NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年6月26日10:14

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
244201	6.5	MEDIUM	owncloud	owncloud	Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to ex…	CWE-94 コード・インジェクション	CVE-2013-1850	2014-03-26 06:04	2014-03-15	表示	GitHub Exploit DB Packet Storm

244202	3.5	LOW	owncloud	owncloud	Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-2150	2014-03-26 06:03	2014-03-15	表示	GitHub Exploit DB Packet Storm

244203	3.5	LOW	owncloud	owncloud	Per: http://owncloud.org/about/security/advisories/oC-SA-2013-028/ "Cross-site scripting (XSS) vulnerabilities in js/viewer.js inside the files_videoviewer application via multiple unspecified vecto…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-2150	2014-03-26 06:03	2014-03-15	表示	GitHub Exploit DB Packet Storm

244204	6.8	MEDIUM	owncloud	owncloud	Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that ch…	CWE-352 同一生成元ポリシー違反	CVE-2013-0301	2014-03-26 05:56	2014-03-15	表示	GitHub Exploit DB Packet Storm

244205	6.8	MEDIUM	owncloud	owncloud	Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the default view vi…	CWE-352 同一生成元ポリシー違反	CVE-2013-0300	2014-03-26 05:55	2014-03-15	表示	GitHub Exploit DB Packet Storm

244206	6.8	MEDIUM	owncloud	owncloud	Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change t…	CWE-352 同一生成元ポリシー違反	CVE-2013-0299	2014-03-26 05:49	2014-03-15	表示	GitHub Exploit DB Packet Storm

244207	6.8	MEDIUM	owncloud	owncloud	Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vect…	CWE-287 不適切な認証	CVE-2014-2047	2014-03-26 04:36	2014-03-15	表示	GitHub Exploit DB Packet Storm

244208	5.0	MEDIUM	owncloud	owncloud	The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors.	CWE-264 認可・権限・アクセス制御	CVE-2014-2049	2014-03-26 04:32	2014-03-15	表示	GitHub Exploit DB Packet Storm

244209	4.3	MEDIUM	open-xchange	open-xchange_appsuite	Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or H…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-2077	2014-03-25 07:55	2014-03-21	表示	GitHub Exploit DB Packet Storm

244210	5.0	MEDIUM	cisco	webex_meeting_center	WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access…	CWE-200 情報漏えい	CVE-2014-0708	2014-03-25 07:48	2014-03-21	表示	GitHub Exploit DB Packet Storm

244211	4.3	MEDIUM	videolan	vlc_media_player	VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file.	CWE-399 リソース管理の問題	CVE-2013-7340	2014-03-25 07:47	2014-03-21	表示	GitHub Exploit DB Packet Storm

244212	6.5	MEDIUM	owncloud	owncloud	Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue …	NVD-CWE-noinfo	CVE-2013-7344	2014-03-25 07:28	2014-03-25	表示	GitHub Exploit DB Packet Storm

244213	4.3	MEDIUM	owncloud	owncloud	Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-2057	2014-03-25 07:16	2014-03-25	表示	GitHub Exploit DB Packet Storm

244214	4.3	MEDIUM	mcafee	cloud_single_sign_on	Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-2586	2014-03-25 07:15	2014-03-25	表示	GitHub Exploit DB Packet Storm

244215	4.9	MEDIUM	owncloud	owncloud	ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration.	CWE-20 不適切な入力確認	CVE-2014-2585	2014-03-25 02:10	2014-03-25	表示	GitHub Exploit DB Packet Storm

244216	6.5	MEDIUM	owncloud	owncloud	Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: th…	NVD-CWE-noinfo	CVE-2013-0303	2014-03-25 01:38	2014-03-25	表示	GitHub Exploit DB Packet Storm

244217	4.3	MEDIUM	flowplayer	flowplayer_html5	Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-7343	2014-03-25 00:16	2014-03-24	表示	GitHub Exploit DB Packet Storm

244218	4.3	MEDIUM	flowplayer	flowplayer_html5	Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback para…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-7342	2014-03-25 00:14	2014-03-24	表示	GitHub Exploit DB Packet Storm

244219	5.8	MEDIUM	estrongs	es_file_explorer	Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors.	CWE-22 パス・トラバーサル	CVE-2014-1970	2014-03-21 02:12	2014-03-21	表示	GitHub Exploit DB Packet Storm

244220	4.3	MEDIUM	estrongs	es_file_explorer	The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for Android does not properly restrict access, which allows remote attackers to read arbitrary files via vectors involving an unspeci…	CWE-264 認可・権限・アクセス制御	CVE-2012-0322	2014-03-21 02:09	2012-03-6	表示	GitHub Exploit DB Packet Storm

244221	6.8	MEDIUM	nttdocomo	spmode_mail_android	The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail e…	CWE-94 コード・インジェクション	CVE-2014-1979	2014-03-21 01:36	2014-03-19	表示	GitHub Exploit DB Packet Storm

244222	4.3	MEDIUM	nttdocomo	spmode_mail_android	The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail …	CWE-264 認可・権限・アクセス制御	CVE-2014-1977	2014-03-21 01:03	2014-03-19	表示	GitHub Exploit DB Packet Storm

244223	4.3	MEDIUM	nttdocomo	spmode_mail_android	The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card d…	CWE-264 認可・権限・アクセス制御	CVE-2014-1978	2014-03-21 01:02	2014-03-19	表示	GitHub Exploit DB Packet Storm

244224	9.3	HIGH	xnview	xnview	Integer overflow in xnview.exe in XnView 2.13 allows remote attackers to execute arbitrary code via a large NUM_ELEMENTS field in an IFD_ENTRY structure in a JXR file, which triggers a heap-based buf…	CWE-189 数値処理の問題	CVE-2013-3938	2014-03-19 22:59	2014-03-19	表示	GitHub Exploit DB Packet Storm

244225	4.3	MEDIUM	sophos	web_appliance_firmware web_appliance	Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action t…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-2643	2014-03-19 22:55	2014-03-19	表示	GitHub Exploit DB Packet Storm

244226	9.3	HIGH	sophos	web_appliance_firmware web_appliance	Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation va…	CWE-78 OSコマンド・インジェクション	CVE-2013-2642	2014-03-19 22:54	2014-03-19	表示	GitHub Exploit DB Packet Storm

244227	5.0	MEDIUM	sophos	web_appliance_firmware web_appliance	Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.	CWE-22 パス・トラバーサル	CVE-2013-2641	2014-03-19 22:48	2014-03-19	表示	GitHub Exploit DB Packet Storm

244228	5.8	MEDIUM	yumenomachi	demaecan	The Demaecan application 2.1.0 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information …	CWE-310 暗号の問題	CVE-2014-1976	2014-03-19 01:05	2014-03-18	表示	GitHub Exploit DB Packet Storm

244229	5.0	MEDIUM	owncloud	owncloud	The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file.	CWE-200 情報漏えい	CVE-2013-2086	2014-03-18 00:43	2014-03-15	表示	GitHub Exploit DB Packet Storm

244230	2.1	LOW	owncloud	owncloud	The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the pas…	CWE-264 認可・権限・アクセス制御	CVE-2013-2047	2014-03-18 00:37	2014-03-15	表示	GitHub Exploit DB Packet Storm

244231	4.6	MEDIUM	owncloud	owncloud	Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the …	NVD-CWE-Other	CVE-2013-2089	2014-03-18 00:36	2014-03-15	表示	GitHub Exploit DB Packet Storm

244232	4.6	MEDIUM	owncloud	owncloud	Per: https://cwe.mitre.org/data/definitions/184.html "CWE-184: Incomplete Blacklist"	NVD-CWE-Other	CVE-2013-2089	2014-03-18 00:36	2014-03-15	表示	GitHub Exploit DB Packet Storm

244233	6.5	MEDIUM	owncloud	owncloud	ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF t…	CWE-264 認可・権限・アクセス制御	CVE-2013-2048	2014-03-18 00:26	2014-03-15	表示	GitHub Exploit DB Packet Storm

244234	5.8	MEDIUM	owncloud	owncloud	Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redir…	CWE-20 不適切な入力確認	CVE-2013-2044	2014-03-18 00:24	2014-03-15	表示	GitHub Exploit DB Packet Storm

244235	4.0	MEDIUM	owncloud	owncloud	apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calenda…	CWE-264 認可・権限・アクセス制御	CVE-2013-2043	2014-03-18 00:22	2014-03-15	表示	GitHub Exploit DB Packet Storm

244236	3.5	LOW	owncloud	owncloud	Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-2042	2014-03-18 00:19	2014-03-15	表示	GitHub Exploit DB Packet Storm

244237	3.5	LOW	owncloud	owncloud	Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to apps/bookmarks/…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-2041	2014-03-18 00:17	2014-03-15	表示	GitHub Exploit DB Packet Storm

244238	3.5	LOW	owncloud	owncloud	Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-2040	2014-03-18 00:15	2014-03-15	表示	GitHub Exploit DB Packet Storm

244239	4.0	MEDIUM	owncloud	owncloud	Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified vecto…	CWE-22 パス・トラバーサル	CVE-2013-2039	2014-03-18 00:14	2014-03-15	表示	GitHub Exploit DB Packet Storm

244240	4.0	MEDIUM	owncloud	owncloud	The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via u…	CWE-264 認可・権限・アクセス制御	CVE-2013-1963	2014-03-18 00:10	2014-03-15	表示	GitHub Exploit DB Packet Storm

244241	7.2	HIGH	juniper	ive_os	Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before…	NVD-CWE-noinfo	CVE-2014-2292	2014-03-17 22:57	2014-03-15	表示	GitHub Exploit DB Packet Storm

244242	4.4	MEDIUM	canonical debian fedoraproject linuxfoundation	ubuntu_linux debian_linux fedora cups-filters	The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same…	CWE-264 認可・権限・アクセス制御	CVE-2013-6476	2014-03-17 22:10	2014-03-15	表示	GitHub Exploit DB Packet Storm

244243	5.0	MEDIUM	pidgin	pidgin	The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message.	CWE-20 不適切な入力確認	CVE-2014-0020	2014-03-16 13:43	2014-02-7	表示	GitHub Exploit DB Packet Storm

244244	5.0	MEDIUM	pidgin	pidgin	Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message.	CWE-189 数値処理の問題	CVE-2013-6477	2014-03-16 13:42	2014-02-7	表示	GitHub Exploit DB Packet Storm

244245	4.3	MEDIUM	pidgin	pidgin	gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (applic…	CWE-20 不適切な入力確認	CVE-2013-6478	2014-03-16 13:42	2014-02-7	表示	GitHub Exploit DB Packet Storm

244246	5.0	MEDIUM	pidgin	pidgin	util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a deni…	CWE-399 リソース管理の問題	CVE-2013-6479	2014-03-16 13:42	2014-02-7	表示	GitHub Exploit DB Packet Storm

244247	5.0	MEDIUM	pidgin	pidgin	libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer …	CWE-119 バッファエラー	CVE-2013-6481	2014-03-16 13:42	2014-02-7	表示	GitHub Exploit DB Packet Storm

244248	5.0	MEDIUM	pidgin	pidgin	Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header.	CWE-20 不適切な入力確認	CVE-2013-6482	2014-03-16 13:42	2014-02-7	表示	GitHub Exploit DB Packet Storm

244249	6.4	MEDIUM	pidgin	pidgin	The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remo…	CWE-20 不適切な入力確認	CVE-2013-6483	2014-03-16 13:42	2014-02-7	表示	GitHub Exploit DB Packet Storm

244250	5.0	MEDIUM	pidgin	pidgin	The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a soc…	CWE-20 不適切な入力確認	CVE-2013-6484	2014-03-16 13:42	2014-02-7	表示	GitHub Exploit DB Packet Storm