NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年9月21日12:18

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
257451 1.9 LOW
gnu gnump3d GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file. CWE-59
リンク解釈の問題 		CVE-2005-3349 2011-10-18 13:00 2005-11-19 表示 GitHub Exploit DB Packet Storm
257452 6.4 MEDIUM
gnu gnump3d Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values". CWE-22
パス・トラバーサル 		CVE-2005-3355 2011-10-18 13:00 2005-11-19 表示 GitHub Exploit DB Packet Storm
257453 6.4 MEDIUM
xine xine-lib Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an … CWE-119
バッファエラー 		CVE-2008-0225 2011-10-17 13:00 2008-01-11 表示 GitHub Exploit DB Packet Storm
257454 5.0 MEDIUM
ibm db2_universal_database IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote attackers to cause a denial of service (application crash) by sending "incorrect information ... regarding the package name/creator… CWE-399
リソース管理の問題 		CVE-2006-3068 2011-10-17 13:00 2006-06-19 表示 GitHub Exploit DB Packet Storm
257455 2.1 LOW
linux-ha heartbeat heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly du… CWE-264
認可・権限・アクセス制御 		CVE-2006-3815 2011-10-17 13:00 2006-07-25 表示 GitHub Exploit DB Packet Storm
257456 7.5 HIGH
netgear wg311v1 Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) 2.3.1.10 for NetGear WG311v1 wireless adapter allows remote attackers to execute arbitrary code via an 802.11 management frame with a … CWE-119
バッファエラー 		CVE-2006-6125 2011-10-17 13:00 2006-11-27 表示 GitHub Exploit DB Packet Storm
257457 7.5 HIGH
rim blackberry_attachment_service
blackberry_enterprise_server 		Heap-based buffer overflow in Research in Motion (RIM) BlackBerry Attachment Service allows remote attackers to cause a denial of service (hang) via an e-mail attachment with a crafted TIFF file. CWE-119
バッファエラー 		CVE-2005-2341 2011-10-17 13:00 2005-12-31 表示 GitHub Exploit DB Packet Storm
257458 2.6 LOW
apple iphone_os CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrar… CWE-200
情報漏えい 		CVE-2011-3253 2011-10-14 19:55 2011-10-14 表示 GitHub Exploit DB Packet Storm
257459 4.3 MEDIUM
apple iphone_os Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-3254 2011-10-14 19:55 2011-10-14 表示 GitHub Exploit DB Packet Storm
257460 9.3 HIGH
apple imageio
safari 		ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) … CWE-20
不適切な入力確認 		CVE-2011-0215 2011-10-14 11:50 2011-07-22 表示 GitHub Exploit DB Packet Storm
257461 9.3 HIGH
apple safari
webkit 		WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ… CWE-119
バッファエラー 		CVE-2011-0223 2011-10-14 11:50 2011-07-22 表示 GitHub Exploit DB Packet Storm
257462 9.3 HIGH
apple safari
webkit 		WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ… CWE-119
バッファエラー 		CVE-2011-0237 2011-10-14 11:50 2011-07-22 表示 GitHub Exploit DB Packet Storm
257463 9.3 HIGH
apple safari
webkit 		WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ… CWE-119
バッファエラー 		CVE-2011-0240 2011-10-14 11:50 2011-07-22 表示 GitHub Exploit DB Packet Storm
257464 9.3 HIGH
apple safari
webkit 		WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ… CWE-119
バッファエラー 		CVE-2011-0253 2011-10-14 11:50 2011-07-22 表示 GitHub Exploit DB Packet Storm
257465 4.0 MEDIUM
io-socket-ssl io-socket-ssl The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote at… CWE-310
暗号の問題 		CVE-2010-4334 2011-10-14 11:48 2011-01-14 表示 GitHub Exploit DB Packet Storm
257466 9.3 HIGH
adobe shockwave_player IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted tSAC chunk, which triggers a hea… CWE-119
バッファエラー 		CVE-2011-2115 2011-10-12 13:00 2011-06-17 表示 GitHub Exploit DB Packet Storm
257467 9.3 HIGH
adobe shockwave_player Integer overflow in the Shockwave 3D Asset x32 component in Adobe Shockwave Player before 11.6.0.626 allows remote attackers to execute arbitrary code via a crafted subrecord in a DEMX chunk, which t… CWE-189
数値処理の問題 		CVE-2011-2123 2011-10-11 13:00 2011-06-17 表示 GitHub Exploit DB Packet Storm
257468 4.0 MEDIUM
microsoft
canon 		ie
network_camera_server_vb101 		Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPres… CWE-200
情報漏えい 		CVE-2006-2900 2011-10-11 13:00 2006-06-8 表示 GitHub Exploit DB Packet Storm
257469 5.0 MEDIUM
sun j2se
java_web_start 		The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web Start 1.0 through 1.2 and J2SE 1.4.2 through 5.0 Update 5, allows remote attackers to exploit vulnerabilities by specifying a JRE ver… CWE-264
認可・権限・アクセス制御 		CVE-2006-4302 2011-10-11 13:00 2006-08-23 表示 GitHub Exploit DB Packet Storm
257470 5.0 MEDIUM
joomla joomla Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to… CWE-20
不適切な入力確認 		CVE-2006-4466 2011-10-11 13:00 2006-09-1 表示 GitHub Exploit DB Packet Storm
257471 4.6 MEDIUM
freebsd freebsd Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted UFS filesystem that causes invali… CWE-189
数値処理の問題 		CVE-2006-5679 2011-10-11 13:00 2006-11-4 表示 GitHub Exploit DB Packet Storm
257472 9.3 HIGH
apple mac_os_x Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource … CWE-264
CWE-20
認可・権限・アクセス制御
不適切な入力確認 		CVE-2007-6165 2011-10-6 13:00 2007-11-29 表示 GitHub Exploit DB Packet Storm
257473 7.8 HIGH
cisco unified_communications_manager
intercompany_media_engine 		Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8… NVD-CWE-noinfo
CVE-2011-2563 2011-10-6 11:50 2011-08-30 表示 GitHub Exploit DB Packet Storm
257474 7.8 HIGH
cisco unified_communications_manager
intercompany_media_engine 		Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8… NVD-CWE-noinfo
CVE-2011-2564 2011-10-6 11:50 2011-08-30 表示 GitHub Exploit DB Packet Storm
257475 9.3 HIGH
novell cloud_manager The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls tha… CWE-20
不適切な入力確認 		CVE-2011-2654 2011-10-6 11:50 2011-09-7 表示 GitHub Exploit DB Packet Storm
257476 9.3 HIGH
realnetworks realplayer
realplayer_sp 		Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted S… CWE-119
バッファエラー 		CVE-2011-2945 2011-10-6 11:50 2011-08-19 表示 GitHub Exploit DB Packet Storm
257477 10.0 HIGH
realnetworks realplayer
realplayer_sp 		Unspecified vulnerability in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 al… NVD-CWE-noinfo
CVE-2011-2946 2011-10-6 11:50 2011-08-19 表示 GitHub Exploit DB Packet Storm
257478 4.3 MEDIUM
realnetworks realplayer
realplayer_sp 		Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-2947 2011-10-6 11:50 2011-08-19 表示 GitHub Exploit DB Packet Storm
257479 9.3 HIGH
realnetworks realplayer
realplayer_sp 		RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.0 through 2.1.5, and Mac RealPlayer 12.0.0.1569 do not properly handle DE… CWE-119
バッファエラー 		CVE-2011-2948 2011-10-6 11:50 2011-08-19 表示 GitHub Exploit DB Packet Storm
257480 9.3 HIGH
realnetworks realplayer
realplayer_sp 		Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers… CWE-119
バッファエラー 		CVE-2011-2949 2011-10-6 11:50 2011-08-19 表示 GitHub Exploit DB Packet Storm
257481 9.3 HIGH
realnetworks realplayer
realplayer_sp 		Buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.0.0.1569 allows remote attackers to execute arbitrary co… CWE-119
バッファエラー 		CVE-2011-2951 2011-10-6 11:50 2011-08-19 表示 GitHub Exploit DB Packet Storm
257482 9.3 HIGH
realnetworks realplayer
realplayer_sp 		Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attacke… CWE-399
リソース管理の問題 		CVE-2011-2952 2011-10-6 11:50 2011-08-19 表示 GitHub Exploit DB Packet Storm
257483 10.0 HIGH
realnetworks realplayer
realplayer_sp 		An unspecified ActiveX control in the browser plugin in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1… CWE-119
バッファエラー 		CVE-2011-2953 2011-10-6 11:50 2011-08-19 表示 GitHub Exploit DB Packet Storm
257484 9.3 HIGH
realnetworks realplayer
realplayer_sp 		Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5, when an Embedded RealPlayer is used,… CWE-399
リソース管理の問題 		CVE-2011-2954 2011-10-6 11:50 2011-08-19 表示 GitHub Exploit DB Packet Storm
257485 9.3 HIGH
realnetworks realplayer
realplayer_sp 		Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5, when an Embedded Rea… CWE-399
リソース管理の問題 		CVE-2011-2955 2011-10-6 11:50 2011-08-19 表示 GitHub Exploit DB Packet Storm
257486 4.3 MEDIUM
lepton-cms
websitebaker2 		lepton
websitebaker 		Cross-site scripting (XSS) vulnerability in WebsiteBaker before 2.8, as used in LEPTON and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unknown vectors,… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-3385 2011-10-5 13:00 2011-09-3 表示 GitHub Exploit DB Packet Storm
257487 10.0 HIGH
adobe shockwave_player IML32.dll in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. CWE-119
バッファエラー 		CVE-2011-2419 2011-10-5 11:55 2011-08-12 表示 GitHub Exploit DB Packet Storm
257488 10.0 HIGH
adobe shockwave_player Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. CWE-119
バッファエラー 		CVE-2011-2420 2011-10-5 11:55 2011-08-12 表示 GitHub Exploit DB Packet Storm
257489 9.3 HIGH
adobe shockwave_player Dirapi.dll in Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir media file. CWE-119
バッファエラー 		CVE-2011-2421 2011-10-5 11:55 2011-08-12 表示 GitHub Exploit DB Packet Storm
257490 10.0 HIGH
adobe shockwave_player Textra.x32 in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. CWE-119
バッファエラー 		CVE-2011-2422 2011-10-5 11:55 2011-08-12 表示 GitHub Exploit DB Packet Storm
257491 9.3 HIGH
adobe shockwave_player Multiple integer overflows in Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors. CWE-189
数値処理の問題 		CVE-2011-2109 2011-10-5 11:54 2011-06-17 表示 GitHub Exploit DB Packet Storm
257492 9.3 HIGH
adobe shockwave_player IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability th… CWE-119
バッファエラー 		CVE-2011-2111 2011-10-5 11:54 2011-06-17 表示 GitHub Exploit DB Packet Storm
257493 9.3 HIGH
adobe shockwave_player Multiple buffer overflows in IML32.dll in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors. CWE-119
バッファエラー 		CVE-2011-2112 2011-10-5 11:54 2011-06-17 表示 GitHub Exploit DB Packet Storm
257494 9.3 HIGH
adobe shockwave_player Multiple buffer overflows in the Shockwave3DAsset component in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors. CWE-119
バッファエラー 		CVE-2011-2113 2011-10-5 11:54 2011-06-17 表示 GitHub Exploit DB Packet Storm
257495 9.3 HIGH
adobe shockwave_player Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2… CWE-119
バッファエラー 		CVE-2011-2114 2011-10-5 11:54 2011-06-17 表示 GitHub Exploit DB Packet Storm
257496 9.3 HIGH
adobe shockwave_player IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability th… CWE-119
バッファエラー 		CVE-2011-2116 2011-10-5 11:54 2011-06-17 表示 GitHub Exploit DB Packet Storm
257497 9.3 HIGH
adobe shockwave_player Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2… CWE-119
バッファエラー 		CVE-2011-2117 2011-10-5 11:54 2011-06-17 表示 GitHub Exploit DB Packet Storm
257498 9.3 HIGH
adobe shockwave_player The FLV ASSET Xtra component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors, related to an "input validation vulnerability." CWE-20
不適切な入力確認 		CVE-2011-2118 2011-10-5 11:54 2011-06-17 表示 GitHub Exploit DB Packet Storm
257499 9.3 HIGH
adobe shockwave_player Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability t… CWE-119
バッファエラー 		CVE-2011-2119 2011-10-5 11:54 2011-06-17 表示 GitHub Exploit DB Packet Storm
257500 9.3 HIGH
adobe shockwave_player Integer overflow in the CursorAsset x32 component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors. CWE-189
数値処理の問題 		CVE-2011-2120 2011-10-5 11:54 2011-06-17 表示 GitHub Exploit DB Packet Storm