NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月29日16:11

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
244651	7.5	HIGH	microsoft	internet_explorer	The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by enc…	CWE-20 不適切な入力確認	CVE-2000-0400	2016-11-8 03:25	2000-05-13	表示	GitHub Exploit DB Packet Storm

244652	8.5	HIGH	cisco	unified_communications_manager	Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated use…	CWE-119 バッファエラー	CVE-2013-3462	2016-11-8 00:02	2013-08-25	表示	GitHub Exploit DB Packet Storm

244653	4.6	MEDIUM	cisco	unified_computing_system_6120xp_fabric_interconnect unified_computing_system_6140xp_fabric_interconnect	Memory leak in the CLI component on Cisco Unified Computing System (UCS) 6100 Fabric Interconnect devices, in certain situations that lack a SPAN session, allows local users to cause a denial of serv…	CWE-399 リソース管理の問題	CVE-2013-3467	2016-11-8 00:02	2013-08-30	表示	GitHub Exploit DB Packet Storm

244654	7.8	HIGH	cisco	unified_ip_phone_8945 unified_ip_phone_firmware	The Cisco Unified IP Phone 8945 with software 9.3(2) allows remote attackers to cause a denial of service (device hang) via a malformed PNG file, aka Bug ID CSCud04270.	CWE-20 不適切な入力確認	CVE-2013-3468	2016-11-8 00:02	2013-08-29	表示	GitHub Exploit DB Packet Storm

244655	9.3	HIGH	cisco	secure_access_control_server	The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which al…	CWE-287 不適切な認証	CVE-2013-3466	2016-11-7 23:59	2013-08-29	表示	GitHub Exploit DB Packet Storm

244656	7.1	HIGH	cisco	unified_communications_manager	Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause …	CWE-399 リソース管理の問題	CVE-2013-3461	2016-11-7 23:47	2013-08-25	表示	GitHub Exploit DB Packet Storm

244657	7.8	HIGH	cisco	unified_communications_manager	Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service…	CWE-399 リソース管理の問題	CVE-2013-3460	2016-11-7 23:44	2013-08-25	表示	GitHub Exploit DB Packet Storm

244658	5.0	MEDIUM	cisco	mobility_services_engine	Cisco Mobility Services Engine does not properly set up the Oracle SSL service, which allows remote attackers to obtain an unauthenticated session to the database-replication port, and consequently o…	CWE-200 情報漏えい	CVE-2013-3469	2016-11-5 04:52	2013-09-4	表示	GitHub Exploit DB Packet Storm

244659	4.3	MEDIUM	cisco	identity_services_engine_software	The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an …	CWE-255 証明書・パスワード管理	CVE-2013-3471	2016-11-5 04:52	2013-08-29	表示	GitHub Exploit DB Packet Storm

244660	6.8	MEDIUM	cisco	unified_communications_manager	Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary …	CWE-352 同一生成元ポリシー違反	CVE-2013-3472	2016-11-5 04:48	2013-08-29	表示	GitHub Exploit DB Packet Storm

244661	5.0	MEDIUM	cisco	ios_xr	The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731.	CWE-20 不適切な入力確認	CVE-2013-3470	2016-11-5 04:46	2013-08-30	表示	GitHub Exploit DB Packet Storm

244662	5.0	MEDIUM	cisco	secure_access_control_system	Cisco Secure Access Control System (ACS) does not properly handle requests to read from the TACACS+ socket, which allows remote attackers to cause a denial of service (process crash) via malformed TC…	CWE-20 不適切な入力確認	CVE-2013-5470	2016-11-5 04:46	2013-09-4	表示	GitHub Exploit DB Packet Storm

244663	4.0	MEDIUM	oracle	financial_services_software	Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 6.0.1 and 6.2.0 allows remote authenticated users to affect integrity via unknown vecto…	NVD-CWE-noinfo	CVE-2012-0576	2016-11-5 04:45	2012-05-4	表示	GitHub Exploit DB Packet Storm

244664	3.5	LOW	oracle	financial_services_software	Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to…	NVD-CWE-noinfo	CVE-2012-0577	2016-11-5 04:45	2012-05-4	表示	GitHub Exploit DB Packet Storm

244665	3.5	LOW	oracle	financial_services_software	Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to…	NVD-CWE-noinfo	CVE-2012-0579	2016-11-5 04:45	2012-05-4	表示	GitHub Exploit DB Packet Storm

244666	5.5	MEDIUM ローカル	avast	business_security free_antivirus internet_security premier pro_antivirus email_server_security endpoint_protection endpoint_protection_plus endpoint_protection_suite endpoi…	Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Prote…	CWE-254 セキュリティ機能	CVE-2016-4025	2016-11-5 04:03	2016-11-3	表示	GitHub Exploit DB Packet Storm

244667	4.9	MEDIUM	oracle	financial_services_software	Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to…	NVD-CWE-noinfo	CVE-2012-0573	2016-11-5 03:35	2012-05-4	表示	GitHub Exploit DB Packet Storm

244668	6.5	MEDIUM	cisco	unified_computing_system	The remote debug shell on the PALO adapter card in Cisco Unified Computing System (UCS) allows local users to gain privileges via malformed show-macstats parameters, aka Bug ID CSCub13772.	CWE-264 認可・権限・アクセス制御	CVE-2012-1313	2016-11-5 03:34	2013-09-28	表示	GitHub Exploit DB Packet Storm

244669	6.8	MEDIUM	oracle	financial_services_software	Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote attackers to affect co…	NVD-CWE-noinfo	CVE-2012-0575	2016-11-5 02:50	2012-05-4	表示	GitHub Exploit DB Packet Storm

244670	5.4	MEDIUM	cisco	ios_xe	The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP he…	CWE-20 不適切な入力確認	CVE-2013-6706	2016-11-3 02:42	2013-11-29	表示	GitHub Exploit DB Packet Storm

244671	4.6	MEDIUM	cisco	unified_computing_system	MCServer in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (application crash) via invalid MCTools parameters, aka Bug ID CSCt…	CWE-119 バッファエラー	CVE-2012-4081	2016-11-1 02:05	2013-09-21	表示	GitHub Exploit DB Packet Storm

244672	4.3	MEDIUM	apache	tomcat	Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Lin…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-2696	2016-10-27 23:50	2010-08-6	表示	GitHub Exploit DB Packet Storm

244673	9.8	CRITICAL ネットワーク	mailcwp_project	mailcwp	Remote file upload vulnerability in mailcwp v1.99 wordpress plugin	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2015-1000000	2016-10-27 10:59	2016-10-6	表示	GitHub Exploit DB Packet Storm

244674	7.5	HIGH ネットワーク	wptf-image-gallery_project	wptf-image-gallery	Remote file download vulnerability in wptf-image-gallery v1.03	CWE-200 CWE-285 情報漏えい不適切な認可	CVE-2015-1000007	2016-10-27 10:59	2016-10-6	表示	GitHub Exploit DB Packet Storm

244675	5.3	MEDIUM ネットワーク	mp3-jplayer_project	mp3-jplayer	Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2	CWE-200 情報漏えい	CVE-2015-1000008	2016-10-27 10:59	2016-10-6	表示	GitHub Exploit DB Packet Storm

244676	9.1	CRITICAL ネットワーク	google-adsense-and-hotel-booking_project	google-adsense-and-hotel-booking	Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05	CWE-284 不適切なアクセス制御	CVE-2015-1000009	2016-10-27 10:59	2016-10-6	表示	GitHub Exploit DB Packet Storm

244677	6.4	MEDIUM	php	php	gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via …	CWE-20 不適切な入力確認	CVE-2014-5120	2016-10-26 11:00	2014-08-23	表示	GitHub Exploit DB Packet Storm

244678	7.5	HIGH	nvidia	gpu_driver	The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra (L4T) driver before R21.2, and …	CWE-19 データ処理	CVE-2014-8298	2016-10-26 11:00	2014-12-11	表示	GitHub Exploit DB Packet Storm

244679	4.0	MEDIUM	nalin_dahyabhai	vte	The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count v…	CWE-119 バッファエラー	CVE-2012-2738	2016-10-26 10:59	2012-07-23	表示	GitHub Exploit DB Packet Storm

244680	4.3	MEDIUM	f5	big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_edge_gateway big-ip…	Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-3959	2016-10-20 01:45	2014-06-3	表示	GitHub Exploit DB Packet Storm

244681	5.0	MEDIUM	mediawiki fedoraproject gentoo	mediawiki fedora linux	MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attacke…	CWE-264 認可・権限・アクセス制御	CVE-2013-2032	2016-10-19 00:11	2013-11-18	表示	GitHub Exploit DB Packet Storm

244682	10.0	HIGH	apple libpng	mac_os_x libpng	Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrar…	CWE-119 バッファエラー	CVE-2014-9495	2016-10-18 12:45	2015-01-11	表示	GitHub Exploit DB Packet Storm

244683	7.5	HIGH	sysklogd_project rsyslog	sysklogd rsyslog	rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact …	CWE-119 バッファエラー	CVE-2014-3634	2016-10-18 12:44	2014-11-2	表示	GitHub Exploit DB Packet Storm

244684	5.0	MEDIUM	rsyslog sysklogd_project	rsyslog sysklogd	Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this v…	CWE-189 数値処理の問題	CVE-2014-3683	2016-10-18 12:44	2014-11-2	表示	GitHub Exploit DB Packet Storm

244685	2.4	LOW	apache	subversion	svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this i…	CWE-59 リンク解釈の問題	CVE-2013-4262	2016-10-18 12:43	2014-07-29	表示	GitHub Exploit DB Packet Storm

244686	2.4	LOW	apache	subversion	The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfil…	CWE-59 リンク解釈の問題	CVE-2013-7393	2016-10-18 12:43	2014-07-29	表示	GitHub Exploit DB Packet Storm

244687	7.5	HIGH	x.org canonical debian	libx11 ubuntu_linux debian_linux x11	Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted r…	CWE-189 数値処理の問題	CVE-2013-7439	2016-10-18 12:43	2015-04-16	表示	GitHub Exploit DB Packet Storm

244688	10.0	HIGH	openbsd	openbsd	Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows remote attackers to execute arbitrary code via fragmented IPv6 packets due to "incorrect mbuf handling for ICMP6 packets." NOTE: th…	NVD-CWE-Other	CVE-2007-1365	2016-10-18 12:43	2007-03-11	表示	GitHub Exploit DB Packet Storm

244689	7.5	HIGH	horde	kronolith	Directory traversal vulnerability in lib/FBView.php in Horde Kronolith H3 before 2.0.7 and 2.1.x before 2.1.4 allows remote attackers to include arbitrary files and execute PHP code via a .. (dot dot…	NVD-CWE-Other	CVE-2006-6175	2016-10-18 12:42	2006-12-1	表示	GitHub Exploit DB Packet Storm

244690	10.0	HIGH	karl_dahlke	edbrowse	Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Command line editor browser) 3.1.3 allows remote attackers to execute arbitrary code by operating an FTP server that sends directory…	NVD-CWE-Other	CVE-2006-6909	2016-10-18 12:42	2006-12-31	表示	GitHub Exploit DB Packet Storm

244691	7.5	HIGH	siteatschool	siteatschool	PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to starnet/modules/include/incl…	NVD-CWE-Other	CVE-2006-4921	2016-10-18 12:41	2006-09-21	表示	GitHub Exploit DB Packet Storm

244692	1.2	LOW	mutt	mutt	The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to c…	NVD-CWE-Other	CVE-2006-5298	2016-10-18 12:41	2006-10-17	表示	GitHub Exploit DB Packet Storm

244693	1.2	LOW	mutt	mutt	Race Condition occurs between the mktemp and safe_fopen function calls.	NVD-CWE-Other	CVE-2006-5298	2016-10-18 12:41	2006-10-17	表示	GitHub Exploit DB Packet Storm

244694	7.5	HIGH	hotplug_cms	hotplug_cms	SQL injection vulnerability in administration/includes/login/auth.php in HotPlug CMS 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (…	NVD-CWE-Other	CVE-2006-3190	2016-10-18 12:40	2006-06-23	表示	GitHub Exploit DB Packet Storm

244695	7.5	HIGH	banex	banex	Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the (1) site_name parameter to (a) signup.php, and the (2) …	NVD-CWE-Other	CVE-2006-3963	2016-10-18 12:40	2006-08-2	表示	GitHub Exploit DB Packet Storm

244696	7.5	HIGH	banex	banex	PHP remote file inclusion vulnerability in members.php in Banex PHP MySQL Banner Exchange 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_root parameter.	NVD-CWE-Other	CVE-2006-3964	2016-10-18 12:40	2006-08-2	表示	GitHub Exploit DB Packet Storm

244697	5.0	MEDIUM	banex	banex	Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database userna…	NVD-CWE-Other	CVE-2006-3965	2016-10-18 12:40	2006-08-2	表示	GitHub Exploit DB Packet Storm

244698	10.0	HIGH	linux	linux_kernel	The __group_complete_signal function in the RCU signal handling (signal.c) in Linux kernel 2.6.16, and possibly other versions, has unknown impact and attack vectors related to improper use of BUG_ON.	NVD-CWE-Other	CVE-2006-1523	2016-10-18 12:39	2006-04-13	表示	GitHub Exploit DB Packet Storm

244699	7.5	HIGH	alt-n	mdaemon	Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' (double quote).	NVD-CWE-Other	CVE-2006-2646	2016-10-18 12:39	2006-05-30	表示	GitHub Exploit DB Packet Storm

244700	4.3	MEDIUM	open-xchange	open-xchange	Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachme…	NVD-CWE-Other	CVE-2006-0091	2016-10-18 12:38	2006-01-5	表示	GitHub Exploit DB Packet Storm