NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年6月26日10:14

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
244301	4.6	MEDIUM	catfish_project	catfish	Untrusted search path vulnerability in Catfish through 0.4.0.3, when a Fedora package such as 0.4.0.2-2 is not used, allows local users to gain privileges via a Trojan horse catfish.pyc in the curren…	NVD-CWE-Other	CVE-2014-2094	2014-03-12 01:55	2014-02-26	表示	GitHub Exploit DB Packet Storm

244302	6.8	MEDIUM	imagecms	imagecms	Cross-site request forgery (CSRF) vulnerability in ImageCMS before 4.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the q…	CWE-352 同一生成元ポリシー違反	CVE-2013-7334	2014-03-12 01:30	2014-03-12	表示	GitHub Exploit DB Packet Storm

244303	10.0	HIGH	zte	f460 f660	web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET …	CWE-264 認可・権限・アクセス制御	CVE-2014-2321	2014-03-12 01:22	2014-03-11	表示	GitHub Exploit DB Packet Storm

244304	10.0	HIGH	zte	f460 f660	Per: http://www.kb.cert.org/vuls/id/600724 " It has been reported that the web_shell_cmd.gch script is sometimes accessible from the WAN interface making exploitation of this backdoor from the Inter…	CWE-264 認可・権限・アクセス制御	CVE-2014-2321	2014-03-12 01:22	2014-03-11	表示	GitHub Exploit DB Packet Storm

244305	4.3	MEDIUM	huawei	e355_firmware e355	The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, …	CWE-287 不適切な認証	CVE-2013-6031	2014-03-11 23:11	2014-03-11	表示	GitHub Exploit DB Packet Storm

244306	4.3	MEDIUM	citrix	netscaler_application_delivery_controller_firmware	Cross-site scripting (XSS) vulnerability in the user interface in the AAA TM vServer in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 b…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-6944	2014-03-11 22:48	2014-03-11	表示	GitHub Exploit DB Packet Storm

244307	5.0	MEDIUM	citrix	netscaler_application_delivery_controller_firmware	Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to conduct an LDAP injection attack via vectors…	CWE-94 コード・インジェクション	CVE-2013-6943	2014-03-11 22:47	2014-03-11	表示	GitHub Exploit DB Packet Storm

244308	6.8	MEDIUM	citrix	netscaler_application_delivery_controller_firmware	Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attack…	CWE-352 同一生成元ポリシー違反	CVE-2013-6942	2014-03-11 22:43	2014-03-11	表示	GitHub Exploit DB Packet Storm

244309	10.0	HIGH	citrix	netscaler_application_delivery_controller_firmware	Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows users to "breakout" of the shell vi…	NVD-CWE-noinfo	CVE-2013-6941	2014-03-11 22:42	2014-03-11	表示	GitHub Exploit DB Packet Storm

244310	5.0	MEDIUM	citrix	netscaler_application_delivery_controller_firmware	Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 logs user credentials, which allows attackers to obtain sensitive infor…	CWE-255 証明書・パスワード管理	CVE-2013-6940	2014-03-11 22:39	2014-03-11	表示	GitHub Exploit DB Packet Storm

244311	5.0	MEDIUM	citrix	netscaler_application_delivery_controller_firmware	Unspecified vulnerability in the Service VM in Citrix NetScaler SDX 9.3 before 9.3-64.4 and 10.0 before 10.0-77.5 and Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.…	NVD-CWE-noinfo	CVE-2013-6938	2014-03-11 22:37	2014-03-11	表示	GitHub Exploit DB Packet Storm

244312	5.0	MEDIUM	citrix	netscaler_application_delivery_controller_firmware	Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows attackers to cause a denial of serv…	NVD-CWE-noinfo	CVE-2013-6939	2014-03-11 22:35	2014-03-11	表示	GitHub Exploit DB Packet Storm

244313	3.3	LOW	linux-nfs	nfs-utils	The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would in…	CWE-20 不適切な入力確認	CVE-2011-1749	2014-03-11 06:29	2014-02-27	表示	GitHub Exploit DB Packet Storm

244314	5.8	MEDIUM	redhat	jboss_enterprise_portal_platform	Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ini…	CWE-20 不適切な入力確認	CVE-2011-2941	2014-03-11 06:26	2014-02-27	表示	GitHub Exploit DB Packet Storm

244315	4.3	MEDIUM	martin_nagy	bind-dyndb-ldap	The handle_connection_error function in ldap_helper.c in bind-dyndb-ldap before 1.1.0rc1 does not properly handle LDAP query errors, which allows remote attackers to cause a denial of service (infini…	CWE-399 リソース管理の問題	CVE-2012-2134	2014-03-11 04:18	2014-02-27	表示	GitHub Exploit DB Packet Storm

244316	4.3	MEDIUM	redhat	jboss_enterprise_portal_platform	Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4580	2014-03-11 04:18	2014-02-27	表示	GitHub Exploit DB Packet Storm

244317	10.0	HIGH	suse	studio_extension_for_system_z studio_onsite	SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors.	CWE-310 暗号の問題	CVE-2013-3712	2014-03-11 04:17	2014-02-27	表示	GitHub Exploit DB Packet Storm

244318	9.3	HIGH	apple	quicktime	Integer signedness error in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted stsz atom in a movie file.	CWE-189 数値処理の問題	CVE-2014-1245	2014-03-11 02:40	2014-02-27	表示	GitHub Exploit DB Packet Storm

244319	9.3	HIGH	apple	quicktime	Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ldat atom in a movie file.	CWE-119 バッファエラー	CVE-2014-1248	2014-03-11 02:39	2014-02-27	表示	GitHub Exploit DB Packet Storm

244320	9.3	HIGH	apple	quicktime	Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PSD image.	CWE-119 バッファエラー	CVE-2014-1249	2014-03-11 02:38	2014-02-27	表示	GitHub Exploit DB Packet Storm

244321	9.3	HIGH	apple	quicktime	Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted dref atom in a movie file.	CWE-119 バッファエラー	CVE-2014-1247	2014-03-11 02:37	2014-02-27	表示	GitHub Exploit DB Packet Storm

244322	9.3	HIGH	apple	quicktime	Apple QuickTime before 7.7.5 does not properly perform a byte-swapping operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and…	CWE-119 バッファエラー	CVE-2014-1250	2014-03-11 02:37	2014-02-27	表示	GitHub Exploit DB Packet Storm

244323	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename.	CWE-119 バッファエラー	CVE-2014-1259	2014-03-11 02:37	2014-02-27	表示	GitHub Exploit DB Packet Storm

244324	6.8	MEDIUM	apple	mac_os_x	QuickLook in Apple OS X through 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document.	CWE-119 バッファエラー	CVE-2014-1260	2014-03-11 02:36	2014-02-27	表示	GitHub Exploit DB Packet Storm

244325	3.3	LOW	apple	mac_os_x	Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstan…	CWE-264 認可・権限・アクセス制御	CVE-2014-1264	2014-03-11 02:32	2014-02-27	表示	GitHub Exploit DB Packet Storm

244326	9.3	HIGH	google	android	Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary me…	CWE-20 不適切な入力確認	CVE-2013-4710	2014-03-11 02:25	2014-03-3	表示	GitHub Exploit DB Packet Storm

244327	4.3	MEDIUM	atlassian	jira	Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors.	CWE-22 パス・トラバーサル	CVE-2014-2313	2014-03-11 01:38	2014-03-9	表示	GitHub Exploit DB Packet Storm

244328	4.3	MEDIUM	atlassian	jira	Per: https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26 "Issue 2: Path traversal in JIRA Importers plugin (Windows only)"	CWE-22 パス・トラバーサル	CVE-2014-2313	2014-03-11 01:38	2014-03-9	表示	GitHub Exploit DB Packet Storm

244329	6.8	MEDIUM	opendocman	opendocman	SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained f…	CWE-89 SQLインジェクション	CVE-2014-2317	2014-03-11 01:25	2014-03-9	表示	GitHub Exploit DB Packet Storm

244330	7.5	HIGH	opendocman	opendocman	SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.	CWE-89 SQLインジェクション	CVE-2014-1945	2014-03-11 01:24	2014-03-9	表示	GitHub Exploit DB Packet Storm

244331	6.5	MEDIUM	owncloud	owncloud	SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vector…	CWE-89 SQLインジェクション	CVE-2013-2046	2014-03-10 23:15	2014-03-9	表示	GitHub Exploit DB Packet Storm

244332	6.5	MEDIUM	owncloud	owncloud	SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.	CWE-89 SQLインジェクション	CVE-2013-2045	2014-03-10 23:12	2014-03-9	表示	GitHub Exploit DB Packet Storm

244333	2.6	LOW	openstack	image_registry_and_delivery_service_\(glance\)	OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARN…	CWE-255 証明書・パスワード管理	CVE-2014-1948	2014-03-8 14:13	2014-02-15	表示	GitHub Exploit DB Packet Storm

244334	5.0	MEDIUM	php	php	ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric …	CWE-189 数値処理の問題	CVE-2014-2020	2014-03-8 14:13	2014-02-18	表示	GitHub Exploit DB Packet Storm

244335	4.3	MEDIUM	openstack	swift	The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timin…	CWE-200 情報漏えい	CVE-2014-0006	2014-03-8 14:12	2014-01-23	表示	GitHub Exploit DB Packet Storm

244336	5.0	MEDIUM	openstack	havana	Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive…	CWE-200 情報漏えい	CVE-2013-6419	2014-03-8 14:11	2014-01-8	表示	GitHub Exploit DB Packet Storm

244337	5.0	MEDIUM	pidgin	pidgin	Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an in…	CWE-189 数値処理の問題	CVE-2013-6489	2014-03-8 14:11	2014-02-7	表示	GitHub Exploit DB Packet Storm

244338	10.0	HIGH	pidgin	pidgin	The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow.	CWE-119 バッファエラー	CVE-2013-6490	2014-03-8 14:11	2014-02-7	表示	GitHub Exploit DB Packet Storm

244339	5.4	MEDIUM	jgroups redhat	jgroup jboss_enterprise_application_platform	The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code b…	CWE-200 情報漏えい	CVE-2013-4112	2014-03-8 14:09	2013-09-29	表示	GitHub Exploit DB Packet Storm

244340	1.9	LOW	redhat	jboss_enterprise_application_platform	PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.	CWE-310 暗号の問題	CVE-2013-1921	2014-03-8 14:05	2013-09-29	表示	GitHub Exploit DB Packet Storm

244341	2.6	LOW	drupal	drupal	Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inj…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-0244	2014-03-8 14:02	2014-01-20	表示	GitHub Exploit DB Packet Storm

244342	7.5	HIGH	apache	solr	The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaratio…	NVD-CWE-noinfo	CVE-2012-6612	2014-03-8 14:02	2013-12-8	表示	GitHub Exploit DB Packet Storm

244343	4.3	MEDIUM	christos_zoulas tim_robbins	file libmagic	file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid po…	CWE-119 バッファエラー	CVE-2012-1571	2014-03-8 13:55	2012-07-18	表示	GitHub Exploit DB Packet Storm

244344	6.8	MEDIUM	drupal	drupal	Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without det…	CWE-200 情報漏えい	CVE-2012-0825	2014-03-8 13:54	2013-10-29	表示	GitHub Exploit DB Packet Storm

244345	6.8	MEDIUM	drupal	drupal	Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for …	CWE-352 同一生成元ポリシー違反	CVE-2012-0826	2014-03-8 13:54	2013-10-29	表示	GitHub Exploit DB Packet Storm

244346	1.9	LOW	robert_ancell	lightdm	LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority.	CWE-59 リンク解釈の問題	CVE-2011-4105	2014-03-8 13:51	2012-02-18	表示	GitHub Exploit DB Packet Storm

244347	4.6	MEDIUM	ecryptfs	ecryptfs-utils ecryptfs_utils	utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and con…	CWE-264 認可・権限・アクセス制御	CVE-2011-1831	2014-03-8 13:47	2014-02-15	表示	GitHub Exploit DB Packet Storm

244348	2.1	LOW	ecryptfs	ecryptfs-utils ecryptfs_utils	utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call.	CWE-264 認可・権限・アクセス制御	CVE-2011-1832	2014-03-8 13:47	2014-02-15	表示	GitHub Exploit DB Packet Storm

244349	2.1	LOW	ecryptfs	ecryptfs-utils ecryptfs_utils	utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) o…	CWE-264 認可・権限・アクセス制御	CVE-2011-1834	2014-03-8 13:47	2014-02-15	表示	GitHub Exploit DB Packet Storm

244350	4.4	MEDIUM	ecryptfs	ecryptfs-utils ecryptfs_utils	The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users t…	CWE-255 証明書・パスワード管理	CVE-2011-1835	2014-03-8 13:47	2014-02-15	表示	GitHub Exploit DB Packet Storm