NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年11月18日16:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
246401	7.8	HIGH ローカル	adobe	acrobat acrobat_dc acrobat_reader_dc reader	Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module related to JPE…	CWE-119 バッファエラー	CVE-2017-2972	2017-01-28 03:25	2017-01-24	表示	GitHub Exploit DB Packet Storm

246402	5.4	MEDIUM ネットワーク	b2evolution	b2evolution	Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-5494	2017-01-28 03:20	2017-01-16	表示	GitHub Exploit DB Packet Storm

246403	8.0	HIGH ネットワーク	cmsmadesimple	cms_made_simple	Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/a…	CWE-352 同一生成元ポリシー違反	CVE-2016-7904	2017-01-28 01:48	2017-01-16	表示	GitHub Exploit DB Packet Storm

246404	7.8	HIGH ローカル	samsung	samsung_mobile	The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a…	CWE-264 認可・権限・アクセス制御	CVE-2016-6527	2017-01-28 01:09	2017-01-19	表示	GitHub Exploit DB Packet Storm

246405	9.8	CRITICAL ネットワーク	metalgenix	genixcms	SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter.	CWE-89 SQLインジェクション	CVE-2017-5517	2017-01-28 01:08	2017-01-17	表示	GitHub Exploit DB Packet Storm

246406	7.4	HIGH ネットワーク	metalgenix	genixcms	The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address.	CWE-918 サーバサイドリクエストフォージェリ	CVE-2017-5518	2017-01-28 01:07	2017-01-17	表示	GitHub Exploit DB Packet Storm

246407	9.8	CRITICAL ネットワーク	metalgenix	genixcms	SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.	CWE-89 SQLインジェクション	CVE-2017-5519	2017-01-28 01:07	2017-01-17	表示	GitHub Exploit DB Packet Storm

246408	7.8	HIGH ローカル	samsung	samsung_mobile	The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a …	CWE-264 認可・権限・アクセス制御	CVE-2016-6526	2017-01-28 01:05	2017-01-19	表示	GitHub Exploit DB Packet Storm

246409	7.2	HIGH ネットワーク	metalgenix	genixcms	SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to gxadmin/ind…	CWE-89 SQLインジェクション	CVE-2017-5347	2017-01-28 00:17	2017-01-12	表示	GitHub Exploit DB Packet Storm

246410	8.8	HIGH ネットワーク	metalgenix	genixcms	SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default…	CWE-89 SQLインジェクション	CVE-2017-5345	2017-01-28 00:15	2017-01-12	表示	GitHub Exploit DB Packet Storm

246411	6.1	MEDIUM ネットワーク	opera	opera_browser	Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE7…	CWE-601 オープンリダイレクト	CVE-2016-6908	2017-01-28 00:06	2017-01-27	表示	GitHub Exploit DB Packet Storm

246412	5.5	MEDIUM ローカル	xen citrix	xen xenserver	VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging …	CWE-476 NULL ポインタデリファレンス	CVE-2016-10025	2017-01-27 23:22	2017-01-27	表示	GitHub Exploit DB Packet Storm

246413	7.8	HIGH ローカル	idrix	truecrypt veracrypt	Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrato…	CWE-426 信頼性のない検索パス	CVE-2016-1281	2017-01-27 11:59	2017-01-24	表示	GitHub Exploit DB Packet Storm

246414	4.3	MEDIUM 隣接	cisco	aironet_access_point_software	A Denial of Service Vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause the co…	CWE-399 リソース管理の問題	CVE-2016-9220	2017-01-27 11:59	2017-01-26	表示	GitHub Exploit DB Packet Storm

246415	6.1	MEDIUM ネットワーク	cisco	netflow_generation_appliance	A vulnerability in the web-based management interface of Cisco NetFlow Generation Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a us…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-9222	2017-01-27 11:59	2017-01-26	表示	GitHub Exploit DB Packet Storm

246416	6.1	MEDIUM ネットワーク	elfden	eshop_plugin	Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-0765	2017-01-27 05:00	2017-01-24	表示	GitHub Exploit DB Packet Storm

246417	8.8	HIGH ネットワーク	elfden	eshop_plugin	Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote…	CWE-89 SQLインジェクション	CVE-2016-0769	2017-01-27 05:00	2017-01-24	表示	GitHub Exploit DB Packet Storm

246418	4.3	MEDIUM	stunnel	stunnel	stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to u…	CWE-332 PRNG における不十分なエントロピー	CVE-2014-0016	2017-01-27 05:00	2014-03-25	表示	GitHub Exploit DB Packet Storm

246419	9.3	HIGH	novell	zenworks_handheld_management	Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7 Handheld Management (ZHM) allows remote attackers to execute arbitrary code via a crafted request to TCP port 2400.	CWE-119 バッファエラー	CVE-2010-4299	2017-01-27 05:00	2010-11-22	表示	GitHub Exploit DB Packet Storm

246420	7.5	HIGH ネットワーク	nodejs	node.js	The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."	CWE-399 リソース管理の問題	CVE-2015-8855	2017-01-27 04:33	2017-01-24	表示	GitHub Exploit DB Packet Storm

246421	7.8	HIGH ローカル	adobe	acrobat acrobat_dc acrobat_reader_dc reader	Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine related to template manipulati…	CWE-119 バッファエラー	CVE-2017-2970	2017-01-27 03:26	2017-01-24	表示	GitHub Exploit DB Packet Storm

246422	8.1	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and a…	CWE-125 境界外読み取り	CVE-2017-5556	2017-01-27 03:14	2017-01-23	表示	GitHub Exploit DB Packet Storm

246423	9.8	CRITICAL ネットワーク	metalgenix	genixcms	SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter.	CWE-89 SQLインジェクション	CVE-2017-5575	2017-01-27 03:14	2017-01-23	表示	GitHub Exploit DB Packet Storm

246424	8.1	HIGH ネットワーク	typo3	typo3	Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.	CWE-254 セキュリティ機能	CVE-2016-5091	2017-01-27 01:39	2017-01-24	表示	GitHub Exploit DB Packet Storm

246425	9.8	CRITICAL ネットワーク	joomla	joomla\!	Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors.	CWE-255 証明書・パスワード管理	CVE-2016-9081	2017-01-27 00:07	2017-01-24	表示	GitHub Exploit DB Packet Storm

246426	7.5	HIGH ネットワーク	treasuryxpress	c2box	B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft.	CWE-189 数値処理の問題	CVE-2015-4626	2017-01-27 00:07	2017-01-24	表示	GitHub Exploit DB Packet Storm

246427	8.8	HIGH ネットワーク	arista	cloudvision_portal	CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/cons…	CWE-264 認可・権限・アクセス制御	CVE-2016-9012	2017-01-27 00:02	2017-01-24	表示	GitHub Exploit DB Packet Storm

246428	5.4	MEDIUM ネットワーク	b2evolution	b2evolution	Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a jav…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-5553	2017-01-27 00:01	2017-01-23	表示	GitHub Exploit DB Packet Storm

246429	9.8	CRITICAL ネットワーク	avaya	vsp_operating_system_software	Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attack…	CWE-19 データ処理	CVE-2016-2783	2017-01-26 23:58	2017-01-24	表示	GitHub Exploit DB Packet Storm

246430	9.8	CRITICAL ネットワーク	metalgenix	genixcms	SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter.	CWE-89 SQLインジェクション	CVE-2017-5574	2017-01-26 23:45	2017-01-23	表示	GitHub Exploit DB Packet Storm

246431	9.8	CRITICAL ネットワーク	eclinicalworks	patient_portal	An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP…	CWE-89 SQLインジェクション	CVE-2017-5569	2017-01-26 22:53	2017-01-24	表示	GitHub Exploit DB Packet Storm

246432	8.8	HIGH ネットワーク	eclinicalworks	patient_portal	An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST re…	CWE-89 SQLインジェクション	CVE-2017-5570	2017-01-26 22:52	2017-01-24	表示	GitHub Exploit DB Packet Storm

246433	6.8	MEDIUM 物理	cryptsetup_project	cryptsetup	The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.	CWE-287 不適切な認証	CVE-2016-4484	2017-01-26 11:59	2017-01-24	表示	GitHub Exploit DB Packet Storm

246434	9.8	CRITICAL ネットワーク	liferay	liferay	Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp.	CWE-22 パス・トラバーサル	CVE-2016-6517	2017-01-26 11:59	2017-01-24	表示	GitHub Exploit DB Packet Storm

246435	8.8	HIGH ネットワーク	gopivotal	grails	Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of …	CWE-352 同一生成元ポリシー違反	CVE-2016-6521	2017-01-26 11:59	2017-01-24	表示	GitHub Exploit DB Packet Storm

246436	8.8	HIGH 隣接	ubiquiti_networks	unifi_ap_ac_lite_firmware	Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it.	CWE-284 不適切なアクセス制御	CVE-2016-7792	2017-01-26 11:59	2017-01-24	表示	GitHub Exploit DB Packet Storm

246437	8.8	HIGH ネットワーク	s9y	serendipity	comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.	CWE-352 同一生成元ポリシー違反	CVE-2017-5475	2017-01-26 05:25	2017-01-14	表示	GitHub Exploit DB Packet Storm

246438	8.8	HIGH ネットワーク	s9y	serendipity	Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.	CWE-352 同一生成元ポリシー違反	CVE-2017-5476	2017-01-26 05:25	2017-01-14	表示	GitHub Exploit DB Packet Storm

246439	6.1	MEDIUM ネットワーク	s9y	serendipity	Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer hea…	CWE-601 オープンリダイレクト	CVE-2017-5474	2017-01-26 05:24	2017-01-14	表示	GitHub Exploit DB Packet Storm

246440	6.1	MEDIUM ネットワーク	moodle	moodle	In Moodle 3.x, there is XSS in the assignment submission page.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-2578	2017-01-26 05:22	2017-01-20	表示	GitHub Exploit DB Packet Storm

246441	5.3	MEDIUM ネットワーク	moodle	moodle	In Moodle 3.x, glossary search displays entries without checking user permissions to view them.	CWE-200 情報漏えい	CVE-2016-5012	2017-01-26 05:21	2017-01-20	表示	GitHub Exploit DB Packet Storm

246442	9.8	CRITICAL ネットワーク	vivint	sky_control_panel_firmware	Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface.	CWE-284 不適切なアクセス制御	CVE-2014-8362	2017-01-26 03:12	2017-01-24	表示	GitHub Exploit DB Packet Storm

246443	6.5	MEDIUM ネットワーク	paessler	prtg_network_monitor	XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses…	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2015-7743	2017-01-26 03:09	2017-01-24	表示	GitHub Exploit DB Packet Storm

246444	7.5	HIGH ネットワーク	onelogin	ruby-saml	Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors.	CWE-91 ブラインド XPath インジェクション	CVE-2016-5697	2017-01-25 23:20	2017-01-24	表示	GitHub Exploit DB Packet Storm

246445	8.8	HIGH ネットワーク	gitlab	gitlab	The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as …	CWE-264 認可・権限・アクセス制御	CVE-2016-4340	2017-01-25 22:59	2017-01-24	表示	GitHub Exploit DB Packet Storm

246446	7.5	HIGH ネットワーク	keepass	keepass	The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update.	CWE-20 不適切な入力確認	CVE-2016-5119	2017-01-25 06:18	2017-01-24	表示	GitHub Exploit DB Packet Storm

246447	9.8	CRITICAL ネットワーク	giflib_project	giflib	Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors.	CWE-415 CWE-416 二重解放解放済みメモリの使用	CVE-2016-3177	2017-01-25 06:16	2017-01-24	表示	GitHub Exploit DB Packet Storm

246448	6.1	MEDIUM ネットワーク	typo3	typo3	Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-4056	2017-01-25 06:13	2017-01-24	表示	GitHub Exploit DB Packet Storm

246449	7.5	HIGH ネットワーク	nodejs	node.js	The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.	CWE-59 リンク解釈の問題	CVE-2015-8860	2017-01-25 01:13	2017-01-24	表示	GitHub Exploit DB Packet Storm

246450	6.1	MEDIUM ネットワーク	nodejs	node.js	The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-7453	2017-01-25 00:25	2017-01-24	表示	GitHub Exploit DB Packet Storm