NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年9月22日5:16

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
257001 3.2 LOW
hp operations_agent
performance_agent 		Unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 on AIX, HP-UX, Linux, and Solaris allows local users to bypass intended directory-access restrictions via unk… NVD-CWE-noinfo
CVE-2011-4160 2012-02-17 13:09 2011-11-24 表示 GitHub Exploit DB Packet Storm
257002 9.3 HIGH
emc rsa_key_manager_appliance EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attacker… CWE-264
認可・権限・アクセス制御 		CVE-2011-2740 2012-02-17 13:08 2011-11-10 表示 GitHub Exploit DB Packet Storm
257003 5.0 MEDIUM
hp tcp_ip_services_openvms Unspecified vulnerability in the POP and IMAP service implementations in HP TCP/IP Services 5.6 and 5.7 for OpenVMS allows remote attackers to obtain sensitive information via unknown vectors. NVD-CWE-noinfo
CVE-2011-3168 2012-02-17 13:08 2011-11-8 表示 GitHub Exploit DB Packet Storm
257004 10.0 HIGH
adobe shockwave_player The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a dif… CWE-119
バッファエラー 		CVE-2012-0757 2012-02-16 14:00 2012-02-15 表示 GitHub Exploit DB Packet Storm
257005 10.0 HIGH
adobe shockwave_player Heap-based buffer overflow in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code via unspecified vectors. CWE-119
バッファエラー 		CVE-2012-0758 2012-02-16 14:00 2012-02-15 表示 GitHub Exploit DB Packet Storm
257006 10.0 HIGH
adobe shockwave_player The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a dif… CWE-119
バッファエラー 		CVE-2012-0760 2012-02-16 14:00 2012-02-15 表示 GitHub Exploit DB Packet Storm
257007 10.0 HIGH
adobe shockwave_player The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a dif… CWE-119
バッファエラー 		CVE-2012-0763 2012-02-16 14:00 2012-02-15 表示 GitHub Exploit DB Packet Storm
257008 6.8 MEDIUM
emc
centos 		documentum_content_server
centos 		Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to obtain "highest super user privileges" by leveragi… NVD-CWE-noinfo
CVE-2011-4144 2012-02-16 14:00 2012-02-2 表示 GitHub Exploit DB Packet Storm
257009 2.6 LOW
htc desire_hd
desire_s
droid_incredible
evo_3d
evo_4g
glacier
sensation_4g
sensation_z710e
thunderbolt_4g 		Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI4… CWE-200
情報漏えい 		CVE-2011-4872 2012-02-16 14:00 2012-02-5 表示 GitHub Exploit DB Packet Storm
257010 5.0 MEDIUM
apache tomcat Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain uninten… CWE-200
情報漏えい 		CVE-2011-3375 2012-02-16 13:16 2012-01-19 表示 GitHub Exploit DB Packet Storm
257011 5.0 MEDIUM
glpi-project glpi The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST reques… CWE-200
情報漏えい 		CVE-2011-2720 2012-02-16 13:15 2011-08-6 表示 GitHub Exploit DB Packet Storm
257012 7.5 HIGH
cacti cacti SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a va… CWE-89
SQLインジェクション 		CVE-2010-2092 2012-02-16 13:04 2010-05-28 表示 GitHub Exploit DB Packet Storm
257013 6.5 MEDIUM
cacti cacti Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters… CWE-20
不適切な入力確認 		CVE-2010-1645 2012-02-16 13:03 2010-08-24 表示 GitHub Exploit DB Packet Storm
257014 7.5 HIGH
cacti cacti SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter. CWE-89
SQLインジェクション 		CVE-2010-1431 2012-02-16 13:02 2010-05-5 表示 GitHub Exploit DB Packet Storm
257015 4.3 MEDIUM
netcreators irfaq Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspeci… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-1070 2012-02-16 03:18 2012-02-15 表示 GitHub Exploit DB Packet Storm
257016 7.5 HIGH
manfred_egger bc_post2facebook SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. CWE-89
SQLインジェクション 		CVE-2012-1077 2012-02-15 14:00 2012-02-15 表示 GitHub Exploit DB Packet Storm
257017 4.3 MEDIUM
juergen_furrer jftcaforms Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary w… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-5080 2012-02-15 14:00 2012-02-15 表示 GitHub Exploit DB Packet Storm
257018 6.0 MEDIUM
e107 e107 The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers… CWE-352
同一生成元ポリシー違反 		CVE-2010-5084 2012-02-15 14:00 2012-02-15 表示 GitHub Exploit DB Packet Storm
257019 7.2 HIGH
apple iphone_os The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app. CWE-399
リソース管理の問題 		CVE-2011-3442 2012-02-15 13:10 2011-11-12 表示 GitHub Exploit DB Packet Storm
257020 7.2 HIGH
apple iphone_os Per: http://support.apple.com/kb/HT5052 'This issue does not affect devices running iOS prior to version 4.3.' CWE-399
リソース管理の問題 		CVE-2011-3442 2012-02-15 13:10 2011-11-12 表示 GitHub Exploit DB Packet Storm
257021 10.0 HIGH
hp openview_network_node_manager Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1208. NVD-CWE-noinfo
CVE-2011-3165 2012-02-15 13:09 2011-11-3 表示 GitHub Exploit DB Packet Storm
257022 10.0 HIGH
hp openview_network_node_manager Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1209. NVD-CWE-noinfo
CVE-2011-3166 2012-02-15 13:09 2011-11-3 表示 GitHub Exploit DB Packet Storm
257023 10.0 HIGH
hp openview_network_node_manager Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210. NVD-CWE-noinfo
CVE-2011-3167 2012-02-15 13:09 2011-11-3 表示 GitHub Exploit DB Packet Storm
257024 5.0 MEDIUM
hp tcp_ip_services_openvms Unspecified vulnerability in the SMTP service implementation in HP TCP/IP Services 5.6 and 5.7 for OpenVMS allows remote attackers to cause a denial of service via unknown vectors. NVD-CWE-noinfo
CVE-2011-3169 2012-02-15 13:09 2011-11-8 表示 GitHub Exploit DB Packet Storm
257025 10.0 HIGH
adobe shockwave_player The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnera… CWE-119
バッファエラー 		CVE-2011-2446 2012-02-15 13:08 2011-11-9 表示 GitHub Exploit DB Packet Storm
257026 10.0 HIGH
adobe shockwave_player Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. CWE-119
バッファエラー 		CVE-2011-2447 2012-02-15 13:08 2011-11-9 表示 GitHub Exploit DB Packet Storm
257027 10.0 HIGH
adobe shockwave_player The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnera… CWE-119
バッファエラー 		CVE-2011-2448 2012-02-15 13:08 2011-11-9 表示 GitHub Exploit DB Packet Storm
257028 10.0 HIGH
adobe shockwave_player The TextXtra module in Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. CWE-119
バッファエラー 		CVE-2011-2449 2012-02-15 13:08 2011-11-9 表示 GitHub Exploit DB Packet Storm
257029 2.1 LOW
rik_de_boer revisioning Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authe… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-1060 2012-02-14 14:00 2012-02-14 表示 GitHub Exploit DB Packet Storm
257030 4.3 MEDIUM
dreamreport
invensys 		dream_report
wonderware_hmi_reports 		Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attacker… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-4038 2012-02-14 14:00 2012-02-11 表示 GitHub Exploit DB Packet Storm
257031 9.3 HIGH
dreamreport
invensys 		dream_report
wonderware_hmi_reports 		Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code vi… CWE-264
認可・権限・アクセス制御 		CVE-2011-4039 2012-02-14 14:00 2012-02-11 表示 GitHub Exploit DB Packet Storm
257032 4.3 MEDIUM
sourcefabric campsite Cross-site scripting (XSS) vulnerability in the search feature in Campsite 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the f_search_keywords parameter. NOTE: the provena… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4973 2012-02-14 14:00 2011-11-2 表示 GitHub Exploit DB Packet Storm
257033 6.0 MEDIUM
episerver episerver_cms Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit M… NVD-CWE-noinfo
CVE-2012-1031 2012-02-14 13:11 2012-02-8 表示 GitHub Exploit DB Packet Storm
257034 4.3 MEDIUM
episerver episerver_cms Multiple cross-site scripting (XSS) vulnerabilities in the admin interface in EPiServer CMS through 6R2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-1034 2012-02-14 13:11 2012-02-8 表示 GitHub Exploit DB Packet Storm
257035 4.3 MEDIUM
sonexis conferencemanager Multiple cross-site scripting (XSS) vulnerabilities in Sonexis ConferenceManager 9.2.11.0 allow remote attackers to inject arbitrary web script or HTML via (1) the txtConferenceID parameter to HostLo… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-3687 2012-02-14 13:09 2011-09-28 表示 GitHub Exploit DB Packet Storm
257036 7.5 HIGH
sonexis conferencemanager Multiple SQL injection vulnerabilities in Sonexis ConferenceManager 9.3.14.0 allow remote attackers to execute arbitrary SQL commands via (1) the g parameter to Conference/Audio/AudioResourceContaine… CWE-89
SQLインジェクション 		CVE-2011-3688 2012-02-14 13:09 2011-09-28 表示 GitHub Exploit DB Packet Storm
257037 4.3 MEDIUM
hp network_node_manager_i Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerab… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-4155 2012-02-14 13:09 2011-11-17 表示 GitHub Exploit DB Packet Storm
257038 4.3 MEDIUM
hp network_node_manager_i Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerab… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-4156 2012-02-14 13:09 2011-11-17 表示 GitHub Exploit DB Packet Storm
257039 6.5 MEDIUM
merethis centreon Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter. CWE-22
パス・トラバーサル 		CVE-2011-4431 2012-02-14 13:09 2011-11-10 表示 GitHub Exploit DB Packet Storm
257040 5.0 MEDIUM
merethis centreon www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent at… CWE-310
暗号の問題 		CVE-2011-4432 2012-02-14 13:09 2011-11-10 表示 GitHub Exploit DB Packet Storm
257041 9.3 HIGH
realnetworks realplayer
realplayer_sp 		Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary co… CWE-119
バッファエラー 		CVE-2011-2950 2012-02-14 13:08 2011-08-19 表示 GitHub Exploit DB Packet Storm
257042 6.4 MEDIUM
hp onboard_administrator Unspecified vulnerability in HP Onboard Administrator (OA) 3.21 through 3.31 allows remote attackers to bypass intended access restrictions via unknown vectors. NVD-CWE-noinfo
CVE-2011-3155 2012-02-14 13:08 2011-10-12 表示 GitHub Exploit DB Packet Storm
257043 1.2 LOW
hp multifunction_peripheral_digital_sending_software HP MFP Digital Sending Software 4.9x through 4.91.21 allows local users to obtain sensitive workflow-metadata information via unspecified vectors. CWE-200
情報漏えい 		CVE-2011-3163 2012-02-14 13:08 2011-10-23 表示 GitHub Exploit DB Packet Storm
257044 4.3 MEDIUM
myrephp myre_real_estate_software Multiple cross-site scripting (XSS) vulnerabilities in findagent.php in MYRE Real Estate Software allow remote attackers to inject arbitrary web script or HTML via the (1) country1, (2) state1, or (3… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-3393 2012-02-14 13:08 2011-09-16 表示 GitHub Exploit DB Packet Storm
257045 7.5 HIGH
myrephp myre_real_estate_software SQL injection vulnerability in findagent.php in MYRE Real Estate Software allows remote attackers to execute arbitrary SQL commands via the page parameter. CWE-89
SQLインジェクション 		CVE-2011-3394 2012-02-14 13:08 2011-09-16 表示 GitHub Exploit DB Packet Storm
257046 10.0 HIGH
measuresoft scadapro Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a lo… CWE-119
バッファエラー 		CVE-2011-3490 2012-02-14 13:08 2011-09-16 表示 GitHub Exploit DB Packet Storm
257047 10.0 HIGH
measuresoft scadapro Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF,… CWE-22
パス・トラバーサル 		CVE-2011-3495 2012-02-14 13:08 2011-09-17 表示 GitHub Exploit DB Packet Storm
257048 10.0 HIGH
measuresoft scadapro service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command. CWE-20
不適切な入力確認 		CVE-2011-3496 2012-02-14 13:08 2011-09-17 表示 GitHub Exploit DB Packet Storm
257049 10.0 HIGH
measuresoft scadapro service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method. CWE-200
情報漏えい 		CVE-2011-3497 2012-02-14 13:08 2011-09-17 表示 GitHub Exploit DB Packet Storm
257050 7.5 HIGH
newgensoft omnidocs Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a m… CWE-264
認可・権限・アクセス制御 		CVE-2011-3645 2012-02-14 13:08 2011-09-28 表示 GitHub Exploit DB Packet Storm