NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年7月1日10:10

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
244101 5.0 MEDIUM
cisco cisco_nexus_1000v_intercloud Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691. CWE-264
認可・権限・アクセス制御 		CVE-2014-0685 2014-05-8 01:05 2014-05-7 表示 GitHub Exploit DB Packet Storm
244102 4.6 MEDIUM
cisco nx-os
nexus_7000
nexus_7000_10-slot
nexus_7000_18-slot
nexus_7000_9-slot 		Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136. CWE-20
不適切な入力確認 		CVE-2014-0684 2014-05-8 00:48 2014-05-7 表示 GitHub Exploit DB Packet Storm
244103 4.4 MEDIUM
ayatana_project
canonical 		unity
ubuntu_linux 		Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the lock screen is active, which allows physically proximate attackers to bypass the lock screen and ex… CWE-264
認可・権限・アクセス制御 		CVE-2014-3203 2014-05-7 23:09 2014-05-6 表示 GitHub Exploit DB Packet Storm
244104 4.4 MEDIUM
ayatana_project
canonical 		unity
ubuntu_linux 		Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle keyboard shortcuts, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demo… CWE-264
認可・権限・アクセス制御 		CVE-2014-3204 2014-05-7 23:09 2014-05-6 表示 GitHub Exploit DB Packet Storm
244105 4.4 MEDIUM
ayatana_project unity Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash. CWE-264
認可・権限・アクセス制御 		CVE-2014-3202 2014-05-7 22:43 2014-05-6 表示 GitHub Exploit DB Packet Storm
244106 6.5 MEDIUM
skyphe file-gallery The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting field… CWE-94
コード・インジェクション 		CVE-2014-2558 2014-05-7 22:23 2014-05-6 表示 GitHub Exploit DB Packet Storm
244107 6.4 MEDIUM
mongodb mongodb The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON obj… CWE-20
不適切な入力確認 		CVE-2012-6619 2014-05-7 12:45 2014-03-7 表示 GitHub Exploit DB Packet Storm
244108 4.4 MEDIUM
nagios plugins The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping. CWE-59
リンク解釈の問題 		CVE-2013-4215 2014-05-7 04:10 2014-05-6 表示 GitHub Exploit DB Packet Storm
244109 4.3 MEDIUM
redhat jboss_web_framework_kit Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2014-0149 2014-05-7 04:07 2014-05-6 表示 GitHub Exploit DB Packet Storm
244110 3.5 LOW
amtelco misecuremessages Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request. CWE-264
認可・権限・アクセス制御 		CVE-2014-2347 2014-05-6 22:16 2014-05-6 表示 GitHub Exploit DB Packet Storm
244111 6.3 MEDIUM
david_leonard pkstat tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log. CWE-59
リンク解釈の問題 		CVE-2013-0350 2014-05-6 02:27 2014-05-6 表示 GitHub Exploit DB Packet Storm
244112 4.3 MEDIUM
randall_hand
fedoraproject 		yerase\'s_tnef_stream_reader
fedora 		Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer … CWE-189
数値処理の問題 		CVE-2010-5109 2014-05-6 02:19 2014-05-6 表示 GitHub Exploit DB Packet Storm
244113 4.3 MEDIUM
conceptronic c54apm_firmware
c54apm 		CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP respon… CWE-20
不適切な入力確認 		CVE-2014-1406 2014-05-6 00:29 2014-01-11 表示 GitHub Exploit DB Packet Storm
244114 7.8 HIGH
conceptronic c54apm_firmware
c54apm 		The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as … CWE-255
証明書・パスワード管理 		CVE-2014-1408 2014-05-6 00:28 2014-01-11 表示 GitHub Exploit DB Packet Storm
244115 6.8 MEDIUM
technicolor tc7200_firmware
tc7200 		Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that … CWE-352
同一生成元ポリシー違反 		CVE-2014-0621 2014-05-6 00:23 2014-01-9 表示 GitHub Exploit DB Packet Storm
244116 5.8 MEDIUM
freebsd freebsd The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jail… CWE-264
認可・権限・アクセス制御 		CVE-2014-3001 2014-05-5 23:54 2014-05-2 表示 GitHub Exploit DB Packet Storm
244117 7.5 HIGH
dynamixsolutions arabic_prawn lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable. NVD-CWE-Other
CVE-2014-2322 2014-05-5 22:47 2014-05-2 表示 GitHub Exploit DB Packet Storm
244118 7.5 HIGH
dynamixsolutions arabic_prawn Per: https://cwe.mitre.org/data/definitions/77.html "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')" NVD-CWE-Other
CVE-2014-2322 2014-05-5 22:47 2014-05-2 表示 GitHub Exploit DB Packet Storm
244119 7.5 HIGH
unitrends enterprise_backup recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string. CWE-287
不適切な認証 		CVE-2014-3139 2014-05-5 21:57 2014-05-2 表示 GitHub Exploit DB Packet Storm
244120 3.5 LOW
otrs otrs Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary we… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2014-2553 2014-05-5 14:34 2014-04-3 表示 GitHub Exploit DB Packet Storm
244121 7.8 HIGH
hp integrated_lights-out_2_firmware The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 v… NVD-CWE-noinfo
CVE-2014-2601 2014-05-5 14:34 2014-04-25 表示 GitHub Exploit DB Packet Storm
244122 5.0 MEDIUM
juniper junos Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, 12.3R4 before 12.3R4-S3, 13.1 before 13.1R4, 13.2 before 13.2R2, and 13.3 before 13.3R1, as used in MX Series and T4000 routers, … NVD-CWE-noinfo
CVE-2014-2713 2014-05-5 14:34 2014-04-15 表示 GitHub Exploit DB Packet Storm
244123 7.8 HIGH
igniterealtime openfire nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service… CWE-264
認可・権限・アクセス制御 		CVE-2014-2741 2014-05-5 14:34 2014-04-11 表示 GitHub Exploit DB Packet Storm
244124 6.4 MEDIUM
misli misli.com_app The Misli.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted cer… CWE-310
暗号の問題 		CVE-2014-2992 2014-05-5 14:34 2014-04-26 表示 GitHub Exploit DB Packet Storm
244125 4.3 MEDIUM
apple mac_os_x curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name… CWE-310
暗号の問題 		CVE-2014-1263 2014-05-5 14:32 2014-02-27 表示 GitHub Exploit DB Packet Storm
244126 3.0 LOW
toshibacommerce 4690_point_of_sale_operating_system The default configuration of IBM 4690 OS, as used in Toshiba Global Commerce Solutions 4690 POS and other products, hashes passwords with the ADXCRYPT algorithm, which makes it easier for context-dep… CWE-310
暗号の問題 		CVE-2014-0361 2014-05-5 14:31 2014-04-22 表示 GitHub Exploit DB Packet Storm
244127 5.0 MEDIUM
adcisolutions node_view_permissions The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by rea… CWE-264
認可・権限・アクセス制御 		CVE-2013-5965 2014-05-5 14:28 2013-10-1 表示 GitHub Exploit DB Packet Storm
244128 5.8 MEDIUM
apache struts Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix. CWE-264
認可・権限・アクセス制御 		CVE-2013-4310 2014-05-5 14:25 2013-10-1 表示 GitHub Exploit DB Packet Storm
244129 4.3 MEDIUM
matrix42 service_store Cross-site scripting (XSS) vulnerability in SPS/Portal/default.aspx in Service Desk in Matrix42 Service Store 5.3 SP3 (aka 5.33.946.0) allows remote attackers to inject arbitrary web script or HTML v… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2013-2504 2014-05-5 14:22 2013-12-29 表示 GitHub Exploit DB Packet Storm
244130 2.1 LOW
openstack keystone OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by readin… CWE-200
情報漏えい 		CVE-2013-2006 2014-05-5 14:21 2013-05-22 表示 GitHub Exploit DB Packet Storm
244131 2.1 LOW
openstack compute
folsom
grizzly
havana 		keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre… CWE-264
認可・権限・アクセス制御 		CVE-2013-2030 2014-05-5 14:21 2013-12-27 表示 GitHub Exploit DB Packet Storm
244132 7.6 HIGH
emc alphastor Buffer overflow in Drive Control Program (DCP) in EMC AlphaStor 4.0 before build 814 allows remote attackers to execute arbitrary code via vectors involving a new device name. CWE-119
バッファエラー 		CVE-2013-0930 2014-05-5 14:19 2013-02-1 表示 GitHub Exploit DB Packet Storm
244133 4.3 MEDIUM
netshinesoftware com_netinvoice Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income act… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-6514 2014-05-5 14:17 2013-01-24 表示 GitHub Exploit DB Packet Storm
244134 10.0 HIGH
3s-software codesys_runtime_system The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to (1) execute commands via the command-line interface in the TCP listener… CWE-264
認可・権限・アクセス制御 		CVE-2012-6068 2014-05-5 14:16 2013-01-22 表示 GitHub Exploit DB Packet Storm
244135 1.9 LOW
xen xen Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (ho… NVD-CWE-noinfo
CVE-2012-2934 2014-05-5 14:11 2012-12-4 表示 GitHub Exploit DB Packet Storm
244136 1.9 LOW
canonical update-manager
ubuntu_linux 		DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 d… CWE-59
リンク解釈の問題 		CVE-2011-3154 2014-05-5 13:59 2014-04-17 表示 GitHub Exploit DB Packet Storm
244137 7.1 HIGH
emc avamar Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 allows remote attackers to cause a denial of service (gsan service hang) by sending a crafted message using TCP. NVD-CWE-noinfo
CVE-2010-1919 2014-05-5 13:43 2010-05-29 表示 GitHub Exploit DB Packet Storm
244138 7.8 HIGH
cisco telepresence_tc_software
telepresence_te_software 		Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allow remote attackers to cause a denial of service (memory consumption) via crafted H.225 packets, aka Bug ID CSCtq78849. CWE-20
不適切な入力確認 		CVE-2014-2175 2014-05-3 03:17 2014-05-2 表示 GitHub Exploit DB Packet Storm
244139 7.2 HIGH
cisco telepresence_te_software
telepresence_tc_software 		Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict access to the serial port, which allows local users to gain privileges via unspecified commands, aka Bu… CWE-264
認可・権限・アクセス制御 		CVE-2014-2173 2014-05-3 03:15 2014-05-2 表示 GitHub Exploit DB Packet Storm
244140 7.8 HIGH
cisco telepresence_tc_software
telepresence_te_software 		The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug … CWE-20
不適切な入力確認 		CVE-2014-2162 2014-05-3 03:14 2014-05-2 表示 GitHub Exploit DB Packet Storm
244141 7.8 HIGH
cisco telepresence_tc_software
telepresence_te_software 		The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCua… CWE-20
不適切な入力確認 		CVE-2014-2163 2014-05-3 03:13 2014-05-2 表示 GitHub Exploit DB Packet Storm
244142 7.8 HIGH
cisco telepresence_te_software
telepresence_tc_software 		The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug … CWE-20
不適切な入力確認 		CVE-2014-2164 2014-05-3 03:13 2014-05-2 表示 GitHub Exploit DB Packet Storm
244143 7.8 HIGH
cisco telepresence_te_software
telepresence_tc_software 		The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug … CWE-20
不適切な入力確認 		CVE-2014-2165 2014-05-3 03:12 2014-05-2 表示 GitHub Exploit DB Packet Storm
244144 7.8 HIGH
cisco telepresence_tc_software
telepresence_te_software 		The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug … CWE-20
不適切な入力確認 		CVE-2014-2167 2014-05-3 03:12 2014-05-2 表示 GitHub Exploit DB Packet Storm
244145 7.6 HIGH
cisco telepresence_te_software
telepresence_tc_software 		Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to execute arbitrary code via crafted DNS response packets, aka Bug ID CSCty44804. CWE-119
バッファエラー 		CVE-2014-2168 2014-05-3 03:11 2014-05-2 表示 GitHub Exploit DB Packet Storm
244146 9.0 HIGH
cisco telepresence_tc_software
telepresence_te_software 		Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to internal s… CWE-20
不適切な入力確認 		CVE-2014-2169 2014-05-3 03:11 2014-05-2 表示 GitHub Exploit DB Packet Storm
244147 10.0 HIGH
cisco telepresence_te_software
telepresence_tc_software 		Heap-based buffer overflow in Cisco TelePresence TC Software 4.x through 6.x before 6.0.1 and TE Software 4.x and 6.0.x before 6.0.2 allows remote attackers to execute arbitrary code via crafted SIP … CWE-119
バッファエラー 		CVE-2014-2171 2014-05-3 03:10 2014-05-2 表示 GitHub Exploit DB Packet Storm
244148 6.6 MEDIUM
cisco telepresence_tc_software
telepresence_te_software 		Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows local users to gain privileges by leveraging improper handling of the u-boot compiler flag for interna… CWE-119
バッファエラー 		CVE-2014-2172 2014-05-3 03:09 2014-05-2 表示 GitHub Exploit DB Packet Storm
244149 9.0 HIGH
cisco telepresence_te_software
telepresence_tc_software 		Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as argume… CWE-94
コード・インジェクション 		CVE-2014-2170 2014-05-3 03:00 2014-05-2 表示 GitHub Exploit DB Packet Storm
244150 7.8 HIGH
cisco telepresence_tc_software
telepresence_te_software 		The SIP implementation in Cisco TelePresence TC Software 4.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCto70562. CWE-20
不適切な入力確認 		CVE-2014-2166 2014-05-3 02:41 2014-05-2 表示 GitHub Exploit DB Packet Storm