NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年11月18日16:13

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
246351 5.5 MEDIUM
ローカル 		potrace_project potrace The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulne… CWE-476
NULL ポインタデリファレンス 		CVE-2016-8695 2017-02-6 05:15 2017-02-1 表示 GitHub Exploit DB Packet Storm
246352 7.8 HIGH
ローカル 		potrace_project potrace Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability … CWE-119
バッファエラー 		CVE-2016-8699 2017-02-6 05:15 2017-02-1 表示 GitHub Exploit DB Packet Storm
246353 7.8 HIGH
ローカル 		potrace_project potrace Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability … CWE-119
バッファエラー 		CVE-2016-8700 2017-02-6 05:15 2017-02-1 表示 GitHub Exploit DB Packet Storm
246354 7.8 HIGH
ローカル 		potrace_project potrace Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability … CWE-119
バッファエラー 		CVE-2016-8701 2017-02-6 05:15 2017-02-1 表示 GitHub Exploit DB Packet Storm
246355 5.4 MEDIUM
ネットワーク 		tenable nessus Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-9260 2017-02-4 01:12 2017-02-1 表示 GitHub Exploit DB Packet Storm
246356 6.1 MEDIUM
ネットワーク 		mybb merge_system
mybb 		Cross-site scripting (XSS) vulnerability in the error handler in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inj… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-8975 2017-02-4 01:12 2017-02-1 表示 GitHub Exploit DB Packet Storm
246357 6.1 MEDIUM
ネットワーク 		mybb merge_system
mybb 		Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web scr… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-8976 2017-02-4 01:11 2017-02-1 表示 GitHub Exploit DB Packet Storm
246358 6.1 MEDIUM
ネットワーク 		atlassian jira Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-6285 2017-02-4 01:10 2017-02-1 表示 GitHub Exploit DB Packet Storm
246359 6.1 MEDIUM
ネットワーク 		mybb merge_system
mybb 		Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-9407 2017-02-4 01:10 2017-02-1 表示 GitHub Exploit DB Packet Storm
246360 6.1 MEDIUM
ネットワーク 		mybb merge_system
mybb 		Cross-site scripting (XSS) vulnerability in the User control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web s… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-9406 2017-02-4 01:09 2017-02-1 表示 GitHub Exploit DB Packet Storm
246361 6.1 MEDIUM
ネットワーク 		mybb merge_system
mybb 		Cross-site scripting (XSS) vulnerability in the Mod control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web sc… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-9408 2017-02-4 01:09 2017-02-1 表示 GitHub Exploit DB Packet Storm
246362 6.1 MEDIUM
ネットワーク 		mybb mybb Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to inject arbitrary web scrip… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-9419 2017-02-4 01:09 2017-02-1 表示 GitHub Exploit DB Packet Storm
246363 6.1 MEDIUM
ネットワーク 		piwigo piwigo Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via a crafted image filename. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2017-5608 2017-02-4 01:08 2017-01-29 表示 GitHub Exploit DB Packet Storm
246364 6.1 MEDIUM
ネットワーク 		mybb merge_system
mybb 		Cross-site scripting (XSS) vulnerability in member validation in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-9405 2017-02-4 01:00 2017-02-1 表示 GitHub Exploit DB Packet Storm
246365 6.1 MEDIUM
ネットワーク 		moinmo
canonical
debian 		moinmoin
ubuntu_linux
debian_linux 		Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-9119 2017-02-4 00:59 2017-01-31 表示 GitHub Exploit DB Packet Storm
246366 6.1 MEDIUM
ネットワーク 		mybb merge_system
mybb 		Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-9404 2017-02-4 00:59 2017-02-1 表示 GitHub Exploit DB Packet Storm
246367 6.1 MEDIUM
ネットワーク 		mybb merge_system
mybb 		Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-9409 2017-02-4 00:59 2017-02-1 表示 GitHub Exploit DB Packet Storm
246368 6.1 MEDIUM
ネットワーク 		mybb merge_system
mybb 		Cross-site scripting (XSS) vulnerability in the Users module in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 might allow remote attackers to i… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-9421 2017-02-4 00:59 2017-02-1 表示 GitHub Exploit DB Packet Storm
246369 7.8 HIGH
ローカル 		foxitsoftware foxit_pdf_toolkit Memory Corruption Vulnerability in Foxit PDF Toolkit v1.3 allows an attacker to cause Denial of Service and Remote Code Execution when the victim opens the specially crafted PDF file. The Vulnerabili… CWE-119
バッファエラー 		CVE-2017-5364 2017-02-3 11:59 2017-01-13 表示 GitHub Exploit DB Packet Storm
246370 7.5 HIGH
ネットワーク 		hexchat_project hexchat Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP … CWE-119
バッファエラー 		CVE-2016-2233 2017-02-3 11:59 2017-01-19 表示 GitHub Exploit DB Packet Storm
246371 8.1 HIGH
ネットワーク 		blackberry enterprise_service An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an … CWE-255
CWE-200
証明書・パスワード管理
情報漏えい 		CVE-2016-3130 2017-02-3 11:59 2017-01-13 表示 GitHub Exploit DB Packet Storm
246372 7.4 HIGH
ネットワーク 		hexchat_project hexchat Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name. CWE-22
パス・トラバーサル 		CVE-2016-2087 2017-02-2 11:59 2017-01-19 表示 GitHub Exploit DB Packet Storm
246373 7.5 HIGH
ネットワーク 		eclinicalworks patient_portal An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST re… CWE-89
SQLインジェクション 		CVE-2017-5598 2017-02-1 11:59 2017-01-27 表示 GitHub Exploit DB Packet Storm
246374 6.1 MEDIUM
ネットワーク 		eclinicalworks patient_portal An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a reflected Cross Site Scripting vulnerability which affects the raceMasterList.jsp page within the Patient Portal. Inse… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2017-5599 2017-02-1 11:59 2017-01-27 表示 GitHub Exploit DB Packet Storm
246375 7.8 HIGH
ローカル 		microsoft skype Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) msi.dll, (2) dpapi.dll, or (3) c… CWE-264
認可・権限・アクセス制御 		CVE-2016-5720 2017-02-1 11:59 2017-01-24 表示 GitHub Exploit DB Packet Storm
246376 5.9 MEDIUM
ネットワーク 		owncloud owncloud ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request. CWE-264
認可・権限・アクセス制御 		CVE-2016-5876 2017-02-1 11:59 2017-01-24 表示 GitHub Exploit DB Packet Storm
246377 9.8 CRITICAL
ネットワーク 		python-jose_project python-jose python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys. CWE-361
時間とステータス 		CVE-2016-7036 2017-02-1 11:59 2017-01-24 表示 GitHub Exploit DB Packet Storm
246378 7.5 HIGH
ネットワーク 		jwt_project jwt The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attac… CWE-361
時間とステータス 		CVE-2016-7037 2017-02-1 11:59 2017-01-24 表示 GitHub Exploit DB Packet Storm
246379 6.1 MEDIUM
ネットワーク 		moinmo moinmoin MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the ac… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-7146 2017-02-1 11:59 2016-11-11 表示 GitHub Exploit DB Packet Storm
246380 6.1 MEDIUM
ネットワーク 		moinmo moinmoin MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-7148 2017-02-1 11:59 2016-11-11 表示 GitHub Exploit DB Packet Storm
246381 7.8 HIGH
ローカル 		lenovo edge_keyboard_driver
slim_usb_keyboard_driver 		Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges. CWE-428
引用されない検索パスまたは要素 		CVE-2016-8225 2017-02-1 11:59 2017-01-27 表示 GitHub Exploit DB Packet Storm
246382 4.9 MEDIUM
ネットワーク 		lenovo flex_system_x240_m5_bios
flex_system_x280_m6_bios
flex_system_x480_x6_bios
flex_system_x880_x6_bios
nextscale_nx360_m5_bios
system_x3250_m6_bios
system_x3500_m5_bios
system_x3550… 		The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure. CWE-19
データ処理 		CVE-2016-8226 2017-02-1 11:59 2017-01-27 表示 GitHub Exploit DB Packet Storm
246383 9.0 CRITICAL
ネットワーク 		oracle glassfish_server Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vuln… NVD-CWE-noinfo
CVE-2016-5528 2017-02-1 01:49 2017-01-28 表示 GitHub Exploit DB Packet Storm
246384 7.3 HIGH
ネットワーク 		oracle glassfish_server Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulner… NVD-CWE-noinfo
CVE-2017-3249 2017-01-31 22:39 2017-01-28 表示 GitHub Exploit DB Packet Storm
246385 7.3 HIGH
ネットワーク 		oracle glassfish_server Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulner… CWE-200
情報漏えい 		CVE-2017-3250 2017-01-31 22:26 2017-01-28 表示 GitHub Exploit DB Packet Storm
246386 3.3 LOW
ローカル 		oracle glassfish_server Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnera… CWE-200
情報漏えい 		CVE-2017-3239 2017-01-31 11:59 2017-01-28 表示 GitHub Exploit DB Packet Storm
246387 5.9 MEDIUM
ローカル 		oracle vm_server Vulnerability in the Oracle VM Server for Sparc component of Oracle Sun Systems Products Suite (subcomponent: LDOM Manager). Supported versions that are affected are 3.2 and 3.4. Easily exploitable v… CWE-20
不適切な入力確認 		CVE-2017-3242 2017-01-31 11:59 2017-01-28 表示 GitHub Exploit DB Packet Storm
246388 4.3 MEDIUM
ネットワーク 		oracle commerce_platform Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). Supported versions that are affected are 10.0.3.5, 10.2.0.5 and 11.2.0.2. Easi… CWE-200
情報漏えい 		CVE-2017-3296 2017-01-31 04:29 2017-01-28 表示 GitHub Exploit DB Packet Storm
246389 7.8 HIGH
ローカル 		adobe acrobat
acrobat_dc
acrobat_reader_dc
reader 		Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the JPEG decoder routine. Successful exploitat… CWE-119
バッファエラー 		CVE-2017-2971 2017-01-28 11:59 2017-01-24 表示 GitHub Exploit DB Packet Storm
246390 7.8 HIGH
ローカル 		lenovo transition Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges. CWE-284
不適切なアクセス制御 		CVE-2016-8227 2017-01-28 11:59 2017-01-27 表示 GitHub Exploit DB Packet Storm
246391 9.8 CRITICAL
ネットワーク 		autodesk fbx_software_development_kit Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files. CWE-119
バッファエラー 		CVE-2016-9303 2017-01-28 11:59 2017-01-26 表示 GitHub Exploit DB Packet Storm
246392 8.8 HIGH
ネットワーク 		autodesk fbx_software_development_kit Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files. CWE-119
バッファエラー 		CVE-2016-9304 2017-01-28 11:59 2017-01-26 表示 GitHub Exploit DB Packet Storm
246393 9.8 CRITICAL
ネットワーク 		autodesk fbx_software_development_kit Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain acce… CWE-19
データ処理 		CVE-2016-9305 2017-01-28 11:59 2017-01-26 表示 GitHub Exploit DB Packet Storm
246394 9.8 CRITICAL
ネットワーク 		autodesk fbx_software_development_kit Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files. CWE-119
バッファエラー 		CVE-2016-9306 2017-01-28 11:59 2017-01-26 表示 GitHub Exploit DB Packet Storm
246395 9.8 CRITICAL
ネットワーク 		autodesk fbx_software_development_kit Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files. CWE-119
バッファエラー 		CVE-2016-9307 2017-01-28 11:59 2017-01-26 表示 GitHub Exploit DB Packet Storm
246396 7.5 HIGH
ネットワーク 		python python_priority_library A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every p… CWE-399
リソース管理の問題 		CVE-2016-6580 2017-01-28 04:42 2017-01-11 表示 GitHub Exploit DB Packet Storm
246397 7.5 HIGH
ネットワーク 		python hpack
hyper 		A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. T… CWE-399
リソース管理の問題 		CVE-2016-6581 2017-01-28 04:41 2017-01-11 表示 GitHub Exploit DB Packet Storm
246398 8.8 HIGH
ネットワーク 		cisco hybrid_meeting_server A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Inform… CWE-352
同一生成元ポリシー違反 		CVE-2016-9218 2017-01-28 04:39 2017-01-26 表示 GitHub Exploit DB Packet Storm
246399 4.3 MEDIUM
隣接 		cisco aironet_access_point_software A Denial of Service Vulnerability in 802.11 ingress connection authentication handling for the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attack… CWE-399
リソース管理の問題 		CVE-2016-9221 2017-01-28 04:39 2017-01-26 表示 GitHub Exploit DB Packet Storm
246400 7.5 HIGH
ネットワーク 		samsung samsung_mobile Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016… CWE-400
リソースの枯渇 		CVE-2017-5351 2017-01-28 03:45 2017-01-12 表示 GitHub Exploit DB Packet Storm