NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年6月26日10:14

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
244251 5.0 MEDIUM
pidgin pidgin Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chu… CWE-119
バッファエラー 		CVE-2013-6485 2014-03-16 13:42 2014-02-7 表示 GitHub Exploit DB Packet Storm
244252 9.3 HIGH
pidgin pidgin gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction o… CWE-20
不適切な入力確認 		CVE-2013-6486 2014-03-16 13:42 2014-02-7 表示 GitHub Exploit DB Packet Storm
244253 2.1 LOW
redhat icedtea-web The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a tem… CWE-200
情報漏えい 		CVE-2013-6493 2014-03-16 13:42 2014-03-4 表示 GitHub Exploit DB Packet Storm
244254 4.3 MEDIUM
linux linux_kernel The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a … CWE-310
暗号の問題 		CVE-2013-4579 2014-03-16 13:39 2013-11-20 表示 GitHub Exploit DB Packet Storm
244255 4.3 MEDIUM
apple iphone_os Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger in… CWE-20
不適切な入力確認 		CVE-2013-3948 2014-03-16 13:38 2013-06-5 表示 GitHub Exploit DB Packet Storm
244256 4.3 MEDIUM
oracle enterprise_manager_database_control
enterprise_manager_grid_control 		Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5, and EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3, al… NVD-CWE-noinfo
CVE-2013-0354 2014-03-16 13:33 2013-01-17 表示 GitHub Exploit DB Packet Storm
244257 10.0 HIGH
oracle database_lite
database_mobile\/lite_server 		Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality,… NVD-CWE-noinfo
CVE-2013-0361 2014-03-16 13:33 2013-01-17 表示 GitHub Exploit DB Packet Storm
244258 10.0 HIGH
oracle database_lite
database_mobile\/lite_server 		Per: http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html 'Oracle Database Mobile Server was formerly known as Oracle Database Lite for 10g.' NVD-CWE-noinfo
CVE-2013-0361 2014-03-16 13:33 2013-01-17 表示 GitHub Exploit DB Packet Storm
244259 7.8 HIGH
oracle database_mobile\/lite_server Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality … NVD-CWE-noinfo
CVE-2013-0363 2014-03-16 13:33 2013-01-17 表示 GitHub Exploit DB Packet Storm
244260 7.8 HIGH
oracle database_lite
database_mobile\/lite_server 		Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality … NVD-CWE-noinfo
CVE-2013-0364 2014-03-16 13:33 2013-01-17 表示 GitHub Exploit DB Packet Storm
244261 10.0 HIGH
oracle database_mobile\/lite_server Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality,… NVD-CWE-noinfo
CVE-2013-0366 2014-03-16 13:33 2013-01-17 表示 GitHub Exploit DB Packet Storm
244262 6.4 MEDIUM
oracle e-business_suite Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via… NVD-CWE-noinfo
CVE-2013-0381 2014-03-16 13:33 2013-01-17 表示 GitHub Exploit DB Packet Storm
244263 6.4 MEDIUM
oracle e-business_suite Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via u… NVD-CWE-noinfo
CVE-2013-0397 2014-03-16 13:33 2013-01-17 表示 GitHub Exploit DB Packet Storm
244264 5.0 MEDIUM
pidgin pidgin The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte … CWE-20
不適切な入力確認 		CVE-2012-6152 2014-03-16 13:31 2014-02-7 表示 GitHub Exploit DB Packet Storm
244265 6.4 MEDIUM
oracle e-business_suite Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and i… NVD-CWE-noinfo
CVE-2012-3190 2014-03-16 13:26 2013-01-17 表示 GitHub Exploit DB Packet Storm
244266 5.0 MEDIUM
cisco cloud_portal Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from a… CWE-255
証明書・パスワード管理 		CVE-2014-0694 2014-03-15 02:56 2014-03-14 表示 GitHub Exploit DB Packet Storm
244267 10.0 HIGH
adobe shockwave_player Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. CWE-119
バッファエラー 		CVE-2014-0505 2014-03-15 02:07 2014-03-14 表示 GitHub Exploit DB Packet Storm
244268 8.8 HIGH
apple iphone_os Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data. CWE-264
認可・権限・アクセス制御 		CVE-2013-5133 2014-03-15 01:40 2014-03-14 表示 GitHub Exploit DB Packet Storm
244269 5.0 MEDIUM
powerarchiver powerarchiver The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to o… CWE-310
暗号の問題 		CVE-2014-2319 2014-03-15 01:37 2014-03-14 表示 GitHub Exploit DB Packet Storm
244270 5.0 MEDIUM
apple iphone_os SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error. NVD-CWE-Other
CVE-2014-1286 2014-03-15 01:06 2014-03-14 表示 GitHub Exploit DB Packet Storm
244271 5.0 MEDIUM
apple iphone_os Per: https://cwe.mitre.org/data/definitions/361.html "CWE-361: Time and State" NVD-CWE-Other
CVE-2014-1286 2014-03-15 01:06 2014-03-14 表示 GitHub Exploit DB Packet Storm
244272 5.8 MEDIUM
apple iphone_os Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an un… CWE-264
認可・権限・アクセス制御 		CVE-2014-1285 2014-03-15 00:57 2014-03-14 表示 GitHub Exploit DB Packet Storm
244273 1.9 LOW
apple iphone_os Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the P… CWE-264
認可・権限・アクセス制御 		CVE-2014-1281 2014-03-15 00:50 2014-03-14 表示 GitHub Exploit DB Packet Storm
244274 5.0 MEDIUM
apple iphone_os IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface. CWE-264
認可・権限・アクセス制御 		CVE-2014-1276 2014-03-15 00:20 2014-03-14 表示 GitHub Exploit DB Packet Storm
244275 2.1 LOW
apple iphone_os FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call. CWE-200
情報漏えい 		CVE-2014-1274 2014-03-15 00:03 2014-03-14 表示 GitHub Exploit DB Packet Storm
244276 6.8 MEDIUM
kasseler-cms kasseler-cms Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection… CWE-352
同一生成元ポリシー違反 		CVE-2013-3729 2014-03-14 02:42 2014-03-13 表示 GitHub Exploit DB Packet Storm
244277 7.5 HIGH
zldnn dnnarticle SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid… CWE-89
SQLインジェクション 		CVE-2013-5117 2014-03-14 01:06 2014-03-12 表示 GitHub Exploit DB Packet Storm
244278 4.3 MEDIUM
dotnetnuke dotnetnuke Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. CWE-20
不適切な入力確認 		CVE-2013-7335 2014-03-14 00:56 2014-03-12 表示 GitHub Exploit DB Packet Storm
244279 3.5 LOW
dotnetnuke dotnetnuke Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Disp… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2013-3943 2014-03-14 00:24 2014-03-12 表示 GitHub Exploit DB Packet Storm
244280 7.5 HIGH
raoul_proenca gnew Directory traversal vulnerability in users/login.php in Gnew 2013.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the gnew_language cookie. CWE-22
パス・トラバーサル 		CVE-2013-5639 2014-03-13 03:03 2014-03-12 表示 GitHub Exploit DB Packet Storm
244281 7.5 HIGH
raoul_proenca gnew CVE-2013-5639 CVSS assessment per LFI: https://www.htbridge.com/advisory/HTB23171 "1) PHP File Inclusion in Gnew: CVE-2013-5639 Vulnerability exists due to insufficient validation of user-supplie… CWE-22
パス・トラバーサル 		CVE-2013-5639 2014-03-13 03:03 2014-03-12 表示 GitHub Exploit DB Packet Storm
244282 3.5 LOW
plone plone (1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) v… CWE-20
不適切な入力確認 		CVE-2013-4199 2014-03-12 10:48 2014-03-12 表示 GitHub Exploit DB Packet Storm
244283 4.0 MEDIUM
plone plone mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password emai… CWE-264
認可・権限・アクセス制御 		CVE-2013-4198 2014-03-12 10:44 2014-03-12 表示 GitHub Exploit DB Packet Storm
244284 5.5 MEDIUM
plone plone member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors. CWE-20
不適切な入力確認 		CVE-2013-4197 2014-03-12 10:40 2014-03-12 表示 GitHub Exploit DB Packet Storm
244285 5.0 MEDIUM
plone plone The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote … CWE-264
認可・権限・アクセス制御 		CVE-2013-4196 2014-03-12 10:37 2014-03-12 表示 GitHub Exploit DB Packet Storm
244286 5.8 MEDIUM
plone plone Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attac… CWE-20
不適切な入力確認 		CVE-2013-4195 2014-03-12 10:30 2014-03-12 表示 GitHub Exploit DB Packet Storm
244287 4.3 MEDIUM
plone plone The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the … CWE-200
情報漏えい 		CVE-2013-4194 2014-03-12 10:28 2014-03-12 表示 GitHub Exploit DB Packet Storm
244288 4.3 MEDIUM
plone plone typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers … CWE-264
認可・権限・アクセス制御 		CVE-2013-4193 2014-03-12 10:24 2014-03-12 表示 GitHub Exploit DB Packet Storm
244289 4.0 MEDIUM
plone plone sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors. CWE-20
不適切な入力確認 		CVE-2013-4192 2014-03-12 10:22 2014-03-12 表示 GitHub Exploit DB Packet Storm
244290 5.8 MEDIUM
plone plone zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to o… CWE-264
認可・権限・アクセス制御 		CVE-2013-4191 2014-03-12 10:10 2014-03-12 表示 GitHub Exploit DB Packet Storm
244291 4.3 MEDIUM
plone plone Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2013-4190 2014-03-12 10:06 2014-03-12 表示 GitHub Exploit DB Packet Storm
244292 6.5 MEDIUM
plone plone Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users w… NVD-CWE-noinfo
CVE-2013-4189 2014-03-12 10:02 2014-03-12 表示 GitHub Exploit DB Packet Storm
244293 4.3 MEDIUM
plone plone traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource cons… CWE-399
リソース管理の問題 		CVE-2013-4188 2014-03-12 09:59 2014-03-12 表示 GitHub Exploit DB Packet Storm
244294 6.8 MEDIUM
umi-cms umi.cms Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator ac… CWE-352
同一生成元ポリシー違反 		CVE-2013-2754 2014-03-12 09:47 2014-03-12 表示 GitHub Exploit DB Packet Storm
244295 4.6 MEDIUM
catfish_project catfish Untrusted search path vulnerability in Catfish through 0.4.0.3 allows local users to gain privileges via a Trojan horse catfish.py in the current working directory. NVD-CWE-Other
CVE-2014-2093 2014-03-12 01:57 2014-02-26 表示 GitHub Exploit DB Packet Storm
244296 4.6 MEDIUM
catfish_project catfish Per: http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path" NVD-CWE-Other
CVE-2014-2093 2014-03-12 01:57 2014-02-26 表示 GitHub Exploit DB Packet Storm
244297 4.6 MEDIUM
catfish_project catfish Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 allows local users to gain privileges via a Trojan horse bin/catfish.py under the current working directory. NVD-CWE-Other
CVE-2014-2096 2014-03-12 01:57 2014-02-26 表示 GitHub Exploit DB Packet Storm
244298 4.6 MEDIUM
catfish_project catfish Per: http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path" NVD-CWE-Other
CVE-2014-2096 2014-03-12 01:57 2014-02-26 表示 GitHub Exploit DB Packet Storm
244299 4.6 MEDIUM
catfish_project catfish Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0, when a Fedora package such as 0.8.2-1 is not used, allows local users to gain privileges via a Trojan horse bin/catfish.pyc under t… NVD-CWE-Other
CVE-2014-2095 2014-03-12 01:56 2014-02-26 表示 GitHub Exploit DB Packet Storm
244300 4.6 MEDIUM
catfish_project catfish Per: http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path" NVD-CWE-Other
CVE-2014-2095 2014-03-12 01:56 2014-02-26 表示 GitHub Exploit DB Packet Storm