NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年11月18日5:14

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
246101	5.0	MEDIUM	cabletron	smartswitch_router_8000_firmware	Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle 200 ARP requests per second allowing a denial of service attack to succeed with a flood of ARP requests exceeding that limit.	NVD-CWE-Other	CVE-1999-1548	2017-02-16 11:59	1999-11-24	表示	GitHub Exploit DB Packet Storm

246102	3.7	LOW ネットワーク	ibm	sterling_selling_and_fulfillment_foundation	IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error pa…	CWE-200 情報漏えい	CVE-2016-5953	2017-02-16 00:31	2017-02-2	表示	GitHub Exploit DB Packet Storm

246103	7.2	HIGH ネットワーク	ibm	general_parallel_file_system spectrum_scale	IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the…	CWE-119 バッファエラー	CVE-2016-6115	2017-02-15 23:14	2017-02-2	表示	GitHub Exploit DB Packet Storm

246104	5.5	MEDIUM ローカル	ibm	cloud_orchestrator smartcloud_orchestrator	A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual …	CWE-200 情報漏えい	CVE-2016-0203	2017-02-15 23:13	2017-02-9	表示	GitHub Exploit DB Packet Storm

246105	5.4	MEDIUM ネットワーク	ibm	rational_doors_next_generation rational_requirements_composer	IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-1128	2017-02-15 23:09	2017-02-9	表示	GitHub Exploit DB Packet Storm

246106	5.4	MEDIUM ネットワーク	ibm	biginsights	IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted UR…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-2924	2017-02-15 23:09	2017-02-2	表示	GitHub Exploit DB Packet Storm

246107	3.3	LOW ローカル	ibm	cloud_orchestrator	IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL.	CWE-20 不適切な入力確認	CVE-2016-0206	2017-02-15 22:46	2017-02-9	表示	GitHub Exploit DB Packet Storm

246108	7.3	HIGH ローカル	ibm	tivoli_storage_manager_fastback	IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit…	CWE-264 認可・権限・アクセス制御	CVE-2016-5934	2017-02-15 22:39	2017-02-9	表示	GitHub Exploit DB Packet Storm

246109	6.1	MEDIUM ネットワーク	ibm	social_rendering_templates_for_digital_data_connector	IBM Social Rendering Templates for Digital Data Connector is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the int…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-8936	2017-02-15 22:38	2017-02-2	表示	GitHub Exploit DB Packet Storm

246110	4.3	MEDIUM ネットワーク	ibm	rational_doors_next_generation rational_requirements_composer	IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system.	CWE-200 情報漏えい	CVE-2016-9748	2017-02-15 22:38	2017-02-9	表示	GitHub Exploit DB Packet Storm

246111	7.8	HIGH ローカル	ibm	bigfix_platform	IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be exe…	CWE-284 不適切なアクセス制御	CVE-2016-0214	2017-02-15 22:33	2017-02-9	表示	GitHub Exploit DB Packet Storm

246112	4.7	MEDIUM ローカル	ibm	tivoli_storage_manager_for_space_management	IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed.	CWE-200 情報漏えい	CVE-2016-5918	2017-02-15 22:19	2017-02-9	表示	GitHub Exploit DB Packet Storm

246113	5.9	MEDIUM ネットワーク	ibm	dashboard_application_services_hub	IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerabi…	CWE-200 情報漏えい	CVE-2016-5935	2017-02-15 22:15	2017-02-3	表示	GitHub Exploit DB Packet Storm

246114	5.4	MEDIUM ネットワーク	ibm	rational_doors_next_generation rational_requirements_composer	IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-1127	2017-02-15 22:14	2017-02-9	表示	GitHub Exploit DB Packet Storm

246115	5.3	MEDIUM ネットワーク	ibm	sterling_b2b_integrator	IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to …	CWE-200 情報漏えい	CVE-2016-0210	2017-02-15 22:13	2017-02-9	表示	GitHub Exploit DB Packet Storm

246116	5.4	MEDIUM ネットワーク	ibm	biginsights	IBM Infosphere BigInsights is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-2992	2017-02-15 22:13	2017-02-2	表示	GitHub Exploit DB Packet Storm

246117	9.8	CRITICAL ネットワーク	ibm	dashdb_local	IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database.	CWE-798 ハードコードされた認証情報の使用	CVE-2016-8954	2017-02-15 21:49	2017-02-9	表示	GitHub Exploit DB Packet Storm

246118	5.9	MEDIUM ネットワーク	exim canonical debian	exim ubuntu_linux debian_linux	Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.	CWE-320 鍵管理のエラー	CVE-2016-9963	2017-02-15 21:47	2017-02-2	表示	GitHub Exploit DB Packet Storm

246119	3.3	LOW ローカル	ibm	cloud_orchestrator	A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view…	CWE-200 情報漏えい	CVE-2016-0202	2017-02-15 21:39	2017-02-9	表示	GitHub Exploit DB Packet Storm

246120	5.4	MEDIUM ネットワーク	ibm	rational_collaborative_lifecycle_management	IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-6032	2017-02-15 21:34	2017-02-9	表示	GitHub Exploit DB Packet Storm

246121	3.1	LOW ネットワーク	ibm	forms_experience_builder	IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.	CWE-918 サーバサイドリクエストフォージェリ	CVE-2016-6001	2017-02-15 21:32	2017-02-2	表示	GitHub Exploit DB Packet Storm

246122	2.8	LOW ローカル	ibm	cloud_orchestrator smartcloud_orchestrator	A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API …	CWE-284 不適切なアクセス制御	CVE-2015-7494	2017-02-15 03:45	2017-02-9	表示	GitHub Exploit DB Packet Storm

246123	4.4	MEDIUM ローカル	ibm	websphere_extreme_scale	IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator pri…	CWE-200 情報漏えい	CVE-2015-7418	2017-02-15 03:19	2017-02-9	表示	GitHub Exploit DB Packet Storm

246124	7.5	HIGH ネットワーク	ibm	urbancode_deploy	IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent.	CWE-284 不適切なアクセス制御	CVE-2016-9008	2017-02-14 07:43	2017-02-2	表示	GitHub Exploit DB Packet Storm

246125	5.5	MEDIUM ローカル	ibm	license_metric_tool bigfix_inventory	IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.	CWE-200 情報漏えい	CVE-2016-8963	2017-02-14 07:42	2017-02-2	表示	GitHub Exploit DB Packet Storm

246126	6.1	MEDIUM ネットワーク	ibm	license_metric_tool bigfix_inventory	IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could…	CWE-601 オープンリダイレクト	CVE-2016-8961	2017-02-14 07:39	2017-02-2	表示	GitHub Exploit DB Packet Storm

246127	10.0	CRITICAL ネットワーク	ibm	urbancode_deploy	IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host cu…	CWE-284 不適切なアクセス制御	CVE-2016-8938	2017-02-14 07:38	2017-02-2	表示	GitHub Exploit DB Packet Storm

246128	5.9	MEDIUM ネットワーク	ibm	license_metric_tool bigfix_inventory	IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerab…	CWE-200 情報漏えい	CVE-2016-8966	2017-02-14 07:35	2017-02-2	表示	GitHub Exploit DB Packet Storm

246129	5.5	MEDIUM ローカル	ibm	license_metric_tool bigfix_inventory	IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.	CWE-200 情報漏えい	CVE-2016-8981	2017-02-14 07:35	2017-02-2	表示	GitHub Exploit DB Packet Storm

246130	3.1	LOW ネットワーク	ibm	spectrum_control tivoli_storage_productivity_center	IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server.	CWE-284 不適切なアクセス制御	CVE-2016-8942	2017-02-14 07:28	2017-02-2	表示	GitHub Exploit DB Packet Storm

246131	8.1	HIGH ネットワーク	ibm	license_metric_tool bigfix_inventory	IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to ex…	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2016-8980	2017-02-14 07:25	2017-02-2	表示	GitHub Exploit DB Packet Storm

246132	5.3	MEDIUM ネットワーク	ibm	license_metric_tool bigfix_inventory	IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system.	CWE-200 情報漏えい	CVE-2016-8977	2017-02-14 07:23	2017-02-2	表示	GitHub Exploit DB Packet Storm

246133	5.4	MEDIUM ネットワーク	ibm	spectrum_control tivoli_storage_productivity_center	IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-8943	2017-02-14 07:22	2017-02-2	表示	GitHub Exploit DB Packet Storm

246134	7.5	HIGH ネットワーク	ibm	websphere_application_server	IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources.	CWE-399 リソース管理の問題	CVE-2016-8919	2017-02-14 07:20	2017-02-2	表示	GitHub Exploit DB Packet Storm

246135	7.5	HIGH ネットワーク	libtorrent	libtorrent	The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service (segmentation fault and crash) via a crafted GZIP response.	CWE-20 不適切な入力確認	CVE-2016-7164	2017-02-14 06:55	2017-02-8	表示	GitHub Exploit DB Packet Storm

246136	8.8	HIGH ネットワーク	ibm	filenet_workplace_xt	IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2016-8921	2017-02-14 06:52	2017-02-2	表示	GitHub Exploit DB Packet Storm

246137	9.8	CRITICAL ネットワーク	gradle	gradle	ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2016-6199	2017-02-14 06:51	2017-02-8	表示	GitHub Exploit DB Packet Storm

246138	7.2	HIGH ネットワーク	ibm	security_key_lifecycle_manager	IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute …	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2016-6104	2017-02-14 06:48	2017-02-8	表示	GitHub Exploit DB Packet Storm

246139	7.5	HIGH ネットワーク	ibm	urbancode_deploy	IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties.	CWE-200 情報漏えい	CVE-2016-6068	2017-02-14 06:31	2017-02-2	表示	GitHub Exploit DB Packet Storm

246140	7.8	HIGH ローカル	ibm	tivoli_storage_manager	The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker could overflow a buffer and execute arbitrar…	CWE-119 バッファエラー	CVE-2016-5985	2017-02-14 06:29	2017-02-2	表示	GitHub Exploit DB Packet Storm

246141	6.1	MEDIUM ネットワーク	ibm	infosphere_information_server infosphere_information_server_on_cloud	IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted U…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-5984	2017-02-14 06:26	2017-02-2	表示	GitHub Exploit DB Packet Storm

246142	5.3	MEDIUM ネットワーク	ibm	maximo_asset_management maximo_for_aviation maximo_for_life_sciences maximo_for_nuclear_power maximo_for_oil_and_gas maximo_for_transportation	IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser.	CWE-200 情報漏えい	CVE-2016-5896	2017-02-14 06:25	2017-02-2	表示	GitHub Exploit DB Packet Storm

246143	6.1	MEDIUM ネットワーク	ibm	maximo_asset_management maximo_for_aviation maximo_for_energy_optimization maximo_for_government maximo_for_life_sciences maximo_for_nuclear_power maximo_for_oil_and_gas maximo_f…	IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-5902	2017-02-14 06:25	2017-02-9	表示	GitHub Exploit DB Packet Storm

246144	9.8	CRITICAL ネットワーク	ibm	security_privileged_identity_manager	IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.	CWE-284 不適切なアクセス制御	CVE-2016-5964	2017-02-14 06:25	2017-02-2	表示	GitHub Exploit DB Packet Storm

246145	4.4	MEDIUM ローカル	ibm	security_appscan_source	IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily.	CWE-326 不適切な暗号強度	CVE-2016-3034	2017-02-14 06:21	2017-02-2	表示	GitHub Exploit DB Packet Storm

246146	7.5	HIGH ネットワーク	ibm	urbancode_deploy	IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine.	CWE-284 不適切なアクセス制御	CVE-2016-2942	2017-02-14 04:50	2017-02-2	表示	GitHub Exploit DB Packet Storm

246147	4.3	MEDIUM ネットワーク	ibm	rational_collaborative_lifecycle_management	An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user.	CWE-200 情報漏えい	CVE-2016-2866	2017-02-14 04:49	2017-02-9	表示	GitHub Exploit DB Packet Storm

246148	4.3	MEDIUM ネットワーク	ibm	urbancode_deploy	IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legit…	CWE-284 不適切なアクセス制御	CVE-2016-0320	2017-02-14 04:44	2017-02-2	表示	GitHub Exploit DB Packet Storm

246149	4.7	MEDIUM ローカル	ibm	infosphere_information_server	IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information.	CWE-200 情報漏えい	CVE-2015-7493	2017-02-14 04:41	2017-02-9	表示	GitHub Exploit DB Packet Storm

246150	6.8	MEDIUM ネットワーク	ibm	tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware	IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges.	CWE-200 情報漏えい	CVE-2016-6034	2017-02-14 02:33	2017-02-2	表示	GitHub Exploit DB Packet Storm