NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月22日20:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
256701	5.8	MEDIUM	360	mobilesafe	The 360 MobileSafe (com.qihoo360.mobilesafe) application 2.x before 2.3.0 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list v…	CWE-264 認可・権限・アクセス制御	CVE-2011-4769	2012-05-13 13:00	2012-01-25	表示	GitHub Exploit DB Packet Storm

256702	5.8	MEDIUM	qiwi	wallet	The QIWI Wallet (ru.mw) application before 1.14.2 for Android does not properly protect data, which allows remote attackers to read or modify financial information via a crafted application.	CWE-264 認可・権限・アクセス制御	CVE-2011-4770	2012-05-13 13:00	2012-01-25	表示	GitHub Exploit DB Packet Storm

256703	5.8	MEDIUM	lucion	scan_to_pdf_free	The Scan to PDF Free (com.scan.to.pdf.trial) application 2.0.4 for Android does not properly protect data, which allows remote attackers to read or modify scanned files and a Google account via a cra…	CWE-264 認可・権限・アクセス制御	CVE-2011-4771	2012-05-13 13:00	2012-01-25	表示	GitHub Exploit DB Packet Storm

256704	5.8	MEDIUM	360	kouxin	The 360 KouXin (com.qihoo360.kouxin) application 1.5.3 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted applic…	CWE-264 認可・権限・アクセス制御	CVE-2011-4772	2012-05-13 13:00	2012-01-25	表示	GitHub Exploit DB Packet Storm

256705	4.3	MEDIUM	parallels	parallels_plesk_panel	Cross-site scripting (XSS) vulnerability in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to inject arbitrary web script or HTML v…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4777	2012-05-13 13:00	2011-12-16	表示	GitHub Exploit DB Packet Storm

256706	2.1	LOW	apple	mac_os_x mac_os_x_server	CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain s…	CWE-310 暗号の問題	CVE-2011-3212	2012-05-12 12:40	2011-10-14	表示	GitHub Exploit DB Packet Storm

256707	10.0	HIGH	7t	igss	Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\ (dot do…	CWE-22 パス・トラバーサル	CVE-2011-1566	2012-05-12 12:37	2011-04-6	表示	GitHub Exploit DB Packet Storm

256708	6.3	MEDIUM	ruby-lang	ruby	The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delet…	CWE-59 リンク解釈の問題	CVE-2011-1004	2012-05-12 12:36	2011-03-3	表示	GitHub Exploit DB Packet Storm

256709	9.3	HIGH	apple	imageio safari	Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCI…	CWE-119 バッファエラー	CVE-2011-0241	2012-05-12 12:34	2011-07-22	表示	GitHub Exploit DB Packet Storm

256710	7.5	HIGH	3com	3cp4144	3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, allows remote attackers to bypass port access restrictions by connecting to an approved port and quickly connecting to the desired…	NVD-CWE-Other	CVE-2002-0888	2012-05-12 10:16	2002-10-4	表示	GitHub Exploit DB Packet Storm

256711	6.5	MEDIUM	cisco	unified_meetingplace	SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939.	CWE-89 SQLインジェクション	CVE-2012-0337	2012-05-11 13:00	2012-05-2	表示	GitHub Exploit DB Packet Storm

256712	5.0	MEDIUM	cisco	intrusion_prevention_system	The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that…	CWE-287 不適切な認証	CVE-2011-4022	2012-05-11 13:00	2012-05-3	表示	GitHub Exploit DB Packet Storm

256713	6.3	MEDIUM	cisco	ios ios_xe	Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device c…	CWE-20 不適切な入力確認	CVE-2011-4231	2012-05-11 13:00	2012-05-3	表示	GitHub Exploit DB Packet Storm

256714	5.0	MEDIUM	cisco	unified_communications_manager	The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after a…	NVD-CWE-noinfo	CVE-2012-0376	2012-05-10 13:00	2012-05-4	表示	GitHub Exploit DB Packet Storm

256715	9.3	HIGH	xnview	xnview	Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0685.	CWE-189 数値処理の問題	CVE-2012-0684	2012-05-10 13:00	2012-05-9	表示	GitHub Exploit DB Packet Storm

256716	9.3	HIGH	xnview	xnview	Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684.	CWE-189 数値処理の問題	CVE-2012-0685	2012-05-10 13:00	2012-05-9	表示	GitHub Exploit DB Packet Storm

256717	4.3	MEDIUM	apple	iphone_os	Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site.	CWE-20 不適切な入力確認	CVE-2012-0674	2012-05-8 19:25	2012-05-8	表示	GitHub Exploit DB Packet Storm

256718	5.5	MEDIUM	oracle	peoplesoft_enterprise_hrms	Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Update 2011-B and 9.1 Update 2011-B allows remote authenticated users to affect confidentiality and integrity via unknown vectors re…	NVD-CWE-noinfo	CVE-2011-0861	2012-05-1 13:00	2011-04-20	表示	GitHub Exploit DB Packet Storm

256719	9.3	HIGH	justsystems	ichitaro ichitaro_portable_with_oreplug ichitaro_viewer just_frontier just_jump just_school oreplug rekishimail_bakumatsushishi_no_missho rekishimail_sengokubusho_no_missho	Buffer overflow in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 through 2011, Ichitaro Government 2006 through 2010, Ichitaro Portable with oreplug, Ichitaro Viewer, JUST School, JUST School 2009 and…	CWE-119 バッファエラー	CVE-2012-0269	2012-04-30 13:00	2012-04-28	表示	GitHub Exploit DB Packet Storm

256720	6.5	MEDIUM	dotclear	dotclear	The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execut…	CWE-264 認可・権限・アクセス制御	CVE-2011-1584	2012-04-27 13:00	2011-06-8	表示	GitHub Exploit DB Packet Storm

256721	9.3	HIGH	visiwave	site_survey	VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to execute arbitrary code via a (1) vws and (2) vwr file with an invalid Type prop…	CWE-94 コード・インジェクション	CVE-2011-2386	2012-04-27 13:00	2011-06-8	表示	GitHub Exploit DB Packet Storm

256722	10.0	HIGH	cmsmadesimple	cms_made_simple	Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors.	NVD-CWE-noinfo	CVE-2010-4663	2012-04-27 13:00	2011-06-8	表示	GitHub Exploit DB Packet Storm

256723	5.0	MEDIUM	anymacro	anymacro_mail_system	Directory traversal vulnerability in the web interface in AnyMacro Mail System G4X allows remote attackers to read arbitrary files via directory traversal sequences in a request.	CWE-22 パス・トラバーサル	CVE-2011-2468	2012-04-25 13:00	2011-06-9	表示	GitHub Exploit DB Packet Storm

256724	10.0	HIGH	ibm	tivoli_federated_identity_manager tivoli_federated_identity_manager_business_gateway	Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6…	NVD-CWE-noinfo	CVE-2011-3136	2012-04-25 13:00	2011-08-13	表示	GitHub Exploit DB Packet Storm

256725	1.9	LOW	ibm	tivoli_federated_identity_manager	IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when com.tivoli.am.fim.infocard.delegates.InfoCardSTSDelegate tracing is enabled, creates a cleartext log entry containing a passwor…	CWE-310 暗号の問題	CVE-2009-5084	2012-04-25 13:00	2011-08-13	表示	GitHub Exploit DB Packet Storm

256726	2.6	LOW	ibm	tivoli_federated_identity_manager	IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID provider, does not delete the site information cookie in response to a user's deletion of a relying-par…	CWE-264 認可・権限・アクセス制御	CVE-2009-5085	2012-04-25 13:00	2011-08-13	表示	GitHub Exploit DB Packet Storm

256727	6.5	MEDIUM	ryan_walberg	php_gift_registry	SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 allows remote authenticated users to execute arbitrary SQL commands via the userid parameter in an edit action.	CWE-89 SQLインジェクション	CVE-2012-2236	2012-04-20 19:55	2012-04-20	表示	GitHub Exploit DB Packet Storm

256728	10.0	HIGH	google acer samsung	chrome_os ac700_chromebook cr-48_chromebook series_5_chromebook	Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.60 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.	NVD-CWE-noinfo	CVE-2012-1418	2012-04-20 13:00	2012-02-29	表示	GitHub Exploit DB Packet Storm

256729	10.0	HIGH	google acer samsung	chrome_os ac700_chromebook cr-48_chromebook series_5_chromebook	Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.63 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.	NVD-CWE-noinfo	CVE-2011-4719	2012-04-20 13:00	2011-12-10	表示	GitHub Exploit DB Packet Storm

256730	5.0	MEDIUM	opcsystems	opcsystems.net	Open Automation Software OPC Systems.NET before 5.0 allows remote attackers to cause a denial of service via a malformed .NET RPC packet on TCP port 58723.	CWE-20 不適切な入力確認	CVE-2011-4871	2012-04-20 13:00	2012-04-18	表示	GitHub Exploit DB Packet Storm

256731	6.8	MEDIUM	nsoftware	unitronics_uniopc	https50.ocx in IP*Works! SSL in the server in Unitronics UniOPC before 2.0.0 does not properly implement an unspecified function, which allows remote attackers to cause a denial of service (applicati…	CWE-20 不適切な入力確認	CVE-2011-5086	2012-04-20 13:00	2012-04-18	表示	GitHub Exploit DB Packet Storm

256732	5.8	MEDIUM	ubermedia	ubersocial	The UberMedia UberSocial (com.twidroid) application 7.x before 7.2.4 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted appl…	CWE-264 認可・権限・アクセス制御	CVE-2011-4700	2012-04-19 13:00	2012-01-25	表示	GitHub Exploit DB Packet Storm

256733	9.3	HIGH	iconics	bizviz genesis32	The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code vi…	NVD-CWE-Other	CVE-2011-5088	2012-04-19 13:00	2012-04-19	表示	GitHub Exploit DB Packet Storm

256734	9.3	HIGH	google	sketchup	Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file.	CWE-94 コード・インジェクション	CVE-2011-2478	2012-04-18 13:00	2012-04-18	表示	GitHub Exploit DB Packet Storm

256735	7.5	HIGH	freebsd	libarchive	Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted (…	CWE-399 リソース管理の問題	CVE-2011-1779	2012-04-16 23:36	2012-04-14	表示	GitHub Exploit DB Packet Storm

256736	5.0	MEDIUM	koyo	h0-ecom h0-ecom100 h2-ecom h2-ecom-f h2-ecom100 h4-ecom h4-ecom-f h4-ecom100	The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to cause a denial of service (resour…	CWE-399 リソース管理の問題	CVE-2012-1809	2012-04-16 22:59	2012-04-14	表示	GitHub Exploit DB Packet Storm

256737	4.3	MEDIUM	koyo	h0-ecom h0-ecom100 h2-ecom h2-ecom-f h2-ecom100 h4-ecom h4-ecom-f h4-ecom100	Cross-site scripting (XSS) vulnerability in the web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote at…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-1807	2012-04-16 22:53	2012-04-14	表示	GitHub Exploit DB Packet Storm

256738	7.5	HIGH	freebsd	libarchive	Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is …	CWE-119 バッファエラー	CVE-2010-4666	2012-04-16 13:00	2012-04-14	表示	GitHub Exploit DB Packet Storm

256739	5.0	MEDIUM	atvise	webmi2ads	The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly validate values in HTTP requests, which allows remote attackers to cause a denial of service (resource consumption…	CWE-20 不適切な入力確認	CVE-2011-4883	2012-04-13 22:27	2012-04-13	表示	GitHub Exploit DB Packet Storm

256740	5.0	MEDIUM	atvise	webmi2ads	The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 allows remote attackers to cause a denial of service (application exit) via an unspecified command in an HTTP request.	CWE-94 コード・インジェクション	CVE-2011-4882	2012-04-13 22:26	2012-04-13	表示	GitHub Exploit DB Packet Storm

256741	5.0	MEDIUM	atvise	webmi2ads	The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly check return values from functions, which allows remote attackers to cause a denial of service (NULL pointer deref…	NVD-CWE-Other	CVE-2011-4881	2012-04-13 22:22	2012-04-13	表示	GitHub Exploit DB Packet Storm

256742	5.0	MEDIUM	atvise	webmi2ads	Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'	NVD-CWE-Other	CVE-2011-4881	2012-04-13 22:22	2012-04-13	表示	GitHub Exploit DB Packet Storm

256743	5.0	MEDIUM	atvise	webmi2ads	Directory traversal vulnerability in the web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 allows remote attackers to read arbitrary files via a crafted HTTP request.	CWE-22 パス・トラバーサル	CVE-2011-4880	2012-04-13 19:41	2012-04-13	表示	GitHub Exploit DB Packet Storm

256744	4.3	MEDIUM	aladdin emsisoft ikarus pandasecurity	esafe anti-malware ikarus_virus_utilities_t3_command_line_scanner panda_antivirus	The Microsoft EXE file parser in Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass…	CWE-264 認可・権限・アクセス制御	CVE-2012-1432	2012-04-13 13:00	2012-03-21	表示	GitHub Exploit DB Packet Storm

256745	4.3	MEDIUM	aladdin bitdefender comodo f-secure mcafee nprotect rising-global sophos	esafe bitdefender comodo_antivirus anti-virus gateway scan_engine nprotect_antivirus rising_antivirus sophos_anti-virus	The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 201…	CWE-264 認可・権限・アクセス制御	CVE-2012-1430	2012-04-13 13:00	2012-03-21	表示	GitHub Exploit DB Packet Storm

256746	4.3	MEDIUM	ahnlab emsisoft ikarus pandasecurity	v3_internet_security anti-malware ikarus_virus_utilities_t3_command_line_scanner panda_antivirus	The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows…	CWE-264 認可・権限・アクセス制御	CVE-2012-1434	2012-04-13 13:00	2012-03-21	表示	GitHub Exploit DB Packet Storm

256747	4.3	MEDIUM	aladdin prevx	esafe prevx	The Microsoft EXE file parser in eSafe 7.0.17.0 and Prevx 3.0 allows remote attackers to bypass malware detection via an EXE file with a modified value in any of several e_ fields. NOTE: this may la…	CWE-264 認可・権限・アクセス制御	CVE-2012-1441	2012-04-13 13:00	2012-03-21	表示	GitHub Exploit DB Packet Storm

256748	4.3	MEDIUM	ahnlab aladdin emsisoft ikarus pandasecurity	v3_internet_security esafe anti-malware ikarus_virus_utilities_t3_command_line_scanner panda_antivirus	The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus…	CWE-264 認可・権限・アクセス制御	CVE-2012-1436	2012-04-13 13:00	2012-03-21	表示	GitHub Exploit DB Packet Storm

256749	4.3	MEDIUM	emsisoft ikarus	anti-malware ikarus_virus_utilities_t3_command_line_scanner	The CAB file parser in Emsisoft Anti-Malware 5.1.0.1 and Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0 allows remote attackers to bypass malware detection via a CAB file with a modified res…	CWE-264 認可・権限・アクセス制御	CVE-2012-1451	2012-04-13 13:00	2012-03-21	表示	GitHub Exploit DB Packet Storm

256750	6.8	MEDIUM	hp	system_management_homepage	Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 6.2.2.7 allows remote attackers to hijack the authentication of administrators for requests that create administ…	CWE-352 同一生成元ポリシー違反	CVE-2011-3846	2012-04-12 19:45	2012-04-12	表示	GitHub Exploit DB Packet Storm