NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月29日5:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
258551	4.0	MEDIUM	ibm	tivoli_directory_server	Use-after-free vulnerability in the proxy-server implementation in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.65 (aka 6.0.0.8-TIV-ITDS-IF0007) and 6.3 before 6.3.0.1 (aka 6.3.0.0-TIV-ITDS-IF0…	CWE-399 リソース管理の問題	CVE-2010-4789	2011-04-21 19:55	2011-04-21	表示	GitHub Exploit DB Packet Storm

258552	4.0	MEDIUM	ibm	tivoli_directory_server	Memory leak in the ldap_explode_dn function in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.61 (aka 6.0.0.8-TIV-ITDS-IF0003) allows remote authenticated users to cause a denial of service (memo…	CWE-399 リソース管理の問題	CVE-2009-5072	2011-04-21 19:55	2011-04-21	表示	GitHub Exploit DB Packet Storm

258553	4.0	MEDIUM	ibm	tivoli_directory_server	IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.59 (aka 6.0.0.8-TIV-ITDS-IF0001) allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) by adding a nested g…	CWE-399 リソース管理の問題	CVE-2009-5073	2011-04-21 19:55	2011-04-21	表示	GitHub Exploit DB Packet Storm

258554	4.0	MEDIUM	ibm	tivoli_directory_server	Multiple memory leaks in the (1) ldap_init and (2) ldap_url_search_direct API functions in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 allow remote authenticated users to cau…	CWE-399 リソース管理の問題	CVE-2008-7287	2011-04-21 19:55	2011-04-21	表示	GitHub Exploit DB Packet Storm

258555	5.0	MEDIUM	ibm	tivoli_directory_server	IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 on AIX allows remote attackers to cause a denial of service (server destabilization) via an anonymous DIGEST-MD5 LDAP Bind operati…	CWE-399 リソース管理の問題	CVE-2008-7288	2011-04-21 19:55	2011-04-21	表示	GitHub Exploit DB Packet Storm

258556	4.0	MEDIUM	ibm	tivoli_directory_server	IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 does not properly handle the simultaneous changing of multiple passwords, which makes it easier for remote authenticated users to …	CWE-20 不適切な入力確認	CVE-2008-7289	2011-04-21 19:55	2011-04-21	表示	GitHub Exploit DB Packet Storm

258557	4.0	MEDIUM	ibm	tivoli_directory_server	Memory leak in the ldap_explode_rdn API function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 allows remote authenticated users to cause a denial of service (memory consump…	CWE-399 リソース管理の問題	CVE-2008-7290	2011-04-21 19:55	2011-04-21	表示	GitHub Exploit DB Packet Storm

258558	6.8	MEDIUM	ibm	tivoli_directory_server	The get_filter_list function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0006 does not properly perform certain sub filter parsing, which allows remote authenticated users to c…	CWE-399 リソース管理の問題	CVE-2007-6742	2011-04-21 19:55	2011-04-21	表示	GitHub Exploit DB Packet Storm

258559	4.0	MEDIUM	ibm	tivoli_directory_server	Double free vulnerability in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0005 allows remote authenticated users to cause a denial of service (ABEND) via search operations that tri…	CWE-399 リソース管理の問題	CVE-2007-6743	2011-04-21 19:55	2011-04-21	表示	GitHub Exploit DB Packet Storm

258560	6.4	MEDIUM	novell	opensuse_build_service	The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a (1) package or (2) project via unspec…	CWE-264 認可・権限・アクセス制御	CVE-2011-0466	2011-04-21 13:00	2011-04-10	表示	GitHub Exploit DB Packet Storm

258561	2.6	LOW	microsoft	windows_azure_sdk	Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for…	CWE-20 不適切な入力確認	CVE-2011-1068	2011-04-21 13:00	2011-02-24	表示	GitHub Exploit DB Packet Storm

258562	2.1	LOW	ibm	websphere_application_server	The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standar…	CWE-264 認可・権限・アクセス制御	CVE-2011-1307	2011-04-21 13:00	2011-03-9	表示	GitHub Exploit DB Packet Storm

258563	6.8	MEDIUM	ibm	websphere_application_server	IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is use…	CWE-264 認可・権限・アクセス制御	CVE-2011-1683	2011-04-21 13:00	2011-04-13	表示	GitHub Exploit DB Packet Storm

258564	4.3	MEDIUM	lightneasy	lightneasy	Cross-site scripting (XSS) vulnerability in LightNEasy.php in LightNEasy 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, which is not properly handled in a …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-4753	2011-04-21 13:00	2011-03-2	表示	GitHub Exploit DB Packet Storm

258565	7.2	HIGH	pwhois	layer_four_traceroute	Unspecified vulnerability in lft in pWhois Layer Four Traceroute (LFT) 3.x before 3.3 allows local users to gain privileges via a crafted command line.	NVD-CWE-noinfo	CVE-2011-0765	2011-04-21 11:33	2011-04-10	表示	GitHub Exploit DB Packet Storm

258566	4.4	MEDIUM	hp	hp-ux	Unspecified vulnerability in the OS-Core.CORE2-KRN fileset in HP HP-UX B.11.23 and B.11.31 allows local users to cause a denial of service via unknown vectors.	NVD-CWE-noinfo	CVE-2011-0891	2011-04-21 11:33	2011-04-4	表示	GitHub Exploit DB Packet Storm

258567	10.0	HIGH	cisco	ios	The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by…	CWE-310 暗号の問題	CVE-2011-0935	2011-04-21 11:33	2011-04-15	表示	GitHub Exploit DB Packet Storm

258568	10.0	HIGH	cisco	ios	CVSS score derived from: http://www.cisco.com/en/US/docs/ios/15_1s/release/notes/15_1s_caveats_15_1_2s.html	CWE-310 暗号の問題	CVE-2011-0935	2011-04-21 11:33	2011-04-15	表示	GitHub Exploit DB Packet Storm

258569	6.9	MEDIUM	gentoo	logrotate	The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated…	CWE-20 不適切な入力確認	CVE-2011-1154	2011-04-21 11:33	2011-03-31	表示	GitHub Exploit DB Packet Storm

258570	1.9	LOW	gentoo	logrotate	The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash…	CWE-399 リソース管理の問題	CVE-2011-1155	2011-04-21 11:33	2011-03-31	表示	GitHub Exploit DB Packet Storm

258571	6.3	MEDIUM	gentoo	logrotate	The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard…	CWE-264 認可・権限・アクセス制御	CVE-2011-1548	2011-04-21 11:33	2011-03-31	表示	GitHub Exploit DB Packet Storm

258572	6.3	MEDIUM	gentoo	logrotate	The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard lin…	CWE-264 認可・権限・アクセス制御	CVE-2011-1549	2011-04-21 11:33	2011-03-31	表示	GitHub Exploit DB Packet Storm

258573	5.0	MEDIUM	oracle	enterpriseone_tools jd_edwards_enterpriseone jd_edwards_enterpriseone_ep oneworld_tools peoplesoft_and_jdedwards_product_suite peoplesoft_and_jdedwards_suite_scm	Unspecified vulnerability Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect availability, related to Enterprise Infrast…	NVD-CWE-noinfo	CVE-2011-0810	2011-04-20 19:55	2011-04-20	表示	GitHub Exploit DB Packet Storm

258574	5.0	MEDIUM	oracle	enterpriseone_tools jd_edwards_enterpriseone jd_edwards_enterpriseone_ep oneworld_tools peoplesoft_and_jdedwards_product_suite peoplesoft_and_jdedwards_suite_scm	Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect availability, related to Enterprise Infr…	NVD-CWE-noinfo	CVE-2011-0818	2011-04-20 19:55	2011-04-20	表示	GitHub Exploit DB Packet Storm

258575	4.3	MEDIUM	oracle	database_server fusion_middleware	Unspecified vulnerability in the Oracle Help component in Oracle Database Server 11.1.0.7, 11.2.0.1, 11.2.0.2, 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, and 10.1.0.5; and Oracle Fusion Middleware 11.1.…	NVD-CWE-noinfo	CVE-2011-0785	2011-04-20 13:00	2011-04-20	表示	GitHub Exploit DB Packet Storm

258576	4.3	MEDIUM	oracle	database_server fusion_middleware	Per: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html 'Fixed in all supported Releases and Patchsets.'	NVD-CWE-noinfo	CVE-2011-0785	2011-04-20 13:00	2011-04-20	表示	GitHub Exploit DB Packet Storm

258577	5.5	MEDIUM	oracle	database_server enterprise_manager_grid_control	Unspecified vulnerability in the Application Service Level Management component in Oracle Database Server 11.1.0.7 and Enterprise Manager Grid Control allows remote authenticated users to affect conf…	NVD-CWE-noinfo	CVE-2011-0787	2011-04-20 13:00	2011-04-20	表示	GitHub Exploit DB Packet Storm

258578	4.3	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors.	NVD-CWE-noinfo	CVE-2011-0789	2011-04-20 13:00	2011-04-20	表示	GitHub Exploit DB Packet Storm

258579	1.7	LOW	sun	sunos	Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality via unknown vectors related to wbem.	NVD-CWE-noinfo	CVE-2011-0790	2011-04-20 13:00	2011-04-20	表示	GitHub Exploit DB Packet Storm

258580	4.3	MEDIUM	oracle	e-business_suite	Unspecified vulnerability in the Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via un…	NVD-CWE-noinfo	CVE-2011-0791	2011-04-20 13:00	2011-04-20	表示	GitHub Exploit DB Packet Storm

258581	3.6	LOW	oracle	database_server	Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect integrity and avai…	NVD-CWE-noinfo	CVE-2011-0793	2011-04-20 13:00	2011-04-20	表示	GitHub Exploit DB Packet Storm

258582	3.5	LOW	oracle	fusion_middleware	Unspecified vulnerability in the Single Sign On component in Oracle Fusion Middleware 10.1.2.3 allows remote authenticated users to affect integrity via unknown vectors related to Administration and …	NVD-CWE-noinfo	CVE-2011-0795	2011-04-20 13:00	2011-04-20	表示	GitHub Exploit DB Packet Storm

258583	1.7	LOW	oracle	e-business_suite	Unspecified vulnerability in the Applications Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows local users to affect confidentiality via unknown vecto…	NVD-CWE-noinfo	CVE-2011-0796	2011-04-20 13:00	2011-04-20	表示	GitHub Exploit DB Packet Storm

258584	2.1	LOW	oracle	e-business_suite	Unspecified vulnerability in the Applications Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality vi…	NVD-CWE-noinfo	CVE-2011-0797	2011-04-20 13:00	2011-04-20	表示	GitHub Exploit DB Packet Storm

258585	4.3	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 and 11.1.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Midtier Infrastructure.	NVD-CWE-noinfo	CVE-2011-0798	2011-04-20 13:00	2011-04-20	表示	GitHub Exploit DB Packet Storm

258586	6.5	MEDIUM	oracle	database_server warehouse_builder	Unspecified vulnerability in the Oracle Warehouse Builder component in Oracle Database Server 10.2.0.5 (OWB), 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality, integ…	NVD-CWE-noinfo	CVE-2011-0799	2011-04-20 13:00	2011-04-20	表示	GitHub Exploit DB Packet Storm

258587	6.5	MEDIUM	sun	sunos	Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to …	NVD-CWE-noinfo	CVE-2011-0800	2011-04-20 13:00	2011-04-20	表示	GitHub Exploit DB Packet Storm

258588	3.6	LOW	sun	sunos	Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to cp.	NVD-CWE-noinfo	CVE-2011-0801	2011-04-20 13:00	2011-04-20	表示	GitHub Exploit DB Packet Storm

258589	5.8	MEDIUM	oracle	enterpriseone_tools jd_edwards_enterpriseone jd_edwards_enterpriseone_ep oneworld_tools peoplesoft_and_jdedwards_product_suite peoplesoft_and_jdedwards_suite_scm	Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.9 GA through 8.98.4.1, and OneWorld Tools through 24.1.3, allows remote attackers to affect i…	NVD-CWE-noinfo	CVE-2011-0803	2011-04-20 13:00	2011-04-20	表示	GitHub Exploit DB Packet Storm

258590	3.6	LOW	oracle	database_server	Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confiden…	NVD-CWE-noinfo	CVE-2011-0804	2011-04-20 13:00	2011-04-20	表示	GitHub Exploit DB Packet Storm

258591	4.3	MEDIUM	oracle	database_server	Unspecified vulnerability in the UIX component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect integrity via unknown vectors.	NVD-CWE-noinfo	CVE-2011-0805	2011-04-20 13:00	2011-04-20	表示	GitHub Exploit DB Packet Storm

258592	5.0	MEDIUM	oracle	database_server	Unspecified vulnerability in the Network Foundation component in Oracle Database Server 10.1.0.5, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2, when running on Windows, allows remote attacker…	NVD-CWE-noinfo	CVE-2011-0806	2011-04-20 13:00	2011-04-20	表示	GitHub Exploit DB Packet Storm

258593	5.0	MEDIUM	oracle	database_server	Per: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html 'Applicable to Windows servers only.'	NVD-CWE-noinfo	CVE-2011-0806	2011-04-20 13:00	2011-04-20	表示	GitHub Exploit DB Packet Storm

258594	4.3	MEDIUM	oracle	e-business_suite	Unspecified vulnerability in the Web ADI component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors.	NVD-CWE-noinfo	CVE-2011-0809	2011-04-20 13:00	2011-04-20	表示	GitHub Exploit DB Packet Storm

258595	3.5	LOW	ikiwiki	ikiwiki	ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-1401	2011-04-20 13:00	2011-04-12	表示	GitHub Exploit DB Packet Storm

258596	4.3	MEDIUM	rim	blackberry_enterprise_server blackberry_enterprise_server_express	Cross-site scripting (XSS) vulnerability in webdesktop/app in the BlackBerry Web Desktop Manager component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software before 5.0.2 MR5 and…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-0286	2011-04-19 03:55	2011-04-19	表示	GitHub Exploit DB Packet Storm

258597	3.3	LOW	redhat	spice-xpi	The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictabl…	CWE-59 リンク解釈の問題	CVE-2011-0012	2011-04-19 02:55	2011-04-19	表示	GitHub Exploit DB Packet Storm

258598	9.3	HIGH	honeywell	scanserver_activex_control	Use-after-free vulnerability in the addOSPLext method in the Honeywell ScanServer ActiveX control 780.0.20.5 allows remote attackers to execute arbitrary code via a crafted HTML document.	CWE-399 リソース管理の問題	CVE-2011-0331	2011-04-9 12:32	2011-03-23	表示	GitHub Exploit DB Packet Storm

258599	7.9	HIGH	cisco	adaptive_security_appliance_software 5500_series_adaptive_security_appliance asa_5500 telepresence_multipoint_switch_software telepresence_multipoint_switch telepresence_system_softwar…	Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 1.6.x; Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x; …	CWE-119 バッファエラー	CVE-2011-0379	2011-04-9 12:32	2011-02-25	表示	GitHub Exploit DB Packet Storm

258600	10.0	HIGH	cisco	telepresence_recording_server_software telepresence_recording_server	The CGI subsystem on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 allows remote attackers to execute arbitrary commands via a request to TCP port 443, related to a "co…	CWE-78 OSコマンド・インジェクション	CVE-2011-0382	2011-04-9 12:32	2011-02-25	表示	GitHub Exploit DB Packet Storm