NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年11月18日12:12

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
246201	6.1	MEDIUM ネットワーク	zoneminder	zoneminder	Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-5367	2017-02-10 11:59	2017-02-7	表示	GitHub Exploit DB Packet Storm

246202	8.8	HIGH ネットワーク	zoneminder	zoneminder	ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the c…	CWE-352 同一生成元ポリシー違反	CVE-2017-5368	2017-02-10 11:59	2017-02-7	表示	GitHub Exploit DB Packet Storm

246203	5.4	MEDIUM ネットワーク	ibm	connections	IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execut…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-0305	2017-02-10 11:59	2017-02-9	表示	GitHub Exploit DB Packet Storm

246204	4.3	MEDIUM ネットワーク	ibm	connections	IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.	CWE-200 情報漏えい	CVE-2016-0307	2017-02-10 11:59	2017-02-9	表示	GitHub Exploit DB Packet Storm

246205	4.3	MEDIUM ネットワーク	ibm	connections	IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.	CWE-284 不適切なアクセス制御	CVE-2016-0308	2017-02-10 11:59	2017-02-9	表示	GitHub Exploit DB Packet Storm

246206	5.4	MEDIUM ネットワーク	ibm	connections	IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-0310	2017-02-10 11:59	2017-02-9	表示	GitHub Exploit DB Packet Storm

246207	6.1	MEDIUM ネットワーク	plone	plone	Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary w…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-7147	2017-02-10 11:59	2017-02-4	表示	GitHub Exploit DB Packet Storm

246208	6.1	MEDIUM ネットワーク	ibm	security_key_lifecycle_manager tivoli_key_lifecycle_manager	IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-6096	2017-02-10 07:29	2017-02-8	表示	GitHub Exploit DB Packet Storm

246209	7.5	HIGH ネットワーク	gnu	libiberty	The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.	CWE-20 不適切な入力確認	CVE-2016-6131	2017-02-10 07:28	2017-02-8	表示	GitHub Exploit DB Packet Storm

246210	6.2	MEDIUM ローカル	ibm	security_key_lifecycle_manager tivoli_key_lifecycle_manager	IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user.	CWE-200 情報漏えい	CVE-2016-6092	2017-02-10 07:19	2017-02-8	表示	GitHub Exploit DB Packet Storm

246211	4.3	MEDIUM ネットワーク	ibm	security_key_lifecycle_manager tivoli_key_lifecycle_manager	IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data.	CWE-200 情報漏えい	CVE-2016-6094	2017-02-10 07:19	2017-02-8	表示	GitHub Exploit DB Packet Storm

246212	4.0	MEDIUM ローカル	ibm	security_key_lifecycle_manager tivoli_key_lifecycle_manager	IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system.	CWE-200 情報漏えい	CVE-2016-6097	2017-02-10 07:19	2017-02-8	表示	GitHub Exploit DB Packet Storm

246213	9.1	CRITICAL ネットワーク	saltstack	salt	Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.	CWE-284 不適切なアクセス制御	CVE-2016-9639	2017-02-10 07:08	2017-02-8	表示	GitHub Exploit DB Packet Storm

246214	5.5	MEDIUM ローカル	linux	linux_kernel	The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (sys…	CWE-119 バッファエラー	CVE-2016-10154	2017-02-10 06:55	2017-02-6	表示	GitHub Exploit DB Packet Storm

246215	5.8	MEDIUM ネットワーク	cisco	firepower_management_center	A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More I…	CWE-20 不適切な入力確認	CVE-2017-3814	2017-02-10 06:41	2017-02-3	表示	GitHub Exploit DB Packet Storm

246216	4.3	MEDIUM ネットワーク	ibm	tivoli_storage_manager	IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy.	CWE-284 不適切なアクセス制御	CVE-2016-6044	2017-02-10 06:38	2017-02-2	表示	GitHub Exploit DB Packet Storm

246217	4.3	MEDIUM ネットワーク	ibm	kenexa_lcms_premier	IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request.	CWE-254 セキュリティ機能	CVE-2016-5949	2017-02-10 06:37	2017-02-2	表示	GitHub Exploit DB Packet Storm

246218	7.0	HIGH ローカル	ibm	tivoli_storage_manager	Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced.	CWE-384 セッションの固定化	CVE-2016-6043	2017-02-10 06:37	2017-02-2	表示	GitHub Exploit DB Packet Storm

246219	5.4	MEDIUM ネットワーク	ibm	kenexa_lcms_premier	IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-5948	2017-02-10 06:36	2017-02-2	表示	GitHub Exploit DB Packet Storm

246220	5.4	MEDIUM ネットワーク	ibm	websphere_application_server	IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-8934	2017-02-10 06:33	2017-02-2	表示	GitHub Exploit DB Packet Storm

246221	3.7	LOW ネットワーク	ibm	security_access_manager security_access_manager_for_mobile security_access_manager_for_web	IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer he…	CWE-200 情報漏えい	CVE-2016-3045	2017-02-10 06:26	2017-02-2	表示	GitHub Exploit DB Packet Storm

246222	6.5	MEDIUM ネットワーク	ibm	kenexa_lcms_premier	IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user.	CWE-255 証明書・パスワード管理	CVE-2016-5950	2017-02-10 06:25	2017-02-2	表示	GitHub Exploit DB Packet Storm

246223	8.8	HIGH ネットワーク	ibm	tivoli_storage_manager	IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the w…	CWE-352 同一生成元ポリシー違反	CVE-2016-6045	2017-02-10 06:25	2017-02-2	表示	GitHub Exploit DB Packet Storm

246224	5.9	MEDIUM ネットワーク	ibm	integration_bus	IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials.	CWE-255 証明書・パスワード管理	CVE-2016-8918	2017-02-10 06:21	2017-02-2	表示	GitHub Exploit DB Packet Storm

246225	5.5	MEDIUM ローカル	linux	linux_kernel	Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportu…	CWE-200 情報漏えい	CVE-2017-5550	2017-02-10 04:15	2017-02-6	表示	GitHub Exploit DB Packet Storm

246226	7.3	HIGH ローカル	ibm	security_appscan	IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. By persuading a victim to open specially-crafte…	CWE-119 バッファエラー	CVE-2016-6042	2017-02-10 04:10	2017-02-2	表示	GitHub Exploit DB Packet Storm

246227	5.4	MEDIUM ネットワーク	ibm	tivoli_storage_manager	IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-6046	2017-02-10 04:00	2017-02-2	表示	GitHub Exploit DB Packet Storm

246228	5.4	MEDIUM ネットワーク	ibm	maximo_asset_management maximo_for_aviation maximo_for_life_sciences maximo_for_nuclear_power maximo_for_oil_and_gas maximo_for_transportation maximo_for_utilities smartcloud_con…	IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-6072	2017-02-10 03:56	2017-02-2	表示	GitHub Exploit DB Packet Storm

246229	5.4	MEDIUM ネットワーク	ibm	tririga_application_platform	IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-5980	2017-02-10 03:48	2017-02-2	表示	GitHub Exploit DB Packet Storm

246230	6.1	MEDIUM ネットワーク	ibm	sterling_b2b_integrator	IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a …	CWE-601 オープンリダイレクト	CVE-2016-6020	2017-02-10 02:03	2017-02-2	表示	GitHub Exploit DB Packet Storm

246231	5.5	MEDIUM ローカル	ibm	license_metric_tool bigfix_inventory	IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.	CWE-255 証明書・パスワード管理	CVE-2016-8967	2017-02-10 00:11	2017-02-2	表示	GitHub Exploit DB Packet Storm

246232	7.8	HIGH ローカル	linux	linux_kernel	The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memor…	CWE-399 リソース管理の問題	CVE-2016-10153	2017-02-9 23:57	2017-02-6	表示	GitHub Exploit DB Packet Storm

246233	6.1	MEDIUM ネットワーク	ibm	tririga_application_platform	IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-6000	2017-02-9 04:04	2017-02-2	表示	GitHub Exploit DB Packet Storm

246234	8.8	HIGH ネットワーク	ibm	kenexa_lcms_premier	IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trust…	CWE-352 同一生成元ポリシー違反	CVE-2016-5937	2017-02-9 04:03	2017-02-2	表示	GitHub Exploit DB Packet Storm

246235	8.8	HIGH ネットワーク	ibm	kenexa_lcms_premier	IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete informati…	CWE-89 SQLインジェクション	CVE-2016-5952	2017-02-9 03:52	2017-02-2	表示	GitHub Exploit DB Packet Storm

246236	5.4	MEDIUM ネットワーク	ibm	kenexa_lcms_premier	IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-5951	2017-02-9 03:51	2017-02-2	表示	GitHub Exploit DB Packet Storm

246237	5.3	MEDIUM ネットワーク	openafs	openafs	OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC re…	CWE-200 情報漏えい	CVE-2016-9772	2017-02-9 03:46	2017-02-7	表示	GitHub Exploit DB Packet Storm

246238	9.8	CRITICAL ネットワーク	exponentcms	exponent_cms	An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to…	CWE-89 SQLインジェクション	CVE-2017-5879	2017-02-9 03:44	2017-02-7	表示	GitHub Exploit DB Packet Storm

246239	5.5	MEDIUM ローカル	libtiff debian	libtiff debian_linux	Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file.	CWE-125 境界外読み取り	CVE-2016-9532	2017-02-9 03:43	2017-02-7	表示	GitHub Exploit DB Packet Storm

246240	8.1	HIGH ネットワーク	ibm	infosphere_datastage infosphere_information_server infosphere_information_server_on_cloud	IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerabi…	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2016-6059	2017-02-9 03:42	2017-02-2	表示	GitHub Exploit DB Packet Storm

246241	5.5	MEDIUM ローカル	linux	linux_kernel	The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local…	CWE-388 エラー処理	CVE-2017-5577	2017-02-9 03:32	2017-02-6	表示	GitHub Exploit DB Packet Storm

246242	7.5	HIGH ネットワーク	huawei	oceanstor_5800_v3	Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers to cause a denial of service (CPU consumption) via a large number of crafted HTTP packets.	CWE-399 リソース管理の問題	CVE-2016-5822	2017-02-9 03:23	2017-01-28	表示	GitHub Exploit DB Packet Storm

246243	6.5	MEDIUM 隣接	ibm	bigfix_platform	IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers.	CWE-284 不適切なアクセス制御	CVE-2016-6085	2017-02-9 03:22	2017-02-2	表示	GitHub Exploit DB Packet Storm

246244	4.3	MEDIUM ネットワーク	ibm	kenexa_lms_on_cloud	IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users.	CWE-200 情報漏えい	CVE-2016-6122	2017-02-9 03:22	2017-02-2	表示	GitHub Exploit DB Packet Storm

246245	10.0	CRITICAL ネットワーク	ibm	bigfix_platform	IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit this vulnerability to execute arbitrary…	CWE-416 解放済みメモリの使用	CVE-2016-6082	2017-02-9 03:20	2017-02-2	表示	GitHub Exploit DB Packet Storm

246246	5.5	MEDIUM ローカル	onionshare	onionshare	hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory.	CWE-284 不適切なアクセス制御	CVE-2016-5026	2017-02-9 02:14	2017-01-31	表示	GitHub Exploit DB Packet Storm

246247	5.0	MEDIUM ネットワーク	ibm	rational_collaborative_lifecycle_management	IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced.	CWE-384 セッションの固定化	CVE-2016-6040	2017-02-9 02:03	2017-02-2	表示	GitHub Exploit DB Packet Storm

246248	5.3	MEDIUM ネットワーク	ibm	security_key_lifecycle_manager	IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system.	CWE-200 情報漏えい	CVE-2016-6099	2017-02-9 01:50	2017-02-3	表示	GitHub Exploit DB Packet Storm

246249	4.3	MEDIUM	ibm	websphere_mq	Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 8.0 before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via a craf…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-0176	2017-02-8 23:26	2015-04-27	表示	GitHub Exploit DB Packet Storm

246250	6.1	MEDIUM ネットワーク	sanadata	sanacms	Cross-site scripting (XSS) vulnerability in index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-5882	2017-02-8 11:59	2017-02-5	表示	GitHub Exploit DB Packet Storm