NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年7月8日10:16

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
244951	2.3	LOW	openstack	compute	The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denia…	CWE-264 認可・権限・アクセス制御	CVE-2014-2573	2014-03-26 22:41	2014-03-26	表示	GitHub Exploit DB Packet Storm

244952	5.8	MEDIUM	siemens	simatic_s7-1500_cpu_firmware	Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attack…	CWE-352 同一生成元ポリシー違反	CVE-2014-2249	2014-03-26 13:57	2014-03-16	表示	GitHub Exploit DB Packet Storm

244953	5.0	MEDIUM	libpng	libpng	The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an…	CWE-189 数値処理の問題	CVE-2014-0333	2014-03-26 13:56	2014-02-28	表示	GitHub Exploit DB Packet Storm

244954	1.9	LOW	libssh	libssh	The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared be…	CWE-310 暗号の問題	CVE-2014-0017	2014-03-26 13:55	2014-03-15	表示	GitHub Exploit DB Packet Storm

244955	7.5	HIGH	roundcube	webmail	steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read …	CWE-89 SQLインジェクション	CVE-2013-6172	2014-03-26 13:54	2013-11-6	表示	GitHub Exploit DB Packet Storm

244956	7.5	HIGH	symantec	endpoint_protection_manager protection_center	The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1…	NVD-CWE-Other	CVE-2013-5014	2014-03-26 13:51	2014-02-14	表示	GitHub Exploit DB Packet Storm

244957	4.0	MEDIUM	gnu	gnutls	The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the pr…	CWE-310 暗号の問題	CVE-2013-1619	2014-03-26 13:46	2013-02-9	表示	GitHub Exploit DB Packet Storm

244958	10.0	HIGH	adobe	flash_player flash_player_for_android adobe_air_sdk_and_compiler adobe_air_sdk adobe_air	Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and be…	CWE-119 バッファエラー	CVE-2013-1371	2014-03-26 13:45	2013-03-14	表示	GitHub Exploit DB Packet Storm

244959	10.0	HIGH	adobe	flash_player flash_player_for_android adobe_air_sdk_and_compiler adobe_air_sdk adobe_air	Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 …	CWE-119 バッファエラー	CVE-2013-1375	2014-03-26 13:45	2013-03-14	表示	GitHub Exploit DB Packet Storm

244960	10.0	HIGH	adobe	flash_player adobe_air adobe_air_sdk	Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and be…	CWE-119 バッファエラー	CVE-2013-1378	2014-03-26 13:45	2013-04-10	表示	GitHub Exploit DB Packet Storm

244961	10.0	HIGH	adobe	flash_player adobe_air adobe_air_sdk	Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and be…	NVD-CWE-noinfo	CVE-2013-1380	2014-03-26 13:45	2013-04-10	表示	GitHub Exploit DB Packet Storm

244962	10.0	HIGH	adobe	flash_player flash_player_for_android adobe_air_sdk_and_compiler adobe_air_sdk adobe_air	Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android…	CWE-189 数値処理の問題	CVE-2013-0646	2014-03-26 13:44	2013-03-14	表示	GitHub Exploit DB Packet Storm

244963	10.0	HIGH	adobe	flash_player flash_player_for_android adobe_air_sdk_and_compiler adobe_air_sdk adobe_air	Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.4…	CWE-399 リソース管理の問題	CVE-2013-0650	2014-03-26 13:44	2013-03-14	表示	GitHub Exploit DB Packet Storm

244964	4.3	MEDIUM	gnu	gnutls	The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it eas…	CWE-310 暗号の問題	CVE-2012-0390	2014-03-26 13:28	2012-01-6	表示	GitHub Exploit DB Packet Storm

244965	5.0	MEDIUM	openssl	openssl	The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted d…	CWE-399 リソース管理の問題	CVE-2012-0027	2014-03-26 13:27	2012-01-6	表示	GitHub Exploit DB Packet Storm

244966	4.3	MEDIUM	openssl	openssl	OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate…	CWE-399 リソース管理の問題	CVE-2011-4577	2014-03-26 13:25	2012-01-6	表示	GitHub Exploit DB Packet Storm

244967	5.0	MEDIUM	openssl	openssl	crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value co…	CWE-264 認可・権限・アクセス制御	CVE-2011-3207	2014-03-26 13:22	2011-09-22	表示	GitHub Exploit DB Packet Storm

244968	5.0	MEDIUM	openssl	openssl	The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows r…	CWE-399 リソース管理の問題	CVE-2011-3210	2014-03-26 13:22	2011-09-22	表示	GitHub Exploit DB Packet Storm

244969	4.3	MEDIUM	marekkis	watermark	Cross-site scripting (XSS) vulnerability in the Marekkis Watermark plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pfad parameter to wp-admin/options…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-1758	2014-03-26 09:54	2014-03-14	表示	GitHub Exploit DB Packet Storm

244970	4.3	MEDIUM	proxmox	mail_gateway	Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway before 3.1-5829 allow remote attackers to inject arbitrary web script or HTML via the (1) state parameter to objects/who/in…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-2325	2014-03-26 09:42	2014-03-14	表示	GitHub Exploit DB Packet Storm

244971	3.5	LOW	owncloud	owncloud	Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-0307	2014-03-26 09:41	2014-03-15	表示	GitHub Exploit DB Packet Storm

244972	4.3	MEDIUM	owncloud	owncloud	Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar appli…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-0298	2014-03-26 09:40	2014-03-15	表示	GitHub Exploit DB Packet Storm

244973	3.5	LOW	owncloud	owncloud	Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-0297	2014-03-26 09:39	2014-03-15	表示	GitHub Exploit DB Packet Storm

244974	3.5	LOW	owncloud	owncloud	Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbit…	NVD-CWE-Other	CVE-2013-1851	2014-03-26 09:23	2014-03-15	表示	GitHub Exploit DB Packet Storm

244975	3.5	LOW	owncloud	owncloud	Per: https://cwe.mitre.org/data/definitions/184.html "CWE-184: Incomplete Blacklist"	NVD-CWE-Other	CVE-2013-1851	2014-03-26 09:23	2014-03-15	表示	GitHub Exploit DB Packet Storm

244976	4.3	MEDIUM	trojita_project	trojita	The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message int…	CWE-200 情報漏えい	CVE-2014-2567	2014-03-26 09:20	2014-03-21	表示	GitHub Exploit DB Packet Storm

244977	2.1	LOW	owncloud	owncloud	Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1) qu…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-1822	2014-03-26 06:07	2014-03-15	表示	GitHub Exploit DB Packet Storm

244978	6.5	MEDIUM	owncloud	owncloud	Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to ex…	CWE-94 コード・インジェクション	CVE-2013-1850	2014-03-26 06:04	2014-03-15	表示	GitHub Exploit DB Packet Storm

244979	3.5	LOW	owncloud	owncloud	Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-2150	2014-03-26 06:03	2014-03-15	表示	GitHub Exploit DB Packet Storm

244980	3.5	LOW	owncloud	owncloud	Per: http://owncloud.org/about/security/advisories/oC-SA-2013-028/ "Cross-site scripting (XSS) vulnerabilities in js/viewer.js inside the files_videoviewer application via multiple unspecified vecto…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-2150	2014-03-26 06:03	2014-03-15	表示	GitHub Exploit DB Packet Storm

244981	6.8	MEDIUM	owncloud	owncloud	Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that ch…	CWE-352 同一生成元ポリシー違反	CVE-2013-0301	2014-03-26 05:56	2014-03-15	表示	GitHub Exploit DB Packet Storm

244982	6.8	MEDIUM	owncloud	owncloud	Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the default view vi…	CWE-352 同一生成元ポリシー違反	CVE-2013-0300	2014-03-26 05:55	2014-03-15	表示	GitHub Exploit DB Packet Storm

244983	6.8	MEDIUM	owncloud	owncloud	Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change t…	CWE-352 同一生成元ポリシー違反	CVE-2013-0299	2014-03-26 05:49	2014-03-15	表示	GitHub Exploit DB Packet Storm

244984	6.8	MEDIUM	owncloud	owncloud	Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vect…	CWE-287 不適切な認証	CVE-2014-2047	2014-03-26 04:36	2014-03-15	表示	GitHub Exploit DB Packet Storm

244985	5.0	MEDIUM	owncloud	owncloud	The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors.	CWE-264 認可・権限・アクセス制御	CVE-2014-2049	2014-03-26 04:32	2014-03-15	表示	GitHub Exploit DB Packet Storm

244986	4.3	MEDIUM	open-xchange	open-xchange_appsuite	Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or H…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-2077	2014-03-25 07:55	2014-03-21	表示	GitHub Exploit DB Packet Storm

244987	5.0	MEDIUM	cisco	webex_meeting_center	WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access…	CWE-200 情報漏えい	CVE-2014-0708	2014-03-25 07:48	2014-03-21	表示	GitHub Exploit DB Packet Storm

244988	4.3	MEDIUM	videolan	vlc_media_player	VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file.	CWE-399 リソース管理の問題	CVE-2013-7340	2014-03-25 07:47	2014-03-21	表示	GitHub Exploit DB Packet Storm

244989	6.5	MEDIUM	owncloud	owncloud	Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue …	NVD-CWE-noinfo	CVE-2013-7344	2014-03-25 07:28	2014-03-25	表示	GitHub Exploit DB Packet Storm

244990	4.3	MEDIUM	owncloud	owncloud	Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-2057	2014-03-25 07:16	2014-03-25	表示	GitHub Exploit DB Packet Storm

244991	4.3	MEDIUM	mcafee	cloud_single_sign_on	Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-2586	2014-03-25 07:15	2014-03-25	表示	GitHub Exploit DB Packet Storm

244992	4.9	MEDIUM	owncloud	owncloud	ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration.	CWE-20 不適切な入力確認	CVE-2014-2585	2014-03-25 02:10	2014-03-25	表示	GitHub Exploit DB Packet Storm

244993	6.5	MEDIUM	owncloud	owncloud	Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: th…	NVD-CWE-noinfo	CVE-2013-0303	2014-03-25 01:38	2014-03-25	表示	GitHub Exploit DB Packet Storm

244994	4.3	MEDIUM	flowplayer	flowplayer_html5	Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-7343	2014-03-25 00:16	2014-03-24	表示	GitHub Exploit DB Packet Storm

244995	4.3	MEDIUM	flowplayer	flowplayer_html5	Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback para…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-7342	2014-03-25 00:14	2014-03-24	表示	GitHub Exploit DB Packet Storm

244996	5.8	MEDIUM	estrongs	es_file_explorer	Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors.	CWE-22 パス・トラバーサル	CVE-2014-1970	2014-03-21 02:12	2014-03-21	表示	GitHub Exploit DB Packet Storm

244997	4.3	MEDIUM	estrongs	es_file_explorer	The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for Android does not properly restrict access, which allows remote attackers to read arbitrary files via vectors involving an unspeci…	CWE-264 認可・権限・アクセス制御	CVE-2012-0322	2014-03-21 02:09	2012-03-6	表示	GitHub Exploit DB Packet Storm

244998	6.8	MEDIUM	nttdocomo	spmode_mail_android	The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail e…	CWE-94 コード・インジェクション	CVE-2014-1979	2014-03-21 01:36	2014-03-19	表示	GitHub Exploit DB Packet Storm

244999	4.3	MEDIUM	nttdocomo	spmode_mail_android	The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail …	CWE-264 認可・権限・アクセス制御	CVE-2014-1977	2014-03-21 01:03	2014-03-19	表示	GitHub Exploit DB Packet Storm

245000	4.3	MEDIUM	nttdocomo	spmode_mail_android	The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card d…	CWE-264 認可・権限・アクセス制御	CVE-2014-1978	2014-03-21 01:02	2014-03-19	表示	GitHub Exploit DB Packet Storm