NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年9月21日5:56

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
257551 9.3 HIGH
adobe shockwave_player Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability t… CWE-119
バッファエラー 		CVE-2011-0320 2011-10-5 11:51 2011-06-17 表示 GitHub Exploit DB Packet Storm
257552 9.3 HIGH
adobe shockwave_player Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability t… CWE-119
バッファエラー 		CVE-2011-0335 2011-10-5 11:51 2011-06-17 表示 GitHub Exploit DB Packet Storm
257553 10.0 HIGH
adobe shockwave_player Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4… CWE-119
バッファエラー 		CVE-2010-4308 2011-10-5 11:50 2011-08-12 表示 GitHub Exploit DB Packet Storm
257554 10.0 HIGH
adobe shockwave_player Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4… CWE-119
バッファエラー 		CVE-2010-4309 2011-10-5 11:50 2011-08-12 表示 GitHub Exploit DB Packet Storm
257555 5.0 MEDIUM
vilistextum vilistextum Memory leak in the push_align function in src/util.c in Vilistextum before 2.6.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the tmp_a… CWE-399
リソース管理の問題 		CVE-2006-5656 2011-10-3 13:00 2006-11-3 表示 GitHub Exploit DB Packet Storm
257556 4.0 MEDIUM
otrs otrs Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators… NVD-CWE-noinfo
CVE-2011-2746 2011-09-23 12:34 2011-08-30 表示 GitHub Exploit DB Packet Storm
257557 4.3 MEDIUM
tibco spotfire_analytics_server
spotfire_server 		Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allo… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-3132 2011-09-23 12:34 2011-09-3 表示 GitHub Exploit DB Packet Storm
257558 4.3 MEDIUM
tibco spotfire_analytics_server
spotfire_server 		Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote … NVD-CWE-Other
CVE-2011-3133 2011-09-23 12:34 2011-09-3 表示 GitHub Exploit DB Packet Storm
257559 4.3 MEDIUM
tibco spotfire_analytics_server
spotfire_server 		Per: http://cwe.mitre.org/data/definitions/384.html 'CWE-384: Session Fixation' NVD-CWE-Other
CVE-2011-3133 2011-09-23 12:34 2011-09-3 表示 GitHub Exploit DB Packet Storm
257560 7.5 HIGH
tibco spotfire_analytics_server
spotfire_server 		Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attac… NVD-CWE-noinfo
CVE-2011-3134 2011-09-23 12:34 2011-09-3 表示 GitHub Exploit DB Packet Storm
257561 3.3 LOW
geoff_wong hammerhead hammerhead.cc in Hammerhead 2.1.4 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/hammer.log (aka the HH_LOG file) or (2) the REPORT_LOG file. CWE-59
リンク解釈の問題 		CVE-2011-3204 2011-09-23 12:34 2011-09-7 表示 GitHub Exploit DB Packet Storm
257562 9.3 HIGH
bcfg2 bcfg2 The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client. CWE-20
不適切な入力確認 		CVE-2011-3211 2011-09-23 12:34 2011-09-16 表示 GitHub Exploit DB Packet Storm
257563 4.3 MEDIUM
ibm lotus_domino Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the PanelIcon parameter in an fmpgPanelHeader ReadForm action to … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-3576 2011-09-23 12:34 2011-09-19 表示 GitHub Exploit DB Packet Storm
257564 6.5 MEDIUM
chyrp chyrp upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users… CWE-264
認可・権限・アクセス制御 		CVE-2011-2745 2011-09-22 12:32 2011-07-27 表示 GitHub Exploit DB Packet Storm
257565 9.3 HIGH
citrix access_gateway Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows … CWE-119
バッファエラー 		CVE-2011-2882 2011-09-22 12:32 2011-07-22 表示 GitHub Exploit DB Packet Storm
257566 4.3 MEDIUM
hp network_node_manager_i Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x allows local users to read or modify (1) log files or (2) other data via unknown vectors. NVD-CWE-noinfo
CVE-2011-1855 2011-09-22 12:31 2011-05-14 表示 GitHub Exploit DB Packet Storm
257567 4.3 MEDIUM
webmin webmin Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-1937 2011-09-22 12:31 2011-06-1 表示 GitHub Exploit DB Packet Storm
257568 5.0 MEDIUM
inventivetec mediacast MediaCAST 8 and earlier stores passwords in cleartext, which makes it easier for context-dependent attackers to obtain sensitive information by reading an unspecified password data store, a different… CWE-200
情報漏えい 		CVE-2011-2076 2011-09-22 12:31 2011-05-11 表示 GitHub Exploit DB Packet Storm
257569 7.5 HIGH
inventivetec mediacast The default configuration of the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier enables external TCP connections to port 10000, instead of connections only from 127.0.0.1,… CWE-16
環境設定 		CVE-2011-2077 2011-09-22 12:31 2011-05-11 表示 GitHub Exploit DB Packet Storm
257570 4.3 MEDIUM
inventivetec mediacast Multiple cross-site scripting (XSS) vulnerabilities in the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier allow remote attackers to inject arbitrary web script or HTML via… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-2078 2011-09-22 12:31 2011-05-11 表示 GitHub Exploit DB Packet Storm
257571 7.5 HIGH
inventivetec mediacast MediaCAST 8 and earlier allows remote attackers to have an unspecified impact via a (1) CP_RIGHTSOURCE or (2) bdclient_Inventive cookie to the default URI under inventivex/managetraining/, related to… CWE-20
不適切な入力確認 		CVE-2011-2079 2011-09-22 12:31 2011-05-11 表示 GitHub Exploit DB Packet Storm
257572 5.0 MEDIUM
inventivetec mediacast MediaCAST 8 and earlier does not properly handle requests for inventivex/isptools/release/metadata/globalIncludeFolders.txt, which allows remote attackers to obtain sensitive information via unspecif… CWE-200
情報漏えい 		CVE-2011-2081 2011-09-22 12:31 2011-05-11 表示 GitHub Exploit DB Packet Storm
257573 4.3 MEDIUM
apache httpclient Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers … CWE-200
情報漏えい 		CVE-2011-1498 2011-09-22 12:30 2011-07-8 表示 GitHub Exploit DB Packet Storm
257574 4.3 MEDIUM
nagios nagios Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-1523 2011-09-22 12:30 2011-05-4 表示 GitHub Exploit DB Packet Storm
257575 5.0 MEDIUM
hp performance_insight Unspecified vulnerability in HP Performance Insight 5.0, 5.1x. 5.2x, 5.3x, 5.4, 5.41, and 5.41.002 allows remote attackers to obtain sensitive information via unknown vectors. NVD-CWE-noinfo
CVE-2011-1536 2011-09-22 12:30 2011-04-30 表示 GitHub Exploit DB Packet Storm
257576 4.3 MEDIUM
hp proliant_support_pack Cross-site scripting (XSS) vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-1537 2011-09-22 12:30 2011-05-4 表示 GitHub Exploit DB Packet Storm
257577 4.9 MEDIUM
hp proliant_support_pack Open redirect vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote authenticated users to redirect other users to arbitrary web sites and conduct phishing attacks via unspecified … CWE-20
不適切な入力確認 		CVE-2011-1538 2011-09-22 12:30 2011-05-4 表示 GitHub Exploit DB Packet Storm
257578 5.0 MEDIUM
hp proliant_support_pack Unspecified vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to obtain sensitive information via unknown vectors. NVD-CWE-noinfo
CVE-2011-1539 2011-09-22 12:30 2011-05-4 表示 GitHub Exploit DB Packet Storm
257579 9.0 HIGH
hp system_management_homepage Unspecified vulnerability in HP System Management Homepage (SMH) before 6.3 allows remote authenticated users to execute arbitrary code via unknown vectors. NVD-CWE-noinfo
CVE-2011-1540 2011-09-22 12:30 2011-04-30 表示 GitHub Exploit DB Packet Storm
257580 10.0 HIGH
hp system_management_homepage Unspecified vulnerability in HP System Management Homepage (SMH) before 6.3 allows remote attackers to bypass intended access restrictions, and consequently execute arbitrary code, via unknown vector… NVD-CWE-noinfo
CVE-2011-1541 2011-09-22 12:30 2011-04-30 表示 GitHub Exploit DB Packet Storm
257581 4.3 MEDIUM
hp systems_insight_manager Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-1542 2011-09-22 12:30 2011-04-30 表示 GitHub Exploit DB Packet Storm
257582 4.3 MEDIUM
hp systems_insight_manager Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. CWE-352
同一生成元ポリシー違反 		CVE-2011-1543 2011-09-22 12:30 2011-04-30 表示 GitHub Exploit DB Packet Storm
257583 6.0 MEDIUM
hp insight_control_performance_management Unspecified vulnerability in HP Insight Control Performance Management before 6.3 allows remote authenticated users to gain privileges via unknown vectors. NVD-CWE-noinfo
CVE-2011-1544 2011-09-22 12:30 2011-05-4 表示 GitHub Exploit DB Packet Storm
257584 6.8 MEDIUM
hp insight_control_performance_management Cross-site request forgery (CSRF) vulnerability in HP Insight Control Performance Management before 6.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. CWE-352
同一生成元ポリシー違反 		CVE-2011-1545 2011-09-22 12:30 2011-05-4 表示 GitHub Exploit DB Packet Storm
257585 10.0 HIGH
realflex realwin Multiple stack-based buffer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via (1) a long username in an… CWE-119
バッファエラー 		CVE-2011-1563 2011-09-22 12:30 2011-04-6 表示 GitHub Exploit DB Packet Storm
257586 10.0 HIGH
realflex realwin Multiple integer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via crafted (1) On_FC_MISC_FCS_MSGBROADC… CWE-189
数値処理の問題 		CVE-2011-1564 2011-09-22 12:30 2011-04-6 表示 GitHub Exploit DB Packet Storm
257587 10.0 HIGH
7t igss Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) c… CWE-22
パス・トラバーサル 		CVE-2011-1565 2011-09-22 12:30 2011-04-6 表示 GitHub Exploit DB Packet Storm
257588 10.0 HIGH
7t igss Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (… CWE-119
バッファエラー 		CVE-2011-1567 2011-09-22 12:30 2011-04-6 表示 GitHub Exploit DB Packet Storm
257589 10.0 HIGH
7t igss Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) al… CWE-134
書式文字列の問題 		CVE-2011-1568 2011-09-22 12:30 2011-04-6 表示 GitHub Exploit DB Packet Storm
257590 6.0 MEDIUM
hp virtual_server_environment Unspecified vulnerability in HP Virtual Server Environment before 6.3 allows remote authenticated users to gain privileges via unknown vectors. NVD-CWE-noinfo
CVE-2011-1724 2011-09-22 12:30 2011-05-4 表示 GitHub Exploit DB Packet Storm
257591 2.1 LOW
martinicreations passmanlite_password_manager The MartiniCreations PassmanLite Password Manager application before 1.48 for Android stores the master password and unspecified other account information in cleartext, which allows local users to ob… CWE-310
暗号の問題 		CVE-2011-1840 2011-09-22 12:30 2011-05-14 表示 GitHub Exploit DB Packet Storm
257592 4.3 MEDIUM
hp diagnostics Cross-site scripting (XSS) vulnerability in HP Diagnostics 7.5x and 8.0x before 8.05.54.225 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-0892 2011-09-22 12:29 2011-03-30 表示 GitHub Exploit DB Packet Storm
257593 4.3 MEDIUM
hp operations Cross-site scripting (XSS) vulnerability in HP Operations 9.10 on UNIX platforms allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-0893 2011-09-22 12:29 2011-04-4 表示 GitHub Exploit DB Packet Storm
257594 5.5 MEDIUM
hp operations Unspecified vulnerability in HP Operations 9.10 on UNIX platforms allows remote authenticated users to bypass intended access restrictions via unknown vectors. NVD-CWE-noinfo
CVE-2011-0894 2011-09-22 12:29 2011-04-4 表示 GitHub Exploit DB Packet Storm
257595 10.0 HIGH
cisco tandberg_endpoint
tandberg_personal_video_unit_software
tandberg_personal_video_unit 		The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easi… CWE-255
証明書・パスワード管理 		CVE-2011-0354 2011-09-22 12:28 2011-02-4 表示 GitHub Exploit DB Packet Storm
257596 4.0 MEDIUM
pureftpd
netbsd 		pure-ftpd
netbsd 		The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denia… CWE-20
不適切な入力確認 		CVE-2011-0418 2011-09-22 12:28 2011-05-25 表示 GitHub Exploit DB Packet Storm
257597 6.8 MEDIUM
zikula zikula_application_framework Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account priv… CWE-352
同一生成元ポリシー違反 		CVE-2011-0535 2011-09-22 12:28 2011-02-9 表示 GitHub Exploit DB Packet Storm
257598 9.3 HIGH
adobe audition Buffer overflow in Adobe Audition 3.0.1 and earlier allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Aud… CWE-119
バッファエラー 		CVE-2011-0614 2011-09-22 12:28 2011-05-17 表示 GitHub Exploit DB Packet Storm
257599 10.0 HIGH
oracle
sun 		glassfish_server
java_system_application_server 		Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, an… NVD-CWE-noinfo
CVE-2011-0807 2011-09-22 12:28 2011-04-20 表示 GitHub Exploit DB Packet Storm
257600 2.6 LOW
amix skeletonz_cms_1.0 Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4734 2011-09-22 12:27 2011-02-16 表示 GitHub Exploit DB Packet Storm