NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年11月17日5:17

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
245601 7.8 HIGH
ローカル 		adups adups_fota An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with Shanghai Adups software. The com.adups.fota.sysoper app is installed as a system app and cannot be disabled by the user. In the c… CWE-310
暗号の問題 		CVE-2016-10138 2017-03-16 10:59 2017-01-13 表示 GitHub Exploit DB Packet Storm
245602 7.8 HIGH
ローカル 		adups adups_fota An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The two package names involved in the exfiltration are com.adups.fota and com.adups.fota.sysoper. In the com.adups.fota.syso… CWE-310
暗号の問題 		CVE-2016-10139 2017-03-16 10:59 2017-01-13 表示 GitHub Exploit DB Packet Storm
245603 4.3 MEDIUM
ネットワーク 		wordpress wordpress The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authen… CWE-254
CWE-284
セキュリティ機能
不適切なアクセス制御 		CVE-2016-10148 2017-03-16 10:59 2017-01-19 表示 GitHub Exploit DB Packet Storm
245604 7.0 HIGH
ローカル 		schneider-electric unity_pro An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instru… CWE-94
コード・インジェクション 		CVE-2016-8354 2017-03-16 04:57 2017-02-14 表示 GitHub Exploit DB Packet Storm
245605 10.0 CRITICAL
ネットワーク 		schneider-electric connexium_firmware An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F2… CWE-119
バッファエラー 		CVE-2016-8352 2017-03-16 04:53 2017-02-14 表示 GitHub Exploit DB Packet Storm
245606 9.8 CRITICAL
ネットワーク 		embedthis goahead A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - … CWE-200
情報漏えい 		CVE-2017-5674 2017-03-16 03:43 2017-03-13 表示 GitHub Exploit DB Packet Storm
245607 7.5 HIGH
ネットワーク 		syspass syspass An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPT_RIJNDAEL_256() fu… CWE-326
不適切な暗号強度 		CVE-2017-5999 2017-03-16 03:42 2017-03-6 表示 GitHub Exploit DB Packet Storm
245608 7.2 HIGH
ローカル 		sielcosistemi winlog_lite
winlog_pro 		An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. An uncontrolled search path … CWE-427
制御されていない検索パスの要素 		CVE-2017-5161 2017-03-16 02:44 2017-02-14 表示 GitHub Exploit DB Packet Storm
245609 6.1 MEDIUM
ネットワーク 		ibm advanced_management_module_firmware Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows a… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-8232 2017-03-16 02:27 2017-03-2 表示 GitHub Exploit DB Packet Storm
245610 8.8 HIGH
ネットワーク 		embedthis goahead A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the ma… CWE-77
コマンドインジェクション 		CVE-2017-5675 2017-03-16 02:11 2017-03-13 表示 GitHub Exploit DB Packet Storm
245611 9.8 CRITICAL
ネットワーク 		asus
trendnet 		rt-ac66u_firmware
tew-812dru_firmware 		Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U an… CWE-119
バッファエラー 		CVE-2013-4659 2017-03-16 01:58 2017-03-14 表示 GitHub Exploit DB Packet Storm
245612 7.5 HIGH
ネットワーク 		evostream media_server A Buffer Overflow was discovered in EvoStream Media Server 1.7.1. A crafted HTTP request with a malicious header will cause a crash. An example attack methodology may include a long message-body in a… CWE-119
バッファエラー 		CVE-2017-6427 2017-03-15 10:59 2017-03-10 表示 GitHub Exploit DB Packet Storm
245613 9.8 CRITICAL
ネットワーク 		azure_dex data_expert_ultimate In Azure Data Expert Ultimate 2.2.16, the SMTP verification function suffers from a buffer overflow vulnerability, leading to remote code execution. The attack vector is a crafted SMTP daemon that se… CWE-119
バッファエラー 		CVE-2017-6506 2017-03-15 10:59 2017-03-10 表示 GitHub Exploit DB Packet Storm
245614 6.1 MEDIUM
ネットワーク 		uninett mod_auth_mellon mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2017-6807 2017-03-15 10:59 2017-03-13 表示 GitHub Exploit DB Packet Storm
245615 8.1 HIGH
ネットワーク 		hiteksoftware automize Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Pa… CWE-326
CWE-255
不適切な暗号強度
証明書・パスワード管理 		CVE-2016-10101 2017-03-15 10:59 2017-01-23 表示 GitHub Exploit DB Packet Storm
245616 2.5 LOW
ローカル 		cybozu kintone The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application. CWE-200
情報漏えい 		CVE-2016-1185 2017-03-15 10:59 2016-04-26 表示 GitHub Exploit DB Packet Storm
245617 7.5 HIGH
ネットワーク 		siemens eta4_firmware
eta2_firmware 		An issue was discovered in Siemens ETA4 firmware (all versions prior to Revision 08) of the SM-2558 extension module for: SICAM AK, SICAM TM 1703, SICAM BC 1703, and SICAM AK 3. Specially crafted pac… CWE-19
データ処理 		CVE-2016-7987 2017-03-15 04:59 2017-02-14 表示 GitHub Exploit DB Packet Storm
245618 8.1 HIGH
ネットワーク 		f-secure software_updater F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download. Man-in-the-… CWE-20
不適切な入力確認 		CVE-2017-6466 2017-03-15 04:33 2017-03-11 表示 GitHub Exploit DB Packet Storm
245619 9.8 CRITICAL
ネットワーク 		ftpshell ftpshell_client Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP server it is connecting to; however, it doesn't check the response's length, leadin… CWE-119
バッファエラー 		CVE-2017-6465 2017-03-15 04:31 2017-03-10 表示 GitHub Exploit DB Packet Storm
245620 5.9 MEDIUM
ネットワーク 		citrix netscaler_application_delivery_controller_firmware Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for rem… CWE-200
情報漏えい 		CVE-2017-5933 2017-03-15 04:27 2017-02-9 表示 GitHub Exploit DB Packet Storm
245621 9.8 CRITICAL
ネットワーク 		schneider-electric ion5000
ion7300
ion7500
ion7600
ion8650
ion8800 		An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is confi… CWE-284
不適切なアクセス制御 		CVE-2016-5815 2017-03-15 04:21 2017-02-14 表示 GitHub Exploit DB Packet Storm
245622 8.6 HIGH
ネットワーク 		locusenergy lgate_firmware An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for … CWE-20
不適切な入力確認 		CVE-2016-5782 2017-03-15 04:17 2017-02-14 表示 GitHub Exploit DB Packet Storm
245623 6.1 MEDIUM
ネットワーク 		lg_project lg Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the "addr" parameter. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2014-3926 2017-03-15 04:05 2017-03-14 表示 GitHub Exploit DB Packet Storm
245624 7.8 HIGH
ローカル 		delta_electronics ispsoft
pmsoft
wplsoft 		An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based … CWE-119
バッファエラー 		CVE-2016-5805 2017-03-15 04:01 2017-02-14 表示 GitHub Exploit DB Packet Storm
245625 7.8 HIGH
ローカル 		delta_electronics ispsoft
pmsoft
wplsoft 		An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10. Multiple instances of out-of-bounds write … CWE-787
境界外書き込み 		CVE-2016-5802 2017-03-15 03:21 2017-02-14 表示 GitHub Exploit DB Packet Storm
245626 6.8 MEDIUM
ネットワーク 		unisys mcp-firmware Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with MCP-FIRMWARE 40.0 before 40.0IC4 Build 270 might allow remote authenticated users to cause a denial of service (data corruption or syst… CWE-119
バッファエラー 		CVE-2015-4049 2017-03-15 02:49 2017-02-4 表示 GitHub Exploit DB Packet Storm
245627 5.5 MEDIUM
ローカル 		wavpack_project wavpack The unreorder_channels function in cli/wvunpack.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. CWE-125
境界外読み取り 		CVE-2016-10171 2017-03-15 01:07 2017-03-14 表示 GitHub Exploit DB Packet Storm
245628 5.5 MEDIUM
ローカル 		wavpack_project wavpack The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. CWE-125
境界外読み取り 		CVE-2016-10172 2017-03-15 01:07 2017-03-14 表示 GitHub Exploit DB Packet Storm
245629 5.5 MEDIUM
ローカル 		wavpack_project wavpack The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. CWE-125
境界外読み取り 		CVE-2016-10170 2017-03-15 01:06 2017-03-14 表示 GitHub Exploit DB Packet Storm
245630 8.8 HIGH
ネットワーク 		netapp data_ontap NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL e… CWE-264
認可・権限・アクセス制御 		CVE-2016-5374 2017-03-15 00:36 2017-03-2 表示 GitHub Exploit DB Packet Storm
245631 8.8 HIGH
ネットワーク 		ibm tivoli_storage_manager IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that acc… CWE-200
情報漏えい 		CVE-2016-8940 2017-03-15 00:01 2017-03-8 表示 GitHub Exploit DB Packet Storm
245632 8.8 HIGH
ネットワーク 		keekoonvision kk002_ip_camera_firmware Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery Vulnerability affecting goform/formChnUserPwd and goform/formUserMng (and the entire set of other pages). CWE-352
同一生成元ポリシー違反 		CVE-2017-6180 2017-03-14 23:54 2017-03-13 表示 GitHub Exploit DB Packet Storm
245633 6.4 MEDIUM
ネットワーク 		osisoft pi_web_api_2015_r2 An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions. CWE-264
認可・権限・アクセス制御 		CVE-2016-8353 2017-03-14 23:07 2017-02-14 表示 GitHub Exploit DB Packet Storm
245634 7.2 HIGH
ネットワーク 		emc isilon_onefs EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially … CWE-264
認可・権限・アクセス制御 		CVE-2016-9871 2017-03-14 23:07 2017-02-3 表示 GitHub Exploit DB Packet Storm
245635 6.8 MEDIUM
ネットワーク 		tesla gateway_ecu An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to comm… CWE-77
コマンドインジェクション 		CVE-2016-9337 2017-03-14 22:16 2017-02-14 表示 GitHub Exploit DB Packet Storm
245636 5.3 MEDIUM
ネットワーク 		visonic powerlink2_firmware An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. When a specific URL to an image is accessed, the downloaded image carries with it source code used … CWE-200
情報漏えい 		CVE-2016-5813 2017-03-14 22:03 2017-02-14 表示 GitHub Exploit DB Packet Storm
245637 6.5 MEDIUM
ネットワーク 		hikvision ds-76xxx_series_firmware
ds-77xxx_series_firmware 		Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request… CWE-119
バッファエラー 		CVE-2015-4408 2017-03-14 21:57 2017-03-13 表示 GitHub Exploit DB Packet Storm
245638 6.5 MEDIUM
ネットワーク 		hikvision ds-76xxx_series_firmware
ds-77xxx_series_firmware 		Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request… CWE-119
バッファエラー 		CVE-2015-4409 2017-03-14 21:57 2017-03-13 表示 GitHub Exploit DB Packet Storm
245639 6.5 MEDIUM
ネットワーク 		hikvision ds-76xxx_series_firmware
ds-77xxx_series_firmware 		Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request… CWE-119
バッファエラー 		CVE-2015-4407 2017-03-14 21:56 2017-03-13 表示 GitHub Exploit DB Packet Storm
245640 6.1 MEDIUM
ネットワーク 		qbittorrent qbittorrent WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2017-6503 2017-03-14 10:59 2017-03-6 表示 GitHub Exploit DB Packet Storm
245641 6.1 MEDIUM
ネットワーク 		wuhu_project wuhu Gargaj/wuhu through 2017-03-08 is vulnerable to a reflected XSS in wuhu-master/www_admin/users.php (id parameter). CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2017-6544 2017-03-14 10:59 2017-03-9 表示 GitHub Exploit DB Packet Storm
245642 7.5 HIGH
ネットワーク 		tiki tikiwiki_cms\/groupware A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field. CWE-200
情報漏えい 		CVE-2016-10143 2017-03-14 10:59 2017-01-20 表示 GitHub Exploit DB Packet Storm
245643 10.0 CRITICAL
ネットワーク 		hp operations_manager HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. CWE-94
コード・インジェクション 		CVE-2016-1985 2017-03-14 10:59 2016-01-31 表示 GitHub Exploit DB Packet Storm
245644 5.4 MEDIUM
ネットワーク 		ibm urbancode_deploy IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-9006 2017-03-14 10:59 2017-03-9 表示 GitHub Exploit DB Packet Storm
245645 7.5 HIGH
ネットワーク 		ibm jazz_reporting_service Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote attackers to cause a denial of service (Report Builder… NVD-CWE-noinfo
CVE-2015-7464 2017-03-14 10:59 2016-01-29 表示 GitHub Exploit DB Packet Storm
245646 5.0 MEDIUM
隣接 		emerson se4801t0x_redundant_wireless_i\/o_card_firmware
se4801t1x_simplex_wireless_i\/o_card_firmware 		An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the D… CWE-254
セキュリティ機能 		CVE-2016-9347 2017-03-14 01:52 2017-02-14 表示 GitHub Exploit DB Packet Storm
245647 5.5 MEDIUM
ローカル 		partclone_project partclone partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to launch a 'Denial o… CWE-119
バッファエラー 		CVE-2017-6596 2017-03-14 01:39 2017-03-10 表示 GitHub Exploit DB Packet Storm
245648 7.5 HIGH
ネットワーク 		op-tee
libtom 		op-tee_os
libtomcrypt 		The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes i… CWE-20
不適切な入力確認 		CVE-2016-6129 2017-03-14 00:24 2017-02-14 表示 GitHub Exploit DB Packet Storm
245649 9.8 CRITICAL
ネットワーク 		serialize-to-js_project serialize-to-js An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Untrusted data passed into the deserialize() function can be exploited to achieve arbitrary code execution by passing a JavaS… CWE-502
信頼性のないデータのデシリアライゼーション 		CVE-2017-5954 2017-03-14 00:23 2017-02-10 表示 GitHub Exploit DB Packet Storm
245650 10.0 CRITICAL
ネットワーク 		mrf web_panel An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi was discovered to be vulnerable to OS command injection attacks. It is possible to use… CWE-78
OSコマンド・インジェクション 		CVE-2016-10043 2017-03-13 23:59 2017-02-1 表示 GitHub Exploit DB Packet Storm