NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月21日16:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
257401	4.9	MEDIUM	apple	mac_os_x mac_os_x_server	Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'	NVD-CWE-Other	CVE-2011-1132	2011-10-27 12:23	2011-06-25	表示	GitHub Exploit DB Packet Storm

257402	2.1	LOW	apple	mac_os_x mac_os_x_server	App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrate…	CWE-200 情報漏えい	CVE-2011-0197	2011-10-27 12:21	2011-06-25	表示	GitHub Exploit DB Packet Storm

257403	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code via a crafted embedded TrueType font.	CWE-119 バッファエラー	CVE-2011-0198	2011-10-27 12:21	2011-06-25	表示	GitHub Exploit DB Packet Storm

257404	5.0	MEDIUM	apple	mac_os_x_server	Absolute path traversal vulnerability in xftpd in the FTP Server component in Apple Mac OS X before 10.6.8 allows remote attackers to list arbitrary directories by using the root directory as the sta…	CWE-22 パス・トラバーサル	CVE-2011-0203	2011-10-27 12:21	2011-06-25	表示	GitHub Exploit DB Packet Storm

257405	6.8	MEDIUM	apple	imageio mac_os_x mac_os_x_server	Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image.	CWE-119 バッファエラー	CVE-2011-0205	2011-10-27 12:21	2011-06-25	表示	GitHub Exploit DB Packet Storm

257406	5.0	MEDIUM	apple	mac_os_x mac_os_x_server	The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive ali…	CWE-310 暗号の問題	CVE-2011-0207	2011-10-27 12:21	2011-06-25	表示	GitHub Exploit DB Packet Storm

257407	6.8	MEDIUM	apple	quicktime mac_os_x mac_os_x_server	QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie…	CWE-119 バッファエラー	CVE-2011-0210	2011-10-27 12:21	2011-06-25	表示	GitHub Exploit DB Packet Storm

257408	6.4	MEDIUM	apple	mac_os_x_server	servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumptio…	CWE-399 リソース管理の問題	CVE-2011-0212	2011-10-27 12:21	2011-06-25	表示	GitHub Exploit DB Packet Storm

257409	5.0	MEDIUM	citadel	citadel	modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption…	CWE-399 リソース管理の問題	CVE-2011-1756	2011-10-26 13:00	2011-06-21	表示	GitHub Exploit DB Packet Storm

257410	6.8	MEDIUM	redhat	jboss_enterprise_application_platform jboss_enterprise_soa_platform jboss_seam_2_framework	jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP o…	CWE-264 認可・権限・アクセス制御	CVE-2011-1484	2011-10-26 11:58	2011-07-27	表示	GitHub Exploit DB Packet Storm

257411	7.4	HIGH	citrix	xen	Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to ge…	CWE-264 認可・権限・アクセス制御	CVE-2011-1898	2011-10-26 11:58	2011-08-13	表示	GitHub Exploit DB Packet Storm

257412	6.8	MEDIUM	ffmpeg mplayerhq	ffmpeg mplayer	FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via …	CWE-119 バッファエラー	CVE-2011-0722	2011-10-26 11:57	2011-05-21	表示	GitHub Exploit DB Packet Storm

257413	6.8	MEDIUM	ffmpeg mplayer	ffmpeg mplayer	FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed VC-1 file.	CWE-399 リソース管理の問題	CVE-2011-0723	2011-10-26 11:57	2011-05-21	表示	GitHub Exploit DB Packet Storm

257414	9.3	HIGH	freetype apple	freetype iphone_os	Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute …	CWE-189 数値処理の問題	CVE-2011-0226	2011-10-26 11:56	2011-07-20	表示	GitHub Exploit DB Packet Storm

257415	6.8	MEDIUM	ffmpeg mplayerhq	ffmpeg mplayer	FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a mal…	CWE-119 バッファエラー	CVE-2010-3908	2011-10-26 11:53	2011-05-21	表示	GitHub Exploit DB Packet Storm

257416	4.3	MEDIUM	juniper	idp	Cross-site scripting (XSS) vulnerability in Appliance Configuration Manager (ACM) in Juniper IDP 4.1 before 4.1r3 and 4.2 before 4.2r1 allows remote attackers to inject arbitrary web script or HTML v…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-5086	2011-10-26 11:45	2011-09-3	表示	GitHub Exploit DB Packet Storm

257417	5.8	MEDIUM	ffmpeg	ffmpeg	oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted…	CWE-189 数値処理の問題	CVE-2009-4632	2011-10-26 11:44	2010-02-10	表示	GitHub Exploit DB Packet Storm

257418	10.0	HIGH	ffmpeg	ffmpeg	vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via…	CWE-189 数値処理の問題	CVE-2009-4633	2011-10-26 11:44	2010-02-10	表示	GitHub Exploit DB Packet Storm

257419	10.0	HIGH	ffmpeg	ffmpeg	Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec…	CWE-189 数値処理の問題	CVE-2009-4634	2011-10-26 11:44	2010-02-10	表示	GitHub Exploit DB Packet Storm

257420	9.3	HIGH	ffmpeg	ffmpeg	FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to us…	CWE-94 コード・インジェクション	CVE-2009-4635	2011-10-26 11:44	2010-02-10	表示	GitHub Exploit DB Packet Storm

257421	4.3	MEDIUM	ffmpeg	ffmpeg	FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop.	CWE-94 コード・インジェクション	CVE-2009-4636	2011-10-26 11:44	2010-02-10	表示	GitHub Exploit DB Packet Storm

257422	4.3	MEDIUM	ffmpeg	ffmpeg	The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error.	CWE-189 数値処理の問題	CVE-2009-4639	2011-10-26 11:44	2010-02-10	表示	GitHub Exploit DB Packet Storm

257423	4.3	MEDIUM	ffmpeg	ffmpeg	Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read.	CWE-189 数値処理の問題	CVE-2009-4640	2011-10-26 11:44	2010-02-10	表示	GitHub Exploit DB Packet Storm

257424	6.8	MEDIUM	simplemachines	smf	Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involv…	CWE-352 同一生成元ポリシー違反	CVE-2011-4173	2011-10-25 13:00	2011-10-25	表示	GitHub Exploit DB Packet Storm

257425	9.3	HIGH	plone zope	plone zope	Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the…	NVD-CWE-noinfo	CVE-2011-3587	2011-10-21 11:56	2011-10-10	表示	GitHub Exploit DB Packet Storm

257426	5.8	MEDIUM	adam_kennedy	crypt-dsa	The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determin…	CWE-310 暗号の問題	CVE-2011-3599	2011-10-21 11:56	2011-10-10	表示	GitHub Exploit DB Packet Storm

257427	5.0	MEDIUM	conceptcms	conceptcms	conceptcms 5.3.1, 5.3.3, and possibly other versions allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error messa…	CWE-200 情報漏えい	CVE-2011-3720	2011-10-21 11:56	2011-09-24	表示	GitHub Exploit DB Packet Storm

257428	7.8	HIGH	cisco	ios ios_xe	The IP Service Level Agreement (IP SLA) functionality in Cisco IOS 15.1, and IOS XE 2.1.x through 3.3.x, allows remote attackers to cause a denial of service (memory corruption and device reload) via…	CWE-399 リソース管理の問題	CVE-2011-3272	2011-10-21 11:55	2011-10-4	表示	GitHub Exploit DB Packet Storm

257429	9.3	HIGH	apple	safari webkit	WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ…	CWE-119 バッファエラー	CVE-2011-1288	2011-10-21 11:53	2011-07-22	表示	GitHub Exploit DB Packet Storm

257430	9.3	HIGH	apple	safari webkit	WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ…	CWE-119 バッファエラー	CVE-2011-1453	2011-10-21 11:53	2011-07-22	表示	GitHub Exploit DB Packet Storm

257431	9.3	HIGH	apple	safari webkit	WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ…	CWE-119 バッファエラー	CVE-2011-1457	2011-10-21 11:53	2011-07-22	表示	GitHub Exploit DB Packet Storm

257432	9.3	HIGH	apple	safari webkit	WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ…	CWE-119 バッファエラー	CVE-2011-1462	2011-10-21 11:53	2011-07-22	表示	GitHub Exploit DB Packet Storm

257433	4.3	MEDIUM	apple	quicktime mac_os_x mac_os_x_server	The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redire…	CWE-200 情報漏えい	CVE-2011-0187	2011-10-21 11:51	2011-03-23	表示	GitHub Exploit DB Packet Storm

257434	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office …	CWE-119 バッファエラー	CVE-2011-0208	2011-10-21 11:51	2011-06-25	表示	GitHub Exploit DB Packet Storm

257435	9.3	HIGH	apple	safari webkit	WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ…	CWE-119 バッファエラー	CVE-2011-0218	2011-10-21 11:51	2011-07-22	表示	GitHub Exploit DB Packet Storm

257436	9.3	HIGH	apple	safari webkit	WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ…	CWE-119 バッファエラー	CVE-2011-0221	2011-10-21 11:51	2011-07-22	表示	GitHub Exploit DB Packet Storm

257437	9.3	HIGH	apple	safari webkit	WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ…	CWE-119 バッファエラー	CVE-2011-0222	2011-10-21 11:51	2011-07-22	表示	GitHub Exploit DB Packet Storm

257438	9.3	HIGH	apple	safari webkit	WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ…	CWE-119 バッファエラー	CVE-2011-0225	2011-10-21 11:51	2011-07-22	表示	GitHub Exploit DB Packet Storm

257439	9.3	HIGH	apple	safari webkit	WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ…	CWE-119 バッファエラー	CVE-2011-0232	2011-10-21 11:51	2011-07-22	表示	GitHub Exploit DB Packet Storm

257440	9.3	HIGH	apple	safari webkit	WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ…	CWE-119 バッファエラー	CVE-2011-0233	2011-10-21 11:51	2011-07-22	表示	GitHub Exploit DB Packet Storm

257441	9.3	HIGH	apple	safari webkit	WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ…	CWE-119 バッファエラー	CVE-2011-0234	2011-10-21 11:51	2011-07-22	表示	GitHub Exploit DB Packet Storm

257442	9.3	HIGH	apple	safari webkit	WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ…	CWE-119 バッファエラー	CVE-2011-0235	2011-10-21 11:51	2011-07-22	表示	GitHub Exploit DB Packet Storm

257443	9.3	HIGH	apple	safari webkit	WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ…	CWE-119 バッファエラー	CVE-2011-0238	2011-10-21 11:51	2011-07-22	表示	GitHub Exploit DB Packet Storm

257444	4.3	MEDIUM	apple	safari webkit	Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving a URL that contains a username.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-0242	2011-10-21 11:51	2011-07-22	表示	GitHub Exploit DB Packet Storm

257445	9.3	HIGH	apple	safari webkit	WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ…	CWE-119 バッファエラー	CVE-2011-0254	2011-10-21 11:51	2011-07-22	表示	GitHub Exploit DB Packet Storm

257446	9.3	HIGH	apple	safari webkit	WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ…	CWE-119 バッファエラー	CVE-2011-0255	2011-10-21 11:51	2011-07-22	表示	GitHub Exploit DB Packet Storm

257447	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microso…	CWE-119 バッファエラー	CVE-2010-3785	2011-10-21 11:48	2010-11-17	表示	GitHub Exploit DB Packet Storm

257448	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Excel file.	CWE-119 バッファエラー	CVE-2010-3786	2011-10-21 11:48	2010-11-17	表示	GitHub Exploit DB Packet Storm

257449	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an Excel spreadsheet with a…	CWE-119 バッファエラー	CVE-2011-0184	2011-10-20 13:00	2011-03-23	表示	GitHub Exploit DB Packet Storm

257450	7.5	HIGH	mega-nerd	libsndfile	Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a …	CWE-119 バッファエラー	CVE-2007-4974	2011-10-18 13:00	2007-09-20	表示	GitHub Exploit DB Packet Storm