NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年6月28日20:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
245151	5.0	MEDIUM	djangoproject	django	Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_…	CWE-22 パス・トラバーサル	CVE-2013-4315	2013-12-10 15:05	2013-09-17	表示	GitHub Exploit DB Packet Storm

245152	6.2	MEDIUM	debian	adequate	Debian adequate before 0.8.1, when run by root with the --user option, allows local users to hijack the tty and possibly gain privileges via the TIOCSTI ioctl.	CWE-264 認可・権限・アクセス制御	CVE-2013-6409	2013-12-10 05:52	2013-12-8	表示	GitHub Exploit DB Packet Storm

245153	4.3	MEDIUM	twibright	links	Integer overflow in Links before 2.8 allows remote attackers to cause a denial of service (crash) via crafted HTML tables.	CWE-189 数値処理の問題	CVE-2013-6050	2013-12-10 05:02	2013-12-8	表示	GitHub Exploit DB Packet Storm

245154	6.8	MEDIUM	supmua	sup	Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.	CWE-94 コード・インジェクション	CVE-2013-4478	2013-12-10 02:54	2013-12-8	表示	GitHub Exploit DB Packet Storm

245155	6.8	MEDIUM	steven_jones	context	The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support t…	CWE-94 コード・インジェクション	CVE-2013-4446	2013-12-10 02:38	2013-12-8	表示	GitHub Exploit DB Packet Storm

245156	4.9	MEDIUM	steven_jones	context	The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for …	CWE-264 認可・権限・アクセス制御	CVE-2013-4445	2013-12-10 02:36	2013-12-8	表示	GitHub Exploit DB Packet Storm

245157	4.3	MEDIUM	apache	roller	Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RS…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-4171	2013-12-10 02:09	2013-12-8	表示	GitHub Exploit DB Packet Storm

245158	4.3	MEDIUM	jean-paul_calderone canonical	pyopenssl ubuntu_linux	The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle a…	CWE-20 不適切な入力確認	CVE-2013-4314	2013-12-8 15:00	2013-10-1	表示	GitHub Exploit DB Packet Storm

245159	4.3	MEDIUM	jamroom	search_module	Cross-site scripting (XSS) vulnerability in the Search module before 1.1.1 for Jamroom allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to search/results…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-6804	2013-12-7 03:33	2013-12-6	表示	GitHub Exploit DB Packet Storm

245160	5.0	MEDIUM	boost	boost	boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input vali…	CWE-20 不適切な入力確認	CVE-2013-0252	2013-12-5 14:22	2013-03-13	表示	GitHub Exploit DB Packet Storm

245161	7.5	HIGH	fail2ban	fail2ban	server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecifie…	NVD-CWE-noinfo	CVE-2012-5642	2013-12-5 14:20	2012-12-31	表示	GitHub Exploit DB Packet Storm

245162	5.8	MEDIUM	cups-pk-helper_project	cups-pk-helper	cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS …	CWE-264 認可・権限・アクセス制御	CVE-2012-4510	2013-12-5 14:17	2012-11-20	表示	GitHub Exploit DB Packet Storm

245163	4.4	MEDIUM	gnome	gnome-keyring	GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unsp…	CWE-264 認可・権限・アクセス制御	CVE-2012-3466	2013-12-5 14:15	2012-10-23	表示	GitHub Exploit DB Packet Storm

245164	7.2	HIGH	novell	suse_linux_enterprise_for_sap_applications	Race condition in sap_suse_cluster_connector before 1.0.0-0.8.1 in SUSE Linux Enterprise for SAP Applications 11 SP2 allows local users to have an unspecified impact via vectors related to a tmp/ dir…	CWE-362 競合状態	CVE-2012-0426	2013-12-3 09:37	2013-12-2	表示	GitHub Exploit DB Packet Storm

245165	4.4	MEDIUM	opensuse	zypper	zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in th…	NVD-CWE-noinfo	CVE-2012-0420	2013-12-3 09:03	2013-12-2	表示	GitHub Exploit DB Packet Storm

245166	3.3	LOW	checkpoint	endpoint_security	Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate attac…	CWE-255 証明書・パスワード管理	CVE-2013-5636	2013-12-3 02:29	2013-11-30	表示	GitHub Exploit DB Packet Storm

245167	3.3	LOW	checkpoint	endpoint_security	Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password failures, which makes it easier for physically proximate attackers to by…	CWE-255 証明書・パスワード管理	CVE-2013-5635	2013-12-3 01:20	2013-11-30	表示	GitHub Exploit DB Packet Storm

245168	6.8	MEDIUM	joomla	joomla\!	administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended …	CWE-20 不適切な入力確認	CVE-2013-5576	2013-12-1 13:31	2013-10-9	表示	GitHub Exploit DB Packet Storm

245169	7.1	HIGH	david_king canonical	vino ubuntu_linux	The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error …	CWE-20 不適切な入力確認	CVE-2013-5745	2013-12-1 13:31	2013-10-2	表示	GitHub Exploit DB Packet Storm

245170	4.0	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 allows remote authenticated users to affect integrity via unknown vecto…	NVD-CWE-noinfo	CVE-2013-1509	2013-12-1 13:27	2013-04-17	表示	GitHub Exploit DB Packet Storm

245171	6.5	MEDIUM	postgresql canonical	postgresql ubuntu_linux	Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remot…	CWE-94 コード・インジェクション	CVE-2013-1899	2013-12-1 13:27	2013-04-5	表示	GitHub Exploit DB Packet Storm

245172	6.5	MEDIUM	postgresql canonical	postgresql ubuntu_linux	Per http://www.ubuntu.com/usn/USN-1789-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 Ubuntu 10.04 LTS Ubuntu 8.04 LTS"	CWE-94 コード・インジェクション	CVE-2013-1899	2013-12-1 13:27	2013-04-5	表示	GitHub Exploit DB Packet Storm

245173	4.0	MEDIUM	postgresql canonical	postgresql ubuntu_linux	PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) …	CWE-264 認可・権限・アクセス制御	CVE-2013-1901	2013-12-1 13:27	2013-04-5	表示	GitHub Exploit DB Packet Storm

245174	4.0	MEDIUM	postgresql canonical	postgresql ubuntu_linux	Per http://www.ubuntu.com/usn/USN-1789-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 Ubuntu 10.04 LTS Ubuntu 8.04 LTS"	CWE-264 認可・権限・アクセス制御	CVE-2013-1901	2013-12-1 13:27	2013-04-5	表示	GitHub Exploit DB Packet Storm

245175	5.1	MEDIUM	haproxy	haproxy	Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends …	CWE-119 バッファエラー	CVE-2013-1912	2013-12-1 13:27	2013-04-11	表示	GitHub Exploit DB Packet Storm

245176	3.3	LOW	xen	xen	qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the …	CWE-264 認可・権限・アクセス制御	CVE-2013-1922	2013-12-1 13:27	2013-05-14	表示	GitHub Exploit DB Packet Storm

245177	6.8	MEDIUM	x	libxfixes	Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function.	CWE-189 数値処理の問題	CVE-2013-1983	2013-12-1 13:27	2013-06-16	表示	GitHub Exploit DB Packet Storm

245178	6.8	MEDIUM	x	libxinerama	Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function.	CWE-20 不適切な入力確認	CVE-2013-1985	2013-12-1 13:27	2013-06-16	表示	GitHub Exploit DB Packet Storm

245179	6.8	MEDIUM	x	libxrandr	Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputPropert…	CWE-189 数値処理の問題	CVE-2013-1986	2013-12-1 13:27	2013-06-16	表示	GitHub Exploit DB Packet Storm

245180	6.8	MEDIUM	x	libx11	Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values …	CWE-119 バッファエラー	CVE-2013-1997	2013-12-1 13:27	2013-06-16	表示	GitHub Exploit DB Packet Storm

245181	6.5	MEDIUM	tinc-vpn	tinc	Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or po…	CWE-119 バッファエラー	CVE-2013-1428	2013-12-1 13:26	2013-04-27	表示	GitHub Exploit DB Packet Storm

245182	5.0	MEDIUM	cisco	ios_xr	The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144.	CWE-20 不適切な入力確認	CVE-2013-6700	2013-11-29 23:52	2013-11-29	表示	GitHub Exploit DB Packet Storm

245183	10.0	HIGH	thomsonreuters	velocity_analytics_vhayu_analytic_server	VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action.	CWE-94 コード・インジェクション	CVE-2013-5912	2013-11-29 23:18	2013-11-28	表示	GitHub Exploit DB Packet Storm

245184	4.3	MEDIUM	jahia	jahia_xcm	Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via (1) the site parameter to engines/manager.js…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-4624	2013-11-29 22:40	2013-11-28	表示	GitHub Exploit DB Packet Storm

245185	5.0	MEDIUM	jahia	jahia_xcm	Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via …	CWE-200 情報漏えい	CVE-2013-4617	2013-11-29 22:38	2013-11-28	表示	GitHub Exploit DB Packet Storm

245186	3.5	LOW	jahia	jahia_xcm	Cross-site scripting (XSS) vulnerability in Jahia xCM before 6.6.2 allows remote authenticated users to inject arbitrary web script or HTML via the "about me" field.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-3920	2013-11-29 22:35	2013-11-28	表示	GitHub Exploit DB Packet Storm

245187	6.8	MEDIUM	sybase	adaptive_server_enterprise	Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to …	NVD-CWE-noinfo	CVE-2013-6860	2013-11-28 01:49	2013-11-24	表示	GitHub Exploit DB Packet Storm

245188	4.9	MEDIUM	sybase	adaptive_server_enterprise	Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain s…	NVD-CWE-noinfo	CVE-2013-6861	2013-11-28 01:45	2013-11-24	表示	GitHub Exploit DB Packet Storm

245189	7.8	HIGH	sybase	adaptive_server_enterprise	Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a de…	NVD-CWE-noinfo	CVE-2013-6862	2013-11-28 01:44	2013-11-24	表示	GitHub Exploit DB Packet Storm

245190	9.0	HIGH	sybase	adaptive_server_enterprise	SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to gain privileges via un…	CWE-264 認可・権限・アクセス制御	CVE-2013-6863	2013-11-28 01:42	2013-11-24	表示	GitHub Exploit DB Packet Storm

245191	9.0	HIGH	sybase	adaptive_server_enterprise	SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via un…	CWE-94 コード・インジェクション	CVE-2013-6866	2013-11-28 01:41	2013-11-24	表示	GitHub Exploit DB Packet Storm

245192	6.1	MEDIUM	sybase	adaptive_server_enterprise	Directory traversal vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenti…	CWE-22 パス・トラバーサル	CVE-2013-6864	2013-11-28 01:40	2013-11-24	表示	GitHub Exploit DB Packet Storm

245193	4.3	MEDIUM	mediawiki	mediawiki	Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject ar…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-4573	2013-11-28 01:30	2013-11-26	表示	GitHub Exploit DB Packet Storm

245194	4.3	MEDIUM	splunk	splunk	Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-6870	2013-11-28 01:19	2013-11-26	表示	GitHub Exploit DB Packet Storm

245195	4.3	MEDIUM	cisco	prime_network_registrar	Cross-site scripting (XSS) vulnerability in the web interface in Cisco Prime Network Registrar 8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted field, aka …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-3394	2013-11-28 00:21	2013-11-27	表示	GitHub Exploit DB Packet Storm

245196	7.5	HIGH	nagios	nagios_xi	SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parame…	CWE-89 SQLインジェクション	CVE-2013-6875	2013-11-27 23:58	2013-11-27	表示	GitHub Exploit DB Packet Storm

245197	9.3	HIGH	vortexgroup	light_alloy	Stack-based buffer overflow in Vortex Light Alloy before 4.7.4 allows remote attackers to execute arbitrary code via a long URL in a .m3u file.	CWE-119 バッファエラー	CVE-2013-6874	2013-11-27 23:49	2013-11-27	表示	GitHub Exploit DB Packet Storm

245198	7.1	HIGH	sybase	adaptive_server_enterprise	Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors.	NVD-CWE-noinfo	CVE-2013-6867	2013-11-26 12:26	2013-11-24	表示	GitHub Exploit DB Packet Storm

245199	7.8	HIGH	sybase	adaptive_server_enterprise	SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unsp…	CWE-200 情報漏えい	CVE-2013-6868	2013-11-26 04:53	2013-11-24	表示	GitHub Exploit DB Packet Storm

245200	9.0	HIGH	sybase	adaptive_server_enterprise	SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code…	CWE-94 コード・インジェクション	CVE-2013-6865	2013-11-26 04:44	2013-11-24	表示	GitHub Exploit DB Packet Storm