NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月21日20:15

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
257251	5.0	MEDIUM	apple	mac_os_x mac_os_x_server	CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchroni…	CWE-200 情報漏えい	CVE-2011-0231	2012-01-14 12:51	2011-10-14	表示	GitHub Exploit DB Packet Storm

257252	4.6	MEDIUM	apple	mac_os_x mac_os_x_server	The CoreProcesses component in Apple Mac OS X 10.7 before 10.7.2 does not prevent a system window from receiving keystrokes in the locked-screen state, which might allow physically proximate attacker…	CWE-264 認可・権限・アクセス制御	CVE-2011-0260	2012-01-14 12:51	2011-10-14	表示	GitHub Exploit DB Packet Storm

257253	10.0	HIGH	finaldraft	finaldraft	Stack-based buffer overflow in Final Draft 8 before 8.02 allows remote attackers to execute arbitrary code via a crafted SmartType element, a different vulnerability than CVE-2011-5002. NOTE: the pr…	CWE-119 バッファエラー	CVE-2011-5059	2012-01-13 14:00	2012-01-11	表示	GitHub Exploit DB Packet Storm

257254	4.3	MEDIUM	pukiwiki	pukiwiki_plus\!	Cross-site scripting (XSS) vulnerability in plugin/comment.inc.php in PukiWiki Plus! 1.4.7plus-u2-i18n and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vecto…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-3990	2012-01-12 14:00	2011-12-23	表示	GitHub Exploit DB Packet Storm

257255	9.3	HIGH	sielcosistemi	winlog_lite winlog_pro	Buffer overflow in Sielco Sistemi Winlog PRO before 2.07.09 and Winlog Lite before 2.07.09 allows user-assisted remote attackers to execute arbitrary code via invalid data in unspecified fields of a …	CWE-119 バッファエラー	CVE-2011-4037	2012-01-12 14:00	2011-12-23	表示	GitHub Exploit DB Packet Storm

257256	7.5	HIGH	pmwiki	pmwiki	The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive,…	CWE-94 コード・インジェクション	CVE-2011-4453	2012-01-12 14:00	2011-12-23	表示	GitHub Exploit DB Packet Storm

257257	2.4	LOW	oracle	solaris	Unspecified vulnerability in Oracle Solaris 9 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to xscreensaver.	NVD-CWE-noinfo	CVE-2011-2292	2012-01-12 13:03	2011-10-19	表示	GitHub Exploit DB Packet Storm

257258	4.3	MEDIUM	oracle	industry_applications	Unspecified vulnerability in the Health Sciences - Oracle Clinical, Remote Data Capture component in Oracle Industry Applications 4.6 and 4.6.2 allows remote attackers to affect integrity, related to…	NVD-CWE-noinfo	CVE-2011-2309	2012-01-12 13:03	2011-10-19	表示	GitHub Exploit DB Packet Storm

257259	7.5	HIGH	oracle	sun_products_suite	Unspecified vulnerability in the Oracle Waveset component in Oracle Sun Products Suite 8.1.0 and 8.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto…	NVD-CWE-noinfo	CVE-2011-2310	2012-01-12 13:03	2011-10-19	表示	GitHub Exploit DB Packet Storm

257260	4.3	MEDIUM	oracle	industry_applications	Unspecified vulnerability in the Health Sciences - Oracle Thesaurus Management System component in Oracle Industry Applications 4.6.1 and 4.6.2 allows remote attackers to affect integrity, related to…	NVD-CWE-noinfo	CVE-2011-2323	2012-01-12 13:03	2011-10-19	表示	GitHub Exploit DB Packet Storm

257261	2.1	LOW	oracle	sun_products_suite	Unspecified vulnerability in the Oracle Communications Unified component in Oracle Sun Products Suite 7.0 allows local users to affect confidentiality via unknown vectors related to Delegated Adminis…	NVD-CWE-noinfo	CVE-2011-2327	2012-01-12 13:03	2011-10-19	表示	GitHub Exploit DB Packet Storm

257262	6.5	MEDIUM	cisco	show_and_share	Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote authenticated users to upload and execute arbitrary code by leveraging video upload privileges, aka Bug ID CSCto69857.	CWE-94 コード・インジェクション	CVE-2011-2585	2012-01-12 13:03	2011-10-20	表示	GitHub Exploit DB Packet Storm

257263	7.5	HIGH	cmscout	cmscout	SQL injection vulnerability in index.php in CMScout 2.0.8 allows remote attackers to execute arbitrary SQL commands via the album parameter in a photos action.	CWE-89 SQLインジェクション	CVE-2010-5059	2012-01-10 14:00	2011-11-23	表示	GitHub Exploit DB Packet Storm

257264	5.0	MEDIUM	siemens	automation_license_manager	Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted content in a (1) get_tar…	CWE-20 不適切な入力確認	CVE-2011-4531	2012-01-10 07:52	2012-01-9	表示	GitHub Exploit DB Packet Storm

257265	5.0	MEDIUM	siemens	automation_license_manager	Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon…	CWE-20 不適切な入力確認	CVE-2011-4530	2012-01-10 07:51	2012-01-9	表示	GitHub Exploit DB Packet Storm

257266	5.0	MEDIUM	maradns	maradns	MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of serv…	CWE-20 不適切な入力確認	CVE-2011-5055	2012-01-10 03:30	2012-01-8	表示	GitHub Exploit DB Packet Storm

257267	5.8	MEDIUM	siemens	tecnomatix_factorylink	An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files …	NVD-CWE-noinfo	CVE-2011-4056	2012-01-10 02:55	2012-01-8	表示	GitHub Exploit DB Packet Storm

257268	7.5	HIGH	siemens	automation_license_manager	Multiple buffer overflows in Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allow remote attackers to execute arbitrary code via a long serialid field in an _licensekey command, as…	CWE-119 バッファエラー	CVE-2011-4529	2012-01-9 14:00	2012-01-9	表示	GitHub Exploit DB Packet Storm

257269	5.0	MEDIUM	siemens	automation_license_manager	Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd…	CWE-22 パス・トラバーサル	CVE-2011-4532	2012-01-9 14:00	2012-01-9	表示	GitHub Exploit DB Packet Storm

257270	6.8	MEDIUM	invensys	wonderware_inbatch	Multiple buffer overflows in the (1) GUIControls, (2) BatchObjSrv, and (3) BatchSecCtrl ActiveX controls in Invensys Wonderware InBatch 9.0 and 9.0 SP1, and InBatch 8.1 SP1, 9.0 SP2, and 9.5 Server a…	CWE-119 バッファエラー	CVE-2011-4870	2012-01-9 14:00	2012-01-8	表示	GitHub Exploit DB Packet Storm

257271	5.0	MEDIUM	apache	activemq	Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.	CWE-399 リソース管理の問題	CVE-2011-4905	2012-01-6 04:13	2012-01-6	表示	GitHub Exploit DB Packet Storm

257272	6.8	MEDIUM	semanticscuttle	semanticscuttle	Multiple cross-site request forgery (CSRF) vulnerabilities in SemanticScuttle before 0.91 allow remote attackers to (1) hijack the authentication of administrators via unknown vectors or (2) hijack t…	CWE-352 同一生成元ポリシー違反	CVE-2009-0708	2012-01-5 14:00	2009-02-24	表示	GitHub Exploit DB Packet Storm

257273	6.9	MEDIUM	eeye	digital_security_audits retina_network_security_scanner	eEye Audit ID 2499 in eEye Digital Security Audits 2406 through 2423 for eEye Retina Network Security Scanner on HP-UX, IRIX, and Solaris allows local users to gain privileges via a Trojan horse gaun…	CWE-264 認可・権限・アクセス制御	CVE-2011-3337	2012-01-5 02:49	2012-01-4	表示	GitHub Exploit DB Packet Storm

257274	6.9	MEDIUM	celeryproject	celery	Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryd_detach, …	CWE-264 認可・権限・アクセス制御	CVE-2011-4356	2012-01-4 01:38	2011-12-5	表示	GitHub Exploit DB Packet Storm

257275	4.3	MEDIUM	ibm	rational_asset_manager	Cross-site scripting (XSS) vulnerability in IBM Rational Asset Manager before 7.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4708	2012-01-3 14:00	2011-12-9	表示	GitHub Exploit DB Packet Storm

257276	7.5	HIGH	novell	xtier_framework	Multiple integer overflows in the HTTP server in the Novell XTier framework 3.1.8 allow remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via crafted he…	CWE-189 数値処理の問題	CVE-2011-1710	2012-01-2 14:00	2011-12-31	表示	GitHub Exploit DB Packet Storm

257277	4.3	MEDIUM	tor	tor	Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about …	CWE-200 情報漏えい	CVE-2011-4896	2011-12-30 14:00	2011-12-23	表示	GitHub Exploit DB Packet Storm

257278	4.3	MEDIUM	tor	tor	Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname configuration option, uses the local hostname as the Nickname value, which allows remote attackers to obtain potentially sen…	CWE-200 情報漏えい	CVE-2011-4897	2011-12-30 14:00	2011-12-23	表示	GitHub Exploit DB Packet Storm

257279	4.3	MEDIUM	xzeroscripts	xzero_community_classifieds	Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded file…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-2914	2011-12-29 14:00	2009-08-21	表示	GitHub Exploit DB Packet Storm

257280	5.0	MEDIUM	goahead	goahead_webserver	GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.	CWE-399 リソース管理の問題	CVE-2009-5111	2011-12-28 23:46	2011-12-28	表示	GitHub Exploit DB Packet Storm

257281	5.0	MEDIUM	dhttpd	dhttpd	dhttpd allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.	CWE-399 リソース管理の問題	CVE-2009-5110	2011-12-28 23:42	2011-12-28	表示	GitHub Exploit DB Packet Storm

257282	9.3	HIGH	mini-stream	rm-mp3_converter	Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 allows remote attackers to execute arbitrary code via a long URL in a .pls file.	CWE-119 バッファエラー	CVE-2010-5081	2011-12-28 14:00	2011-12-25	表示	GitHub Exploit DB Packet Storm

257283	9.3	HIGH	mini-stream	ripper	Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long entry in a .pls file.	CWE-119 バッファエラー	CVE-2009-5109	2011-12-28 14:00	2011-12-25	表示	GitHub Exploit DB Packet Storm

257284	10.0	HIGH	wellintech	kingview	Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka HistoryServer.exe) in WellinTech KingView 6.53 and 65.30.2010.18018 allows remote attackers to execute arbitrary code via a crafte…	CWE-119 バッファエラー	CVE-2011-4536	2011-12-28 00:40	2011-12-27	表示	GitHub Exploit DB Packet Storm

257285	7.5	HIGH	cyrus	imapd	imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO…	CWE-287 不適切な認証	CVE-2011-3372	2011-12-26 14:00	2011-12-25	表示	GitHub Exploit DB Packet Storm

257286	2.1	LOW	oracle	solaris	Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote authenticated users to affect availability, related to ZFS.	NVD-CWE-noinfo	CVE-2011-2286	2011-12-24 12:56	2011-10-19	表示	GitHub Exploit DB Packet Storm

257287	4.3	MEDIUM	oracle	solaris	Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality, related to Network Services Library (libnsl).	NVD-CWE-noinfo	CVE-2011-2304	2011-12-24 12:56	2011-10-19	表示	GitHub Exploit DB Packet Storm

257288	1.7	LOW	oracle	solaris	Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, related to ZFS.	NVD-CWE-noinfo	CVE-2011-2312	2011-12-24 12:56	2011-10-19	表示	GitHub Exploit DB Packet Storm

257289	4.3	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors related to JavaServer Pages.	NVD-CWE-noinfo	CVE-2011-2314	2011-12-24 12:56	2011-10-19	表示	GitHub Exploit DB Packet Storm

257290	5.0	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows remote attackers to affect confidentiality via…	NVD-CWE-noinfo	CVE-2011-2320	2011-12-24 12:56	2011-10-19	表示	GitHub Exploit DB Packet Storm

257291	4.3	MEDIUM	tor	tor	Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which makes it easier for remote attackers to enumerate bridges by …	CWE-200 情報漏えい	CVE-2011-4894	2011-12-23 14:00	2011-12-23	表示	GitHub Exploit DB Packet Storm

257292	4.3	MEDIUM	tor	tor	Tor before 0.2.2.34, when configured as a bridge, sets up circuits through a process different from the process used by a client, which makes it easier for remote attackers to enumerate bridges by ob…	CWE-200 情報漏えい	CVE-2011-4895	2011-12-23 14:00	2011-12-23	表示	GitHub Exploit DB Packet Storm

257293	9.3	HIGH	indusoft	web_studio	Stack-based buffer overflow in CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 allows remote attackers to execute arbitrary code via a crafted 0x1…	CWE-119 バッファエラー	CVE-2011-4052	2011-12-22 14:00	2011-12-5	表示	GitHub Exploit DB Packet Storm

257294	10.0	HIGH	schneider-electric	quantum_ethernet_module_140noe77100 quantum_ethernet_module_140noe77101 quantum_ethernet_module_140noe77111	The modbus_125_handler function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) allows remote attackers to install arbitrary firmware updat…	CWE-264 認可・権限・アクセス制御	CVE-2011-4861	2011-12-21 14:00	2011-12-17	表示	GitHub Exploit DB Packet Storm

257295	10.0	HIGH	asus	asus_wl-330ge	Unspecified vulnerability on the ASUS WL-330gE has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this discl…	NVD-CWE-noinfo	CVE-2009-3091	2011-12-21 14:00	2009-09-9	表示	GitHub Exploit DB Packet Storm

257296	4.0	MEDIUM	sun x.org	opensolaris solaris x11	xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users…	NVD-CWE-Other	CVE-2009-3100	2011-12-21 14:00	2009-09-9	表示	GitHub Exploit DB Packet Storm

257297	6.4	MEDIUM	oracle	sun_products_suite	Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 and 3.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to Admini…	NVD-CWE-noinfo	CVE-2011-1511	2011-12-21 12:58	2011-07-21	表示	GitHub Exploit DB Packet Storm

257298	5.5	MEDIUM	zftpserver	zftpserver_suite	Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows remote authenticated users to delete arbitrary directories via a crafted RMD (aka rmdir) command.	CWE-22 パス・トラバーサル	CVE-2011-4717	2011-12-20 20:55	2011-12-20	表示	GitHub Exploit DB Packet Storm

257299	10.0	HIGH	sap	crystal_reports_server	Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of …	CWE-119 バッファエラー	CVE-2009-3345	2011-12-20 14:00	2009-09-25	表示	GitHub Exploit DB Packet Storm

257300	10.0	HIGH	d-link	dir-400	Buffer overflow on the D-Link DIR-400 wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.1…	CWE-119 バッファエラー	CVE-2009-3347	2011-12-20 14:00	2009-09-25	表示	GitHub Exploit DB Packet Storm