NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年11月18日16:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
246451	6.1	MEDIUM ネットワーク	nodejs	node.js	The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-7454	2017-01-25 00:25	2017-01-24	表示	GitHub Exploit DB Packet Storm

246452	6.1	MEDIUM ネットワーク	nodejs	node.js	The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-7452	2017-01-25 00:23	2017-01-24	表示	GitHub Exploit DB Packet Storm

246453	6.1	MEDIUM ネットワーク	nodejs	node.js	The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-7451	2017-01-25 00:12	2017-01-24	表示	GitHub Exploit DB Packet Storm

246454	6.7	MEDIUM ローカル	emc	isilon_onefs	EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerabilit…	CWE-90 LDAP インジェクション	CVE-2016-9870	2017-01-24 11:59	2017-01-23	表示	GitHub Exploit DB Packet Storm

246455	7.0	HIGH ローカル	linux	linux_kernel	An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated …	CWE-264 認可・権限・アクセス制御	CVE-2016-8458	2017-01-24 09:09	2017-01-13	表示	GitHub Exploit DB Packet Storm

246456	7.0	HIGH ローカル	linux	linux_kernel	An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…	CWE-264 認可・権限・アクセス制御	CVE-2016-8456	2017-01-24 09:08	2017-01-13	表示	GitHub Exploit DB Packet Storm

246457	7.0	HIGH ローカル	linux	linux_kernel	An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…	CWE-264 認可・権限・アクセス制御	CVE-2016-8457	2017-01-24 09:08	2017-01-13	表示	GitHub Exploit DB Packet Storm

246458	7.0	HIGH ローカル	linux	linux_kernel	An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…	CWE-264 認可・権限・アクセス制御	CVE-2016-8455	2017-01-24 09:06	2017-01-13	表示	GitHub Exploit DB Packet Storm

246459	7.0	HIGH ローカル	google	android	An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context …	CWE-264 認可・権限・アクセス制御	CVE-2016-8445	2017-01-24 09:05	2017-01-13	表示	GitHub Exploit DB Packet Storm

246460	7.0	HIGH ローカル	linux	linux_kernel	An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High becau…	CWE-284 不適切なアクセス制御	CVE-2016-8444	2017-01-24 09:04	2017-01-13	表示	GitHub Exploit DB Packet Storm

246461	7.8	HIGH ローカル	linux	linux_kernel	Possible unauthorized memory access in the hypervisor. Lack of input validation could allow hypervisor memory to be accessed by the HLOS. Product: Android. Versions: Kernel 3.18. Android ID: A-316259…	CWE-20 不適切な入力確認	CVE-2016-8442	2017-01-24 09:02	2017-01-13	表示	GitHub Exploit DB Packet Storm

246462	7.8	HIGH ローカル	linux	linux_kernel	Possible unauthorized memory access in the hypervisor. Incorrect configuration provides access to subsystem page tables. Product: Android. Versions: Kernel 3.18. Android ID: A-32576499. References: Q…	CWE-285 不適切な認可	CVE-2016-8443	2017-01-24 09:02	2017-01-13	表示	GitHub Exploit DB Packet Storm

246463	7.8	HIGH ローカル	linux	linux_kernel	Possible buffer overflow in the hypervisor. Inappropriate usage of a static array could lead to a buffer overrun. Product: Android. Versions: Kernel 3.18. Android ID: A-31625904. References: QC-CR#10…	CWE-119 バッファエラー	CVE-2016-8441	2017-01-24 09:00	2017-01-13	表示	GitHub Exploit DB Packet Storm

246464	9.8	CRITICAL ネットワーク	linux	linux_kernel	Possible buffer overflow in SMMU system call. Improper input validation in ADSP SID2CB system call may result in hypervisor memory overwrite. Product: Android. Versions: Kernel 3.18. Android ID: A-31…	CWE-119 バッファエラー	CVE-2016-8440	2017-01-24 08:59	2017-01-13	表示	GitHub Exploit DB Packet Storm

246465	6.1	MEDIUM ネットワーク	spip	spip	Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-7981	2017-01-24 08:48	2017-01-19	表示	GitHub Exploit DB Packet Storm

246466	5.4	MEDIUM ネットワーク	metalgenix	genixcms	Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-5515	2017-01-24 04:56	2017-01-17	表示	GitHub Exploit DB Packet Storm

246467	6.1	MEDIUM ネットワーク	metalgenix	genixcms	Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-5516	2017-01-24 04:56	2017-01-17	表示	GitHub Exploit DB Packet Storm

246468	6.1	MEDIUM ネットワーク	b2evolution	b2evolution	Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-7149	2017-01-24 04:53	2017-01-19	表示	GitHub Exploit DB Packet Storm

246469	5.4	MEDIUM ネットワーク	b2evolution	b2evolution	Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-7150	2017-01-24 04:53	2017-01-19	表示	GitHub Exploit DB Packet Storm

246470	5.3	MEDIUM ネットワーク	citrix	provisioning_services	Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors.	CWE-200 情報漏えい	CVE-2016-9677	2017-01-24 04:51	2017-01-19	表示	GitHub Exploit DB Packet Storm

246471	9.8	CRITICAL ネットワーク	citrix	provisioning_services	Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.	CWE-416 解放済みメモリの使用	CVE-2016-9678	2017-01-24 04:50	2017-01-19	表示	GitHub Exploit DB Packet Storm

246472	9.8	CRITICAL ネットワーク	citrix	provisioning_services	Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer.	CWE-119 バッファエラー	CVE-2016-9679	2017-01-24 04:50	2017-01-19	表示	GitHub Exploit DB Packet Storm

246473	7.5	HIGH ネットワーク	citrix	provisioning_services	Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors.	CWE-200 情報漏えい	CVE-2016-9680	2017-01-24 04:50	2017-01-19	表示	GitHub Exploit DB Packet Storm

246474	9.8	CRITICAL ネットワーク	citrix	provisioning_services	Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.	CWE-119 バッファエラー	CVE-2016-9676	2017-01-24 04:49	2017-01-19	表示	GitHub Exploit DB Packet Storm

246475	9.8	CRITICAL ネットワーク	netbsd	netbsd	CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware pr…	CWE-20 不適切な入力確認	CVE-2015-8212	2017-01-21 05:05	2017-01-20	表示	GitHub Exploit DB Packet Storm

246476	7.8	HIGH ローカル	netbsd	netbsd	mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on th…	CWE-59 リンク解釈の問題	CVE-2016-6253	2017-01-21 04:58	2017-01-21	表示	GitHub Exploit DB Packet Storm

246477	9.8	CRITICAL ネットワーク	sociomantic	git-hub	sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name.	CWE-284 不適切なアクセス制御	CVE-2016-7794	2017-01-21 03:18	2017-01-20	表示	GitHub Exploit DB Packet Storm

246478	8.8	HIGH ネットワーク	sociomantic	git-hub	sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL.	CWE-284 不適切なアクセス制御	CVE-2016-7793	2017-01-21 03:16	2017-01-20	表示	GitHub Exploit DB Packet Storm

246479	8.1	HIGH ネットワーク	ca	service_desk_management service_desk_manager	RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions …	CWE-264 認可・権限・アクセス制御	CVE-2016-10086	2017-01-21 03:15	2017-01-19	表示	GitHub Exploit DB Packet Storm

246480	9.1	CRITICAL ネットワーク	libical_project	libical	libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file.	CWE-416 解放済みメモリの使用	CVE-2016-9584	2017-01-21 02:26	2017-01-19	表示	GitHub Exploit DB Packet Storm

246481	7.5	HIGH ネットワーク	artifex	mujs	Artifex Software MuJS allows attackers to cause a denial of service (crash) via vectors related to incomplete escape sequences. NOTE: this vulnerability exists due to an incomplete fix for CVE-2016-…	CWE-125 境界外読み取り	CVE-2016-9109	2017-01-21 00:20	2017-01-19	表示	GitHub Exploit DB Packet Storm

246482	7.5	HIGH ネットワーク	artifex	mujs	Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service (crash) via crafted input.	CWE-119 バッファエラー	CVE-2016-7564	2017-01-21 00:19	2017-01-19	表示	GitHub Exploit DB Packet Storm

246483	7.5	HIGH ネットワーク	artifex	mujs	The chartorune function in Artifex Software MuJS allows attackers to cause a denial of service (out-of-bounds read) via a * (asterisk) at the end of the input.	CWE-125 境界外読み取り	CVE-2016-7563	2017-01-21 00:13	2017-01-19	表示	GitHub Exploit DB Packet Storm

246484	8.1	HIGH ネットワーク	unrealircd	unrealircd	The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user vi…	CWE-287 不適切な認証	CVE-2016-7144	2017-01-21 00:12	2017-01-19	表示	GitHub Exploit DB Packet Storm

246485	6.1	MEDIUM ネットワーク	atlassian	confluence	Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.a…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-6283	2017-01-20 22:58	2017-01-19	表示	GitHub Exploit DB Packet Storm

246486	8.2	HIGH ネットワーク	blackberry	enterprise_service	A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for …	CWE-254 セキュリティ機能	CVE-2016-3128	2017-01-20 11:59	2017-01-13	表示	GitHub Exploit DB Packet Storm

246487	7.8	HIGH ローカル	google	android	An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate becau…	CWE-264 認可・権限・アクセス制御	CVE-2016-6772	2017-01-20 11:59	2017-01-13	表示	GitHub Exploit DB Packet Storm

246488	7.8	HIGH ローカル	nvidia	gpu_driver	For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) handler where a …	CWE-275 パーミッションの問題	CVE-2016-7382	2017-01-20 11:59	2016-11-9	表示	GitHub Exploit DB Packet Storm

246489	9.6	CRITICAL ネットワーク	matroska	libebml	Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" fo…	NVD-CWE-Other	CVE-2015-8789	2017-01-20 11:59	2016-01-30	表示	GitHub Exploit DB Packet Storm

246490	9.6	CRITICAL ネットワーク	matroska	libebml	<a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>	NVD-CWE-Other	CVE-2015-8789	2017-01-20 11:59	2016-01-30	表示	GitHub Exploit DB Packet Storm

246491	4.3	MEDIUM ネットワーク	matroska	libebml	The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which tr…	CWE-200 情報漏えい	CVE-2015-8790	2017-01-20 11:59	2016-01-30	表示	GitHub Exploit DB Packet Storm

246492	9.3	HIGH	blackberry	blackberry_os blackberry_z10	Stack-based buffer overflow in a certain decryption function in qconnDoor on BlackBerry Z10 devices with software 10.1.0.2312, when developer-mode has been previously enabled, allows remote attackers…	CWE-119 バッファエラー	CVE-2014-2389	2017-01-20 11:59	2014-04-12	表示	GitHub Exploit DB Packet Storm

246493	7.0	HIGH ローカル	google	android	An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…	CWE-264 認可・権限・アクセス制御	CVE-2014-9909	2017-01-20 11:59	2017-01-19	表示	GitHub Exploit DB Packet Storm

246494	7.0	HIGH ローカル	google	android	An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…	CWE-264 認可・権限・アクセス制御	CVE-2014-9910	2017-01-20 11:59	2017-01-19	表示	GitHub Exploit DB Packet Storm

246495	7.1	HIGH	faircom	c-treeace	The Data Camouflage (aka FairCom Standard Encryption) algorithm in FairCom c-treeACE does not ensure that a decryption key is needed for accessing database contents, which allows context-dependent at…	CWE-310 暗号の問題	CVE-2013-0148	2017-01-20 11:59	2013-06-17	表示	GitHub Exploit DB Packet Storm

246496	10.0	HIGH	mcafee	smartfilter_administration	McAfee SmartFilter Administration, and SmartFilter Administration Bess Edition, before 4.2.1.01 does not require authentication for access to the JBoss Remote Method Invocation (RMI) interface, which…	CWE-287 不適切な認証	CVE-2012-4599	2017-01-20 11:59	2012-08-22	表示	GitHub Exploit DB Packet Storm

246497	5.0	MEDIUM	microsoft	windows_2003_server windows_xp	The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the S…	NVD-CWE-Other	CVE-2005-1649	2017-01-20 11:59	2005-05-18	表示	GitHub Exploit DB Packet Storm

246498	7.5	HIGH ネットワーク	web2py	web2py	Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files.	CWE-200 情報漏えい	CVE-2016-4806	2017-01-20 01:29	2017-01-12	表示	GitHub Exploit DB Packet Storm

246499	8.8	HIGH ネットワーク	web2py	web2py	Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker c…	CWE-352 同一生成元ポリシー違反	CVE-2016-4808	2017-01-20 01:18	2017-01-12	表示	GitHub Exploit DB Packet Storm

246500	7.8	HIGH ローカル	linux	linux_kernel	An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated a…	CWE-284 不適切なアクセス制御	CVE-2016-6758	2017-01-20 01:18	2017-01-13	表示	GitHub Exploit DB Packet Storm