NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年6月26日10:14

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
245251	2.1	LOW	apple	iphone_os	Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.	CWE-264 認可・権限・アクセス制御	CVE-2013-5153	2013-10-23 04:07	2013-09-19	表示	GitHub Exploit DB Packet Storm

245252	6.8	MEDIUM	cisco	virtualization_experience_client_6000 virtualization_experience_client_6000_series_firmware	The diagnostic module in the firmware on Cisco Virtualization Experience Client 6000 devices allows local users to bypass intended access restrictions and execute arbitrary commands via unspecified v…	CWE-20 不適切な入力確認	CVE-2013-5493	2013-10-23 03:54	2013-09-13	表示	GitHub Exploit DB Packet Storm

245253	6.3	MEDIUM	cisco	telepresence_multipoint_switch	The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot …	CWE-399 リソース管理の問題	CVE-2013-5516	2013-10-23 03:51	2013-10-1	表示	GitHub Exploit DB Packet Storm

245254	4.6	MEDIUM	cisco	unified_computing_system	The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via crafted command parameters that trigger hardware-component write operatio…	CWE-20 不適切な入力確認	CVE-2013-5550	2013-10-23 03:07	2013-10-22	表示	GitHub Exploit DB Packet Storm

245255	5.8	MEDIUM	cisco	unified_computing_system	The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing…	CWE-310 暗号の問題	CVE-2012-4115	2013-10-22 02:18	2013-10-21	表示	GitHub Exploit DB Packet Storm

245256	4.3	MEDIUM	watchguard	fireware watchguard_system_manager	Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware before 11.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-5702	2013-10-22 00:42	2013-10-19	表示	GitHub Exploit DB Packet Storm

245257	4.0	MEDIUM	cisco	unity_connection	Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to creat…	CWE-22 パス・トラバーサル	CVE-2013-5534	2013-10-21 23:43	2013-10-19	表示	GitHub Exploit DB Packet Storm

245258	6.8	MEDIUM	iodata	hdl2-a\/e hdl2-ah hdl2-a_firmware hdl-a\/e hdl-ah hdl-as hdl-a_firmware	I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified v…	CWE-399 リソース管理の問題	CVE-2013-4712	2013-10-21 23:31	2013-10-19	表示	GitHub Exploit DB Packet Storm

245259	5.8	MEDIUM	cisco	unified_computing_system	The fabric-interconnect component in Cisco Unified Computing System (UCS) does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic …	CWE-20 不適切な入力確認	CVE-2012-4117	2013-10-21 22:51	2013-10-19	表示	GitHub Exploit DB Packet Storm

245260	4.3	MEDIUM	cisco	unified_computing_system	The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete …	CWE-200 情報漏えい	CVE-2012-4116	2013-10-21 22:17	2013-10-19	表示	GitHub Exploit DB Packet Storm

245261	5.8	MEDIUM	cisco	unified_computing_system	The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network o…	CWE-310 暗号の問題	CVE-2012-4114	2013-10-21 22:16	2013-10-19	表示	GitHub Exploit DB Packet Storm

245262	4.6	MEDIUM	cisco	unified_computing_system	The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interfa…	CWE-264 認可・権限・アクセス制御	CVE-2012-4113	2013-10-21 22:04	2013-10-19	表示	GitHub Exploit DB Packet Storm

245263	6.8	MEDIUM	cisco	unified_computing_system	The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the comman…	CWE-264 認可・権限・アクセス制御	CVE-2012-4112	2013-10-21 21:45	2013-10-19	表示	GitHub Exploit DB Packet Storm

245264	4.3	MEDIUM	process-one	ejabberd	The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack.	CWE-310 暗号の問題	CVE-2013-6169	2013-10-19 02:46	2013-10-18	表示	GitHub Exploit DB Packet Storm

245265	6.8	MEDIUM	cisco	unified_meetingplace unified_meetingplace_web_conferencing	Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified MeetingPlace Solution, as used in Unified MeetingPlace Web Conferencing and Unified MeetingPlace, allows remote a…	CWE-352 同一生成元ポリシー違反	CVE-2013-5494	2013-10-18 22:51	2013-09-16	表示	GitHub Exploit DB Packet Storm

245266	5.5	MEDIUM	cisco	unified_communications_domain_manager	SQL injection vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh…	CWE-89 SQLインジェクション	CVE-2013-5517	2013-10-18 04:27	2013-10-3	表示	GitHub Exploit DB Packet Storm

245267	4.3	MEDIUM	cisco	wireless_lan_controller	Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-5519	2013-10-18 04:19	2013-10-3	表示	GitHub Exploit DB Packet Storm

245268	6.4	MEDIUM	cisco	video_surveillance_4000_ip_camera video_surveillance_4300e_ip_camera video_surveillance_4500e_ip_camera	The analytics page on Cisco Video Surveillance 4000 IP cameras has hardcoded credentials, which allows remote attackers to watch the video feed by leveraging knowledge of the password, aka Bug IDs CS…	CWE-255 証明書・パスワード管理	CVE-2013-5535	2013-10-18 04:09	2013-10-16	表示	GitHub Exploit DB Packet Storm

245269	5.0	MEDIUM	emc	atmos	EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection.	CWE-255 証明書・パスワード管理	CVE-2013-3279	2013-10-18 03:30	2013-10-17	表示	GitHub Exploit DB Packet Storm

245270	6.8	MEDIUM	oracle	ilearning	Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 5.2.1 and 6.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate…	NVD-CWE-noinfo	CVE-2013-5822	2013-10-17 23:18	2013-10-17	表示	GitHub Exploit DB Packet Storm

245271	5.0	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote attackers to affect availability via unknown vectors related to Me…	NVD-CWE-noinfo	CVE-2013-5816	2013-10-17 23:03	2013-10-17	表示	GitHub Exploit DB Packet Storm

245272	3.5	LOW	oracle	industry_applications	Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5…	NVD-CWE-noinfo	CVE-2013-5811	2013-10-17 22:50	2013-10-17	表示	GitHub Exploit DB Packet Storm

245273	4.3	MEDIUM	oracle	supply_chain_products_suite	Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.2 allows remote attackers to affect integrity via unknown vectors related to Security.	NVD-CWE-noinfo	CVE-2013-5799	2013-10-17 04:15	2013-10-17	表示	GitHub Exploit DB Packet Storm

245274	4.3	MEDIUM	oracle	siebel_crm	Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Web Services.	NVD-CWE-noinfo	CVE-2013-5796	2013-10-17 04:00	2013-10-17	表示	GitHub Exploit DB Packet Storm

245275	5.0	MEDIUM	oracle	e-business_suite	Unspecified vulnerability in the Techstack component in Oracle E-Business Suite 12.1 allows remote attackers to affect confidentiality via unknown vectors related to Apache.	NVD-CWE-noinfo	CVE-2013-5792	2013-10-17 03:56	2013-10-17	表示	GitHub Exploit DB Packet Storm

245276	6.9	MEDIUM	oracle	sun_system_firmware sparc_t4-1 sparc_t4-1b sparc_t4-4	Unspecified vulnerability in Oracle PARC Enterprise T4 Servers running Sun System Firmware before 8.3.0.b allows local users to affect confidentiality, integrity, and availability via vectors related…	NVD-CWE-noinfo	CVE-2013-5781	2013-10-17 03:29	2013-10-17	表示	GitHub Exploit DB Packet Storm

245277	4.0	MEDIUM	oracle	peoplesoft_products	Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect confidentiality via vectors…	NVD-CWE-noinfo	CVE-2013-5779	2013-10-17 03:27	2013-10-17	表示	GitHub Exploit DB Packet Storm

245278	4.0	MEDIUM	oracle	siebel_crm	Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect integrity via unknown vectors related to ActiveX Contro…	NVD-CWE-noinfo	CVE-2013-5768	2013-10-17 02:57	2013-10-17	表示	GitHub Exploit DB Packet Storm

245279	4.0	MEDIUM	oracle	siebel_crm	Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 allows remote authenticated users to affect availability via unknown vectors related to Web Services.	NVD-CWE-noinfo	CVE-2013-5769	2013-10-17 02:57	2013-10-17	表示	GitHub Exploit DB Packet Storm

245280	2.4	LOW	oracle	industry_applications	Unspecified vulnerability in the Oracle Siebel CTMS component in Oracle Industry Applications 8.1.1.x allows local users to affect confidentiality and availability via unknown vectors related to SC-O…	NVD-CWE-noinfo	CVE-2013-5762	2013-10-17 02:51	2013-10-17	表示	GitHub Exploit DB Packet Storm

245281	5.0	MEDIUM	oracle	peoplesoft_products	Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect availability via vectors related to X…	NVD-CWE-noinfo	CVE-2013-5765	2013-10-17 02:50	2013-10-17	表示	GitHub Exploit DB Packet Storm

245282	5.8	MEDIUM	oracle	siebel_crm	Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality and integrity via unknown vector…	NVD-CWE-noinfo	CVE-2013-5761	2013-10-17 02:46	2013-10-17	表示	GitHub Exploit DB Packet Storm

245283	5.0	MEDIUM	oracle	siebel_crm	Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Web Services.	NVD-CWE-noinfo	CVE-2013-3841	2013-10-17 02:45	2013-10-17	表示	GitHub Exploit DB Packet Storm

245284	4.0	MEDIUM	oracle	sun_system_firmware sparc_enterprise_m8000_server sparc_enterprise_m9000_server sparc_t3-1 sparc_t3-1b sparc_t3-2 sparc_t3-3 sparc_t3-4 sparc_t4-1 sparc_t4-1b sparc_t4-2…	Unspecified vulnerability in Oracle SPARC Enterprise T & M Series Servers running Sun System Firmware before 6.7.13 for SPARC T1, 7.4.6.c for SPARC T2, 8.3.0.b for SPARC T3 & T4, 9.0.0.d for SPARC T5…	NVD-CWE-noinfo	CVE-2013-3838	2013-10-17 02:43	2013-10-17	表示	GitHub Exploit DB Packet Storm

245285	4.0	MEDIUM	oracle	sun_system_firmware sparc_enterprise_m8000_server sparc_enterprise_m9000_server sparc_t3-1 sparc_t3-1b sparc_t3-2 sparc_t3-3 sparc_t3-4 sparc_t4-1 sparc_t4-1b sparc_t4-2…	Per: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html "CVE-2013-3838 applies to Sun System Firmware before 6.7.13 for SPARC T1, 7.4.6.c for SPARC T2, 8.3.0.b for SPARC T3 & …	NVD-CWE-noinfo	CVE-2013-3838	2013-10-17 02:43	2013-10-17	表示	GitHub Exploit DB Packet Storm

245286	4.0	MEDIUM	oracle	siebel_crm	Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Servic…	NVD-CWE-noinfo	CVE-2013-3840	2013-10-17 02:34	2013-10-17	表示	GitHub Exploit DB Packet Storm

245287	5.0	MEDIUM	oracle	virtualization	Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5 allows remote attackers to affect availability via unknown vectors related to ttaauxserv.	NVD-CWE-noinfo	CVE-2013-3834	2013-10-17 02:20	2013-10-17	表示	GitHub Exploit DB Packet Storm

245288	5.0	MEDIUM	oracle	peoplesoft_products	Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors r…	NVD-CWE-noinfo	CVE-2013-3835	2013-10-17 02:14	2013-10-17	表示	GitHub Exploit DB Packet Storm

245289	5.5	MEDIUM	oracle	industry_applications	Unspecified vulnerability in the Oracle Retail Invoice Matching component in Oracle Industry Applications 10.2, 11.0, 12.0, 12.0IN, 12.1, 13.0, 13.1, and 13.2 allows remote authenticated users to aff…	NVD-CWE-noinfo	CVE-2013-3814	2013-10-17 02:09	2013-10-17	表示	GitHub Exploit DB Packet Storm

245290	4.0	MEDIUM	oracle	siebel_crm	Unspecified vulnerability in the Siebel Server Remote component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect integrity via unknown vectors related to File System M…	NVD-CWE-noinfo	CVE-2013-3832	2013-10-17 02:08	2013-10-17	表示	GitHub Exploit DB Packet Storm

245291	3.8	LOW	oracle	vm_virtualbox	Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.18, 4.0.20, 4.1.28, and 4.2.18 allows local users to affect availability via unknown v…	NVD-CWE-noinfo	CVE-2013-3792	2013-10-17 01:55	2013-10-17	表示	GitHub Exploit DB Packet Storm

245292	4.0	MEDIUM	oracle	primavera_products_suite	Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.1, 8.2, and 8.3 allows remote authenticated users to affect integr…	NVD-CWE-noinfo	CVE-2013-3766	2013-10-17 01:26	2013-10-17	表示	GitHub Exploit DB Packet Storm

245293	4.1	MEDIUM	infohr	hr_human_resource_information_system	HR Systems Strategies info:HR HRIS 7.9 does not properly protect the database password, which allows local users to bypass intended database restrictions by accessing the USERPW registry key and bypa…	CWE-310 暗号の問題	CVE-2013-5208	2013-10-17 01:25	2013-10-16	表示	GitHub Exploit DB Packet Storm

245294	4.0	MEDIUM	oracle	peoplesoft_products	Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Care…	NVD-CWE-noinfo	CVE-2013-3785	2013-10-17 01:16	2013-10-17	表示	GitHub Exploit DB Packet Storm

245295	5.0	MEDIUM	cisco	socialminer	administration.jsp in Cisco SocialMiner allows remote attackers to obtain sensitive information by sniffing the network for HTTP client-server traffic, aka Bug ID CSCuh76780.	CWE-310 暗号の問題	CVE-2013-5492	2013-10-17 00:53	2013-09-13	表示	GitHub Exploit DB Packet Storm

245296	6.3	MEDIUM	cisco	nx-os	Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551.	CWE-20 不適切な入力確認	CVE-2013-5496	2013-10-17 00:51	2013-09-16	表示	GitHub Exploit DB Packet Storm

245297	10.0	HIGH	supermicro	bmc	The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.	CWE-287 不適切な認証	CVE-2013-4782	2013-10-16 23:37	2013-07-9	表示	GitHub Exploit DB Packet Storm

245298	4.3	MEDIUM	ni	labwindows	An ActiveX control in exlauncher.dll in the Help subsystem in National Instruments LabWindows/CVI before 2013 allows remote attackers to cause a denial of service by triggering the display of local e…	NVD-CWE-noinfo	CVE-2013-5025	2013-10-16 23:26	2013-08-7	表示	GitHub Exploit DB Packet Storm

245299	6.0	MEDIUM	cisco	identity_services_engine_software identity_services_engine	The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspec…	CWE-20 不適切な入力確認	CVE-2013-5539	2013-10-16 23:16	2013-10-16	表示	GitHub Exploit DB Packet Storm

245300	3.5	LOW	cisco	identity_services_engine_software identity_services_engine	Cross-site scripting (XSS) vulnerability in the file-upload interface in Cisco Identity Services Engine (ISE) allows remote authenticated users to inject arbitrary web script or HTML via a crafted fi…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-5541	2013-10-16 23:16	2013-10-16	表示	GitHub Exploit DB Packet Storm