NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年11月17日16:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
245801	7.5	HIGH ネットワーク	allwinner amd intel nvidia samsung	a64 athlon_ii_640_x4 e-350 fx-8120_8-core fx-8320_8-core fx-8350_8-core phenom_9550_4-core atom_c2750 celeron_n2840 core_i5_m480 core_i7-2620qm core_i7-3632qm core…	Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU ope…	CWE-200 情報漏えい	CVE-2017-5927	2017-03-2 11:59	2017-02-27	表示	GitHub Exploit DB Packet Storm

245802	8.8	HIGH ネットワーク	digisol	dg-hr1400_firmware	Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of a…	CWE-352 同一生成元ポリシー違反	CVE-2017-6127	2017-03-2 11:59	2017-02-22	表示	GitHub Exploit DB Packet Storm

245803	5.5	MEDIUM ローカル	radare	radare2	The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as d…	CWE-476 NULL ポインタデリファレンス	CVE-2017-6197	2017-03-2 11:59	2017-02-24	表示	GitHub Exploit DB Packet Storm

245804	6.5	MEDIUM ネットワーク	ibm	websphere_mq	IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661.	CWE-19 データ処理	CVE-2016-3013	2017-03-2 11:59	2017-02-23	表示	GitHub Exploit DB Packet Storm

245805	6.1	MEDIUM ネットワーク	ibm	security_access_manager security_access_manager_for_mobile security_access_manager_for_web	IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-3018	2017-03-2 11:59	2017-02-2	表示	GitHub Exploit DB Packet Storm

245806	6.5	MEDIUM ネットワーク	ibm	websphere_mq	IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649.	CWE-284 不適切なアクセス制御	CVE-2016-8915	2017-03-2 11:59	2017-02-23	表示	GitHub Exploit DB Packet Storm

245807	6.5	MEDIUM ネットワーク	ibm	websphere_mq	IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648.	CWE-284 不適切なアクセス制御	CVE-2016-8986	2017-03-2 11:59	2017-02-23	表示	GitHub Exploit DB Packet Storm

245808	7.2	HIGH ネットワーク	ibm	tivoli_storage_manager	IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on …	CWE-119 バッファエラー	CVE-2016-8998	2017-03-2 11:59	2017-02-25	表示	GitHub Exploit DB Packet Storm

245809	3.1	LOW ネットワーク	ibm	websphere_mq	IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647.	CWE-264 CWE-20 認可・権限・アクセス制御不適切な入力確認	CVE-2016-9009	2017-03-2 11:59	2017-02-25	表示	GitHub Exploit DB Packet Storm

245810	8.8	HIGH ネットワーク	ibm	dashboard_application_services_hub	IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that …	CWE-352 同一生成元ポリシー違反	CVE-2016-9975	2017-03-2 11:59	2017-02-25	表示	GitHub Exploit DB Packet Storm

245811	9.8	CRITICAL ネットワーク	dotnetnuke	dotnetnuke	The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.	CWE-264 認可・権限・アクセス制御	CVE-2015-2794	2017-03-2 11:59	2017-02-7	表示	GitHub Exploit DB Packet Storm

245812	3.3	LOW ローカル	saltstack	salt	The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.	CWE-200 情報漏えい	CVE-2015-8034	2017-03-2 11:59	2017-01-31	表示	GitHub Exploit DB Packet Storm

245813	9.8	CRITICAL ネットワーク	gosa_project	gosa_plugin	The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password.	CWE-94 コード・インジェクション	CVE-2015-8771	2017-03-2 11:59	2017-02-14	表示	GitHub Exploit DB Packet Storm

245814	6.1	MEDIUM ネットワーク	dotclear	dotclear	Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-8831	2017-03-2 11:59	2017-02-10	表示	GitHub Exploit DB Packet Storm

245815	8.8	HIGH ネットワーク	dotclear	dotclear	Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries…	CWE-284 不適切なアクセス制御	CVE-2015-8832	2017-03-2 11:59	2017-02-10	表示	GitHub Exploit DB Packet Storm

245816	7.5	HIGH ネットワーク	uglifyjs_project	uglifyjs	The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)."	CWE-399 リソース管理の問題	CVE-2015-8858	2017-03-2 11:59	2017-01-24	表示	GitHub Exploit DB Packet Storm

245817	6.1	MEDIUM ネットワーク	mustache.js_project	mustache.js	mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-8862	2017-03-2 11:59	2017-01-24	表示	GitHub Exploit DB Packet Storm

245818	7.1	HIGH ネットワーク	ibm	kenexa_lcms_premier	IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or …	CWE-89 SQLインジェクション	CVE-2016-9993	2017-03-2 08:51	2017-03-2	表示	GitHub Exploit DB Packet Storm

245819	7.1	HIGH ネットワーク	ibm	kenexa_lcms_premier	IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or …	CWE-89 SQLインジェクション	CVE-2016-9994	2017-03-2 08:51	2017-03-2	表示	GitHub Exploit DB Packet Storm

245820	7.1	HIGH ネットワーク	ibm	kenexa_lcms_premier	IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or …	CWE-89 SQLインジェクション	CVE-2016-9992	2017-03-2 08:50	2017-03-2	表示	GitHub Exploit DB Packet Storm

245821	9.8	CRITICAL ネットワーク	kabona_ab	webdatorcentral	An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. WDC does not limit authentication attempts that may allow a brute force attack method.	CWE-287 不適切な認証	CVE-2016-8347	2017-03-2 08:46	2017-02-14	表示	GitHub Exploit DB Packet Storm

245822	9.8	CRITICAL ネットワーク	ecava	integraxor	An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's databa…	CWE-89 SQLインジェクション	CVE-2016-8341	2017-03-2 08:45	2017-02-14	表示	GitHub Exploit DB Packet Storm

245823	6.1	MEDIUM ネットワーク	ionizecms	ionize	An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtration of user-supplied data in the "path" HTTP GET parameter passed to the "ionize-master/themes/adm…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-5961	2017-03-2 08:28	2017-02-12	表示	GitHub Exploit DB Packet Storm

245824	6.1	MEDIUM ネットワーク	phalconeye_project	phalconeye	An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "phalconeye-master/pu…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-5960	2017-03-2 08:07	2017-02-12	表示	GitHub Exploit DB Packet Storm

245825	6.1	MEDIUM ネットワーク	phreesoft	phreebookserp	An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the "form" HTTP GET parameter passed to the "PhreeBooksERP…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-5990	2017-03-2 08:05	2017-02-15	表示	GitHub Exploit DB Packet Storm

245826	6.1	MEDIUM ネットワーク	poodll	moodle-filter_poodll	An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the "poodll_audio_url" HTTP GET paramet…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-5945	2017-03-2 08:04	2017-02-10	表示	GitHub Exploit DB Packet Storm

245827	5.4	MEDIUM ネットワーク	tenable	nessus	Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-9259	2017-03-1 23:53	2017-03-1	表示	GitHub Exploit DB Packet Storm

245828	5.9	MEDIUM ネットワーク	a10networks	advanced_core_operating_system	A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by le…	CWE-200 情報漏えい	CVE-2016-10213	2017-03-1 23:02	2017-02-9	表示	GitHub Exploit DB Packet Storm

245829	9.1	CRITICAL ネットワーク	adobe	campaign	Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability.	CWE-94 コード・インジェクション	CVE-2017-2968	2017-03-1 11:59	2017-02-15	表示	GitHub Exploit DB Packet Storm

245830	6.1	MEDIUM ネットワーク	adobe	campaign	Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site scripting (XSS) vulnerability.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-2969	2017-03-1 11:59	2017-02-15	表示	GitHub Exploit DB Packet Storm

245831	6.1	MEDIUM ネットワーク	cisco	unified_communications_manager	A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web i…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-3833	2017-03-1 11:59	2017-02-22	表示	GitHub Exploit DB Packet Storm

245832	9.8	CRITICAL ネットワーク	opentext	documentum_d2	OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons C…	CWE-20 不適切な入力確認	CVE-2017-5586	2017-03-1 11:59	2017-02-23	表示	GitHub Exploit DB Packet Storm

245833	5.9	MEDIUM ネットワーク	yaxim	bruno yaxim	An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This…	CWE-346 CWE-20 同一生成元ポリシー違反不適切な入力確認	CVE-2017-5589	2017-03-1 11:59	2017-02-10	表示	GitHub Exploit DB Packet Storm

245834	5.9	MEDIUM ネットワーク	chatsecure zom	chatsecure zom	An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This…	CWE-346 CWE-20 同一生成元ポリシー違反不適切な入力確認	CVE-2017-5590	2017-03-1 11:59	2017-02-10	表示	GitHub Exploit DB Packet Storm

245835	5.9	MEDIUM ネットワーク	psi-plus	psi\+	An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This…	CWE-346 CWE-20 同一生成元ポリシー違反不適切な入力確認	CVE-2017-5593	2017-03-1 11:59	2017-02-10	表示	GitHub Exploit DB Packet Storm

245836	5.9	MEDIUM ネットワーク	jappix_project	jappix	An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This…	CWE-346 CWE-20 同一生成元ポリシー違反不適切な入力確認	CVE-2017-5602	2017-03-1 11:59	2017-02-10	表示	GitHub Exploit DB Packet Storm

245837	5.9	MEDIUM ネットワーク	jitsi	jitsi	An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This…	CWE-346 CWE-20 同一生成元ポリシー違反不適切な入力確認	CVE-2017-5603	2017-03-1 11:59	2017-02-10	表示	GitHub Exploit DB Packet Storm

245838	5.9	MEDIUM ネットワーク	mcabber	mcabber	An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This…	CWE-346 CWE-20 同一生成元ポリシー違反不適切な入力確認	CVE-2017-5604	2017-03-1 11:59	2017-02-10	表示	GitHub Exploit DB Packet Storm

245839	5.9	MEDIUM ネットワーク	movim	movim	An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This…	CWE-346 CWE-20 同一生成元ポリシー違反不適切な入力確認	CVE-2017-5605	2017-03-1 11:59	2017-02-10	表示	GitHub Exploit DB Packet Storm

245840	5.9	MEDIUM ネットワーク	conversejs	converse.js	An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This…	CWE-346 CWE-20 同一生成元ポリシー違反不適切な入力確認	CVE-2017-5858	2017-03-1 11:59	2017-02-10	表示	GitHub Exploit DB Packet Storm

245841	7.2	HIGH ネットワーク	fortinet	connect	Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme.	CWE-264 認可・権限・アクセス制御	CVE-2016-8494	2017-03-1 11:59	2017-02-10	表示	GitHub Exploit DB Packet Storm

245842	8.1	HIGH ネットワーク	tor_browser_launcher_project	tor_browser_launcher	Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Troja…	CWE-254 セキュリティ機能	CVE-2016-3180	2017-03-1 04:22	2017-02-8	表示	GitHub Exploit DB Packet Storm

245843	9.9	CRITICAL ネットワーク	smiths-medical	cadd-solis_medication_safety_software	An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges…	CWE-306 重要な機能に対する認証の欠如解説	CVE-2016-8355	2017-03-1 04:02	2017-02-14	表示	GitHub Exploit DB Packet Storm

245844	8.5	HIGH ネットワーク	smiths-medical	cadd-solis_medication_safety_software	An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which…	CWE-346 同一生成元ポリシー違反	CVE-2016-8358	2017-03-1 04:02	2017-02-14	表示	GitHub Exploit DB Packet Storm

245845	4.9	MEDIUM ネットワーク	plone	plone	Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.	CWE-264 認可・権限・アクセス制御	CVE-2016-4043	2017-03-1 03:53	2017-02-25	表示	GitHub Exploit DB Packet Storm

245846	7.3	HIGH ネットワーク	jenkins	script_security	The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set arra…	CWE-254 セキュリティ機能	CVE-2016-3102	2017-03-1 02:37	2017-02-10	表示	GitHub Exploit DB Packet Storm

245847	9.8	CRITICAL ネットワーク	ibhsoftec	s7-softplc	An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Object memory can read a network packet that is larger than the space that is available, a Heap-based Buffer Overflow.	CWE-119 バッファエラー	CVE-2016-8364	2017-03-1 00:59	2017-02-14	表示	GitHub Exploit DB Packet Storm

245848	6.1	MEDIUM ネットワーク	ibm	web_content_manager_production_analytics websphere_portal	Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-8922	2017-03-1 00:18	2017-02-2	表示	GitHub Exploit DB Packet Storm

245849	7.5	HIGH ネットワーク	sap	saplpd	SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515.	CWE-20 不適切な入力確認	CVE-2016-10079	2017-02-28 11:37	2017-02-2	表示	GitHub Exploit DB Packet Storm

245850	5.3	MEDIUM ローカル	cisco	firepower_threat_defense	A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to injec…	CWE-78 OSコマンド・インジェクション	CVE-2017-3806	2017-02-28 03:42	2017-02-3	表示	GitHub Exploit DB Packet Storm