NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年11月17日5:17

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
245551	6.1	MEDIUM ネットワーク	mangoswebv4_project	mangoswebv4	paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.fplinks.php (linkid parameter).	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6810	2017-03-18 10:59	2017-03-11	表示	GitHub Exploit DB Packet Storm

245552	6.1	MEDIUM ネットワーク	mangoswebv4_project	mangoswebv4	paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.shop.php (id parameter).	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6811	2017-03-18 10:59	2017-03-11	表示	GitHub Exploit DB Packet Storm

245553	6.1	MEDIUM ネットワーク	mangoswebv4_project	mangoswebv4	paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.vote.php (id parameter).	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6812	2017-03-18 10:59	2017-03-11	表示	GitHub Exploit DB Packet Storm

245554	5.5	MEDIUM ローカル	mcafee	application_control change_control	A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Control (MAC) 6.1.0 for Linux and earlier allows authenticated users to change binaries that are part …	CWE-284 不適切なアクセス制御	CVE-2013-7460	2017-03-17 22:23	2017-03-15	表示	GitHub Exploit DB Packet Storm

245555	6.5	MEDIUM ローカル	virglrenderer_project	virglrenderer	The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0.6.0 and earlier allows local guest OS users to cause a denial of service (NULL pointer dereference…	CWE-476 NULL ポインタデリファレンス	CVE-2017-5937	2017-03-17 22:21	2017-03-16	表示	GitHub Exploit DB Packet Storm

245556	6.1	MEDIUM ネットワーク	zahmit_design	connections_business_directory_plugin	Cross-site scripting (XSS) vulnerability in includes/admin/pages/manage.php in the Connections Business Directory plugin before 8.5.9 for WordPress allows remote attackers to inject arbitrary web scr…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-0770	2017-03-17 21:26	2017-03-17	表示	GitHub Exploit DB Packet Storm

245557	5.5	MEDIUM ローカル	imagemagick	imagemagick	Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file.	CWE-415 二重解放	CVE-2015-8894	2017-03-17 21:22	2017-03-16	表示	GitHub Exploit DB Packet Storm

245558	7.5	HIGH ネットワーク	cerberusftp	ftp_server	In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header.	CWE-20 不適切な入力確認	CVE-2017-6367	2017-03-17 10:59	2017-03-14	表示	GitHub Exploit DB Packet Storm

245559	4.7	MEDIUM ネットワーク	sap	businessobjects_financial_consolidation	Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET requ…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6061	2017-03-17 05:24	2017-03-16	表示	GitHub Exploit DB Packet Storm

245560	5.5	MEDIUM ローカル	mcafee	application_control change_control	A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write…	CWE-284 不適切なアクセス制御	CVE-2013-7461	2017-03-17 04:38	2017-03-15	表示	GitHub Exploit DB Packet Storm

245561	5.5	MEDIUM ローカル	podofo_project	podofo	The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.	CWE-476 NULL ポインタデリファレンス	CVE-2017-6848	2017-03-17 04:11	2017-03-15	表示	GitHub Exploit DB Packet Storm

245562	5.5	MEDIUM ローカル	podofo_project	podofo	The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file.	CWE-125 境界外読み取り	CVE-2017-6840	2017-03-17 04:10	2017-03-15	表示	GitHub Exploit DB Packet Storm

245563	5.5	MEDIUM ローカル	podofo_project	podofo	The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a craf…	CWE-476 NULL ポインタデリファレンス	CVE-2017-6841	2017-03-17 04:10	2017-03-15	表示	GitHub Exploit DB Packet Storm

245564	5.5	MEDIUM ローカル	podofo_project	podofo	The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.	CWE-476 NULL ポインタデリファレンス	CVE-2017-6847	2017-03-17 04:10	2017-03-15	表示	GitHub Exploit DB Packet Storm

245565	7.8	HIGH ローカル	eparaksts	eparakstitajs_3	XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 and eParaksts Java lib before 2.5.13 allows remote attackers to read arbitrary files or possibly have unspecified other impact …	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2017-6055	2017-03-17 04:04	2017-02-18	表示	GitHub Exploit DB Packet Storm

245566	5.5	MEDIUM ローカル	podofo_project	podofo	The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.	CWE-476 NULL ポインタデリファレンス	CVE-2017-6842	2017-03-17 04:04	2017-03-15	表示	GitHub Exploit DB Packet Storm

245567	7.8	HIGH ローカル	podofo_project	podofo	Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.	CWE-119 バッファエラー	CVE-2017-6844	2017-03-17 03:47	2017-03-15	表示	GitHub Exploit DB Packet Storm

245568	7.8	HIGH ローカル	podofo_project	podofo	Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.	CWE-119 バッファエラー	CVE-2017-6843	2017-03-17 03:34	2017-03-15	表示	GitHub Exploit DB Packet Storm

245569	5.5	MEDIUM ローカル	podofo_project	podofo	The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.	CWE-476 NULL ポインタデリファレンス	CVE-2017-6849	2017-03-17 03:34	2017-03-15	表示	GitHub Exploit DB Packet Storm

245570	5.5	MEDIUM ローカル	podofo_project	podofo	The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.	CWE-476 NULL ポインタデリファレンス	CVE-2017-6845	2017-03-17 03:31	2017-03-15	表示	GitHub Exploit DB Packet Storm

245571	6.1	MEDIUM ネットワーク	epson	tmnet_webconfig	Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6443	2017-03-17 03:17	2017-03-16	表示	GitHub Exploit DB Packet Storm

245572	5.5	MEDIUM ローカル	podofo_project	podofo	The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cr…	CWE-476 NULL ポインタデリファレンス	CVE-2017-6846	2017-03-17 03:17	2017-03-15	表示	GitHub Exploit DB Packet Storm

245573	2.7	LOW ネットワーク	rockwellautomation	1763-l16awa_series_a 1763-l16awa_series_b 1763-l16bbb_series_a 1763-l16bbb_series_b 1763-l16bwa_series_a 1763-l16bwa_series_b 1763-l16dwd_series_a 1763-l16dwd_series_b 1766-l3…	An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and…	NVD-CWE-Other	CVE-2016-9338	2017-03-17 03:05	2017-02-14	表示	GitHub Exploit DB Packet Storm

245574	2.7	LOW ネットワーク	rockwellautomation	1763-l16awa_series_a 1763-l16awa_series_b 1763-l16bbb_series_a 1763-l16bbb_series_b 1763-l16bwa_series_a 1763-l16bwa_series_b 1763-l16dwd_series_a 1763-l16dwd_series_b 1766-l3…	<a href="http://cwe.mitre.org/data/definitions/732.html">CWE-732: Incorrect Permission Assignment for Critical Resource</a>	NVD-CWE-Other	CVE-2016-9338	2017-03-17 03:05	2017-02-14	表示	GitHub Exploit DB Packet Storm

245575	10.0	CRITICAL ネットワーク	moxa	oncellg3470a-lte_firmware awk-4131a_firmware awk-3191_firmware awk-5232_firmware awk-6232_firmware awk-1121_firmware awk-1127_firmware wac-1001_v2_firmware wac-2004_firmware	An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-R…	CWE-264 認可・権限・アクセス制御	CVE-2016-8363	2017-03-17 03:04	2017-02-14	表示	GitHub Exploit DB Packet Storm

245576	5.3	MEDIUM ネットワーク	eaton	eamxxx_series_epdu_firmware emaxxx_series_epdu_firmware eamaxx_series_epdu_firmware emaaxx_series_epdu_firmware eswaxx_series_epdu_firmware	An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAM…	CWE-22 パス・トラバーサル	CVE-2016-9357	2017-03-17 02:54	2017-02-14	表示	GitHub Exploit DB Packet Storm

245577	7.3	HIGH ネットワーク	rockwellautomation	1763-l16awa_series_a 1763-l16awa_series_b 1763-l16bbb_series_a 1763-l16bbb_series_b 1763-l16bwa_series_a 1763-l16bwa_series_b 1763-l16dwd_series_a 1763-l16dwd_series_b 1766-l3…	An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and…	NVD-CWE-Other	CVE-2016-9334	2017-03-17 02:27	2017-02-14	表示	GitHub Exploit DB Packet Storm

245578	7.3	HIGH ネットワーク	rockwellautomation	1763-l16awa_series_a 1763-l16awa_series_b 1763-l16bbb_series_a 1763-l16bbb_series_b 1763-l16bwa_series_a 1763-l16bwa_series_b 1763-l16dwd_series_a 1763-l16dwd_series_b 1766-l3…	<a href="http://cwe.mitre.org/data/definitions/319.html">CWE-319: Cleartext Transmission of Sensitive Information</a>	NVD-CWE-Other	CVE-2016-9334	2017-03-17 02:27	2017-02-14	表示	GitHub Exploit DB Packet Storm

245579	4.9	MEDIUM 物理	bd	alaris_8015_pc_unit	An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physica…	CWE-255 証明書・パスワード管理	CVE-2016-8375	2017-03-17 02:25	2017-02-14	表示	GitHub Exploit DB Packet Storm

245580	5.3	MEDIUM 物理	bd	alaris_8015_pc_unit	An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Ala…	CWE-255 証明書・パスワード管理	CVE-2016-9355	2017-03-17 02:08	2017-02-14	表示	GitHub Exploit DB Packet Storm

245581	7.1	HIGH ネットワーク	bigtreecms	bigtree_cms	CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. A user can be deleted.	CWE-352 同一生成元ポリシー違反	CVE-2017-6914	2017-03-17 01:00	2017-03-16	表示	GitHub Exploit DB Packet Storm

245582	4.3	MEDIUM ネットワーク	bigtreecms	bigtree_cms	CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page. The Navigation Social can be changed.	CWE-352 同一生成元ポリシー違反	CVE-2017-6918	2017-03-17 01:00	2017-03-16	表示	GitHub Exploit DB Packet Storm

245583	4.3	MEDIUM ネットワーク	bigtreecms	bigtree_cms	CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page. The Colophon can be changed.	CWE-352 同一生成元ポリシー違反	CVE-2017-6915	2017-03-17 00:59	2017-03-16	表示	GitHub Exploit DB Packet Storm

245584	4.3	MEDIUM ネットワーク	bigtreecms	bigtree_cms	CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to the admin/settings/update/ page. The Navigation Social can be changed.	CWE-352 同一生成元ポリシー違反	CVE-2017-6916	2017-03-17 00:59	2017-03-16	表示	GitHub Exploit DB Packet Storm

245585	4.3	MEDIUM ネットワーク	bigtreecms	bigtree_cms	CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. The Colophon can be changed.	CWE-352 同一生成元ポリシー違反	CVE-2017-6917	2017-03-17 00:37	2017-03-16	表示	GitHub Exploit DB Packet Storm

245586	7.8	HIGH ローカル	osisoft	pi_coresight pi_web_api	An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure thr…	CWE-532 ログファイルからの情報漏えい	CVE-2017-5153	2017-03-17 00:27	2017-02-14	表示	GitHub Exploit DB Packet Storm

245587	7.5	HIGH ネットワーク	unisys	clearpath_mcp	The TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 57.1 before 57.152, 58.1 before 58.142, or 59.1 before 59.172, when running a TLS 1.2 service, allows remote attackers to c…	CWE-20 不適切な入力確認	CVE-2017-5872	2017-03-17 00:20	2017-03-10	表示	GitHub Exploit DB Packet Storm

245588	5.9	MEDIUM ネットワーク	eset	endpoint_antivirus endpoint_security	The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL s…	CWE-295 不正な証明書検証	CVE-2016-9892	2017-03-17 00:20	2017-03-3	表示	GitHub Exploit DB Packet Storm

245589	6.5	MEDIUM ネットワーク	moxa	oncellg3470a-lte_firmware awk-4131a_firmware awk-3191_firmware awk-5232_firmware awk-6232_firmware awk-1121_firmware awk-1127_firmware wac-1001_v2_firmware wac-2004_firmware	An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-R…	CWE-287 不適切な認証	CVE-2016-8362	2017-03-17 00:12	2017-02-14	表示	GitHub Exploit DB Packet Storm

245590	6.1	MEDIUM ネットワーク	intel_security_mcafee	endpoint_security_web_control	Cross-site scripting vulnerability in Intel Security McAfee Endpoint Security (ENS) Web Control before 10.2.0.408.10 allows attackers to inject arbitrary web script or HTML via a crafted web site.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-8011	2017-03-17 00:10	2017-03-15	表示	GitHub Exploit DB Packet Storm

245591	9.8	CRITICAL ネットワーク	bitlbee	bitlbee bitlbee-libpurple	bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact …	CWE-476 NULL ポインタデリファレンス	CVE-2017-5668	2017-03-16 10:59	2017-03-14	表示	GitHub Exploit DB Packet Storm

245592	6.1	MEDIUM ネットワーク	lutim_project	lutim	Cross-site scripting (XSS) vulnerability in SVG file handling in Lutim 0.7.1 and earlier allows remote attackers to inject arbitrary web script.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6877	2017-03-16 10:59	2017-03-14	表示	GitHub Exploit DB Packet Storm

245593	8.1	HIGH ネットワーク	hiteksoftware	automize	hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd…	CWE-326 不適切な暗号強度	CVE-2016-10102	2017-03-16 10:59	2017-01-23	表示	GitHub Exploit DB Packet Storm

245594	8.1	HIGH ネットワーク	hiteksoftware	automize	Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for G…	CWE-326 CWE-255 不適切な暗号強度証明書・パスワード管理	CVE-2016-10103	2017-03-16 10:59	2017-01-23	表示	GitHub Exploit DB Packet Storm

245595	5.9	MEDIUM ネットワーク	hiteksoftware	automize	Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP…	CWE-326 不適切な暗号強度	CVE-2016-10104	2017-03-16 10:59	2017-01-23	表示	GitHub Exploit DB Packet Storm

245596	9.8	CRITICAL ネットワーク	codeigniter	codeigniter	system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments.	CWE-74 インジェクション	CVE-2016-10131	2017-03-16 10:59	2017-01-12	表示	GitHub Exploit DB Packet Storm

245597	5.5	MEDIUM ローカル	lg	lg_mobile	An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with …	CWE-200 情報漏えい	CVE-2016-10135	2017-03-16 10:59	2017-01-13	表示	GitHub Exploit DB Packet Storm

245598	7.5	HIGH ネットワーク	zoneminder	zoneminder	Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker t…	CWE-200 情報漏えい	CVE-2016-10140	2017-03-16 10:59	2017-01-13	表示	GitHub Exploit DB Packet Storm

245599	7.8	HIGH ローカル	adups	adups_fota	An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sys…	CWE-310 暗号の問題	CVE-2016-10136	2017-03-16 10:59	2017-01-13	表示	GitHub Exploit DB Packet Storm

245600	7.8	HIGH ローカル	adups	adups_fota	An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sys…	CWE-310 暗号の問題	CVE-2016-10137	2017-03-16 10:59	2017-01-13	表示	GitHub Exploit DB Packet Storm