NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年11月17日16:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
245751	6.1	MEDIUM ネットワーク	soruly	whatanime.ga	An issue was discovered in whatanime.ga before c334dd8499a681587dd4199e90b0aa0eba814c1d. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "whatanime.ga-mast…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6390	2017-03-7 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245752	6.1	MEDIUM ネットワーク	kaltura	kaltura_server	An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "server-Lynx-12.11.0/admin_console/web/tools/XmlJWP…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6392	2017-03-7 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245753	6.1	MEDIUM ネットワーク	nagvis	nagvis	An issue was discovered in NagVis 1.9b12. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "nagvis-master/share/userfiles/gadgets/std_table.php" URL. An att…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6393	2017-03-7 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245754	6.1	MEDIUM ネットワーク	kaltura	kaltura_server	An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "admin_console/web/tools/SimpleJWPlayer.php" URL, t…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6391	2017-03-7 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245755	6.1	MEDIUM ネットワーク	hashover_project	hashover	An issue was discovered in HashOver 2.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the 'hashover/scripts/widget-output.php' URL. An attacker could execut…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6395	2017-03-7 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245756	6.1	MEDIUM ネットワーク	webpagetest_project	webpagetest	An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "webpagetest-master/www/compare-cf.php" URL. An …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6396	2017-03-7 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245757	9.8	CRITICAL ネットワーク	veritas	netbackup netbackup_appliance	An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.	CWE-798 ハードコードされた認証情報の使用	CVE-2017-6403	2017-03-7 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245758	6.1	MEDIUM ネットワーク	ibm	integration_bus websphere_message_broker	IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could expl…	CWE-254 セキュリティ機能	CVE-2016-9010	2017-03-7 11:59	2017-02-16	表示	GitHub Exploit DB Packet Storm

245759	9.1	CRITICAL ネットワーク	ibm	integration_bus websphere_message_broker	IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remot…	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2016-9706	2017-03-7 11:59	2017-02-16	表示	GitHub Exploit DB Packet Storm

245760	9.8	CRITICAL ネットワーク	fast-image-adder_project	fast-image-adder	Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2015-1000001	2017-03-7 11:59	2016-10-6	表示	GitHub Exploit DB Packet Storm

245761	5.0	MEDIUM	vdgsecurity	vdg_sense	VDG Security SENSE (formerly DIVA) 2.3.13 performs authentication with a password hash instead of a password, which allows remote attackers to gain login access by leveraging knowledge of a password …	CWE-287 不適切な認証	CVE-2014-9578	2017-03-7 11:59	2015-01-9	表示	GitHub Exploit DB Packet Storm

245762	8.8	HIGH ネットワーク	dropbear_ssh_project	dropbear_ssh	The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.	CWE-284 不適切なアクセス制御	CVE-2016-7408	2017-03-5 08:10	2017-03-4	表示	GitHub Exploit DB Packet Storm

245763	7.8	HIGH ローカル	samsung	samsung_mobile	Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L …	CWE-20 不適切な入力確認	CVE-2016-4038	2017-03-5 08:06	2017-02-2	表示	GitHub Exploit DB Packet Storm

245764	5.5	MEDIUM ローカル	dropbear_ssh_project	dropbear_ssh	The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident.	CWE-200 情報漏えい	CVE-2016-7409	2017-03-5 08:02	2017-03-4	表示	GitHub Exploit DB Packet Storm

245765	9.8	CRITICAL ネットワーク	dropbear_ssh_project	dropbear_ssh	Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.	CWE-20 不適切な入力確認	CVE-2016-7406	2017-03-5 08:00	2017-03-4	表示	GitHub Exploit DB Packet Storm

245766	9.8	CRITICAL ネットワーク	dropbear_ssh_project	dropbear_ssh	The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file.	CWE-20 不適切な入力確認	CVE-2016-7407	2017-03-5 07:55	2017-03-4	表示	GitHub Exploit DB Packet Storm

245767	5.5	MEDIUM ローカル	mp3splt_project	mp3splt	The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (invalid free and crash) via a crafted file.	CWE-416 解放済みメモリの使用	CVE-2017-5666	2017-03-4 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245768	5.5	MEDIUM ローカル	podofo_project	podofo	The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.	CWE-476 NULL ポインタデリファレンス	CVE-2017-5855	2017-03-4 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245769	7.8	HIGH ローカル	podofo_project	podofo	Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.	CWE-119 バッファエラー	CVE-2017-5886	2017-03-4 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245770	7.8	HIGH ローカル	radare	radare2	The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified ot…	CWE-119 バッファエラー	CVE-2017-6319	2017-03-4 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245771	5.5	MEDIUM ローカル	radare	radare2	The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file.	CWE-125 境界外読み取り	CVE-2017-6387	2017-03-4 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245772	7.8	HIGH ローカル	ibm	qradar_security_information_and_event_manager	IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341.	CWE-326 不適切な暗号強度	CVE-2016-2879	2017-03-4 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245773	6.1	MEDIUM ネットワーク	sivann	it_items_database	An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The vulnerability exists due to insufficient filtration of user-supplied data in the "value" HTTP POST parameter passed to the "itdb-…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-10216	2017-03-4 01:21	2017-02-10	表示	GitHub Exploit DB Packet Storm

245774	6.1	MEDIUM ネットワーク	fastspot	bigtree-form-builder	An issue was discovered in Fastspot BigTree bigtree-form-builder before 1.2. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP POST parameters passed to a…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-10215	2017-03-4 01:17	2017-02-10	表示	GitHub Exploit DB Packet Storm

245775	7.5	HIGH ネットワーク	cryptopp	crypto\+\+	The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows atta…	CWE-200 情報漏えい	CVE-2016-3995	2017-03-4 01:13	2017-02-14	表示	GitHub Exploit DB Packet Storm

245776	5.9	MEDIUM ネットワーク	belden_hirschmann	gecko_lite_managed_switch_firmware	An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, whi…	CWE-22 パス・トラバーサル	CVE-2017-5163	2017-03-3 23:54	2017-02-14	表示	GitHub Exploit DB Packet Storm

245777	5.5	MEDIUM ローカル	jasper_project	jasper	Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2017-5501	2017-03-3 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245778	5.5	MEDIUM ローカル	libmp3splt_project	libmp3splt	The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.	CWE-476 NULL ポインタデリファレンス	CVE-2017-5665	2017-03-3 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245779	7.8	HIGH ローカル	podofo_project	podofo	Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2017-5853	2017-03-3 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245780	5.5	MEDIUM ローカル	podofo_project	podofo	base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.	CWE-476 NULL ポインタデリファレンス	CVE-2017-5854	2017-03-3 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245781	5.4	MEDIUM ネットワーク	ibm	connections	IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-5932	2017-03-3 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245782	9.8	CRITICAL ネットワーク	lenovo	xclarity_administrator	Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.	CWE-532 ログファイルからの情報漏えい	CVE-2016-8233	2017-03-3 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245783	5.5	MEDIUM ローカル	libav	libav	libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.	CWE-189 数値処理の問題	CVE-2016-9819	2017-03-3 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245784	5.5	MEDIUM ローカル	libav	libav	libavcodec/mpegvideo_motion.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.	CWE-189 数値処理の問題	CVE-2016-9820	2017-03-3 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245785	5.5	MEDIUM ローカル	libav	libav	libavcodec/x86/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.	CWE-119 バッファエラー	CVE-2016-9823	2017-03-3 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245786	5.5	MEDIUM ローカル	libav	libav	Integer overflow in libswscale/x86/swscale.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2016-9824	2017-03-3 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245787	5.5	MEDIUM ローカル	libav	libav	libswscale/utils.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.	CWE-189 数値処理の問題	CVE-2016-9825	2017-03-3 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245788	5.5	MEDIUM ローカル	libav	libav	libavcodec/ituh263dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.	CWE-189 数値処理の問題	CVE-2016-9826	2017-03-3 11:59	2017-03-2	表示	GitHub Exploit DB Packet Storm

245789	8.1	HIGH ネットワーク	ibm	rational_rhapsody_design_manager	IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerabil…	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2016-8974	2017-03-3 01:19	2017-02-24	表示	GitHub Exploit DB Packet Storm

245790	6.4	MEDIUM ネットワーク	emc	powerpath_virtual_appliance	EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be exploite…	CWE-200 情報漏えい	CVE-2016-0890	2017-03-3 01:18	2017-02-3	表示	GitHub Exploit DB Packet Storm

245791	5.9	MEDIUM ネットワーク	fortinet	fortios	The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption.	CWE-200 情報漏えい	CVE-2016-8492	2017-03-3 01:18	2017-02-9	表示	GitHub Exploit DB Packet Storm

245792	6.5	MEDIUM 隣接	intel	x710_series_driver xl710_series_driver	Drivers for the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 families before version 22.0 are vulnerable to a denial of service in certain layer 2 network configurations.	NVD-CWE-noinfo	CVE-2016-8105	2017-03-3 01:17	2017-02-28	表示	GitHub Exploit DB Packet Storm

245793	5.9	MEDIUM ネットワーク	radware	alteon	Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-02…	CWE-200 情報漏えい	CVE-2016-10212	2017-03-3 01:12	2017-02-9	表示	GitHub Exploit DB Packet Storm

245794	8.8	HIGH ネットワーク	sagecrm	sagecrm	A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The AP_DocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to …	CWE-89 SQLインジェクション	CVE-2017-5218	2017-03-3 00:59	2017-02-2	表示	GitHub Exploit DB Packet Storm

245795	5.9	MEDIUM ローカル	grails	pdf_plugin	XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document.	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2017-6344	2017-03-3 00:34	2017-02-27	表示	GitHub Exploit DB Packet Storm

245796	8.8	HIGH ネットワーク	opentext	documentum_content_server	OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict D…	CWE-74 インジェクション	CVE-2017-5585	2017-03-3 00:29	2017-02-23	表示	GitHub Exploit DB Packet Storm

245797	9.8	CRITICAL ネットワーク	emerson	liebert_sitescan_web	An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML par…	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2016-8348	2017-03-3 00:05	2017-02-14	表示	GitHub Exploit DB Packet Storm

245798	8.1	HIGH ネットワーク	forgerock	racf_connector	Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote …	CWE-20 不適切な入力確認	CVE-2016-6500	2017-03-3 00:02	2017-02-4	表示	GitHub Exploit DB Packet Storm

245799	7.5	HIGH ネットワーク	allwinner amd intel nvidia samsung	a64 athlon_ii_640_x4 e-350 fx-8120_8-core fx-8320_8-core fx-8350_8-core phenom_9550_4-core atom_c2750 celeron_n2840 core_i5_m480 core_i7-2620qm core_i7-3632qm core…	Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU o…	CWE-200 情報漏えい	CVE-2017-5925	2017-03-2 11:59	2017-02-27	表示	GitHub Exploit DB Packet Storm

245800	7.5	HIGH ネットワーク	allwinner amd intel nvidia samsung	a64 athlon_ii_640_x4 e-350 fx-8120_8-core fx-8320_8-core fx-8350_8-core phenom_9550_4-core atom_c2750 celeron_n2840 core_i5_m480 core_i7-2620qm core_i7-3632qm core…	Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU ope…	CWE-200 情報漏えい	CVE-2017-5926	2017-03-2 11:59	2017-02-27	表示	GitHub Exploit DB Packet Storm