NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年9月29日12:13

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
244501 5.8 MEDIUM
pywbem_project pywbem PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middl… CWE-20
不適切な入力確認 		CVE-2013-6444 2016-11-29 04:09 2014-05-6 表示 GitHub Exploit DB Packet Storm
244502 4.3 MEDIUM
dave_coffin dcraw Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo fil… NVD-CWE-noinfo
CVE-2013-1438 2016-11-29 04:08 2014-01-20 表示 GitHub Exploit DB Packet Storm
244503 6.9 MEDIUM
todd_miller
apple 		sudo
mac_os_x 		sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by… CWE-264
認可・権限・アクセス制御 		CVE-2013-1775 2016-11-29 04:08 2013-03-6 表示 GitHub Exploit DB Packet Storm
244504 4.3 MEDIUM
apache activemq Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2013-1880 2016-11-29 04:08 2014-02-6 表示 GitHub Exploit DB Packet Storm
244505 6.8 MEDIUM
x
canonical 		libx11
ubuntu_linux 		Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFon… CWE-189
数値処理の問題 		CVE-2013-1981 2016-11-29 04:08 2013-06-16 表示 GitHub Exploit DB Packet Storm
244506 6.8 MEDIUM
x
canonical 		libx11
ubuntu_linux 		Additional products added per http://www.ubuntu.com/usn/USN-1854-1/ CWE-189
数値処理の問題 		CVE-2013-1981 2016-11-29 04:08 2013-06-16 表示 GitHub Exploit DB Packet Storm
244507 10.0 HIGH
lawrence_berkeley_national_laboratory arpwatch arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerab… NVD-CWE-Other
CVE-2012-2653 2016-11-29 04:08 2012-07-13 表示 GitHub Exploit DB Packet Storm
244508 6.4 MEDIUM
oracle database_server
primavera_p6_enterprise_project_portfolio_management 		The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, wh… CWE-287
不適切な認証 		CVE-2012-3137 2016-11-29 04:08 2012-09-22 表示 GitHub Exploit DB Packet Storm
244509 4.3 MEDIUM
oracle fusion_middleware Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to R… NVD-CWE-noinfo
CVE-2012-3175 2016-11-29 04:08 2012-10-17 表示 GitHub Exploit DB Packet Storm
244510 5.7 MEDIUM
isc dhcp Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifi… CWE-119
バッファエラー 		CVE-2012-3570 2016-11-29 04:08 2012-07-25 表示 GitHub Exploit DB Packet Storm
244511 5.0 MEDIUM
twiki
foswiki 		twiki
foswiki 		The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large i… CWE-189
数値処理の問題 		CVE-2012-6330 2016-11-29 04:08 2013-01-5 表示 GitHub Exploit DB Packet Storm
244512 5.0 MEDIUM
apache activemq The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests. CWE-399
リソース管理の問題 		CVE-2012-6551 2016-11-29 04:08 2013-04-22 表示 GitHub Exploit DB Packet Storm
244513 4.3 MEDIUM
yoast wordpress_seo Cross-site scripting (XSS) vulnerability in js/wp-seo-metabox.js in the WordPress SEO by Yoast plugin before 2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-6692 2016-11-29 04:08 2015-06-18 表示 GitHub Exploit DB Packet Storm
244514 4.3 MEDIUM
oracle database_server
enterprise_manager_grid_control 		Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Gri… NVD-CWE-noinfo
CVE-2012-0526 2016-11-29 04:07 2012-05-4 表示 GitHub Exploit DB Packet Storm
244515 4.3 MEDIUM
oracle database_server
enterprise_manager_grid_control 		Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Gri… NVD-CWE-noinfo
CVE-2012-0527 2016-11-29 04:07 2012-05-4 表示 GitHub Exploit DB Packet Storm
244516 4.9 MEDIUM
sun sunos Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2012-0098. NVD-CWE-noinfo
CVE-2011-0813 2016-11-29 04:07 2011-04-20 表示 GitHub Exploit DB Packet Storm
244517 5.0 MEDIUM
oracle enterpriseone_tools
jd_edwards_enterpriseone
jd_edwards_enterpriseone_ep
oneworld_tools
peoplesoft_and_jdedwards_product_suite
peoplesoft_and_jdedwards_suite_scm 		Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect integrity, related to Enterprise Infrast… NVD-CWE-noinfo
CVE-2011-0819 2016-11-29 04:07 2011-04-20 表示 GitHub Exploit DB Packet Storm
244518 5.0 MEDIUM
oracle enterpriseone_tools
jd_edwards_enterpriseone
jd_edwards_enterpriseone_ep
oneworld_tools
peoplesoft_and_jdedwards_product_suite
peoplesoft_and_jdedwards_suite_scm 		Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect integrity, related to Enterprise Infrast… NVD-CWE-noinfo
CVE-2011-0823 2016-11-29 04:07 2011-04-20 表示 GitHub Exploit DB Packet Storm
244519 3.5 LOW
oracle fusion_middleware Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 10.1.3.5.0 and 10.1.3.5.1 allows remote authenticated users to affect integrity, related to WSM Cons… NVD-CWE-noinfo
CVE-2011-2237 2016-11-29 04:07 2011-10-19 表示 GitHub Exploit DB Packet Storm
244520 5.0 MEDIUM
squid-cache squid The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record th… CWE-399
リソース管理の問題 		CVE-2011-4096 2016-11-29 04:07 2011-11-18 表示 GitHub Exploit DB Packet Storm
244521 6.8 MEDIUM
gnu wget GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary… CWE-20
不適切な入力確認 		CVE-2010-2252 2016-11-29 04:07 2010-07-7 表示 GitHub Exploit DB Packet Storm
244522 4.3 MEDIUM
oracle fusion_middleware Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than C… NVD-CWE-noinfo
CVE-2010-2395 2016-11-29 04:07 2010-10-14 表示 GitHub Exploit DB Packet Storm
244523 4.3 MEDIUM
oracle fusion_middleware Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than C… NVD-CWE-noinfo
CVE-2010-2409 2016-11-29 04:07 2010-10-14 表示 GitHub Exploit DB Packet Storm
244524 4.3 MEDIUM
oracle fusion_middleware Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than C… NVD-CWE-noinfo
CVE-2010-2410 2016-11-29 04:07 2010-10-14 表示 GitHub Exploit DB Packet Storm
244525 5.5 MEDIUM
oracle peoplesoft_and_jdedwards_product_suite Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users … NVD-CWE-noinfo
CVE-2010-3538 2016-11-29 04:07 2010-10-15 表示 GitHub Exploit DB Packet Storm
244526 5.5 MEDIUM
oracle peoplesoft_and_jdedwards_product_suite Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users … NVD-CWE-noinfo
CVE-2010-3539 2016-11-29 04:07 2010-10-15 表示 GitHub Exploit DB Packet Storm
244527 5.8 MEDIUM
gnu gnu_patch Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot… CWE-22
パス・トラバーサル 		CVE-2010-4651 2016-11-29 04:07 2011-03-12 表示 GitHub Exploit DB Packet Storm
244528 10.0 HIGH
novell zenworks_configuration_management Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary cod… CWE-22
パス・トラバーサル 		CVE-2010-5324 2016-11-29 04:07 2015-06-8 表示 GitHub Exploit DB Packet Storm
244529 4.9 MEDIUM
freebsd freebsd The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive i… CWE-20
不適切な入力確認 		CVE-2009-1436 2016-11-29 04:07 2009-04-28 表示 GitHub Exploit DB Packet Storm
244530 4.3 MEDIUM
oracle application_server Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CV… NVD-CWE-noinfo
CVE-2009-3407 2016-11-29 04:07 2009-10-23 表示 GitHub Exploit DB Packet Storm
244531 6.5 MEDIUM
oracle authentication_component
database_server 		Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2605. NVD-CWE-noinfo
CVE-2008-2604 2016-11-29 04:07 2008-07-16 表示 GitHub Exploit DB Packet Storm
244532 4.0 MEDIUM
oracle authentication_component
database_server 		Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2604. NVD-CWE-noinfo
CVE-2008-2605 2016-11-29 04:07 2008-07-16 表示 GitHub Exploit DB Packet Storm
244533 6.2 MEDIUM
microsoft windows_2000
windows_7
windows_server_2008
windows_vista
windows_xp 		Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as… NVD-CWE-Other
CVE-2007-6753 2016-11-29 04:06 2012-03-29 表示 GitHub Exploit DB Packet Storm
244534 6.2 MEDIUM
microsoft windows_2000
windows_7
windows_server_2008
windows_vista
windows_xp 		Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' NVD-CWE-Other
CVE-2007-6753 2016-11-29 04:06 2012-03-29 表示 GitHub Exploit DB Packet Storm
244535 10.0 HIGH
dotnetnuke dotnetnuke ** UNVERIFIABLE ** Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attackers to gain privileges via unspecified vectors, as used in an attack … NVD-CWE-Other
CVE-2006-3601 2016-11-29 04:06 2006-07-19 表示 GitHub Exploit DB Packet Storm
244536 7.5 HIGH
shadowed_portal shadowed_portal PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) footer.php and (2) header.php… NVD-CWE-Other
CVE-2006-4885 2016-11-29 04:06 2006-09-20 表示 GitHub Exploit DB Packet Storm
244537 7.5 HIGH
sun java_system_web_proxy_server Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy Server) 3.6 SP6 allows remote attackers to execute arbitrary code via unknown vectors. NVD-CWE-Other
CVE-2005-1232 2016-11-29 04:06 2005-05-2 表示 GitHub Exploit DB Packet Storm
244538 7.2 HIGH
gnu
gentoo 		aspell
linux 		Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properl… NVD-CWE-Other
CVE-2004-0548 2016-11-29 04:06 2004-08-6 表示 GitHub Exploit DB Packet Storm
244539 4.0 MEDIUM
pablo_software_solutions baby_ftp_server Directory traversal vulnerability in Baby FTP Server 1.2, and possibly other versions before May 31, 2003 allows remote authenticated users to list arbitrary directories and possibly read files via "… NVD-CWE-Other
CVE-2003-1299 2016-11-29 04:06 2003-12-31 表示 GitHub Exploit DB Packet Storm
244540 5.0 MEDIUM
atari terminator_3_war_of_the_machines Terminator 3: War of the Machines 1.16 and earlier allows remote attackers to cause a denial of service (application crash) via a large nickname. CWE-119
バッファエラー 		CVE-2005-1775 2016-11-26 03:27 2005-05-31 表示 GitHub Exploit DB Packet Storm
244541 7.5 HIGH
phpstat phpstat setup.php in phpStat 1.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the $check variable. CWE-20
不適切な入力確認 		CVE-2005-1787 2016-11-26 03:27 2005-05-27 表示 GitHub Exploit DB Packet Storm
244542 2.6 LOW
postnuke_software_foundation postnuke Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2005-1778 2016-11-26 03:26 2005-05-31 表示 GitHub Exploit DB Packet Storm
244543 8.5 HIGH
ネットワーク 		ibm tivoli_storage_manager_for_virtual_environments IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated … CWE-264
認可・権限・アクセス制御 		CVE-2016-2988 2016-11-26 02:09 2016-11-25 表示 GitHub Exploit DB Packet Storm
244544 6.5 MEDIUM
ネットワーク 		ibm security_privileged_identity_manager IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors. CWE-20
不適切な入力確認 		CVE-2016-2996 2016-11-26 01:54 2016-11-25 表示 GitHub Exploit DB Packet Storm
244545 3.6 LOW
oracle financial_services_software Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to… NVD-CWE-noinfo
CVE-2012-0545 2016-11-26 00:01 2012-05-4 表示 GitHub Exploit DB Packet Storm
244546 3.6 LOW
oracle financial_services_software Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to… NVD-CWE-noinfo
CVE-2012-0546 2016-11-26 00:00 2012-05-4 表示 GitHub Exploit DB Packet Storm
244547 5.5 MEDIUM
oracle financial_services_software Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to… NVD-CWE-noinfo
CVE-2012-0567 2016-11-25 23:41 2012-05-4 表示 GitHub Exploit DB Packet Storm
244548 5.0 MEDIUM
oracle siebel_crm Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework, … NVD-CWE-noinfo
CVE-2013-1510 2016-11-25 22:57 2013-04-17 表示 GitHub Exploit DB Packet Storm
244549 3.2 LOW
oracle database_server Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via u… NVD-CWE-noinfo
CVE-2009-3413 2016-11-24 04:42 2010-01-13 表示 GitHub Exploit DB Packet Storm
244550 4.9 MEDIUM
oracle database_server Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via u… NVD-CWE-noinfo
CVE-2009-3414 2016-11-24 04:42 2010-01-13 表示 GitHub Exploit DB Packet Storm