NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年5月18日4:12

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
249401	6.5	MEDIUM ローカル	nvidia	gpu_driver	NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer helper function where an incorrect calculation of string length may lead to denial of service.	CWE-119 バッファエラー	CVE-2017-6260	2024-11-21 12:29	2017-07-29	表示	GitHub Exploit DB Packet Storm

249402	6.1	MEDIUM ネットワーク	nvidia	gpu_driver	NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect detection and recovery from an invalid state produced by specific user actions may lead to denia…	NVD-CWE-noinfo	CVE-2017-6259	2024-11-21 12:29	2017-07-29	表示	GitHub Exploit DB Packet Storm

249403	8.8	HIGH ローカル	nvidia	gpu_driver	NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges	CWE-476 NULL ポインタデリファレンス	CVE-2017-6257	2024-11-21 12:29	2017-07-29	表示	GitHub Exploit DB Packet Storm

249404	7.8	HIGH ローカル	nvidia	gpu_driver	NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated …	CWE-20 不適切な入力確認	CVE-2017-6256	2024-11-21 12:29	2017-07-29	表示	GitHub Exploit DB Packet Storm

249405	7.8	HIGH ローカル	nvidia	gpu_driver	NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an improper input parameter handling may lead to a denial of service…	CWE-20 不適切な入力確認	CVE-2017-6255	2024-11-21 12:29	2017-07-29	表示	GitHub Exploit DB Packet Storm

249406	7.8	HIGH ローカル	nvidia	gpu_driver	NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from an user to the driver is used without validati…	CWE-20 不適切な入力確認	CVE-2017-6254	2024-11-21 12:29	2017-07-29	表示	GitHub Exploit DB Packet Storm

249407	7.8	HIGH ローカル	nvidia	gpu_driver	NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated which may lead to denia…	CWE-120 古典的バッファオーバーフロー	CVE-2017-6253	2024-11-21 12:29	2017-07-29	表示	GitHub Exploit DB Packet Storm

249408	7.8	HIGH ローカル	nvidia	gpu_driver	NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to a denial of service or potential escalation of privileges.	CWE-476 NULL ポインタデリファレンス	CVE-2017-6252	2024-11-21 12:29	2017-07-29	表示	GitHub Exploit DB Packet Storm

249409	7.8	HIGH ローカル	nvidia	gpu_driver	NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical system memory, which…	CWE-862 認証の欠如	CVE-2017-6251	2024-11-21 12:29	2017-07-29	表示	GitHub Exploit DB Packet Storm

249410	9.8	CRITICAL ネットワーク	televes	coaxdata_gateway_1gbps_firmware	Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 have cleartext credentials in /mib.db.	CWE-522 認証情報の不十分な保護	CVE-2017-6532	2024-11-21 12:29	2017-07-20	表示	GitHub Exploit DB Packet Storm

249411	9.8	CRITICAL ネットワーク	televes	coaxdata_gateway_1gbps_firmware	On Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20, the backup/restore feature lacks access control, related to ReadFile.cgi and LoadCfgFile.	NVD-CWE-noinfo	CVE-2017-6531	2024-11-21 12:29	2017-07-20	表示	GitHub Exploit DB Packet Storm

249412	9.8	CRITICAL ネットワーク	televes	coaxdata_gateway_1gbps_firmware	Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 do not check password.shtml authorization, leading to Arbitrary password change.	CWE-287 不適切な認証	CVE-2017-6530	2024-11-21 12:29	2017-07-20	表示	GitHub Exploit DB Packet Storm

249413	8.8	HIGH ネットワーク	barracuda	load_balancer_adc	A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in whic…	CWE-78 OSコマンド・インジェクション	CVE-2017-6320	2024-11-21 12:29	2017-07-18	表示	GitHub Exploit DB Packet Storm

249414	7.0	HIGH ローカル	google	android	An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Modera…	NVD-CWE-noinfo	CVE-2017-6249	2024-11-21 12:29	2017-07-14	表示	GitHub Exploit DB Packet Storm

249415	7.0	HIGH ローカル	google	android	An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Modera…	NVD-CWE-noinfo	CVE-2017-6248	2024-11-21 12:29	2017-07-7	表示	GitHub Exploit DB Packet Storm

249416	7.8	HIGH ローカル	google	android	An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High d…	NVD-CWE-noinfo	CVE-2017-6247	2024-11-21 12:29	2017-07-7	表示	GitHub Exploit DB Packet Storm

249417	8.8	HIGH ネットワーク	vimbadmin	vimbadmin	Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators …	CWE-352 同一生成元ポリシー違反	CVE-2017-6086	2024-11-21 12:29	2017-06-28	表示	GitHub Exploit DB Packet Storm

249418	10.0	CRITICAL ネットワーク	symantec	messaging_gateway	The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machi…	NVD-CWE-noinfo	CVE-2017-6326	2024-11-21 12:29	2017-06-27	表示	GitHub Exploit DB Packet Storm

249419	6.6	MEDIUM ネットワーク	symantec	messaging_gateway	The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time.…	CWE-94 コード・インジェクション	CVE-2017-6325	2024-11-21 12:29	2017-06-27	表示	GitHub Exploit DB Packet Storm

249420	7.3	HIGH ネットワーク	symantec	messaging_gateway	The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having t…	NVD-CWE-noinfo	CVE-2017-6324	2024-11-21 12:29	2017-06-27	表示	GitHub Exploit DB Packet Storm

249421	5.9	MEDIUM ネットワーク	file\ canonical debian	\ ubuntu_linux debian_linux	Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loos…	CWE-362 競合状態	CVE-2017-6512	2024-11-21 12:29	2017-06-2	表示	GitHub Exploit DB Packet Storm

249422	9.8	CRITICAL ネットワーク	f5	big-ip_local_traffic_manager big-ip_application_acceleration_manager big-ip_advanced_firewall_manager big-ip_access_policy_manager big-ip_application_security_manager big-ip_domain_nam…	In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. …	CWE-798 ハードコードされた認証情報の使用	CVE-2017-6131	2024-11-21 12:29	2017-05-24	表示	GitHub Exploit DB Packet Storm

249423	9.8	CRITICAL ネットワーク	ipswitch	moveit_dmz moveit_transfer_2017	Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20.	CWE-89 SQLインジェクション	CVE-2017-6195	2024-11-21 12:29	2017-05-18	表示	GitHub Exploit DB Packet Storm

249424	9.8	CRITICAL ネットワーク	ribboncommunications	edgemarc_firmware	The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use th…	NVD-CWE-noinfo	CVE-2017-6079	2024-11-21 12:29	2017-05-17	表示	GitHub Exploit DB Packet Storm

249425	5.9	MEDIUM ネットワーク	f5	big-ip_local_traffic_manager big-ip_application_acceleration_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_access_policy_manager big-ip_application_security_manager<…	In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclo…	NVD-CWE-noinfo	CVE-2017-6137	2024-11-21 12:29	2017-05-10	表示	GitHub Exploit DB Packet Storm

249426	7.5	HIGH ネットワーク	f5	big-ip_local_traffic_manager big-ip_application_acceleration_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_access_policy_manager big-ip_application_security_manager<…	An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow.	NVD-CWE-noinfo	CVE-2017-6128	2024-11-21 12:29	2017-05-2	表示	GitHub Exploit DB Packet Storm

249427	9.1	CRITICAL ネットワーク	bose	soundtouch_30	The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a de…	CWE-417 チャネルおよびパスのエラー	CVE-2017-6520	2024-11-21 12:29	2017-05-1	表示	GitHub Exploit DB Packet Storm

249428	9.1	CRITICAL ネットワーク	avahi canonical	avahi ubuntu_linux	avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (tra…	CWE-346 同一生成元ポリシー違反	CVE-2017-6519	2024-11-21 12:29	2017-05-1	表示	GitHub Exploit DB Packet Storm

249429	8.8	HIGH ローカル	nvidia	geforce_experience	NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution.	NVD-CWE-noinfo	CVE-2017-6250	2024-11-21 12:29	2017-04-29	表示	GitHub Exploit DB Packet Storm

249430	7.5	HIGH ネットワーク	openidc	mod_auth_openidc	Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided t…	CWE-20 不適切な入力確認	CVE-2017-6059	2024-11-21 12:29	2017-04-13	表示	GitHub Exploit DB Packet Storm

249431	7.2	HIGH ネットワーク	eyesofnetwork	eyesofnetwork	Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (…	CWE-89 SQLインジェクション	CVE-2017-6088	2024-11-21 12:29	2017-04-12	表示	GitHub Exploit DB Packet Storm

249432	7.5	HIGH ネットワーク	dlink	dwr-116_firmware	Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" r…	CWE-22 パス・トラバーサル	CVE-2017-6190	2024-11-21 12:29	2017-04-10	表示	GitHub Exploit DB Packet Storm

249433	7.4	HIGH ネットワーク	f5	ssl_intercept_iapp ssl_orchestrator	F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT…	CWE-918 サーバサイドリクエストフォージェリ	CVE-2017-6130	2024-11-21 12:29	2017-04-6	表示	GitHub Exploit DB Packet Storm

249434	5.4	MEDIUM ネットワーク	trendmicro	interscan_web_security_virtual_appliance	Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious J…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6340	2024-11-21 12:29	2017-04-6	表示	GitHub Exploit DB Packet Storm

249435	6.5	MEDIUM ネットワーク	trendmicro	interscan_web_security_virtual_appliance	Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate A…	CWE-269 CWE-521 不適切な権限管理脆弱なパスワードポリシー	CVE-2017-6339	2024-11-21 12:29	2017-04-6	表示	GitHub Exploit DB Packet Storm

249436	6.5	MEDIUM ネットワーク	trendmicro	interscan_web_security_virtual_appliance	Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Audit…	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2017-6338	2024-11-21 12:29	2017-04-6	表示	GitHub Exploit DB Packet Storm

249437	7.8	HIGH ローカル	radare	radare2	The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have u…	CWE-119 バッファエラー	CVE-2017-6448	2024-11-21 12:29	2017-04-3	表示	GitHub Exploit DB Packet Storm

249438	7.5	HIGH ネットワーク	php	php	The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in …	CWE-476 NULL ポインタデリファレンス	CVE-2017-6441	2024-11-21 12:29	2017-04-3	表示	GitHub Exploit DB Packet Storm

249439	7.8	HIGH ローカル	radare	radare2	The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified othe…	CWE-119 バッファエラー	CVE-2017-6194	2024-11-21 12:29	2017-04-3	表示	GitHub Exploit DB Packet Storm

249440	7.5	HIGH ネットワーク	ruby-lang	ruby	The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion a…	CWE-20 不適切な入力確認	CVE-2017-6181	2024-11-21 12:29	2017-04-3	表示	GitHub Exploit DB Packet Storm

249441	8.1	HIGH ネットワーク	sophos	web_appliance	In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.	CWE-384 セッションの固定化	CVE-2017-6412	2024-11-21 12:29	2017-03-31	表示	GitHub Exploit DB Packet Storm

249442	4.7	MEDIUM ネットワーク	sophos	web_appliance	In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.	CWE-77 コマンドインジェクション	CVE-2017-6184	2024-11-21 12:29	2017-03-31	表示	GitHub Exploit DB Packet Storm

249443	7.2	HIGH ネットワーク	sophos	web_appliance	In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NS…	CWE-77 コマンドインジェクション	CVE-2017-6183	2024-11-21 12:29	2017-03-31	表示	GitHub Exploit DB Packet Storm

249444	9.8	CRITICAL ネットワーク	sophos	web_appliance	In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.	CWE-78 OSコマンド・インジェクション	CVE-2017-6182	2024-11-21 12:29	2017-03-31	表示	GitHub Exploit DB Packet Storm

249445	9.8	CRITICAL ネットワーク	putty opensuse_project opensuse	putty leap	The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect…	CWE-119 バッファエラー	CVE-2017-6542	2024-11-21 12:29	2017-03-28	表示	GitHub Exploit DB Packet Storm

249446	6.5	MEDIUM ネットワーク	ntp	ntp	NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.	CWE-20 不適切な入力確認	CVE-2017-6464	2024-11-21 12:29	2017-03-28	表示	GitHub Exploit DB Packet Storm

249447	6.5	MEDIUM ネットワーク	ntp	ntp	NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.	CWE-20 不適切な入力確認	CVE-2017-6463	2024-11-21 12:29	2017-03-28	表示	GitHub Exploit DB Packet Storm

249448	7.8	HIGH ローカル	ntp	ntp	Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/dat…	CWE-119 バッファエラー	CVE-2017-6462	2024-11-21 12:29	2017-03-28	表示	GitHub Exploit DB Packet Storm

249449	8.8	HIGH ネットワーク	ntp	ntp	Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction l…	CWE-119 バッファエラー	CVE-2017-6460	2024-11-21 12:29	2017-03-28	表示	GitHub Exploit DB Packet Storm

249450	5.5	MEDIUM ローカル	ntp	ntp	The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes.	CWE-119 バッファエラー	CVE-2017-6459	2024-11-21 12:29	2017-03-28	表示	GitHub Exploit DB Packet Storm