CWE-89
SQLインジェクション 		CVE-2015-8604 2016-12-3 12:13 2016-04-12 表示 GitHub Exploit DB Packet Storm
243678 9.3 HIGH
fortinet fortios FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated manag… CWE-287
不適切な認証 		CVE-2015-7361 2016-12-3 12:12 2015-10-16 表示 GitHub Exploit DB Packet Storm
243679 7.8 HIGH
ローカル 		fortinet forticlient Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable, allows local users to gain privileges via the helper/subroc set… CWE-264
認可・権限・アクセス制御 		CVE-2015-7362 2016-12-3 12:12 2016-01-9 表示 GitHub Exploit DB Packet Storm
243680 7.7 HIGH
ネットワーク 		ibm mashups_center The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an XML external entity declaration in conjunction with an… CWE-399
リソース管理の問題 		CVE-2015-7400 2016-12-3 12:12 2016-01-3 表示 GitHub Exploit DB Packet Storm
243681 7.7 HIGH
ネットワーク 		ibm mashups_center <a href="https://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a> CWE-399
リソース管理の問題 		CVE-2015-7400 2016-12-3 12:12 2016-01-3 表示 GitHub Exploit DB Packet Storm
243682 9.9 CRITICAL
ネットワーク 		ibm tivoli_monitoring The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors. CWE-264
認可・権限・アクセス制御 		CVE-2015-7411 2016-12-3 12:12 2016-03-12 表示 GitHub Exploit DB Packet Storm
243683 4.3 MEDIUM
ネットワーク 		ibm websphere_process_server
business_process_manager 		Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5… CWE-264
認可・権限・アクセス制御 		CVE-2015-7454 2016-12-3 12:12 2016-03-21 表示 GitHub Exploit DB Packet Storm
243684 7.2 HIGH
ネットワーク 		ibm websphere_portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injec… NVD-CWE-Other
CVE-2015-7472 2016-12-3 12:12 2016-02-15 表示 GitHub Exploit DB Packet Storm
243685 7.2 HIGH
ネットワーク 		ibm websphere_portal CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') - https://cwe.mitre.org/data/definitions/90.html NVD-CWE-Other
CVE-2015-7472 2016-12-3 12:12 2016-02-15 表示 GitHub Exploit DB Packet Storm
243686 5.9 MEDIUM
ネットワーク 		samba
canonical 		samba
ubuntu_linux 		Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a… NVD-CWE-noinfo
CVE-2015-5370 2016-12-3 12:11 2016-04-25 表示 GitHub Exploit DB Packet Storm
243687 7.5 HIGH
ネットワーク 		cisco nx-os Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) vi… CWE-20
不適切な入力確認 		CVE-2015-6260 2016-12-3 12:11 2016-03-4 表示 GitHub Exploit DB Packet Storm
243688 7.5 HIGH
ネットワーク 		cisco telepresence_server_software Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device… CWE-119
バッファエラー 		CVE-2015-6312 2016-12-3 12:11 2016-04-7 表示 GitHub Exploit DB Packet Storm
243689 7.5 HIGH
ネットワーク 		cisco telepresence_server_software Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cau… CWE-399
リソース管理の問題 		CVE-2015-6313 2016-12-3 12:11 2016-04-7 表示 GitHub Exploit DB Packet Storm
243690 4.0 MEDIUM
drupal
debian 		drupal
debian_linux 		The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache. CWE-200
情報漏えい 		CVE-2015-3231 2016-12-3 12:09 2015-06-23 表示 GitHub Exploit DB Packet Storm
243691 5.8 MEDIUM
drupal
debian 		drupal
debian_linux 		Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination… NVD-CWE-Other
CVE-2015-3232 2016-12-3 12:09 2015-06-23 表示 GitHub Exploit DB Packet Storm
243692 5.8 MEDIUM
drupal
debian 		drupal
debian_linux 		<a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a> NVD-CWE-Other
CVE-2015-3232 2016-12-3 12:09 2015-06-23 表示 GitHub Exploit DB Packet Storm
243693 5.8 MEDIUM
drupal drupal Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. NVD-CWE-Other
CVE-2015-3233 2016-12-3 12:09 2015-06-23 表示 GitHub Exploit DB Packet Storm
243694 5.8 MEDIUM
drupal drupal <a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a> NVD-CWE-Other
CVE-2015-3233 2016-12-3 12:09 2015-06-23 表示 GitHub Exploit DB Packet Storm
243695 4.3 MEDIUM
drupal
debian 		drupal
debian_linux 		The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by t… CWE-20
不適切な入力確認 		CVE-2015-3234 2016-12-3 12:09 2015-06-23 表示 GitHub Exploit DB Packet Storm
243696 4.3 MEDIUM
redhat jboss_operations_network Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-3267 2016-12-3 12:09 2015-08-11 表示 GitHub Exploit DB Packet Storm
243697 4.0 MEDIUM
openstack glance OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleti… CWE-399
リソース管理の問題 		CVE-2015-3289 2016-12-3 12:09 2015-08-15 表示 GitHub Exploit DB Packet Storm
243698 10.0 HIGH
netapp oncommand_workflow_automation The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary c… CWE-17
コード 		CVE-2015-3292 2016-12-3 12:09 2015-06-1 表示 GitHub Exploit DB Packet Storm
243699 4.3 MEDIUM
fortinet fortios Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary w… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-3626 2016-12-3 12:09 2015-08-11 表示 GitHub Exploit DB Packet Storm
243700 6.8 MEDIUM
synametrics xeams Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for reque… CWE-352
同一生成元ポリシー違反 		CVE-2015-3141 2016-12-3 12:08 2015-05-21 表示 GitHub Exploit DB Packet Storm