NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年6月26日10:14

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
245201 6.8 MEDIUM
mozilla bugzilla Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs… CWE-352
同一生成元ポリシー違反 		CVE-2013-1733 2013-10-25 08:29 2013-10-24 表示 GitHub Exploit DB Packet Storm
245202 4.3 MEDIUM
mozilla bugzilla Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote att… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2013-1742 2013-10-25 08:29 2013-10-24 表示 GitHub Exploit DB Packet Storm
245203 4.3 MEDIUM
mozilla bugzilla Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HT… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2013-1743 2013-10-25 08:28 2013-10-24 表示 GitHub Exploit DB Packet Storm
245204 5.0 MEDIUM
apple safari WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by lev… CWE-200
情報漏えい 		CVE-2013-5130 2013-10-25 08:24 2013-10-24 表示 GitHub Exploit DB Packet Storm
245205 5.0 MEDIUM
cisco secure_access_control_system Cisco Secure Access Control System (ACS) does not properly implement an incoming-packet firewall rule, which allows remote attackers to cause a denial of service (process crash) via a flood of crafte… CWE-20
不適切な入力確認 		CVE-2013-5536 2013-10-25 08:23 2013-10-24 表示 GitHub Exploit DB Packet Storm
245206 7.2 HIGH
apple keynote Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by… CWE-264
認可・権限・アクセス制御 		CVE-2013-5148 2013-10-25 03:24 2013-10-24 表示 GitHub Exploit DB Packet Storm
245207 6.8 MEDIUM
apple os_x_server The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sess… NVD-CWE-Other
CVE-2013-5143 2013-10-25 01:59 2013-10-24 表示 GitHub Exploit DB Packet Storm
245208 6.8 MEDIUM
mozilla bugzilla Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers… CWE-352
同一生成元ポリシー違反 		CVE-2013-1734 2013-10-25 01:35 2013-10-24 表示 GitHub Exploit DB Packet Storm
245209 4.3 MEDIUM
apple mac_os_x Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by in… CWE-264
認可・権限・アクセス制御 		CVE-2013-5190 2013-10-25 01:19 2013-10-24 表示 GitHub Exploit DB Packet Storm
245210 5.0 MEDIUM
dell quest_one_password_manager The Dell Quest One Password Manager, possibly 5.0, allows remote attackers to bypass CAPTCHA protections and obtain sensitive information (user's full name) by sending a login request with a valid do… CWE-264
認可・権限・アクセス制御 		CVE-2013-6246 2013-10-25 01:18 2013-10-24 表示 GitHub Exploit DB Packet Storm
245211 4.9 MEDIUM
apple mac_os_x The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number. CWE-20
不適切な入力確認 		CVE-2013-5192 2013-10-25 01:10 2013-10-24 表示 GitHub Exploit DB Packet Storm
245212 2.1 LOW
apple mac_os_x The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Gue… CWE-264
認可・権限・アクセス制御 		CVE-2013-5191 2013-10-25 01:05 2013-10-24 表示 GitHub Exploit DB Packet Storm
245213 4.0 MEDIUM
apple mac_os_x The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically prox… CWE-264
認可・権限・アクセス制御 		CVE-2013-5188 2013-10-25 00:51 2013-10-24 表示 GitHub Exploit DB Packet Storm
245214 1.9 LOW
apple mac_os_x The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which … CWE-264
認可・権限・アクセス制御 		CVE-2013-5187 2013-10-25 00:45 2013-10-24 表示 GitHub Exploit DB Packet Storm
245215 4.9 MEDIUM
apple mac_os_x Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation. CWE-189
数値処理の問題 		CVE-2013-5174 2013-10-25 00:17 2013-10-24 表示 GitHub Exploit DB Packet Storm
245216 7.1 HIGH
apple mac_os_x The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) b… CWE-189
数値処理の問題 		CVE-2013-5172 2013-10-25 00:09 2013-10-24 表示 GitHub Exploit DB Packet Storm
245217 3.3 LOW
apple mac_os_x CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration. CWE-264
認可・権限・アクセス制御 		CVE-2013-5171 2013-10-25 00:06 2013-10-24 表示 GitHub Exploit DB Packet Storm
245218 5.0 MEDIUM
apple mac_os_x CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users vi… CWE-16
環境設定 		CVE-2013-5167 2013-10-24 23:54 2013-10-24 表示 GitHub Exploit DB Packet Storm
245219 4.9 MEDIUM
apple mac_os_x The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application. NVD-CWE-noinfo
CVE-2013-5166 2013-10-24 23:43 2013-10-24 表示 GitHub Exploit DB Packet Storm
245220 3.3 LOW
apple iphone_os Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by v… CWE-362
競合状態 		CVE-2013-5164 2013-10-24 23:40 2013-10-24 表示 GitHub Exploit DB Packet Storm
245221 2.1 LOW
apple iphone_os Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcod… CWE-264
認可・権限・アクセス制御 		CVE-2013-5162 2013-10-24 23:27 2013-10-24 表示 GitHub Exploit DB Packet Storm
245222 3.3 LOW
apple iphone_os Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emerge… CWE-264
認可・権限・アクセス制御 		CVE-2013-5144 2013-10-24 23:15 2013-10-24 表示 GitHub Exploit DB Packet Storm
245223 5.0 MEDIUM
apache shindig The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity… CWE-200
情報漏えい 		CVE-2013-4295 2013-10-24 22:57 2013-10-24 表示 GitHub Exploit DB Packet Storm
245224 6.9 MEDIUM
freebsd freebsd The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows … CWE-264
認可・権限・アクセス制御 		CVE-2013-5691 2013-10-24 12:48 2013-09-23 表示 GitHub Exploit DB Packet Storm
245225 3.7 LOW
freebsd freebsd The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs i… CWE-264
認可・権限・アクセス制御 		CVE-2013-5710 2013-10-24 12:48 2013-09-24 表示 GitHub Exploit DB Packet Storm
245226 4.3 MEDIUM
oracle enterprise_manager_database_control
enterprise_manager_grid_control
enterprise_manager_plugin_for_database_control 		Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.… NVD-CWE-noinfo
CVE-2013-5766 2013-10-24 12:48 2013-10-17 表示 GitHub Exploit DB Packet Storm
245227 4.3 MEDIUM
oracle fusion_middleware Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5.0 allows remote attackers to affect integrity via unknown vectors related to Servlet Runtime. NVD-CWE-noinfo
CVE-2013-5773 2013-10-24 12:48 2013-10-17 表示 GitHub Exploit DB Packet Storm
245228 4.3 MEDIUM
oracle fusion_middleware Per: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html "Please refer to MOS note https://support.oracle.com/epmos/faces/DocumentDisplay?id=1586861.1 for configuration." NVD-CWE-noinfo
CVE-2013-5773 2013-10-24 12:48 2013-10-17 表示 GitHub Exploit DB Packet Storm
245229 4.3 MEDIUM
oracle fusion_middleware Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0.0 and 11.1.2.1.0 allows remote attackers to affect integrity via unknown vectors related to End… NVD-CWE-noinfo
CVE-2013-5798 2013-10-24 12:48 2013-10-17 表示 GitHub Exploit DB Packet Storm
245230 7.5 HIGH
oracle identity_analytics
sun_role_manager 		Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 4.1 and 5.0 allows remote attackers to affect … NVD-CWE-noinfo
CVE-2013-5815 2013-10-24 12:48 2013-10-17 表示 GitHub Exploit DB Packet Storm
245231 4.3 MEDIUM
oracle enterprise_manager_plugin_for_database_control
enterprise_manager_grid_control
enterprise_manager_database_control 		Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.… NVD-CWE-noinfo
CVE-2013-5827 2013-10-24 12:48 2013-10-17 表示 GitHub Exploit DB Packet Storm
245232 4.3 MEDIUM
oracle enterprise_manager_database_control
enterprise_manager_grid_control
enterprise_manager_plugin_for_database_control 		Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.… NVD-CWE-noinfo
CVE-2013-5828 2013-10-24 12:48 2013-10-17 表示 GitHub Exploit DB Packet Storm
245233 4.3 MEDIUM
oracle enterprise_manager_grid_control
enterprise_manager_plugin_for_database_control
enterprise_manager_database_control 		Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.… NVD-CWE-noinfo
CVE-2013-3762 2013-10-24 12:47 2013-10-17 表示 GitHub Exploit DB Packet Storm
245234 5.0 MEDIUM
oracle fusion_middleware Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 10.1.3.5.0 and 11.1.1.6.0 allows remote attackers to affect confidentiality via unknown vectors related to T… NVD-CWE-noinfo
CVE-2013-3828 2013-10-24 12:47 2013-10-17 表示 GitHub Exploit DB Packet Storm
245235 5.5 MEDIUM
oracle fusion_middleware Unspecified vulnerability in the Oracle Portal component in Oracle Fusion Middleware 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related t… NVD-CWE-noinfo
CVE-2013-3831 2013-10-24 12:47 2013-10-17 表示 GitHub Exploit DB Packet Storm
245236 4.3 MEDIUM
oracle fusion_middleware Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5.0 and 11.1.2.0.0 allows remote attackers to affect integrity via unknown vectors related to Authe… NVD-CWE-noinfo
CVE-2013-3833 2013-10-24 12:47 2013-10-17 表示 GitHub Exploit DB Packet Storm
245237 3.5 LOW
oracle fusion_middleware Unspecified vulnerability in the Oracle Web Cache component in Oracle Fusion Middleware 11.1.1.6 and 11.1.1.7 allows remote authenticated users to affect confidentiality via vectors related to ESI/Pa… NVD-CWE-noinfo
CVE-2013-3836 2013-10-24 12:47 2013-10-17 表示 GitHub Exploit DB Packet Storm
245238 5.1 MEDIUM
vmware springsource_spring_security Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows a… CWE-362
競合状態 		CVE-2011-2731 2013-10-24 12:32 2012-12-6 表示 GitHub Exploit DB Packet Storm
245239 4.0 MEDIUM
polarssl polarssl The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the sh… CWE-310
暗号の問題 		CVE-2011-1923 2013-10-24 12:31 2012-06-21 表示 GitHub Exploit DB Packet Storm
245240 5.0 MEDIUM
perl perl Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular… CWE-189
数値処理の問題 		CVE-2010-1158 2013-10-24 12:22 2010-04-21 表示 GitHub Exploit DB Packet Storm
245241 7.2 HIGH
larry_wall perl Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build dir… NVD-CWE-Other
CVE-2005-4278 2013-10-24 10:56 2005-12-16 表示 GitHub Exploit DB Packet Storm
245242 6.8 MEDIUM
draytek vigor_2700_router_firmware
vigor_2700_router 		The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during in… CWE-78
OSコマンド・インジェクション 		CVE-2013-5703 2013-10-23 12:22 2013-10-23 表示 GitHub Exploit DB Packet Storm
245243 2.6 LOW
apple iphone_os IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API. CWE-264
認可・権限・アクセス制御 		CVE-2013-5137 2013-10-23 05:04 2013-09-19 表示 GitHub Exploit DB Packet Storm
245244 7.8 HIGH
apple iphone_os The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment. CWE-20
不適切な入力確認 		CVE-2013-5140 2013-10-23 04:59 2013-09-19 表示 GitHub Exploit DB Packet Storm
245245 4.3 MEDIUM
apple iphone_os Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attac… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2013-5151 2013-10-23 04:53 2013-09-19 表示 GitHub Exploit DB Packet Storm
245246 7.1 HIGH
apple iphone_os The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random. CWE-20
不適切な入力確認 		CVE-2013-5155 2013-10-23 04:52 2013-09-19 表示 GitHub Exploit DB Packet Storm
245247 4.3 MEDIUM
apple iphone_os The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a cr… CWE-264
認可・権限・アクセス制御 		CVE-2013-5156 2013-10-23 04:52 2013-09-19 表示 GitHub Exploit DB Packet Storm
245248 5.0 MEDIUM
apple iphone_os The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests… CWE-264
認可・権限・アクセス制御 		CVE-2013-5157 2013-10-23 04:26 2013-09-19 表示 GitHub Exploit DB Packet Storm
245249 2.1 LOW
apple iphone_os The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Tw… CWE-264
認可・権限・アクセス制御 		CVE-2013-5158 2013-10-23 04:22 2013-09-19 表示 GitHub Exploit DB Packet Storm
245250 4.3 MEDIUM
apple iphone_os WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAM… CWE-264
認可・権限・アクセス制御 		CVE-2013-5159 2013-10-23 04:20 2013-09-19 表示 GitHub Exploit DB Packet Storm