NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年9月29日5:13

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
244351 4.3 MEDIUM
synology diskstation_manager Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-4655 2016-11-29 04:29 2015-06-19 表示 GitHub Exploit DB Packet Storm
244352 4.3 MEDIUM
synology photo_station Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary web script or HTML via the (1) success parameter to login.php … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-4656 2016-11-29 04:29 2015-06-19 表示 GitHub Exploit DB Packet Storm
244353 4.3 MEDIUM
mailbird mailbird Cross-site scripting (XSS) vulnerability in Mailbird 2.0.16.0 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted URL. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-4657 2016-11-29 04:29 2015-06-19 表示 GitHub Exploit DB Packet Storm
244354 8.6 HIGH
ネットワーク 		zip_attachments_project zip_attachments Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the za_file parameter. CWE-22
パス・トラバーサル 		CVE-2015-4694 2016-11-29 04:29 2016-01-9 表示 GitHub Exploit DB Packet Storm
244355 5.0 MEDIUM
rle nova-wind_turbine_hmi_firmware RLE Nova-Wind Turbine HMI devices store cleartext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors. CWE-200
情報漏えい 		CVE-2015-3951 2016-11-29 04:27 2015-06-14 表示 GitHub Exploit DB Packet Storm
244356 6.5 MEDIUM
intelliants subrion_cms SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie. CWE-89
SQLインジェクション 		CVE-2015-4129 2016-11-29 04:27 2015-07-5 表示 GitHub Exploit DB Packet Storm
244357 7.5 HIGH
reflex_gallery_project reflex_gallery Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading… NVD-CWE-Other
CVE-2015-4133 2016-11-29 04:27 2015-05-28 表示 GitHub Exploit DB Packet Storm
244358 7.5 HIGH
reflex_gallery_project reflex_gallery <a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a> NVD-CWE-Other
CVE-2015-4133 2016-11-29 04:27 2015-05-28 表示 GitHub Exploit DB Packet Storm
244359 5.0 MEDIUM
sap content_server SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995. NVD-CWE-noinfo
CVE-2015-4157 2016-11-29 04:27 2015-06-2 表示 GitHub Exploit DB Packet Storm
244360 5.0 MEDIUM
sap netweaver_abap_application_server
netweaver_java_application_server 		SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. NVD-CWE-noinfo
CVE-2015-4158 2016-11-29 04:27 2015-06-2 表示 GitHub Exploit DB Packet Storm
244361 7.5 HIGH
sap hana_web-based_development_workbench SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. CWE-89
SQLインジェクション 		CVE-2015-4159 2016-11-29 04:27 2015-06-2 表示 GitHub Exploit DB Packet Storm
244362 7.5 HIGH
sap ase_database_platform SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278. CWE-89
SQLインジェクション 		CVE-2015-4160 2016-11-29 04:27 2015-06-2 表示 GitHub Exploit DB Packet Storm
244363 4.0 MEDIUM
paloaltonetworks pan-os XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive in… NVD-CWE-Other
CVE-2015-4162 2016-11-29 04:27 2015-06-2 表示 GitHub Exploit DB Packet Storm
244364 4.0 MEDIUM
paloaltonetworks pan-os <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a> NVD-CWE-Other
CVE-2015-4162 2016-11-29 04:27 2015-06-2 表示 GitHub Exploit DB Packet Storm
244365 7.8 HIGH
cisco videoscape_policy_resource_manager Cisco Videoscape Policy Resource Manager (PRM) 3.5.4 allows remote attackers to cause a denial of service (CPU and memory consumption, and TCP service outage) via (1) a SYN flood or (2) another type … CWE-399
リソース管理の問題 		CVE-2015-4283 2016-11-29 04:27 2015-07-21 表示 GitHub Exploit DB Packet Storm
244366 5.8 MEDIUM
cisco webex_node_for_mcs Open redirect vulnerability in Cisco WebEx Node for Media Convergence Server (MCS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted HTTP reque… NVD-CWE-Other
CVE-2015-4297 2016-11-29 04:27 2015-08-19 表示 GitHub Exploit DB Packet Storm
244367 5.8 MEDIUM
cisco webex_node_for_mcs <a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a> NVD-CWE-Other
CVE-2015-4297 2016-11-29 04:27 2015-08-19 表示 GitHub Exploit DB Packet Storm
244368 4.3 MEDIUM
apple mac_os_x The kernel in Apple OS X before 10.10.4 does not properly manage memory in kernel-extension APIs, which allows attackers to obtain sensitive memory-layout information via a crafted app. CWE-200
情報漏えい 		CVE-2015-3720 2016-11-29 04:25 2015-07-3 表示 GitHub Exploit DB Packet Storm
244369 4.9 MEDIUM
redhat jboss_enterprise_portal_platform The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted reso… CWE-264
認可・権限・アクセス制御 		CVE-2015-3244 2016-11-29 04:23 2015-07-16 表示 GitHub Exploit DB Packet Storm
244370 5.0 MEDIUM
iodata wn-g54\/r2_firmware I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. CWE-264
認可・権限・アクセス制御 		CVE-2015-2984 2016-11-29 04:22 2015-08-23 表示 GitHub Exploit DB Packet Storm
244371 4.3 MEDIUM
siemens wincc Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial o… CWE-20
不適切な入力確認 		CVE-2015-2822 2016-11-29 04:21 2015-04-9 表示 GitHub Exploit DB Packet Storm
244372 6.8 MEDIUM
siemens wincc Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (T… CWE-287
不適切な認証 		CVE-2015-2823 2016-11-29 04:21 2015-04-9 表示 GitHub Exploit DB Packet Storm
244373 4.4 MEDIUM
ibm websphere_application_server
websphere_virtual_enterprise 		IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user rol… CWE-264
認可・権限・アクセス制御 		CVE-2015-1946 2016-11-29 04:19 2015-07-15 表示 GitHub Exploit DB Packet Storm
244374 7.5 HIGH
agilent_technologies feature_extraction The AnnotationX.AnnList.1 ActiveX control in Agilent Technologies Feature Extraction allows remote attackers to execute arbitrary code via a crafted object parameter in the Insert function, related t… CWE-119
バッファエラー 		CVE-2015-2092 2016-11-29 04:19 2015-03-9 表示 GitHub Exploit DB Packet Storm
244375 6.8 MEDIUM
siemens simatic_step_7 Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors. CWE-254
セキュリティ機能 		CVE-2015-1601 2016-11-29 04:18 2015-04-6 表示 GitHub Exploit DB Packet Storm
244376 10.0 HIGH
cisco unified_computing_system_central_software Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961. CWE-20
不適切な入力確認 		CVE-2015-0701 2016-11-29 04:17 2015-05-7 表示 GitHub Exploit DB Packet Storm
244377 6.8 MEDIUM
moxa softcms Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka SStreamVideo) ActiveX control in Moxa SoftCMS before 1.3 allows remote attackers to execute arbitrary … CWE-119
バッファエラー 		CVE-2015-1000 2016-11-29 04:17 2015-06-5 表示 GitHub Exploit DB Packet Storm
244378 7.8 HIGH
ローカル 		csv2wpec-coupon_project csv2wpec-coupon Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1 CWE-434
危険なタイプのファイルの無制限アップロード 		CVE-2015-1000013 2016-11-29 04:17 2016-10-6 表示 GitHub Exploit DB Packet Storm
244379 4.3 MEDIUM
apple iphone_os
safari 		The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remot… CWE-264
認可・権限・アクセス制御 		CVE-2015-1156 2016-11-29 04:17 2015-05-8 表示 GitHub Exploit DB Packet Storm
244380 7.8 HIGH
apple iphone_os
mac_os_x
itunes 		CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display trunc… CWE-17
コード 		CVE-2015-1157 2016-11-29 04:17 2015-05-28 表示 GitHub Exploit DB Packet Storm
244381 3.5 LOW
ibm rational_quality_manager Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arb… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-0128 2016-11-29 04:15 2015-03-18 表示 GitHub Exploit DB Packet Storm
244382 7.8 HIGH
ローカル 		google android Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android … CWE-189
CWE-264
数値処理の問題
認可・権限・アクセス制御 		CVE-2014-9800 2016-11-29 04:15 2016-07-11 表示 GitHub Exploit DB Packet Storm
244383 7.8 HIGH
ローカル 		google android Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android … CWE-189
数値処理の問題 		CVE-2014-9801 2016-11-29 04:15 2016-07-11 表示 GitHub Exploit DB Packet Storm
244384 7.8 HIGH
ローカル 		google android Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, ak… CWE-264
認可・権限・アクセス制御 		CVE-2014-9802 2016-11-29 04:15 2016-07-11 表示 GitHub Exploit DB Packet Storm
244385 7.8 HIGH
ローカル 		google android Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a … CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2014-9863 2016-11-29 04:15 2016-08-6 表示 GitHub Exploit DB Packet Storm
244386 7.8 HIGH
ローカル 		google android drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted a… CWE-20
不適切な入力確認 		CVE-2014-9864 2016-11-29 04:15 2016-08-6 表示 GitHub Exploit DB Packet Storm
244387 7.8 HIGH
ローカル 		google android drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges v… CWE-284
不適切なアクセス制御 		CVE-2014-9865 2016-11-29 04:15 2016-08-6 表示 GitHub Exploit DB Packet Storm
244388 7.8 HIGH
ローカル 		google android drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows… CWE-20
不適切な入力確認 		CVE-2014-9866 2016-11-29 04:15 2016-08-6 表示 GitHub Exploit DB Packet Storm
244389 7.8 HIGH
ローカル 		google android drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allo… CWE-264
認可・権限・アクセス制御 		CVE-2014-9867 2016-11-29 04:15 2016-08-6 表示 GitHub Exploit DB Packet Storm
244390 7.8 HIGH
ローカル 		google android drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an appl… CWE-264
認可・権限・アクセス制御 		CVE-2014-9868 2016-11-29 04:15 2016-08-6 表示 GitHub Exploit DB Packet Storm
244391 7.8 HIGH
ローカル 		google android drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which all… CWE-264
認可・権限・アクセス制御 		CVE-2014-9869 2016-11-29 04:15 2016-08-6 表示 GitHub Exploit DB Packet Storm
244392 7.8 HIGH
ローカル 		google
linux 		android
linux_kernel 		The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allow… CWE-264
認可・権限・アクセス制御 		CVE-2014-9870 2016-11-29 04:15 2016-08-6 表示 GitHub Exploit DB Packet Storm
244393 7.8 HIGH
ローカル 		google android Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain pr… CWE-119
バッファエラー 		CVE-2014-9871 2016-11-29 04:15 2016-08-6 表示 GitHub Exploit DB Packet Storm
244394 7.8 HIGH
ローカル 		google android The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a cr… CWE-20
不適切な入力確認 		CVE-2014-9872 2016-11-29 04:15 2016-08-6 表示 GitHub Exploit DB Packet Storm
244395 7.8 HIGH
ローカル 		google android Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive infor… CWE-264
認可・権限・アクセス制御 		CVE-2014-9873 2016-11-29 04:15 2016-08-6 表示 GitHub Exploit DB Packet Storm
244396 7.8 HIGH
ローカル 		google android Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mac… CWE-119
バッファエラー 		CVE-2014-9874 2016-11-29 04:15 2016-08-6 表示 GitHub Exploit DB Packet Storm
244397 7.8 HIGH
ローカル 		google android drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI reque… CWE-264
認可・権限・アクセス制御 		CVE-2014-9875 2016-11-29 04:15 2016-08-6 表示 GitHub Exploit DB Packet Storm
244398 7.8 HIGH
ローカル 		google android drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privi… CWE-189
数値処理の問題 		CVE-2014-9876 2016-11-29 04:15 2016-08-6 表示 GitHub Exploit DB Packet Storm
244399 7.8 HIGH
ローカル 		google android drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allo… CWE-19
データ処理 		CVE-2014-9877 2016-11-29 04:15 2016-08-6 表示 GitHub Exploit DB Packet Storm
244400 7.8 HIGH
ローカル 		google android drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges v… CWE-264
認可・権限・アクセス制御 		CVE-2014-9878 2016-11-29 04:15 2016-08-6 表示 GitHub Exploit DB Packet Storm