NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月29日16:11

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
244601	4.0	MEDIUM	oracle	application_object_library e-business_suite	Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors, a different vulnerability th…	NVD-CWE-noinfo	CVE-2008-2586	2016-11-22 11:59	2008-07-16	表示	GitHub Exploit DB Packet Storm

244602	6.5	MEDIUM	oracle	application_object_library e-business_suite	Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors, a different vulnerability th…	NVD-CWE-noinfo	CVE-2008-2606	2016-11-22 11:59	2008-07-16	表示	GitHub Exploit DB Packet Storm

244603	5.0	MEDIUM	oracle	siebel_crm	Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Java Integration, a …	NVD-CWE-noinfo	CVE-2014-0369	2016-11-19 12:02	2014-01-16	表示	GitHub Exploit DB Packet Storm

244604	4.0	MEDIUM	oracle	database_server	Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity via unknown vectors, a…	NVD-CWE-noinfo	CVE-2013-5858	2016-11-19 12:02	2014-01-16	表示	GitHub Exploit DB Packet Storm

244605	3.5	LOW	oracle	fusion_middleware	Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors relat…	NVD-CWE-noinfo	CVE-2012-0090	2016-11-19 12:02	2012-10-17	表示	GitHub Exploit DB Packet Storm

244606	3.5	LOW	oracle	fusion_middleware	Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors relat…	NVD-CWE-noinfo	CVE-2012-0092	2016-11-19 12:02	2012-10-17	表示	GitHub Exploit DB Packet Storm

244607	4.3	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0855.	NVD-CWE-noinfo	CVE-2010-0086	2016-11-19 12:02	2010-04-14	表示	GitHub Exploit DB Packet Storm

244608	4.3	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0086.	NVD-CWE-noinfo	CVE-2010-0855	2016-11-19 12:02	2010-04-14	表示	GitHub Exploit DB Packet Storm

244609	6.4	MEDIUM	viewcvs	viewcvs	Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 allows remote attackers to inject script and steal cookies via the (1) cvsroot or (2) sortby parameters.	NVD-CWE-Other	CVE-2002-0771	2016-11-19 11:59	2002-08-12	表示	GitHub Exploit DB Packet Storm

244610	6.8	MEDIUM	apple	safari iphone_os itunes	WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vul…	CWE-119 バッファエラー	CVE-2013-1038	2016-11-19 05:01	2013-09-19	表示	GitHub Exploit DB Packet Storm

244611	5.0	MEDIUM	phpmyadmin	phpmyadmin	PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[…	CWE-20 不適切な入力確認	CVE-2006-6943	2016-11-19 04:34	2007-01-19	表示	GitHub Exploit DB Packet Storm

244612	6.8	MEDIUM	apple	safari iphone_os itunes	WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vul…	CWE-119 バッファエラー	CVE-2013-1037	2016-11-19 04:30	2013-09-19	表示	GitHub Exploit DB Packet Storm

244613	6.8	MEDIUM	apple	itunes iphone_os safari	WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vul…	CWE-119 バッファエラー	CVE-2013-1039	2016-11-19 04:08	2013-09-19	表示	GitHub Exploit DB Packet Storm

244614	6.8	MEDIUM	apple	iphone_os itunes safari	WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vul…	CWE-119 バッファエラー	CVE-2013-1041	2016-11-19 04:08	2013-09-19	表示	GitHub Exploit DB Packet Storm

244615	6.8	MEDIUM	apple	itunes safari iphone_os	WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vul…	CWE-119 バッファエラー	CVE-2013-1040	2016-11-19 04:07	2013-09-19	表示	GitHub Exploit DB Packet Storm

244616	7.5	HIGH	canonical google	ubuntu_linux chrome v8	Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or possibly have other impact via unknown…	NVD-CWE-noinfo	CVE-2015-2238	2016-11-19 04:05	2015-03-9	表示	GitHub Exploit DB Packet Storm

244617	7.5	HIGH	mystats	mystats	SQL injection vulnerability in mystats.php in MyStats 1.0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the details parameter.	CWE-89 SQLインジェクション	CVE-2006-6402	2016-11-19 02:24	2006-12-10	表示	GitHub Exploit DB Packet Storm

244618	6.8	MEDIUM	mystats	mystats	Multiple cross-site scripting (XSS) vulnerabilities in mystats.php in MyStats 1.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) connexion, (2) by, and (3) de…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2006-6401	2016-11-19 02:23	2006-12-10	表示	GitHub Exploit DB Packet Storm

244619	4.3	MEDIUM	dotnetindex	active_news_manager	Cross-site scripting (XSS) vulnerability in activenews_search.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2006-6096	2016-11-19 02:21	2006-11-25	表示	GitHub Exploit DB Packet Storm

244620	10.0	HIGH	grisoft	avg_antivirus	Unspecified vulnerability in Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors related to "Integer Issues" and parsing of .EXE files.	CWE-189 数値処理の問題	CVE-2006-5940	2016-11-19 02:15	2006-11-16	表示	GitHub Exploit DB Packet Storm

244621	7.5	HIGH	grisoft	avg_antivirus	Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 allow remote attackers to execute arbitrary code via crafted (1) CAB or (2) RAR archives that trigger a heap-based buffer overflow.…	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2006-5937	2016-11-19 02:13	2006-11-16	表示	GitHub Exploit DB Packet Storm

244622	4.4	MEDIUM	oracle ibm	application_server websphere_portal	Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML.	NVD-CWE-noinfo	CVE-2009-1009	2016-11-19 00:22	2009-04-15	表示	GitHub Exploit DB Packet Storm

244623	5.5	MEDIUM	oracle	e-business_suite	Unspecified vulnerability in the Oracle Payroll component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3, and 12.2.2 allows remote authenticated users to affect confidentiality …	NVD-CWE-noinfo	CVE-2013-5890	2016-11-18 05:53	2014-01-16	表示	GitHub Exploit DB Packet Storm

244624	4.9	MEDIUM	oracle	peoplesoft_products	Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown v…	NVD-CWE-noinfo	CVE-2013-5909	2016-11-18 05:52	2014-01-16	表示	GitHub Exploit DB Packet Storm

244625	5.5	MEDIUM	oracle	supply_chain_products_suite	Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.0, 6.1, and 6.1.1 allows remote authenticated users to affect …	NVD-CWE-noinfo	CVE-2013-5897	2016-11-18 05:48	2014-01-16	表示	GitHub Exploit DB Packet Storm

244626	4.3	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0 and 11.1.2.1 allows remote attackers to affect confidentiality via unknown vectors related to I…	NVD-CWE-noinfo	CVE-2013-5901	2016-11-18 05:48	2014-01-16	表示	GitHub Exploit DB Packet Storm

244627	4.3	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.0, and 11.1.2.1 allows remote attackers to affect integrity via unknown vecto…	NVD-CWE-noinfo	CVE-2013-5900	2016-11-18 05:47	2014-01-16	表示	GitHub Exploit DB Packet Storm

244628	6.8	MEDIUM	apple	iphone_os itunes safari	WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vul…	CWE-119 バッファエラー	CVE-2013-1047	2016-11-18 05:44	2013-09-19	表示	GitHub Exploit DB Packet Storm

244629	4.3	MEDIUM	oracle	ilearning	Unspecified vulnerability in Oracle iLearning 6.0 allows remote attackers to affect integrity via unknown vectors related to Learner Pages.	NVD-CWE-noinfo	CVE-2014-0389	2016-11-18 04:50	2014-01-16	表示	GitHub Exploit DB Packet Storm

244630	4.0	MEDIUM	oracle	peoplesoft_products	Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related…	NVD-CWE-noinfo	CVE-2014-0392	2016-11-18 02:08	2014-01-16	表示	GitHub Exploit DB Packet Storm

244631	5.0	MEDIUM	oracle	peoplesoft_products	Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related …	NVD-CWE-noinfo	CVE-2014-0394	2016-11-18 02:08	2014-01-16	表示	GitHub Exploit DB Packet Storm

244632	5.0	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.0, and 11.1.2.1 allows remote attackers to affect confidentiality via unknown…	NVD-CWE-noinfo	CVE-2014-0391	2016-11-18 02:07	2014-01-16	表示	GitHub Exploit DB Packet Storm

244633	5.0	MEDIUM	oracle	peoplesoft_products	Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related …	NVD-CWE-noinfo	CVE-2014-0395	2016-11-18 02:04	2014-01-16	表示	GitHub Exploit DB Packet Storm

244634	5.0	MEDIUM	oracle	peoplesoft_products	Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related …	NVD-CWE-noinfo	CVE-2014-0396	2016-11-18 02:04	2014-01-16	表示	GitHub Exploit DB Packet Storm

244635	5.8	MEDIUM	oracle mozilla suse	solaris firefox linux_enterprise_desktop linux_enterprise_server linux_enterprise_software_development_kit	Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection.	CWE-264 認可・権限・アクセス制御	CVE-2014-1501	2016-11-17 22:55	2014-03-19	表示	GitHub Exploit DB Packet Storm

244636	5.0	MEDIUM	fedoraproject mozilla oracle	fedora firefox solaris	Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scr…	NVD-CWE-noinfo	CVE-2014-1527	2016-11-17 21:33	2014-04-30	表示	GitHub Exploit DB Packet Storm

244637	4.6	MEDIUM	fedoraproject sddm_project	fedora sddm	daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated …	CWE-264 認可・権限・アクセス制御	CVE-2015-0856	2016-11-17 21:31	2015-11-25	表示	GitHub Exploit DB Packet Storm

244638	9.3	HIGH	oracle mozilla	solaris firefox	Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CV…	CWE-189 数値処理の問題	CVE-2015-4496	2016-11-16 05:10	2015-08-16	表示	GitHub Exploit DB Packet Storm

244639	6.4	MEDIUM	mozilla oracle	firefox solaris	Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a deni…	CWE-22 パス・トラバーサル	CVE-2014-1506	2016-11-16 03:05	2014-03-19	表示	GitHub Exploit DB Packet Storm

244640	9.3	HIGH	oracle mozilla	solaris firefoxos	Directory traversal vulnerability in the DeviceStorage API in Mozilla FirefoxOS before 1.2.2 allows attackers to bypass the media sandbox protection mechanism, and read or modify arbitrary files, via…	CWE-22 パス・トラバーサル	CVE-2014-1507	2016-11-16 02:53	2014-03-19	表示	GitHub Exploit DB Packet Storm

244641	5.0	MEDIUM	powerdns	authoritative_server	common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response.	CWE-399 リソース管理の問題	CVE-2012-0206	2016-11-10 05:25	2012-02-18	表示	GitHub Exploit DB Packet Storm

244642	9.3	HIGH	foxitsoftware	foxit_reader	Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory.	CWE-426 信頼性のない検索パス	CVE-2011-3691	2016-11-9 03:30	2011-09-28	表示	GitHub Exploit DB Packet Storm

244643	9.3	HIGH	foxitsoftware	foxit_reader	Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'	CWE-426 信頼性のない検索パス	CVE-2011-3691	2016-11-9 03:30	2011-09-28	表示	GitHub Exploit DB Packet Storm

244644	6.8	MEDIUM	foxitsoftware	foxit_reader phantompdf	Multiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary …	NVD-CWE-Other	CVE-2015-8580	2016-11-9 03:15	2015-12-17	表示	GitHub Exploit DB Packet Storm

244645	6.8	MEDIUM	foxitsoftware	foxit_reader phantompdf	<a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>	NVD-CWE-Other	CVE-2015-8580	2016-11-9 03:15	2015-12-17	表示	GitHub Exploit DB Packet Storm

244646	7.8	HIGH ローカル	foxitsoftware	foxit_reader phantompdf	The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and applicatio…	CWE-119 バッファエラー	CVE-2016-4065	2016-11-9 02:55	2016-04-23	表示	GitHub Exploit DB Packet Storm

244647	9.3	HIGH	foxitsoftware	foxit_reader foxit_phantom	Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit Phantom before 2.3.3.1112 allows remote attackers to execute arbitrary code via crafted ICC chunks in a PDF file, which triggers a heap-ba…	CWE-189 数値処理の問題	CVE-2011-0332	2016-11-9 02:47	2011-02-26	表示	GitHub Exploit DB Packet Storm

244648	4.3	MEDIUM	redhat	enterprise_linux	LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows…	CWE-20 不適切な入力確認	CVE-2010-2598	2016-11-8 23:56	2010-07-2	表示	GitHub Exploit DB Packet Storm

244649	6.8	MEDIUM	simon_mcvittie	telepathy_gabble	The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a "legacy Jabber server," does not properly enforce the WockyConnector:tls-required flag, which allows …	CWE-20 不適切な入力確認	CVE-2013-1431	2016-11-8 23:38	2013-09-24	表示	GitHub Exploit DB Packet Storm

244650	7.2	HIGH	sophos	web_appliance	The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second…	CWE-78 CWE-264 OSコマンド・インジェクション認可・権限・アクセス制御	CVE-2013-4984	2016-11-8 23:00	2013-09-10	表示	GitHub Exploit DB Packet Storm