NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年7月1日10:10

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
245101	9.0	HIGH	hp	system_management_homepage	ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en.	CWE-78 OSコマンド・インジェクション	CVE-2013-3576	2014-01-8 13:39	2013-06-15	表示	GitHub Exploit DB Packet Storm

245102	2.1	LOW	openstack	folsom grizzly havana	OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by cr…	CWE-399 リソース管理の問題	CVE-2013-2096	2014-01-8 13:37	2013-07-10	表示	GitHub Exploit DB Packet Storm

245103	7.5	HIGH	mini-stream	castripper	Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long URL in the [playlist] section in a .pls file, a different vector than CVE-20…	CWE-119 バッファエラー	CVE-2009-5137	2014-01-7 11:53	2014-01-4	表示	GitHub Exploit DB Packet Storm

245104	2.1	LOW	juniper	ive_os	Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-6956	2014-01-4 13:51	2013-12-14	表示	GitHub Exploit DB Packet Storm

245105	4.3	MEDIUM	juniper	idp250 idp75 idp800 idp8200	Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web serve…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-6957	2014-01-4 13:51	2013-12-14	表示	GitHub Exploit DB Packet Storm

245106	7.1	HIGH	juniper	screenos netscreen-5200 netscreen-5400	Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.	NVD-CWE-noinfo	CVE-2013-6958	2014-01-4 13:51	2013-12-14	表示	GitHub Exploit DB Packet Storm

245107	2.1	LOW	drupal	drupal	Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the descri…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-6387	2014-01-4 13:50	2013-12-25	表示	GitHub Exploit DB Packet Storm

245108	4.3	MEDIUM	drupal	drupal	Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-6388	2014-01-4 13:50	2013-12-25	表示	GitHub Exploit DB Packet Storm

245109	5.8	MEDIUM	drupal	drupal	Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.	CWE-20 不適切な入力確認	CVE-2013-6389	2014-01-4 13:50	2013-12-8	表示	GitHub Exploit DB Packet Storm

245110	6.8	MEDIUM	videocharge	watermark_master	Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the name attribute of the cols element in a .wstyle file.	CWE-119 バッファエラー	CVE-2013-6937	2014-01-4 13:50	2013-12-5	表示	GitHub Exploit DB Packet Storm

245111	7.0	HIGH	hp	3com_router 5500-24g-4sfp_hi_switch_with_2_interface_slots 5500-24g-poe_ei_switch 5500-24g-poe_si_switch 5500-24g-sfp_dc_ei_switch 5500-24g-sfp_ei_switch 5500-24g_dc_ei_switch 55…	The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possi…	NVD-CWE-noinfo	CVE-2013-4806	2014-01-4 13:49	2013-08-12	表示	GitHub Exploit DB Packet Storm

245112	5.8	MEDIUM	gnupg	gnupg	GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass int…	CWE-310 暗号の問題	CVE-2013-4351	2014-01-4 13:48	2013-10-10	表示	GitHub Exploit DB Packet Storm

245113	5.0	MEDIUM	gnupg canonical	gnupg ubuntu_linux	The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.	CWE-20 不適切な入力確認	CVE-2013-4402	2014-01-4 13:48	2013-10-29	表示	GitHub Exploit DB Packet Storm

245114	5.1	MEDIUM	fedoraproject duckcorp	fedora bip	Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote …	CWE-310 暗号の問題	CVE-2013-4550	2014-01-4 13:48	2013-12-25	表示	GitHub Exploit DB Packet Storm

245115	4.3	MEDIUM	duckcorp fedoraproject	bip fedora	connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a denial of service (file descriptor consumption and crash) via multiple failed SSL handshakes…	CWE-310 暗号の問題	CVE-2011-5268	2014-01-4 13:35	2013-12-25	表示	GitHub Exploit DB Packet Storm

245116	5.0	MEDIUM	fatfreecrm	fat_free_crm	config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by …	CWE-310 暗号の問題	CVE-2013-7222	2014-01-4 02:12	2014-01-2	表示	GitHub Exploit DB Packet Storm

245117	6.8	MEDIUM	fatfreecrm	fat_free_crm	Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to the…	CWE-352 同一生成元ポリシー違反	CVE-2013-7223	2014-01-4 02:11	2014-01-2	表示	GitHub Exploit DB Packet Storm

245118	6.5	MEDIUM	fatfreecrm	fat_free_crm	Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage time…	CWE-89 SQLインジェクション	CVE-2013-7225	2014-01-4 02:04	2014-01-2	表示	GitHub Exploit DB Packet Storm

245119	5.0	MEDIUM	fatfreecrm	fat_free_crm	Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json.	CWE-200 情報漏えい	CVE-2013-7224	2014-01-4 01:58	2014-01-2	表示	GitHub Exploit DB Packet Storm

245120	5.0	MEDIUM	fatfreecrm	fat_free_crm	Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a dif…	CWE-200 情報漏えい	CVE-2013-7249	2014-01-4 01:57	2014-01-2	表示	GitHub Exploit DB Packet Storm

245121	5.0	MEDIUM	cybozu	garoon	The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.	CWE-399 リソース管理の問題	CVE-2013-6002	2014-01-4 00:31	2013-12-5	表示	GitHub Exploit DB Packet Storm

245122	6.5	MEDIUM	cybozu	garoon	SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.	CWE-89 SQLインジェクション	CVE-2013-6001	2014-01-4 00:22	2013-12-5	表示	GitHub Exploit DB Packet Storm

245123	3.5	LOW	cybozu	garoon	CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vect…	CWE-20 不適切な入力確認	CVE-2013-6003	2014-01-4 00:21	2013-12-5	表示	GitHub Exploit DB Packet Storm

245124	6.8	MEDIUM	cybozu	garoon	Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors.	CWE-264 認可・権限・アクセス制御	CVE-2013-6004	2014-01-4 00:20	2013-12-5	表示	GitHub Exploit DB Packet Storm

245125	4.3	MEDIUM	cybozu	garoon	Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-6900	2014-01-4 00:20	2013-12-5	表示	GitHub Exploit DB Packet Storm

245126	4.3	MEDIUM	cybozu	garoon	Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-6902	2014-01-4 00:19	2013-12-5	表示	GitHub Exploit DB Packet Storm

245127	3.5	LOW	projectforge	projectforge	Cross-site scripting (XSS) vulnerability in ProjectForge before 3.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a validation message.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-5269	2014-01-3 03:21	2014-01-2	表示	GitHub Exploit DB Packet Storm

245128	10.0	HIGH	op5	monitor	op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors.	CWE-264 認可・権限・アクセス制御	CVE-2012-0264	2014-01-3 01:39	2014-01-1	表示	GitHub Exploit DB Packet Storm

245129	4.0	MEDIUM	op5	monitor	monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are tri…	CWE-200 情報漏えい	CVE-2012-0263	2014-01-3 01:35	2014-01-1	表示	GitHub Exploit DB Packet Storm

245130	10.0	HIGH	op5	monitor system-op5config	op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password paramet…	CWE-94 コード・インジェクション	CVE-2012-0262	2014-01-3 01:32	2014-01-1	表示	GitHub Exploit DB Packet Storm

245131	10.0	HIGH	op5	monitor system-portal	license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for a…	CWE-94 コード・インジェクション	CVE-2012-0261	2014-01-3 01:24	2014-01-1	表示	GitHub Exploit DB Packet Storm

245132	4.3	MEDIUM	cybozu	garoon	Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-6907	2014-01-1 02:09	2013-12-5	表示	GitHub Exploit DB Packet Storm

245133	4.3	MEDIUM	cybozu	garoon	Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-6908	2014-01-1 02:08	2013-12-5	表示	GitHub Exploit DB Packet Storm

245134	4.3	MEDIUM	cybozu	garoon	Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-6909	2014-01-1 02:04	2013-12-5	表示	GitHub Exploit DB Packet Storm

245135	4.3	MEDIUM	cybozu	garoon	Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-6910	2014-01-1 02:03	2013-12-5	表示	GitHub Exploit DB Packet Storm

245136	3.5	LOW	cybozu	garoon	Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-6914	2014-01-1 02:02	2013-12-5	表示	GitHub Exploit DB Packet Storm

245137	3.5	LOW	cybozu	garoon	Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-6915	2014-01-1 02:01	2013-12-5	表示	GitHub Exploit DB Packet Storm

245138	6.8	MEDIUM	jforum	jforum	Cross-site request forgery (CSRF) vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the…	CWE-352 同一生成元ポリシー違反	CVE-2013-7209	2014-01-1 00:19	2013-12-31	表示	GitHub Exploit DB Packet Storm

245139	3.5	LOW	esri	arcgis	The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges.	CWE-20 不適切な入力確認	CVE-2013-5221	2013-12-31 13:26	2013-09-24	表示	GitHub Exploit DB Packet Storm

245140	7.5	HIGH	wordpress	wordpress	WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.	CWE-20 不適切な入力確認	CVE-2013-4339	2013-12-31 13:25	2013-09-12	表示	GitHub Exploit DB Packet Storm

245141	5.0	MEDIUM	hp	color_laserjet_3000 color_laserjet_3800 color_laserjet_4700 color_laserjet_4730_mfp color_laserjet_5550 color_laserjet_9500_mfp color_laserjet_cm6030_mfp color_laserjet_cm6040_mf…	Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3…	NVD-CWE-noinfo	CVE-2012-5221	2013-12-31 13:19	2013-04-30	表示	GitHub Exploit DB Packet Storm

245142	6.8	MEDIUM	wordpress	wordpress	Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of a…	CWE-352 同一生成元ポリシー違反	CVE-2013-7233	2013-12-31 10:42	2013-12-30	表示	GitHub Exploit DB Packet Storm

245143	7.5	HIGH	esri	arcgis	SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service.	CWE-89 SQLインジェクション	CVE-2013-7232	2013-12-31 10:40	2013-12-30	表示	GitHub Exploit DB Packet Storm

245144	3.5	LOW	esri	arcgis	Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-7231	2013-12-31 10:39	2013-12-30	表示	GitHub Exploit DB Packet Storm

245145	3.5	LOW	esri	arcgis	Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-5222	2013-12-31 10:38	2013-12-30	表示	GitHub Exploit DB Packet Storm

245146	4.3	MEDIUM	adtran	aos netvanta_7060 netvanta_7100	Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-5210	2013-12-31 10:34	2013-12-30	表示	GitHub Exploit DB Packet Storm

245147	6.1	MEDIUM	hot	hotbox_router_firmware hotbox_router	goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data.	CWE-20 不適切な入力確認	CVE-2013-5220	2013-12-31 04:29	2013-12-30	表示	GitHub Exploit DB Packet Storm

245148	2.9	LOW	hot	hotbox_router_firmware hotbox_router	Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-5218	2013-12-31 04:27	2013-12-30	表示	GitHub Exploit DB Packet Storm

245149	3.3	LOW	hot	hotbox_router_firmware hotbox_router	Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in a URI, as demonstrated by a request for /etc/pass…	CWE-22 パス・トラバーサル	CVE-2013-5219	2013-12-31 04:26	2013-12-30	表示	GitHub Exploit DB Packet Storm

245150	5.4	MEDIUM	hot	hotbox_router_firmware hotbox_router	Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for re…	CWE-352 同一生成元ポリシー違反	CVE-2013-5039	2013-12-31 04:25	2013-12-30	表示	GitHub Exploit DB Packet Storm