NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年10月6日12:02

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
243801 4.3 MEDIUM
djangoproject django Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-2241 2016-12-3 12:04 2015-03-12 表示 GitHub Exploit DB Packet Storm
243802 6.5 MEDIUM
yoast wordpress_seo Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remo… CWE-89
SQLインジェクション 		CVE-2015-2292 2016-12-3 12:04 2015-03-18 表示 GitHub Exploit DB Packet Storm
243803 6.8 MEDIUM
sensiolabs symfony Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP … CWE-94
コード・インジェクション 		CVE-2015-2308 2016-12-3 12:04 2015-06-24 表示 GitHub Exploit DB Packet Storm
243804 6.4 MEDIUM
fortinet fortios FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle att… CWE-310
暗号の問題 		CVE-2015-2323 2016-12-3 12:04 2015-08-11 表示 GitHub Exploit DB Packet Storm
243805 4.3 MEDIUM
mybb mybb Cross-site scripting (XSS) vulnerability in member.php in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-2332 2016-12-3 12:04 2015-03-18 表示 GitHub Exploit DB Packet Storm
243806 4.3 MEDIUM
mybb mybb Cross-site scripting (XSS) vulnerability in the MyCode editor in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-2333 2016-12-3 12:04 2015-03-18 表示 GitHub Exploit DB Packet Storm
243807 6.8 MEDIUM
mybb mybb Cross-site request forgery (CSRF) vulnerability in the Admin Control Panel (ACP) login in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to hijack the authentication of unspecified v… CWE-352
同一生成元ポリシー違反 		CVE-2015-2334 2016-12-3 12:04 2015-03-18 表示 GitHub Exploit DB Packet Storm
243808 5.0 MEDIUM
mybb mybb A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to obtain the installation path via unknown vectors. CWE-200
情報漏えい 		CVE-2015-2335 2016-12-3 12:04 2015-03-18 表示 GitHub Exploit DB Packet Storm
243809 2.1 LOW
apple safari The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensi… CWE-200
情報漏えい 		CVE-2015-1127 2016-12-3 12:03 2015-04-10 表示 GitHub Exploit DB Packet Storm
243810 6.8 MEDIUM
apple iphone_os
itunes
safari 		WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application… NVD-CWE-noinfo
CVE-2015-1152 2016-12-3 12:03 2015-05-8 表示 GitHub Exploit DB Packet Storm
243811 6.8 MEDIUM
apple itunes
safari
iphone_os 		WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application… NVD-CWE-noinfo
CVE-2015-1153 2016-12-3 12:03 2015-05-8 表示 GitHub Exploit DB Packet Storm
243812 5.0 MEDIUM
zlib pigz Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. CWE-22
パス・トラバーサル 		CVE-2015-1191 2016-12-3 12:03 2015-01-22 表示 GitHub Exploit DB Packet Storm
243813 3.7 LOW
ibm rational_requirements_composer
rational_doors_next_generation 		IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with W… NVD-CWE-Other
CVE-2015-0121 2016-12-3 12:02 2015-05-31 表示 GitHub Exploit DB Packet Storm
243814 3.7 LOW
ibm rational_requirements_composer
rational_doors_next_generation 		<a href="https://cwe.mitre.org/data/definitions/613.html">CWE-613: Insufficient Session Expiration</a> NVD-CWE-Other
CVE-2015-0121 2016-12-3 12:02 2015-05-31 表示 GitHub Exploit DB Packet Storm
243815 3.5 LOW
ibm rational_team_concert Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbit… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-0122 2016-12-3 12:02 2015-03-13 表示 GitHub Exploit DB Packet Storm
243816 3.5 LOW
ibm rational_team_concert Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbit… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-0123 2016-12-3 12:02 2015-03-13 表示 GitHub Exploit DB Packet Storm
243817 3.5 LOW
ibm rational_quality_manager Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arb… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-0124 2016-12-3 12:02 2015-03-18 表示 GitHub Exploit DB Packet Storm
243818 3.5 LOW
ibm rational_requirements_composer
rational_doors_next_generation 		Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 4.x before 4.0.7 iFix3 allows remote auth… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-0125 2016-12-3 12:02 2015-03-18 表示 GitHub Exploit DB Packet Storm
243819 7.5 HIGH
ネットワーク 		cisco unified_computing_system
nx-os
nx-os_1000v_switch 		Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload… CWE-399
リソース管理の問題 		CVE-2015-0718 2016-12-3 12:02 2016-03-4 表示 GitHub Exploit DB Packet Storm
243820 7.5 HIGH
libreoffice
fedoraproject
canonical
debian 		libreoffice
fedora
ubuntu_linux
debian_linux 		LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file. CWE-20
不適切な入力確認 		CVE-2014-9093 2016-12-3 12:02 2014-11-27 表示 GitHub Exploit DB Packet Storm
243821 5.3 MEDIUM
ネットワーク 		mantisbt mantisbt Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information… CWE-200
情報漏えい 		CVE-2014-9759 2016-12-3 12:02 2016-04-12 表示 GitHub Exploit DB Packet Storm
243822 9.8 CRITICAL
ネットワーク 		pixman
canonical 		pixman
ubuntu_linux 		Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code… CWE-189
数値処理の問題 		CVE-2014-9766 2016-12-3 12:02 2016-04-13 表示 GitHub Exploit DB Packet Storm
243823 7.3 HIGH
ネットワーク 		pcre pcre pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly hav… CWE-119
バッファエラー 		CVE-2014-9769 2016-12-3 12:02 2016-03-29 表示 GitHub Exploit DB Packet Storm
243824 4.6 MEDIUM
exim exim expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. CWE-189
数値処理の問題 		CVE-2014-2972 2016-12-3 12:01 2014-09-5 表示 GitHub Exploit DB Packet Storm
243825 7.5 HIGH
ffmpeg ffmpeg libavfilter in FFmpeg before 2.0.1 has unspecified impact and remote vectors related to a crafted "plane," which triggers an out-of-bounds heap write. CWE-119
バッファエラー 		CVE-2013-4263 2016-12-3 12:00 2013-11-24 表示 GitHub Exploit DB Packet Storm
243826 4.3 MEDIUM
ffmpeg ffmpeg The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers to cause a denial of service (out-of-bounds heap write) via a G2M4 encoded file. CWE-119
バッファエラー 		CVE-2013-4264 2016-12-3 12:00 2013-11-24 表示 GitHub Exploit DB Packet Storm
243827 10.0 HIGH
ffmpeg ffmpeg The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a "wrong return code" and a resultant NULL pointer dereference. NVD-CWE-Other
CVE-2013-4265 2016-12-3 12:00 2013-11-24 表示 GitHub Exploit DB Packet Storm
243828 10.0 HIGH
ffmpeg ffmpeg http://cwe.mitre.org/data/definitions/476.html "CWE-476: NULL Pointer Dereference" NVD-CWE-Other
CVE-2013-4265 2016-12-3 12:00 2013-11-24 表示 GitHub Exploit DB Packet Storm
243829 6.8 MEDIUM
ffmpeg ffmpeg The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or po… NVD-CWE-Other
CVE-2013-7008 2016-12-3 12:00 2013-12-10 表示 GitHub Exploit DB Packet Storm
243830 6.8 MEDIUM
ffmpeg ffmpeg The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds… CWE-119
バッファエラー 		CVE-2013-7009 2016-12-3 12:00 2013-12-10 表示 GitHub Exploit DB Packet Storm
243831 6.8 MEDIUM
ffmpeg ffmpeg The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array ac… CWE-119
バッファエラー 		CVE-2013-7011 2016-12-3 12:00 2013-12-10 表示 GitHub Exploit DB Packet Storm
243832 6.8 MEDIUM
ffmpeg ffmpeg The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bound… CWE-119
バッファエラー 		CVE-2013-7012 2016-12-3 12:00 2013-12-10 表示 GitHub Exploit DB Packet Storm
243833 6.8 MEDIUM
ffmpeg ffmpeg The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service (out-of-bound… CWE-189
数値処理の問題 		CVE-2013-7013 2016-12-3 12:00 2013-12-10 表示 GitHub Exploit DB Packet Storm
243834 6.8 MEDIUM
ffmpeg ffmpeg The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bo… CWE-20
不適切な入力確認 		CVE-2013-7015 2016-12-3 12:00 2013-12-10 表示 GitHub Exploit DB Packet Storm
243835 6.8 MEDIUM
ffmpeg ffmpeg The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array a… CWE-119
バッファエラー 		CVE-2013-7016 2016-12-3 12:00 2013-12-10 表示 GitHub Exploit DB Packet Storm
243836 6.8 MEDIUM
ffmpeg ffmpeg libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via crafted JPEG2000 data. NVD-CWE-Other
CVE-2013-7017 2016-12-3 12:00 2013-12-10 表示 GitHub Exploit DB Packet Storm
243837 6.8 MEDIUM
ffmpeg ffmpeg Per: http://cwe.mitre.org/data/definitions/476.html "CWE-476: NULL Pointer Dereference" NVD-CWE-Other
CVE-2013-7017 2016-12-3 12:00 2013-12-10 表示 GitHub Exploit DB Packet Storm
243838 6.8 MEDIUM
ffmpeg ffmpeg libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service (out-of-bounds array access) or … CWE-119
バッファエラー 		CVE-2013-7018 2016-12-3 12:00 2013-12-10 表示 GitHub Exploit DB Packet Storm
243839 6.8 MEDIUM
ffmpeg ffmpeg The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array … CWE-20
不適切な入力確認 		CVE-2013-7019 2016-12-3 12:00 2013-12-10 表示 GitHub Exploit DB Packet Storm
243840 6.8 MEDIUM
ffmpeg ffmpeg The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the availability of FIFO content, which allows remote attackers to cause a denial of service (double fr… CWE-399
リソース管理の問題 		CVE-2013-7021 2016-12-3 12:00 2013-12-10 表示 GitHub Exploit DB Packet Storm
243841 6.8 MEDIUM
ffmpeg ffmpeg The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array … CWE-119
バッファエラー 		CVE-2013-7022 2016-12-3 12:00 2013-12-10 表示 GitHub Exploit DB Packet Storm
243842 6.8 MEDIUM
ffmpeg ffmpeg The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of… CWE-119
バッファエラー 		CVE-2013-7023 2016-12-3 12:00 2013-12-10 表示 GitHub Exploit DB Packet Storm
243843 6.8 MEDIUM
ffmpeg ffmpeg The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of s… CWE-119
バッファエラー 		CVE-2013-7024 2016-12-3 12:00 2013-12-10 表示 GitHub Exploit DB Packet Storm
243844 4.3 MEDIUM
cristian_gafton pam_userdb The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack. CWE-310
暗号の問題 		CVE-2013-7041 2016-12-3 12:00 2014-05-8 表示 GitHub Exploit DB Packet Storm
243845 6.5 MEDIUM
ネットワーク 		canonical
gtk 		ubuntu_linux
gtk\\\+ 		Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, all… NVD-CWE-Other
CVE-2013-7447 2016-12-3 12:00 2016-02-18 表示 GitHub Exploit DB Packet Storm
243846 6.5 MEDIUM
ネットワーク 		canonical
gtk 		ubuntu_linux
gtk\\\+ 		<a href="http://cwe.mitre.org/data/definitions/190.html">CWE-190: Integer Overflow or Wraparound</a> NVD-CWE-Other
CVE-2013-7447 2016-12-3 12:00 2016-02-18 表示 GitHub Exploit DB Packet Storm
243847 9.3 HIGH
flightgear
simgear 		flightgear
simgear 		Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a… CWE-119
バッファエラー 		CVE-2012-2091 2016-12-3 11:59 2012-06-17 表示 GitHub Exploit DB Packet Storm
243848 6.1 MEDIUM
isc dhcp The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote atta… CWE-399
リソース管理の問題 		CVE-2011-4868 2016-12-3 11:59 2012-01-15 表示 GitHub Exploit DB Packet Storm
243849 7.5 HIGH
ネットワーク 		indasengineering web_scada Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors. CWE-22
パス・トラバーサル 		CVE-2016-8343 2016-12-3 08:59 2016-10-5 表示 GitHub Exploit DB Packet Storm
243850 7.3 HIGH
ネットワーク 		yandex yandex_browser Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special Java… CWE-254
セキュリティ機能 		CVE-2016-8503 2016-12-3 08:59 2016-10-27 表示 GitHub Exploit DB Packet Storm