NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年7月2日20:11

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
245051	7.5	HIGH	apple	mac_os_x	Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font.	CWE-189 数値処理の問題	CVE-2014-1261	2014-02-28 03:07	2014-02-27	表示	GitHub Exploit DB Packet Storm

245052	6.8	MEDIUM	apple	mac_os_x	Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image.	CWE-119 バッファエラー	CVE-2014-1258	2014-02-28 02:59	2014-02-27	表示	GitHub Exploit DB Packet Storm

245053	9.3	HIGH	apple	quicktime	Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file.	CWE-119 バッファエラー	CVE-2014-1246	2014-02-28 02:13	2014-02-27	表示	GitHub Exploit DB Packet Storm

245054	4.9	MEDIUM	cybozu	garoon	Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors.	CWE-264 認可・権限・アクセス制御	CVE-2014-0817	2014-02-28 02:08	2014-02-27	表示	GitHub Exploit DB Packet Storm

245055	7.2	HIGH	norman	security_suite	Unspecified vulnerability in Norman Security Suite 10.1 and earlier allows local users to gain privileges via unknown vectors.	CWE-264 認可・権限・アクセス制御	CVE-2014-0816	2014-02-28 01:38	2014-02-27	表示	GitHub Exploit DB Packet Storm

245056	3.6	LOW	apple	mac_os_x	CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an …	CWE-264 認可・権限・アクセス制御	CVE-2014-1257	2014-02-27 22:55	2014-02-27	表示	GitHub Exploit DB Packet Storm

245057	6.8	MEDIUM	apple	mac_os_x	Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in …	CWE-119 バッファエラー	CVE-2014-1254	2014-02-27 22:50	2014-02-27	表示	GitHub Exploit DB Packet Storm

245058	9.3	HIGH	apple	quicktime	Apple QuickTime before 7.7.5 does not initialize an unspecified pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted track l…	CWE-119 バッファエラー	CVE-2014-1243	2014-02-27 22:47	2014-02-27	表示	GitHub Exploit DB Packet Storm

245059	7.8	HIGH	schneider-electric	citectscada powerlogic_scada struxureware_powerscada_expert struxureware_scada_expert_vijeo_citect	Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo Citect 7.20 through 7.30SP1, CitectSCADA 7.20 through 7.30SP1, StruxureWare PowerSCADA Expert 7.30 through 7.30SR1, and PowerLogi…	NVD-CWE-Other	CVE-2013-2824	2014-02-27 01:58	2014-02-26	表示	GitHub Exploit DB Packet Storm

245060	7.5	HIGH	osehra	vista	The M2M Broker in OSEHRA VistA, as distributed before September 30, 2013, allows attackers to bypass authentication and authorization to perform doctor-only actions and read or modify patient records…	CWE-264 認可・権限・アクセス制御	CVE-2013-6945	2014-02-26 03:18	2013-12-5	表示	GitHub Exploit DB Packet Storm

245061	5.0	MEDIUM	tattyan	tattyan_hptown	Directory traversal vulnerability in Tattyan HP TOWN before 5_10_1 allows remote attackers to read arbitrary files via a .. (dot dot) in a request.	CWE-22 パス・トラバーサル	CVE-2013-6000	2014-02-26 03:16	2013-12-5	表示	GitHub Exploit DB Packet Storm

245062	10.0	HIGH	cru-inc	ditto_forensic_fieldstation_firmware ditto_forensic_fieldstation	CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the …	CWE-78 OSコマンド・インジェクション	CVE-2013-6881	2014-02-26 03:11	2014-01-8	表示	GitHub Exploit DB Packet Storm

245063	5.0	MEDIUM	libreswan	libreswan	Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet.	CWE-189 数値処理の問題	CVE-2013-4564	2014-02-26 03:02	2014-01-8	表示	GitHub Exploit DB Packet Storm

245064	4.3	MEDIUM	mybb	mybb	Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-7288	2014-02-25 23:47	2014-01-11	表示	GitHub Exploit DB Packet Storm

245065	5.0	MEDIUM	dotnetblogengine	blogengine.net	BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file.	CWE-200 情報漏えい	CVE-2013-6953	2014-02-25 23:38	2014-01-4	表示	GitHub Exploit DB Packet Storm

245066	4.6	MEDIUM	xen	xen	Xen, when using x86 Intel processors and the VMX virtualization extension is enabled, does not properly handle cpuid instruction emulation when exiting the VM, which allows local guest users to cause…	NVD-CWE-noinfo	CVE-2011-1936	2014-02-25 23:10	2014-01-8	表示	GitHub Exploit DB Packet Storm

245067	5.0	MEDIUM	7mediaws	edutrac	Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php.	CWE-22 パス・トラバーサル	CVE-2013-7097	2014-02-25 23:05	2014-01-9	表示	GitHub Exploit DB Packet Storm

245068	4.3	MEDIUM	mybb	mybb	Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie li…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-7275	2014-02-25 23:03	2014-01-9	表示	GitHub Exploit DB Packet Storm

245069	5.0	MEDIUM	westerndeal wordpress	advanced_dewplayer wordpress	Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.	CWE-22 パス・トラバーサル	CVE-2013-7240	2014-02-25 22:18	2014-01-4	表示	GitHub Exploit DB Packet Storm

245070	4.0	MEDIUM	apache	cloudstack	The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.	CWE-264 認可・権限・アクセス制御	CVE-2014-0031	2014-02-25 21:38	2014-01-16	表示	GitHub Exploit DB Packet Storm

245071	6.5	MEDIUM	icinga	icinga	Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbit…	CWE-119 バッファエラー	CVE-2013-7106	2014-02-25 21:19	2014-01-16	表示	GitHub Exploit DB Packet Storm

245072	2.1	LOW	almanah_project	almanah	Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database.	CWE-310 暗号の問題	CVE-2013-1853	2014-02-25 11:44	2014-01-25	表示	GitHub Exploit DB Packet Storm

245073	6.8	MEDIUM	opsview	opsview	Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.	CWE-352 同一生成元ポリシー違反	CVE-2013-7256	2014-02-25 11:17	2014-01-4	表示	GitHub Exploit DB Packet Storm

245074	4.3	MEDIUM	cs-cart	cs-cart	Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) a…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-7317	2014-02-25 11:14	2014-01-25	表示	GitHub Exploit DB Packet Storm

245075	4.3	MEDIUM	aphpkb	aphpkb	Multiple cross-site scripting (XSS) vulnerabilities in register.php in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) first_…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-7289	2014-02-25 11:01	2014-01-11	表示	GitHub Exploit DB Packet Storm

245076	5.0	MEDIUM	google	chrome	Google Chrome through 32.0.1700.23 on Android allows remote attackers to spoof the address bar via unspecified vectors.	NVD-CWE-noinfo	CVE-2013-6642	2014-02-25 10:55	2014-01-16	表示	GitHub Exploit DB Packet Storm

245077	10.0	HIGH	cru-inc	ditto_forensic_fieldstation_firmware ditto_forensic_fieldstation	The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges.	CWE-255 証明書・パスワード管理	CVE-2013-6884	2014-02-25 10:44	2014-01-8	表示	GitHub Exploit DB Packet Storm

245078	4.0	MEDIUM	wordpress	wordpress	wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by vi…	CWE-264 認可・権限・アクセス制御	CVE-2012-6635	2014-02-25 10:38	2014-01-21	表示	GitHub Exploit DB Packet Storm

245079	6.4	MEDIUM	wordpress	wordpress	wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value.	CWE-264 認可・権限・アクセス制御	CVE-2012-6634	2014-02-25 10:37	2014-01-21	表示	GitHub Exploit DB Packet Storm

245080	4.3	MEDIUM	wordpress	wordpress	Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-6633	2014-02-25 10:36	2014-01-21	表示	GitHub Exploit DB Packet Storm

245081	9.3	HIGH	aloaha	aloaha_pdf_suite_free aloahapdfviewer	Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in Aloaha PDF Suite FREE allows remote attackers to execute arbitrary code via a crafted PDF file.	CWE-119 バッファエラー	CVE-2013-4978	2014-02-25 10:13	2014-02-6	表示	GitHub Exploit DB Packet Storm

245082	5.8	MEDIUM	redhat	network_satellite spacewalk	Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in th…	CWE-20 不適切な入力確認	CVE-2011-1594	2014-02-25 10:04	2014-02-6	表示	GitHub Exploit DB Packet Storm

245083	5.0	MEDIUM	kde	kdelibs	kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and pa…	CWE-200 情報漏えい	CVE-2013-2074	2014-02-25 09:26	2014-02-6	表示	GitHub Exploit DB Packet Storm

245084	6.8	MEDIUM	rapid7	nexpose	Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete sc…	CWE-352 同一生成元ポリシー違反	CVE-2012-6493	2014-02-25 07:17	2014-02-5	表示	GitHub Exploit DB Packet Storm

245085	9.3	HIGH	iconics	genesis32	An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.	CWE-20 不適切な入力確認	CVE-2014-0758	2014-02-25 04:45	2014-02-24	表示	GitHub Exploit DB Packet Storm

245086	7.5	HIGH	google	chrome	Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in th…	CWE-22 パス・トラバーサル	CVE-2013-6652	2014-02-25 04:20	2014-02-24	表示	GitHub Exploit DB Packet Storm

245087	9.3	HIGH	mitsubishielectric	mc-worx_suite	An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction…	CWE-94 コード・インジェクション	CVE-2013-2817	2014-02-25 03:48	2014-02-24	表示	GitHub Exploit DB Packet Storm

245088	6.8	MEDIUM	cisco	unified_computing_system_central_software	Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI copy command in a local-mgmt context, aka Bug ID CSCul53128.	CWE-20 不適切な入力確認	CVE-2014-0730	2014-02-25 02:53	2014-02-23	表示	GitHub Exploit DB Packet Storm

245089	7.1	HIGH	belkin	wemo_home_automation_firmware	The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.5…	CWE-310 暗号の問題	CVE-2013-6951	2014-02-25 02:19	2014-02-23	表示	GitHub Exploit DB Packet Storm

245090	7.1	HIGH	cisco	firewall_services_module_software	Race condition in the cut-through proxy feature in Cisco Firewall Services Module (FWSM) Software 3.x before 3.2(28) and 4.x before 4.1(15) allows remote attackers to cause a denial of service (devic…	CWE-362 競合状態	CVE-2014-0710	2014-02-25 01:55	2014-02-23	表示	GitHub Exploit DB Packet Storm

245091	5.0	MEDIUM	bitweaver	bitweaver	Directory traversal vulnerability in gmap/view_overlay.php in Bitweaver 2.8.1 and earlier allows remote attackers to read arbitrary files via "''%2F" (dot dot encoded slash) sequences in the overlay_…	CWE-22 パス・トラバーサル	CVE-2012-5192	2014-02-22 04:49	2014-01-28	表示	GitHub Exploit DB Packet Storm

245092	6.5	MEDIUM	courion	access_risk_management_suite	The password reset feature in Courion Access Risk Management Suite Version 8 Update 9 allows remote authenticated users to bypass intended Internet Explorer usage restrictions and execute arbitrary c…	CWE-264 認可・権限・アクセス制御	CVE-2013-2747	2014-02-22 04:48	2014-01-30	表示	GitHub Exploit DB Packet Storm

245093	6.5	MEDIUM	cybozu	garoon	SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x b…	CWE-89 SQLインジェクション	CVE-2013-6930	2014-02-22 04:45	2014-01-29	表示	GitHub Exploit DB Packet Storm

245094	6.5	MEDIUM	cybozu	garoon	SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than …	CWE-89 SQLインジェクション	CVE-2013-6931	2014-02-22 04:44	2014-01-29	表示	GitHub Exploit DB Packet Storm

245095	2.1	LOW	hp	linux_imaging_and_printing_project	HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writable permissions for /var/log/hp and /var/log/hp/tmp, which allows local users to delete log files via standard filesystem operation…	CWE-264 認可・権限・アクセス制御	CVE-2012-6108	2014-02-22 04:43	2014-02-15	表示	GitHub Exploit DB Packet Storm

245096	4.9	MEDIUM	civicrm	civicrm	CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly enforce role-based access control (RBAC) restrictions for default custom searches, which allows remote authenticated users with t…	CWE-264 認可・権限・アクセス制御	CVE-2013-4661	2014-02-22 04:35	2014-01-30	表示	GitHub Exploit DB Packet Storm

245097	6.5	MEDIUM	civicrm	civicrm	The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to …	CWE-89 SQLインジェクション	CVE-2013-4662	2014-02-22 04:29	2014-01-30	表示	GitHub Exploit DB Packet Storm

245098	6.8	MEDIUM	springsignage	xibo	Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add a…	CWE-352 同一生成元ポリシー違反	CVE-2013-4889	2014-02-22 04:15	2014-01-30	表示	GitHub Exploit DB Packet Storm

245099	4.3	MEDIUM	springsignage	xibo	Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-4888	2014-02-22 04:13	2014-01-30	表示	GitHub Exploit DB Packet Storm

245100	5.0	MEDIUM	op5	monitor	Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers to read arbitrary files via unknown vectors related to lack of authorization.	NVD-CWE-noinfo	CVE-2013-6141	2014-02-22 04:07	2014-01-30	表示	GitHub Exploit DB Packet Storm