NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月21日20:15

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
257201	10.0	HIGH	flexerasoftware	flexnet_publisher	Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allow remote attackers to execute arbitrary code via vectors related to s…	CWE-22 パス・トラバーサル	CVE-2011-4135	2012-01-23 14:00	2012-01-20	表示	GitHub Exploit DB Packet Storm

257202	5.0	MEDIUM	atvise	atvise	Unspecified vulnerability in the server in Certec EDV atvise before 2.1 allows remote attackers to cause a denial of service (daemon crash) via crafted requests to TCP port 4840.	NVD-CWE-noinfo	CVE-2011-4873	2012-01-21 01:19	2012-01-20	表示	GitHub Exploit DB Packet Storm

257203	10.0	HIGH	flexerasoftware	flexnet_publisher	Heap-based buffer overflow in lmadmin in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allows remote attackers to execute arbitrary code via a crafted 0x2f packet.	CWE-119 バッファエラー	CVE-2011-4134	2012-01-20 14:00	2012-01-20	表示	GitHub Exploit DB Packet Storm

257204	2.1	LOW	flexerasoftware	installshield	Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow loca…	CWE-200 情報漏えい	CVE-2007-6744	2012-01-20 14:00	2012-01-20	表示	GitHub Exploit DB Packet Storm

257205	5.5	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect confidentiality and int…	NVD-CWE-noinfo	CVE-2011-3568	2012-01-20 00:57	2012-01-19	表示	GitHub Exploit DB Packet Storm

257206	2.1	LOW	oracle	sun_glassfish_enterprise_server	Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1 allows local users to affect confidentiality via unknown vectors related to Administration.	NVD-CWE-noinfo	CVE-2011-3564	2012-01-20 00:35	2012-01-19	表示	GitHub Exploit DB Packet Storm

257207	2.1	LOW	emc	sourceone_email_management	The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to…	CWE-255 証明書・パスワード管理	CVE-2011-4142	2012-01-19 20:55	2012-01-19	表示	GitHub Exploit DB Packet Storm

257208	3.5	LOW	oracle	e-business_suite	Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect integrity via unknown vectors related to …	NVD-CWE-noinfo	CVE-2011-2271	2012-01-19 14:00	2012-01-19	表示	GitHub Exploit DB Packet Storm

257209	1.5	LOW	oracle	fusion_middleware	Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows local users to affect confidentiality, related…	NVD-CWE-noinfo	CVE-2011-2318	2012-01-19 14:00	2011-10-19	表示	GitHub Exploit DB Packet Storm

257210	5.0	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote attackers to affect availability via unknown vect…	NVD-CWE-noinfo	CVE-2011-3566	2012-01-19 14:00	2012-01-19	表示	GitHub Exploit DB Packet Storm

257211	7.5	HIGH	openttd	openttd	Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDE…	CWE-189 数値処理の問題	CVE-2011-3341	2012-01-19 12:59	2011-09-9	表示	GitHub Exploit DB Packet Storm

257212	7.5	HIGH	openttd	openttd	Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2) PLYR, (3) …	CWE-119 バッファエラー	CVE-2011-3342	2012-01-19 12:59	2011-09-9	表示	GitHub Exploit DB Packet Storm

257213	4.6	MEDIUM	openttd	openttd	Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) craf…	CWE-119 バッファエラー	CVE-2011-3343	2012-01-19 12:59	2011-09-9	表示	GitHub Exploit DB Packet Storm

257214	6.9	MEDIUM	gnome	ifcfg-rh_plug-in	Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, whe…	NVD-CWE-Other	CVE-2011-3364	2012-01-19 12:59	2011-11-5	表示	GitHub Exploit DB Packet Storm

257215	6.9	MEDIUM	gnome	ifcfg-rh_plug-in	Per: http://cwe.mitre.org/data/definitions/184.html 'CWE-184: Incomplete Blacklist'	NVD-CWE-Other	CVE-2011-3364	2012-01-19 12:59	2011-11-5	表示	GitHub Exploit DB Packet Storm

257216	9.3	HIGH	libreoffice	libreoffice	Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file.	CWE-119 バッファエラー	CVE-2011-2685	2012-01-19 12:58	2011-07-22	表示	GitHub Exploit DB Packet Storm

257217	5.0	MEDIUM	ruby-lang	ruby	The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependen…	CWE-20 不適切な入力確認	CVE-2011-2705	2012-01-19 12:58	2011-08-6	表示	GitHub Exploit DB Packet Storm

257218	5.8	MEDIUM	tor	tor	Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by r…	CWE-264 認可・権限・アクセス制御	CVE-2011-2768	2012-01-19 12:58	2011-12-23	表示	GitHub Exploit DB Packet Storm

257219	4.3	MEDIUM	tor	tor	Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enu…	CWE-200 情報漏えい	CVE-2011-2769	2012-01-19 12:58	2011-12-23	表示	GitHub Exploit DB Packet Storm

257220	7.6	HIGH	tor	tor	Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by (1) establishing a SOCKS conn…	CWE-119 バッファエラー	CVE-2011-2778	2012-01-19 12:58	2011-12-23	表示	GitHub Exploit DB Packet Storm

257221	2.6	LOW	apache opensymphony	struts webwork xwork	Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script o…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-1772	2012-01-19 12:57	2011-05-14	表示	GitHub Exploit DB Packet Storm

257222	2.1	LOW	gnome	networkmanager	GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vect…	CWE-287 不適切な認証	CVE-2011-2176	2012-01-19 12:57	2011-09-3	表示	GitHub Exploit DB Packet Storm

257223	7.6	HIGH	redhat	evince	Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary …	CWE-20 不適切な入力確認	CVE-2010-2640	2012-01-19 12:49	2011-01-8	表示	GitHub Exploit DB Packet Storm

257224	7.6	HIGH	redhat	evince	Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary …	CWE-20 不適切な入力確認	CVE-2010-2641	2012-01-19 12:49	2011-01-8	表示	GitHub Exploit DB Packet Storm

257225	7.6	HIGH	redhat	evince	Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file tha…	CWE-189 数値処理の問題	CVE-2010-2643	2012-01-19 12:49	2011-01-8	表示	GitHub Exploit DB Packet Storm

257226	7.5	HIGH	kde	kdelibs	KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle atta…	CWE-310 暗号の問題	CVE-2009-2702	2012-01-19 12:40	2009-09-9	表示	GitHub Exploit DB Packet Storm

257227	4.4	MEDIUM	google	chrome_os	Google Chrome OS before R12 0.12.433.38 Beta, when Guest mode is enabled, does not prevent changes on the about:flags page, which has unspecified impact and local attack vectors.	CWE-20 不適切な入力確認	CVE-2011-2170	2012-01-18 14:00	2011-05-25	表示	GitHub Exploit DB Packet Storm

257228	10.0	HIGH	google	chrome_os	Unspecified vulnerability in the dbugs package in Google Chrome OS before R12 0.12.433.38 Beta has unknown impact and attack vectors.	NVD-CWE-noinfo	CVE-2011-2171	2012-01-18 14:00	2011-05-25	表示	GitHub Exploit DB Packet Storm

257229	5.0	MEDIUM	wibu	codemeter_runtime	Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP p…	CWE-399 リソース管理の問題	CVE-2011-4057	2012-01-16 14:00	2012-01-14	表示	GitHub Exploit DB Packet Storm

257230	7.6	HIGH	apple	mac_os_x mac_os_x_server	The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows ma…	CWE-264 認可・権限・アクセス制御	CVE-2011-3213	2012-01-14 12:55	2011-10-14	表示	GitHub Exploit DB Packet Storm

257231	4.6	MEDIUM	apple	mac_os_x mac_os_x_server	IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the…	CWE-264 認可・権限・アクセス制御	CVE-2011-3214	2012-01-14 12:55	2011-10-14	表示	GitHub Exploit DB Packet Storm

257232	2.1	LOW	apple	mac_os_x mac_os_x_server	The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and dis…	CWE-264 認可・権限・アクセス制御	CVE-2011-3215	2012-01-14 12:55	2011-10-14	表示	GitHub Exploit DB Packet Storm

257233	2.1	LOW	apple	mac_os_x mac_os_x_server	The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink syst…	CWE-264 認可・権限・アクセス制御	CVE-2011-3216	2012-01-14 12:55	2011-10-14	表示	GitHub Exploit DB Packet Storm

257234	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image.	CWE-119 バッファエラー	CVE-2011-3217	2012-01-14 12:55	2011-10-14	表示	GitHub Exploit DB Packet Storm

257235	2.6	LOW	apple	mac_os_x mac_os_x_server	The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduc…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-3218	2012-01-14 12:55	2011-10-14	表示	GitHub Exploit DB Packet Storm

257236	4.3	MEDIUM	apple	mac_os_x mac_os_x_server	QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations…	CWE-200 情報漏えい	CVE-2011-3220	2012-01-14 12:55	2011-10-14	表示	GitHub Exploit DB Packet Storm

257237	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application…	CWE-94 コード・インジェクション	CVE-2011-3221	2012-01-14 12:55	2011-10-14	表示	GitHub Exploit DB Packet Storm

257238	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.	CWE-119 バッファエラー	CVE-2011-3222	2012-01-14 12:55	2011-10-14	表示	GitHub Exploit DB Packet Storm

257239	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file.	CWE-119 バッファエラー	CVE-2011-3223	2012-01-14 12:55	2011-10-14	表示	GitHub Exploit DB Packet Storm

257240	2.6	LOW	apple	mac_os_x mac_os_x_server	The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by s…	NVD-CWE-Other	CVE-2011-3224	2012-01-14 12:55	2011-10-14	表示	GitHub Exploit DB Packet Storm

257241	5.0	MEDIUM	apple	mac_os_x mac_os_x_server	The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers t…	CWE-264 認可・権限・アクセス制御	CVE-2011-3225	2012-01-14 12:55	2011-10-14	表示	GitHub Exploit DB Packet Storm

257242	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of a…	CWE-264 認可・権限・アクセス制御	CVE-2011-3226	2012-01-14 12:55	2011-10-14	表示	GitHub Exploit DB Packet Storm

257243	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execu…	CWE-20 不適切な入力確認	CVE-2011-3227	2012-01-14 12:55	2011-10-14	表示	GitHub Exploit DB Packet Storm

257244	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.	CWE-94 コード・インジェクション	CVE-2011-3228	2012-01-14 12:55	2011-10-14	表示	GitHub Exploit DB Packet Storm

257245	4.3	MEDIUM	oracle	e-business_suite	Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors rela…	NVD-CWE-noinfo	CVE-2011-2308	2012-01-14 12:54	2011-10-19	表示	GitHub Exploit DB Packet Storm

257246	7.5	HIGH	hp	easy_printer_care_software	A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program,…	CWE-94 コード・インジェクション	CVE-2011-2404	2012-01-14 12:54	2011-08-12	表示	GitHub Exploit DB Packet Storm

257247	4.4	MEDIUM	apple	mac_os_x mac_os_x_server	Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file.	CWE-134 書式文字列の問題	CVE-2011-0185	2012-01-14 12:51	2011-10-14	表示	GitHub Exploit DB Packet Storm

257248	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file.	CWE-94 コード・インジェクション	CVE-2011-0224	2012-01-14 12:51	2011-10-14	表示	GitHub Exploit DB Packet Storm

257249	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers…	CWE-119 バッファエラー	CVE-2011-0229	2012-01-14 12:51	2011-10-14	表示	GitHub Exploit DB Packet Storm

257250	7.5	HIGH	apple	mac_os_x mac_os_x_server	Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application c…	CWE-119 バッファエラー	CVE-2011-0230	2012-01-14 12:51	2011-10-14	表示	GitHub Exploit DB Packet Storm