NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年11月17日16:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
245901	9.8	CRITICAL ネットワーク	facebook	hhvm	Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.	CWE-787 境界外書き込み	CVE-2016-6870	2017-02-23 02:53	2017-02-18	表示	GitHub Exploit DB Packet Storm

245902	9.8	CRITICAL ネットワーク	facebook	hhvm	Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow.	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2016-6871	2017-02-23 02:53	2017-02-18	表示	GitHub Exploit DB Packet Storm

245903	9.8	CRITICAL ネットワーク	facebook	hhvm	Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2016-6872	2017-02-23 02:50	2017-02-18	表示	GitHub Exploit DB Packet Storm

245904	6.1	MEDIUM ネットワーク	mantisbt	mantisbt	Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-5364	2017-02-23 02:49	2017-02-18	表示	GitHub Exploit DB Packet Storm

245905	9.8	CRITICAL ネットワーク	facebook	hhvm	Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.	NVD-CWE-Other	CVE-2016-6873	2017-02-23 02:41	2017-02-18	表示	GitHub Exploit DB Packet Storm

245906	9.8	CRITICAL ネットワーク	facebook	hhvm	<a href="http://cwe.mitre.org/data/definitions/674.html">CWE-674: Uncontrolled Recursion</a>	NVD-CWE-Other	CVE-2016-6873	2017-02-23 02:41	2017-02-18	表示	GitHub Exploit DB Packet Storm

245907	6.1	MEDIUM ネットワーク	apple	iphone_os	An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebKit" component, which allows XSS attacks against Safari.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-7762	2017-02-23 00:17	2017-02-20	表示	GitHub Exploit DB Packet Storm

245908	5.5	MEDIUM ローカル	apple	mac_os_x	An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "WiFi" component, which allows local users to obtain sensitive network-configuration inform…	CWE-200 情報漏えい	CVE-2016-7761	2017-02-23 00:14	2017-02-20	表示	GitHub Exploit DB Packet Storm

245909	4.3	MEDIUM 物理	apple	iphone_os	An issue was discovered in certain Apple products. iOS before 10 is affected. The issue involves the "Springboard" component, which allows physically proximate attackers to obtain sensitive informati…	CWE-200 情報漏えい	CVE-2016-7759	2017-02-23 00:11	2017-02-20	表示	GitHub Exploit DB Packet Storm

245910	7.5	HIGH ネットワーク	apple	iphone_os mac_os_x	An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a de…	CWE-20 不適切な入力確認	CVE-2016-7667	2017-02-23 00:10	2017-02-20	表示	GitHub Exploit DB Packet Storm

245911	5.5	MEDIUM ローカル	apple	transporter	An issue was discovered in certain Apple products. Transporter before 1.9.2 is affected. The issue involves the "iTMSTransporter" component, which allows attackers to obtain sensitive information via…	CWE-200 情報漏えい	CVE-2016-7666	2017-02-22 23:33	2017-02-20	表示	GitHub Exploit DB Packet Storm

245912	5.9	MEDIUM ネットワーク	apple	iphone_os	An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files.	CWE-326 不適切な暗号強度	CVE-2016-4685	2017-02-22 08:50	2017-02-20	表示	GitHub Exploit DB Packet Storm

245913	3.3	LOW ローカル	apple	iphone_os mac_os_x	An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover length…	CWE-255 証明書・パスワード管理	CVE-2016-4670	2017-02-22 08:46	2017-02-20	表示	GitHub Exploit DB Packet Storm

245914	7.8	HIGH ローカル	apple	mac_os_x	An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Thunderbolt" component. It allows attackers to execute arbitrary code in a privileged cont…	CWE-476 NULL ポインタデリファレンス	CVE-2016-4780	2017-02-22 08:33	2017-02-20	表示	GitHub Exploit DB Packet Storm

245915	5.5	MEDIUM ローカル	apple	icloud	An issue was discovered in certain Apple products. iCloud before 6.1 is affected. The issue involves the "Windows Security" component. It allows local users to obtain sensitive information from iClou…	CWE-200 情報漏えい	CVE-2016-7614	2017-02-22 08:09	2017-02-20	表示	GitHub Exploit DB Packet Storm

245916	4.3	MEDIUM ネットワーク	apple	iphone_os	An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Safari" component, which allows remote web servers to cause a denial of service via a crafted U…	CWE-20 不適切な入力確認	CVE-2016-7581	2017-02-22 07:57	2017-02-20	表示	GitHub Exploit DB Packet Storm

245917	8.8	HIGH ネットワーク	apple	mac_os_x	An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privile…	CWE-264 認可・権限・アクセス制御	CVE-2016-7582	2017-02-22 07:57	2017-02-20	表示	GitHub Exploit DB Packet Storm

245918	2.4	LOW 物理	apple	iphone_os	An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Clipboard" component, which allows physically proximate attackers to obtain sensitive informati…	CWE-200 情報漏えい	CVE-2016-7765	2017-02-22 04:41	2017-02-20	表示	GitHub Exploit DB Packet Storm

245919	7.8	HIGH ローカル	apple	mac_os_x	An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "xar" component, which allows remote attackers to execute arbitrary code via a crafted arch…	CWE-20 不適切な入力確認	CVE-2016-7742	2017-02-22 04:38	2017-02-20	表示	GitHub Exploit DB Packet Storm

245920	6.5	MEDIUM ネットワーク	apple	mac_os_x	An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Mail" component, which allows remote web servers to cause a denial of service via a crafted …	CWE-20 不適切な入力確認	CVE-2016-7580	2017-02-22 04:17	2017-02-20	表示	GitHub Exploit DB Packet Storm

245921	9.8	CRITICAL ネットワーク	apple	iphone_os	An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebSheet" component, which allows attackers to bypass a sandbox protection mechanism via unspec…	CWE-254 セキュリティ機能	CVE-2016-7630	2017-02-22 03:26	2017-02-20	表示	GitHub Exploit DB Packet Storm

245922	7.8	HIGH ローカル	apple	icloud	An issue was discovered in certain Apple products. iCloud before 6.0.1 is affected. The issue involves the setup subsystem in the "iCloud" component. It allows local users to gain privileges via a cr…	CWE-264 認可・権限・アクセス制御	CVE-2016-7583	2017-02-22 01:18	2017-02-20	表示	GitHub Exploit DB Packet Storm

245923	3.7	LOW ネットワーク	apple	iphone_os mac_os_x	An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger…	CWE-200 情報漏えい	CVE-2016-7577	2017-02-22 01:16	2017-02-20	表示	GitHub Exploit DB Packet Storm

245924	7.8	HIGH ローカル	apple	mac_os_x	An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Core Image" component. It allows remote attackers to execute arbitrary code or cause a den…	CWE-119 バッファエラー	CVE-2016-4681	2017-02-22 00:39	2017-02-20	表示	GitHub Exploit DB Packet Storm

245925	7.8	HIGH ローカル	apple	mac_os_x	An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial…	CWE-119 バッファエラー	CVE-2016-4683	2017-02-22 00:38	2017-02-20	表示	GitHub Exploit DB Packet Storm

245926	5.9	MEDIUM ネットワーク	apple	iphone_os mac_os_x	An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "IDS - Connectivity" component, which allows man-in-the-middle…	CWE-254 セキュリティ機能	CVE-2016-4721	2017-02-22 00:03	2017-02-20	表示	GitHub Exploit DB Packet Storm

245927	5.3	MEDIUM ネットワーク	opera apple mozilla microsoft google	opera safari firefox edge internet_explorer chrome	The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by levera…	CWE-200 情報漏えい	CVE-2016-7152	2017-02-19 15:22	2016-09-6	表示	GitHub Exploit DB Packet Storm

245928	5.3	MEDIUM ネットワーク	microsoft google apple opera mozilla	edge internet_explorer chrome safari opera_browser firefox	The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by lever…	CWE-200 情報漏えい	CVE-2016-7153	2017-02-19 15:22	2016-09-6	表示	GitHub Exploit DB Packet Storm

245929	8.8	HIGH ネットワーク	iodata	hvl-a2.0_firmware hvl-a3.0_firmware hvl-a4.0_firmware hvl-at1.0s_firmware hvl-at2.0_firmware hvl-at2.0a_firmware hvl-at3.0_firmware hvl-at3.0a_firmware hvl-at4.0_firmware h…	Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmw…	CWE-352 同一生成元ポリシー違反	CVE-2016-4845	2017-02-19 15:20	2016-09-24	表示	GitHub Exploit DB Packet Storm

245930	7.8	HIGH ローカル	optipng_project canonical debian	optipng ubuntu_linux debian_linux	Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or p…	CWE-119 バッファエラー	CVE-2016-3981	2017-02-19 15:19	2016-04-14	表示	GitHub Exploit DB Packet Storm

245931	7.4	HIGH ネットワーク	flask-oidc_project	flask-oidc	flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect	CWE-601 オープンリダイレクト	CVE-2016-1000001	2017-02-19 15:16	2016-10-8	表示	GitHub Exploit DB Packet Storm

245932	5.4	MEDIUM ネットワーク	ibm	websphere_portal	The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external e…	NVD-CWE-Other	CVE-2016-0245	2017-02-19 15:15	2016-02-29	表示	GitHub Exploit DB Packet Storm

245933	5.4	MEDIUM ネットワーク	ibm	websphere_portal	<a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>	NVD-CWE-Other	CVE-2016-0245	2017-02-19 15:15	2016-02-29	表示	GitHub Exploit DB Packet Storm

245934	7.3	HIGH ローカル	fedoraproject fuseiso_project	fedora fuseiso	Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other imp…	CWE-119 バッファエラー	CVE-2015-8836	2017-02-19 15:15	2016-03-30	表示	GitHub Exploit DB Packet Storm

245935	6.5	MEDIUM ネットワーク	cisco	ios ios_xe	The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attack…	CWE-20 不適切な入力確認	CVE-2014-2146	2017-02-19 15:03	2016-09-23	表示	GitHub Exploit DB Packet Storm

245936	6.8	MEDIUM	cisco	unified_computing_system	ethanalyzer in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02686.	CWE-20 不適切な入力確認	CVE-2012-4103	2017-02-19 14:53	2013-10-3	表示	GitHub Exploit DB Packet Storm

245937	7.2	HIGH	linux	linux_kernel	The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses…	NVD-CWE-Other	CVE-2005-1589	2017-02-19 14:08	2005-05-17	表示	GitHub Exploit DB Packet Storm

245938	2.6	LOW	linux	linux_kernel	Race condition in the sysfs_read_file and sysfs_write_file functions in Linux kernel before 2.6.10 allows local users to read kernel memory and cause a denial of service (crash) via large offsets in …	NVD-CWE-Other	CVE-2004-2302	2017-02-19 14:07	2004-12-31	表示	GitHub Exploit DB Packet Storm

245939	6.1	MEDIUM ネットワーク	otrs	otrs	Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-9139	2017-02-18 11:59	2017-02-17	表示	GitHub Exploit DB Packet Storm

245940	5.5	MEDIUM ローカル	libming	libming	The _iprintf function in outputtxt.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (buffer over-read) via a crafted SWF file.	CWE-119 バッファエラー	CVE-2016-9827	2017-02-18 11:59	2017-02-17	表示	GitHub Exploit DB Packet Storm

245941	5.5	MEDIUM ローカル	libming	libming	The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SWF file.	CWE-476 NULL ポインタデリファレンス	CVE-2016-9828	2017-02-18 11:59	2017-02-17	表示	GitHub Exploit DB Packet Storm

245942	7.8	HIGH ローカル	libming	libming	Heap-based buffer overflow in the parseSWF_DEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file.	CWE-119 バッファエラー	CVE-2016-9829	2017-02-18 11:59	2017-02-17	表示	GitHub Exploit DB Packet Storm

245943	7.8	HIGH ローカル	libming	libming	Heap-based buffer overflow in the parseSWF_RGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file.	CWE-119 バッファエラー	CVE-2016-9831	2017-02-18 11:59	2017-02-17	表示	GitHub Exploit DB Packet Storm

245944	9.8	CRITICAL ネットワーク	moxa	nport_5100_series_firmware nport_5200_series_firmware nport_5400_series_firmware nport_5600_series_firmware nport_5100a_series_firmware nport_p5150a_series_firmware nport_5200a_seri…	An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor…	CWE-287 不適切な認証	CVE-2016-9369	2017-02-18 03:12	2017-02-14	表示	GitHub Exploit DB Packet Storm

245945	7.5	HIGH ネットワーク	moxa	nport_5100_series_firmware nport_5200_series_firmware nport_5400_series_firmware nport_5600_series_firmware nport_5100a_series_firmware nport_p5150a_series_firmware nport_5200a_seri…	An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor…	CWE-400 リソースの枯渇	CVE-2016-9367	2017-02-18 03:11	2017-02-14	表示	GitHub Exploit DB Packet Storm

245946	7.3	HIGH ネットワーク	moxa	nport_5100_series_firmware nport_5200_series_firmware nport_5400_series_firmware nport_5600_series_firmware nport_5100a_series_firmware nport_p5150a_series_firmware nport_5200a_seri…	An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor…	CWE-119 バッファエラー	CVE-2016-9363	2017-02-18 03:09	2017-02-14	表示	GitHub Exploit DB Packet Storm

245947	8.8	HIGH ネットワーク	moxa	nport_5100_series_firmware nport_5200_series_firmware nport_5400_series_firmware nport_5600_series_firmware nport_5100a_series_firmware nport_p5150a_series_firmware nport_5200a_seri…	An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor…	CWE-352 同一生成元ポリシー違反	CVE-2016-9365	2017-02-18 03:09	2017-02-14	表示	GitHub Exploit DB Packet Storm

245948	9.8	CRITICAL ネットワーク	moxa	nport_5100_series_firmware nport_5200_series_firmware nport_5400_series_firmware nport_5600_series_firmware nport_5100a_series_firmware nport_p5150a_series_firmware nport_5200a_seri…	An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor…	CWE-287 不適切な認証	CVE-2016-9361	2017-02-18 03:08	2017-02-14	表示	GitHub Exploit DB Packet Storm

245949	6.1	MEDIUM ネットワーク	moxa	nport_5100_series_firmware nport_5200_series_firmware nport_5400_series_firmware nport_5600_series_firmware nport_5100a_series_firmware nport_p5150a_series_firmware nport_5200a_seri…	An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-9371	2017-02-18 03:08	2017-02-14	表示	GitHub Exploit DB Packet Storm

245950	3.3	LOW ローカル	moxa	nport_5100_series_firmware nport_5200_series_firmware nport_5400_series_firmware nport_5600_series_firmware nport_5100a_series_firmware nport_p5150a_series_firmware nport_5200a_seri…	An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor…	CWE-255 証明書・パスワード管理	CVE-2016-9348	2017-02-18 03:07	2017-02-14	表示	GitHub Exploit DB Packet Storm