NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年9月29日5:13

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
244451 2.1 LOW
nagios nagios The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4… CWE-200
情報漏えい 		CVE-2014-4701 2016-11-29 04:12 2014-12-6 表示 GitHub Exploit DB Packet Storm
244452 2.1 LOW
nagios nagios The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4… CWE-200
情報漏えい 		CVE-2014-4702 2016-11-29 04:12 2014-12-6 表示 GitHub Exploit DB Packet Storm
244453 2.1 LOW
nagios nagios lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists beca… CWE-59
リンク解釈の問題 		CVE-2014-4703 2016-11-29 04:12 2014-12-6 表示 GitHub Exploit DB Packet Storm
244454 6.8 MEDIUM
redhat
igniterealtime 		jboss_fuse
smack_api 		The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN)… CWE-310
暗号の問題 		CVE-2014-5075 2016-11-29 04:12 2014-10-26 表示 GitHub Exploit DB Packet Storm
244455 5.0 MEDIUM
directwebremoting direct_web_remoting The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrar… CWE-200
情報漏えい 		CVE-2014-5325 2016-11-29 04:12 2014-11-24 表示 GitHub Exploit DB Packet Storm
244456 9.1 CRITICAL
ネットワーク 		beckhoff embedded_pc_images
twincat 		Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote atta… CWE-254
セキュリティ機能 		CVE-2014-5414 2016-11-29 04:12 2016-10-5 表示 GitHub Exploit DB Packet Storm
244457 9.1 CRITICAL
ネットワーク 		beckhoff embedded_pc_images
twincat 		Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration To… CWE-264
認可・権限・アクセス制御 		CVE-2014-5415 2016-11-29 04:12 2016-10-5 表示 GitHub Exploit DB Packet Storm
244458 9.4 HIGH
ibm rational_clearcase The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, wh… CWE-310
暗号の問題 		CVE-2014-6221 2016-11-29 04:12 2015-04-6 表示 GitHub Exploit DB Packet Storm
244459 4.0 MEDIUM
oracle database_server Unspecified vulnerability in the PL/SQL component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors. NVD-CWE-noinfo
CVE-2014-6514 2016-11-29 04:12 2015-01-21 表示 GitHub Exploit DB Packet Storm
244460 6.3 MEDIUM
oracle database_server Unspecified vulnerability in the Recovery component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affec… NVD-CWE-noinfo
CVE-2014-6541 2016-11-29 04:12 2015-01-22 表示 GitHub Exploit DB Packet Storm
244461 6.3 MEDIUM
oracle database_server Per: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html This vulnerability is only applicable on a Windows operating system. The CVSS score is 6.3 for Database versions prior … NVD-CWE-noinfo
CVE-2014-6541 2016-11-29 04:12 2015-01-22 表示 GitHub Exploit DB Packet Storm
244462 9.0 HIGH
oracle database_server Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integ… NVD-CWE-noinfo
CVE-2014-6567 2016-11-29 04:12 2015-01-22 表示 GitHub Exploit DB Packet Storm
244463 9.0 HIGH
oracle database_server Per: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html The CVSS Score is 9.0 only on Windows for Database versions prior to 12c. The CVSS Base Score is 6.5 (Confidentiality, … NVD-CWE-noinfo
CVE-2014-6567 2016-11-29 04:12 2015-01-22 表示 GitHub Exploit DB Packet Storm
244464 6.8 MEDIUM
oracle database_server Unspecified vulnerability in the XML Developer's Kit for C component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality v… NVD-CWE-noinfo
CVE-2014-6577 2016-11-29 04:12 2015-01-22 表示 GitHub Exploit DB Packet Storm
244465 6.8 MEDIUM
oracle database_server Per: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html The CVSS score is 6.8 only on Windows for Database versions prior to 12c. The CVSS is 4.0 (Confidentiality is "Partial+… NVD-CWE-noinfo
CVE-2014-6577 2016-11-29 04:12 2015-01-22 表示 GitHub Exploit DB Packet Storm
244466 6.5 MEDIUM
oracle database_server Unspecified vulnerability in the Workspace Manager component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrit… NVD-CWE-noinfo
CVE-2014-6578 2016-11-29 04:12 2015-01-22 表示 GitHub Exploit DB Packet Storm
244467 6.4 MEDIUM
squid-cache squid The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6… CWE-19
データ処理 		CVE-2014-7141 2016-11-29 04:12 2014-11-27 表示 GitHub Exploit DB Packet Storm
244468 6.4 MEDIUM
oracle
canonical
squid-cache 		solaris
ubuntu_linux
squid 		The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. CWE-20
不適切な入力確認 		CVE-2014-7142 2016-11-29 04:12 2014-11-27 表示 GitHub Exploit DB Packet Storm
244469 4.3 MEDIUM
openstack keystonemiddleware
python-keystoneclient 		OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (pa… CWE-310
暗号の問題 		CVE-2014-7144 2016-11-29 04:12 2014-10-2 表示 GitHub Exploit DB Packet Storm
244470 7.5 HIGH
oleumtech sensor_wireless_i\/o_module
wio_dh2_wireless_gateway 		OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage. CWE-20
不適切な入力確認 		CVE-2014-2360 2016-11-29 04:11 2014-07-24 表示 GitHub Exploit DB Packet Storm
244471 7.2 HIGH
oleumtech sensor_wireless_i\/o_module
wio_dh2_wireless_gateway 		OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to… NVD-CWE-Other
CVE-2014-2361 2016-11-29 04:11 2014-07-24 表示 GitHub Exploit DB Packet Storm
244472 7.2 HIGH
oleumtech sensor_wireless_i\/o_module
wio_dh2_wireless_gateway 		<a href="http://cwe.mitre.org/data/definitions/320.html" target="_blank">CWE-320: CWE-320: Key Management Errors</a> NVD-CWE-Other
CVE-2014-2361 2016-11-29 04:11 2014-07-24 表示 GitHub Exploit DB Packet Storm
244473 7.8 HIGH
oleumtech sensor_wireless_i\/o_module
wio_dh2_wireless_gateway 		OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic p… NVD-CWE-Other
CVE-2014-2362 2016-11-29 04:11 2014-07-24 表示 GitHub Exploit DB Packet Storm
244474 7.8 HIGH
oleumtech sensor_wireless_i\/o_module
wio_dh2_wireless_gateway 		<a href="http://cwe.mitre.org/data/definitions/338.html" target="_blank">CWE-338: CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)</a> NVD-CWE-Other
CVE-2014-2362 2016-11-29 04:11 2014-07-24 表示 GitHub Exploit DB Packet Storm
244475 4.3 MEDIUM
oracle siebel_crm Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Open_UI, a different vulnerabili… NVD-CWE-noinfo
CVE-2014-2468 2016-11-29 04:11 2014-04-16 表示 GitHub Exploit DB Packet Storm
244476 7.8 HIGH
cisco asa The IKE implementation in the VPN component in Cisco ASA Software 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted UDP packets, aka Bug ID CSCul361… CWE-399
リソース管理の問題 		CVE-2014-3383 2016-11-29 04:11 2014-10-10 表示 GitHub Exploit DB Packet Storm
244477 5.0 MEDIUM
christos_zoulas
php 		file
php 		Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial … CWE-119
バッファエラー 		CVE-2014-3478 2016-11-29 04:11 2014-07-9 表示 GitHub Exploit DB Packet Storm
244478 5.8 MEDIUM
gnu gnutls lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attack… CWE-310
暗号の問題 		CVE-2014-0092 2016-11-29 04:10 2014-03-7 表示 GitHub Exploit DB Packet Storm
244479 6.8 MEDIUM
gnu glibc Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecifie… CWE-22
パス・トラバーサル 		CVE-2014-0475 2016-11-29 04:10 2014-07-29 表示 GitHub Exploit DB Packet Storm
244480 4.0 MEDIUM
ibm db2 IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users t… CWE-200
情報漏えい 		CVE-2014-0919 2016-11-29 04:10 2015-05-8 表示 GitHub Exploit DB Packet Storm
244481 5.0 MEDIUM
fedoraproject
mozilla 		fedora
bugzilla 		The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x be… CWE-264
認可・権限・アクセス制御 		CVE-2014-1572 2016-11-29 04:10 2014-10-13 表示 GitHub Exploit DB Packet Storm
244482 4.3 MEDIUM
fedoraproject
mozilla 		fedora
bugzilla 		Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters,… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2014-1573 2016-11-29 04:10 2014-10-13 表示 GitHub Exploit DB Packet Storm
244483 5.8 MEDIUM
gnu gnutls lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging … CWE-264
認可・権限・アクセス制御 		CVE-2014-1959 2016-11-29 04:10 2014-03-7 表示 GitHub Exploit DB Packet Storm
244484 6.4 MEDIUM
strongswan strongswan IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set… CWE-287
不適切な認証 		CVE-2014-2338 2016-11-29 04:10 2014-04-17 表示 GitHub Exploit DB Packet Storm
244485 4.0 MEDIUM
typo3 typo3 The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated … CWE-264
認可・権限・アクセス制御 		CVE-2013-7073 2016-11-29 04:10 2013-12-24 表示 GitHub Exploit DB Packet Storm
244486 5.9 MEDIUM
ネットワーク 		python python The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof serve… CWE-19
データ処理 		CVE-2013-7440 2016-11-29 04:10 2016-06-8 表示 GitHub Exploit DB Packet Storm
244487 5.0 MEDIUM
canonical
sqlite 		ubuntu_linux
sqlite 		Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements. CWE-119
バッファエラー 		CVE-2013-7443 2016-11-29 04:10 2015-08-12 表示 GitHub Exploit DB Packet Storm
244488 4.3 MEDIUM
oracle peoplesoft_products Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via unknown vectors related… NVD-CWE-noinfo
CVE-2013-2404 2016-11-29 04:09 2013-04-18 表示 GitHub Exploit DB Packet Storm
244489 6.4 MEDIUM
apache activemq The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests. CWE-287
不適切な認証 		CVE-2013-3060 2016-11-29 04:09 2013-04-22 表示 GitHub Exploit DB Packet Storm
244490 6.5 MEDIUM
x x.org_x11 Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon … CWE-399
リソース管理の問題 		CVE-2013-4396 2016-11-29 04:09 2013-10-10 表示 GitHub Exploit DB Packet Storm
244491 6.5 MEDIUM
x x.org_x11 Per: https://bugzilla.redhat.com/show_bug.cgi?id=1014561 "' A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges… CWE-399
リソース管理の問題 		CVE-2013-4396 2016-11-29 04:09 2013-10-10 表示 GitHub Exploit DB Packet Storm
244492 7.5 HIGH
janrain php-openid Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consum… NVD-CWE-noinfo
CVE-2013-4701 2016-11-29 04:09 2013-08-22 表示 GitHub Exploit DB Packet Storm
244493 5.0 MEDIUM
oracle peoplesoft_products Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors r… NVD-CWE-noinfo
CVE-2013-5794 2016-11-29 04:09 2013-10-17 表示 GitHub Exploit DB Packet Storm
244494 5.0 MEDIUM
oracle peoplesoft_products Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors r… NVD-CWE-noinfo
CVE-2013-5841 2016-11-29 04:09 2013-10-17 表示 GitHub Exploit DB Packet Storm
244495 7.5 HIGH
wouter_verhelst
debian
canonical 		nbd
debian_linux
ubuntu_linux 		nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partia… CWE-264
認可・権限・アクセス制御 		CVE-2013-6410 2016-11-29 04:09 2013-12-8 表示 GitHub Exploit DB Packet Storm
244496 5.8 MEDIUM
pywbem_project pywbem PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate. CWE-20
不適切な入力確認 		CVE-2013-6418 2016-11-29 04:09 2014-05-6 表示 GitHub Exploit DB Packet Storm
244497 5.8 MEDIUM
pywbem_project pywbem PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middl… CWE-20
不適切な入力確認 		CVE-2013-6444 2016-11-29 04:09 2014-05-6 表示 GitHub Exploit DB Packet Storm
244498 4.3 MEDIUM
dave_coffin dcraw Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo fil… NVD-CWE-noinfo
CVE-2013-1438 2016-11-29 04:08 2014-01-20 表示 GitHub Exploit DB Packet Storm
244499 6.9 MEDIUM
todd_miller
apple 		sudo
mac_os_x 		sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by… CWE-264
認可・権限・アクセス制御 		CVE-2013-1775 2016-11-29 04:08 2013-03-6 表示 GitHub Exploit DB Packet Storm
244500 4.3 MEDIUM
apache activemq Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2013-1880 2016-11-29 04:08 2014-02-6 表示 GitHub Exploit DB Packet Storm