NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月23日5:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
256501	4.0	MEDIUM	openssl	openssl	The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obt…	CWE-310 暗号の問題	CVE-2011-5095	2012-06-21 13:00	2012-06-21	表示	GitHub Exploit DB Packet Storm

256502	4.3	MEDIUM	kent-web	web_patio	Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-2636	2012-06-20 13:00	2012-06-20	表示	GitHub Exploit DB Packet Storm

256503	4.3	MEDIUM	kent-web	web_patio	Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 and earlier might allow remote attackers to inject arbitrary web script or HTML via a crafted cookie.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-2637	2012-06-20 13:00	2012-06-20	表示	GitHub Exploit DB Packet Storm

256504	4.3	MEDIUM	wap2	smallpict	Cross-site scripting (XSS) vulnerability in SmallPICT.cgi in SmallPICT before 2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-2638	2012-06-20 13:00	2012-06-20	表示	GitHub Exploit DB Packet Storm

256505	7.6	HIGH	opera	opera_browser	Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks…	NVD-CWE-noinfo	CVE-2012-3555	2012-06-20 13:00	2012-06-15	表示	GitHub Exploit DB Packet Storm

256506	10.0	HIGH	interactivedata	esignal	WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR …	CWE-119 バッファエラー	CVE-2011-3494	2012-06-20 13:00	2011-09-16	表示	GitHub Exploit DB Packet Storm

256507	7.5	HIGH	dell	wyse_device_manager	Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow remote attackers to execute arbitrary code via (1) the User-Agent HTTP header to hserver.dll or (2) unspecified input to hagent.exe.	CWE-119 バッファエラー	CVE-2009-0693	2012-06-20 13:00	2012-06-20	表示	GitHub Exploit DB Packet Storm

256508	7.5	HIGH	mozilla	firefox seamonkey thunderbird	Use-after-free vulnerability in the nsHTMLSelectElement function in nsHTMLSelectElement.cpp in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allows remote att…	CWE-399 リソース管理の問題	CVE-2011-3671	2012-06-19 13:00	2012-06-19	表示	GitHub Exploit DB Packet Storm

256509	3.3	LOW	gnu	gnash	The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/g…	CWE-59 リンク解釈の問題	CVE-2010-4337	2012-06-19 12:35	2011-01-15	表示	GitHub Exploit DB Packet Storm

256510	2.6	LOW	seil	b1 x1 x2 b1_firmware x86_firmware	SEIL routers with firmware SEIL/x86 1.00 through 2.35, SEIL/X1 2.30 through 3.75, SEIL/X2 2.30 through 3.75, and SEIL/B1 2.30 through 3.75, when the http-proxy and application-gateway features are en…	NVD-CWE-Other	CVE-2012-2632	2012-06-18 13:00	2012-06-16	表示	GitHub Exploit DB Packet Storm

256511	2.6	LOW	newsgator	feeddemon	Cross-site scripting (XSS) vulnerability in FeedDemon before 4.0, when the feed preview option is enabled, allows remote attackers to inject arbitrary web script or HTML via a feed.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-2634	2012-06-18 13:00	2012-06-16	表示	GitHub Exploit DB Packet Storm

256512	4.3	MEDIUM	dolphin-browser	dolphin_browser_hd dolphin_for_pad	The Dolphin Browser HD application before 7.6 and Dolphin for Pad application before 1.0.1 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive i…	CWE-200 情報漏えい	CVE-2012-2635	2012-06-18 13:00	2012-06-16	表示	GitHub Exploit DB Packet Storm

256513	4.3	MEDIUM	atmarkweb	\@web_shoppingcart_t \@web_shoppingcart	Cross-site scripting (XSS) vulnerability in WEBLOGIC @WEB ShoppingCart before 1.5.2.0, and @WEB ShoppingCart T 1.5.0.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-2631	2012-06-15 23:55	2012-06-15	表示	GitHub Exploit DB Packet Storm

256514	5.0	MEDIUM	opera	opera_browser	Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of JSON resources and consequently obtain sensitive informatio…	CWE-264 認可・権限・アクセス制御	CVE-2012-3557	2012-06-15 22:45	2012-06-15	表示	GitHub Exploit DB Packet Storm

256515	9.3	HIGH	opera	opera_browser	Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to condu…	CWE-20 不適切な入力確認	CVE-2012-3556	2012-06-15 22:39	2012-06-15	表示	GitHub Exploit DB Packet Storm

256516	7.8	HIGH	vmware	workstation player esx esxi	VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) v…	CWE-94 コード・インジェクション	CVE-2012-3289	2012-06-15 13:00	2012-06-15	表示	GitHub Exploit DB Packet Storm

256517	2.6	LOW	opera	opera_browser	Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to this field, which makes it easier for user-assisted remote attackers …	CWE-264 認可・権限・アクセス制御	CVE-2012-3558	2012-06-15 13:00	2012-06-15	表示	GitHub Exploit DB Packet Storm

256518	4.3	MEDIUM	opera	opera_browser	Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by de…	CWE-264 認可・権限・アクセス制御	CVE-2012-3560	2012-06-15 13:00	2012-06-15	表示	GitHub Exploit DB Packet Storm

256519	10.0	HIGH	cisco	unified_communications_manager unified_presence_server	Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr …	CWE-200 情報漏えい	CVE-2011-1643	2012-06-15 13:00	2011-08-30	表示	GitHub Exploit DB Packet Storm

256520	7.8	HIGH	cisco	unified_communications_manager	The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial …	CWE-399 リソース管理の問題	CVE-2011-2560	2012-06-15 13:00	2011-08-30	表示	GitHub Exploit DB Packet Storm

256521	7.1	HIGH	cisco	unified_communications_manager	The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain sit…	CWE-399 リソース管理の問題	CVE-2011-2561	2012-06-15 13:00	2011-08-30	表示	GitHub Exploit DB Packet Storm

256522	7.8	HIGH	cisco	unified_communications_manager	Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows rem…	NVD-CWE-noinfo	CVE-2011-2562	2012-06-15 13:00	2011-08-30	表示	GitHub Exploit DB Packet Storm

256523	5.1	MEDIUM	redhat	system-config-printer	pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic-gui and possibly other products, allows remote SMB servers to execute arbitrary commands via shell metacharacters in the (1) Net…	CWE-20 不適切な入力確認	CVE-2011-2899	2012-06-15 13:00	2011-09-1	表示	GitHub Exploit DB Packet Storm

256524	7.2	HIGH	ibm	infosphere_datastage infosphere_information_server	IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, uses weak permissions for unspecified files, which allows …	CWE-264 認可・権限・アクセス制御	CVE-2011-3123	2012-06-15 13:00	2011-08-11	表示	GitHub Exploit DB Packet Storm

256525	7.2	HIGH	ibm	infosphere_datastage infosphere_information_server	IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, assigns incorrect ownership to unspecified files, which al…	CWE-264 認可・権限・アクセス制御	CVE-2011-3124	2012-06-15 13:00	2011-08-11	表示	GitHub Exploit DB Packet Storm

256526	6.8	MEDIUM	perforce	perforce_server	Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command.	CWE-22 パス・トラバーサル	CVE-2010-0933	2012-06-15 13:00	2010-03-6	表示	GitHub Exploit DB Packet Storm

256527	4.3	MEDIUM	cisco	spa8000_8-port_ip_telephony_gateway_firmware spa8000_8-port_ip_telephony_gateway spa8800_8-port_ip_telephony_gateway_firmware spa8800_ip_telephony_gateway spa2102_phone_adapter_with_route…	Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-2545	2012-06-14 13:00	2012-06-14	表示	GitHub Exploit DB Packet Storm

256528	3.5	LOW	bradfordnetworks	network_sentry_appliance_software network_sentry_appliance	Multiple cross-site scripting (XSS) vulnerabilities in GuestAccess.jsp in the Guest/Contractor access component in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote au…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-2604	2012-06-14 00:55	2012-06-14	表示	GitHub Exploit DB Packet Storm

256529	6.8	MEDIUM	bradfordnetworks	network_sentry_appliance_software network_sentry_appliance	Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote attackers to hijack the authentication of administrator…	CWE-352 同一生成元ポリシー違反	CVE-2012-2605	2012-06-14 00:55	2012-06-14	表示	GitHub Exploit DB Packet Storm

256530	5.0	MEDIUM	bradfordnetworks	network_sentry_appliance_software network_sentry_appliance	The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted p…	CWE-287 不適切な認証	CVE-2012-2606	2012-06-14 00:55	2012-06-14	表示	GitHub Exploit DB Packet Storm

256531	4.3	MEDIUM	adobe	coldfusion	CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via un…	CWE-94 コード・インジェクション	CVE-2012-2041	2012-06-13 13:46	2012-06-13	表示	GitHub Exploit DB Packet Storm

256532	4.3	MEDIUM	forescout	counteract	Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web s…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-1825	2012-06-12 13:00	2012-06-12	表示	GitHub Exploit DB Packet Storm

256533	4.3	MEDIUM	siemens	wincc	Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-2595	2012-06-12 13:00	2012-06-9	表示	GitHub Exploit DB Packet Storm

256534	5.5	MEDIUM	siemens	wincc	The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to …	CWE-94 コード・インジェクション	CVE-2012-2596	2012-06-12 13:00	2012-06-9	表示	GitHub Exploit DB Packet Storm

256535	4.0	MEDIUM	siemens	wincc	Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL.	CWE-22 パス・トラバーサル	CVE-2012-2597	2012-06-12 13:00	2012-06-9	表示	GitHub Exploit DB Packet Storm

256536	4.3	MEDIUM	siemens	wincc	Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input.	CWE-119 バッファエラー	CVE-2012-2598	2012-06-12 13:00	2012-06-9	表示	GitHub Exploit DB Packet Storm

256537	5.1	MEDIUM	bmc	identity_management_suite	Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrato…	CWE-352 同一生成元ポリシー違反	CVE-2012-2959	2012-06-12 13:00	2012-06-12	表示	GitHub Exploit DB Packet Storm

256538	5.8	MEDIUM	siemens	wincc	Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks vi…	CWE-20 不適切な入力確認	CVE-2012-3003	2012-06-12 13:00	2012-06-9	表示	GitHub Exploit DB Packet Storm

256539	10.0	HIGH	google acer samsung	chrome_os ac700_chromebook cr-48_chromebook chromebox_3 series_5_550_chromebook series_5_chromebook	Multiple unspecified vulnerabilities in Google Chrome before 20.0.1132.22 on the Acer AC700; Samsung Series 5, 5 550, and Chromebox 3; and Cr-48 Chromebook platforms have unknown impact and attack ve…	NVD-CWE-noinfo	CVE-2012-3290	2012-06-12 13:00	2012-06-8	表示	GitHub Exploit DB Packet Storm

256540	6.8	MEDIUM	bloxx	web_filtering	Cross-site request forgery (CSRF) vulnerability in Microdasys before 3.5.1-B708, as used in Bloxx Web Filtering before 5.0.14 and other products, allows remote attackers to hijack the authentication …	CWE-352 同一生成元ポリシー違反	CVE-2012-3343	2012-06-11 13:00	2012-06-9	表示	GitHub Exploit DB Packet Storm

256541	6.8	MEDIUM	janetter	janetter	Multiple cross-site request forgery (CSRF) vulnerabilities in Janetter before 3.3.0.0 (aka 3.3.0) allow remote attackers to hijack the authentication of arbitrary users for requests that (1) tweet, (…	CWE-352 同一生成元ポリシー違反	CVE-2012-1236	2012-06-9 12:41	2012-03-20	表示	GitHub Exploit DB Packet Storm

256542	4.3	MEDIUM	cisco	ciscoworks_common_services	CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary H…	CWE-94 コード・インジェクション	CVE-2011-4237	2012-06-9 12:38	2012-05-3	表示	GitHub Exploit DB Packet Storm

256543	6.8	MEDIUM	cisco	secure_access_control_server	Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators…	CWE-352 同一生成元ポリシー違反	CVE-2011-3293	2012-06-9 12:36	2012-05-2	表示	GitHub Exploit DB Packet Storm

256544	4.3	MEDIUM	cisco	secure_access_control_server	Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecifie…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-3317	2012-06-9 12:36	2012-05-2	表示	GitHub Exploit DB Packet Storm

256545	7.5	HIGH	opera	opera_browser	Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors.	CWE-20 不適切な入力確認	CVE-2007-5540	2012-06-8 06:14	2007-10-18	表示	GitHub Exploit DB Packet Storm

256546	4.3	MEDIUM	opera	opera_browser	Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handl…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-1082	2012-06-8 03:06	2008-02-29	表示	GitHub Exploit DB Packet Storm

256547	6.8	MEDIUM	opera	opera_browser	Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties.	CWE-94 コード・インジェクション	CVE-2008-1081	2012-06-8 03:02	2008-02-29	表示	GitHub Exploit DB Packet Storm

256548	6.8	MEDIUM	opera	opera_browser	Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input.	CWE-20 不適切な入力確認	CVE-2008-1080	2012-06-8 02:58	2008-02-29	表示	GitHub Exploit DB Packet Storm

256549	4.3	MEDIUM	opera	opera_browser	Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs.	NVD-CWE-Other	CVE-2008-5681	2012-06-8 02:24	2008-12-20	表示	GitHub Exploit DB Packet Storm

256550	4.3	MEDIUM	opera	opera_browser	Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-5682	2012-06-8 02:22	2008-12-20	表示	GitHub Exploit DB Packet Storm