NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月29日5:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
258601	7.8	HIGH	cisco	telepresence_recording_server_software telepresence_recording_server telepresence_multipoint_switch_software telepresence_multipoint_switch	Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote ac…	CWE-399 リソース管理の問題	CVE-2011-0388	2011-04-9 12:32	2011-02-25	表示	GitHub Exploit DB Packet Storm

258602	7.5	HIGH	micronetsoft	rv_dealer_website	Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy para…	CWE-89 SQLインジェクション	CVE-2010-4362	2011-04-9 12:31	2010-12-2	表示	GitHub Exploit DB Packet Storm

258603	5.0	MEDIUM	infradead	openconnect	OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output po…	CWE-200 情報漏えい	CVE-2010-3902	2011-04-9 12:29	2010-10-14	表示	GitHub Exploit DB Packet Storm

258604	7.5	HIGH	ibm	websphere_application_server	The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors.	CWE-20 不適切な入力確認	CVE-2011-1309	2011-04-7 13:00	2011-03-9	表示	GitHub Exploit DB Packet Storm

258605	1.9	LOW	ibm	websphere_application_server	The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into…	CWE-200 情報漏えい	CVE-2011-1310	2011-04-7 13:00	2011-03-9	表示	GitHub Exploit DB Packet Storm

258606	6.0	MEDIUM	ibm	websphere_application_server	The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml…	CWE-264 認可・権限・アクセス制御	CVE-2011-1311	2011-04-7 13:00	2011-03-9	表示	GitHub Exploit DB Packet Storm

258607	4.0	MEDIUM	ibm	websphere_application_server	The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows rem…	CWE-264 認可・権限・アクセス制御	CVE-2011-1312	2011-04-7 13:00	2011-03-9	表示	GitHub Exploit DB Packet Storm

258608	5.0	MEDIUM	ibm	websphere_application_server	Double free vulnerability in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service (S0C4 ABEND and sto…	CWE-399 リソース管理の問題	CVE-2011-1313	2011-04-7 13:00	2011-03-9	表示	GitHub Exploit DB Packet Storm

258609	5.0	MEDIUM	ibm	websphere_application_server	The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (daemon hang) by performing close ope…	CWE-399 リソース管理の問題	CVE-2011-1314	2011-04-7 13:00	2011-03-9	表示	GitHub Exploit DB Packet Storm

258610	5.0	MEDIUM	ibm	websphere_application_server	Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associa…	CWE-399 リソース管理の問題	CVE-2011-1315	2011-04-7 13:00	2011-03-9	表示	GitHub Exploit DB Packet Storm

258611	5.0	MEDIUM	ibm	websphere_application_server	The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thre…	CWE-399 リソース管理の問題	CVE-2011-1316	2011-04-7 13:00	2011-03-9	表示	GitHub Exploit DB Packet Storm

258612	5.0	MEDIUM	ibm	websphere_application_server	Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remo…	CWE-399 リソース管理の問題	CVE-2011-1317	2011-04-7 13:00	2011-03-9	表示	GitHub Exploit DB Packet Storm

258613	6.3	MEDIUM	gentoo	logrotate	The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and…	CWE-264 認可・権限・アクセス制御	CVE-2011-1550	2011-04-7 13:00	2011-03-31	表示	GitHub Exploit DB Packet Storm

258614	4.9	MEDIUM	ssl-explorer	ssl-explorer	Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote authenticated users to enter redirect URLs containing (1) JavaScript or (2) HTTP headers via an unspecified vector, possibly the …	NVD-CWE-noinfo CWE-119 バッファエラー	CVE-2007-2907	2011-04-7 13:00	2007-05-30	表示	GitHub Exploit DB Packet Storm

258615	7.8	HIGH	tibco	rendezvous	Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and 7.5.4 allows remote attackers to cause a denial of service (memory consumption) via a packet with a length field of zero, a differen…	CWE-399 リソース管理の問題	CVE-2007-4158	2011-04-7 13:00	2007-08-4	表示	GitHub Exploit DB Packet Storm

258616	10.0	HIGH	ibm	websphere_application_server	Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor ro…	NVD-CWE-noinfo	CVE-2007-6679	2011-04-7 13:00	2008-01-10	表示	GitHub Exploit DB Packet Storm

258617	5.1	MEDIUM	apple	mac_os_x mac_os_x_server	Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly …	NVD-CWE-noinfo	CVE-2006-3497	2011-04-7 13:00	2006-08-3	表示	GitHub Exploit DB Packet Storm

258618	4.3	MEDIUM	ibm	webi	Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecifi…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-1242	2011-04-7 12:18	2010-04-6	表示	GitHub Exploit DB Packet Storm

258619	7.5	HIGH	ibm	webi	The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 creates persistent cookies on client workstations, which has unspecified impact and attack vectors.	NVD-CWE-noinfo	CVE-2010-1243	2011-04-7 12:18	2010-04-6	表示	GitHub Exploit DB Packet Storm

258620	10.0	HIGH	realnetworks	helix_server helix_mobile_server	Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code …	CWE-134 書式文字列の問題	CVE-2010-4235	2011-04-6 13:00	2011-04-4	表示	GitHub Exploit DB Packet Storm

258621	9.3	HIGH	realnetworks	helix_server helix_mobile_server	Stack-based buffer overflow in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code …	CWE-119 バッファエラー	CVE-2010-4596	2011-04-6 13:00	2011-04-4	表示	GitHub Exploit DB Packet Storm

258622	4.3	MEDIUM	ibm	webi	Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspe…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-1558	2011-04-6 00:19	2011-04-6	表示	GitHub Exploit DB Packet Storm

258623	10.0	HIGH	ibm	webi	Unspecified vulnerability in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 has unknown impact and attack vectors.	NVD-CWE-noinfo	CVE-2011-1559	2011-04-6 00:19	2011-04-6	表示	GitHub Exploit DB Packet Storm

258624	6.8	MEDIUM	ibm	aix	The LDAP login feature in bos.rte.security 6.1.6.4 in IBM AIX 6.1, when ldap_auth is enabled in ldap.cfg, allows remote attackers to bypass authentication via a login attempt with an arbitrary passwo…	CWE-287 不適切な認証	CVE-2011-1561	2011-04-6 00:19	2011-04-6	表示	GitHub Exploit DB Packet Storm

258625	6.8	MEDIUM	aphpkb	aphpkb	SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.3 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter, a different vulnerabili…	CWE-89 SQLインジェクション	CVE-2011-1555	2011-04-5 13:00	2011-04-4	表示	GitHub Exploit DB Packet Storm

258626	7.5	HIGH	icloudcenter	icjobsite	SQL injection vulnerability in ICloudCenter ICJobSite 1.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter to an unspecified component, a different vulnerability than C…	CWE-89 SQLインジェクション	CVE-2011-1557	2011-04-5 13:00	2011-04-4	表示	GitHub Exploit DB Packet Storm

258627	10.0	HIGH	horde	groupware groupware_webmail_edition kronolith_h3 mnemo_h3 nag_h3	Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 bef…	CWE-264 認可・権限・アクセス制御	CVE-2008-7219	2011-04-5 13:00	2009-09-14	表示	GitHub Exploit DB Packet Storm

258628	5.0	MEDIUM	apple	iphone_os	The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote…	CWE-20 不適切な入力確認	CVE-2011-0159	2011-03-31 12:29	2011-03-12	表示	GitHub Exploit DB Packet Storm

258629	5.0	MEDIUM	apple	safari webkit iphone_os	WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture cred…	CWE-20 不適切な入力確認	CVE-2011-0160	2011-03-31 12:29	2011-03-12	表示	GitHub Exploit DB Packet Storm

258630	4.3	MEDIUM	apple	safari webkit	The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a …	CWE-264 認可・権限・アクセス制御	CVE-2011-0167	2011-03-31 12:29	2011-03-12	表示	GitHub Exploit DB Packet Storm

258631	10.0	HIGH	cisco	telepresence_system_software telepresence_system_1000 telepresence_system_1100 telepresence_system_3000 telepresence_system_1300_series telepresence_system_3200_series telepresence_…	The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command inje…	CWE-78 OSコマンド・インジェクション	CVE-2011-0372	2011-03-31 12:29	2011-02-25	表示	GitHub Exploit DB Packet Storm

258632	9.0	HIGH	cisco	telepresence_system_software telepresence_system_1000 telepresence_system_1100 telepresence_system_3000 telepresence_system_1300_series telepresence_system_3200_series telepresence_…	The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "co…	CWE-78 OSコマンド・インジェクション	CVE-2011-0373	2011-03-31 12:29	2011-02-25	表示	GitHub Exploit DB Packet Storm

258633	9.0	HIGH	cisco	telepresence_system_software telepresence_system_1000 telepresence_system_1100 telepresence_system_3000 telepresence_system_1300_series telepresence_system_3200_series telepresence_…	The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "co…	CWE-78 OSコマンド・インジェクション	CVE-2011-0374	2011-03-31 12:29	2011-02-25	表示	GitHub Exploit DB Packet Storm

258634	9.0	HIGH	cisco	telepresence_system_software telepresence_system_1000 telepresence_system_1100 telepresence_system_3000 telepresence_system_1300_series telepresence_system_3200_series telepresence_…	The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "co…	CWE-78 OSコマンド・インジェクション	CVE-2011-0375	2011-03-31 12:29	2011-02-25	表示	GitHub Exploit DB Packet Storm

258635	10.0	HIGH	cisco	telepresence_system_software telepresence_system_1000 telepresence_system_1100 telepresence_system_3000 telepresence_system_1300_series telepresence_system_3200_series telepresence_…	The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug I…	CWE-200 情報漏えい	CVE-2011-0376	2011-03-31 12:29	2011-02-25	表示	GitHub Exploit DB Packet Storm

258636	8.3	HIGH	cisco	telepresence_system_software telepresence_system_1000 telepresence_system_1100 telepresence_system_3000 telepresence_system_1300_series telepresence_system_3200_series telepresence_…	The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command inje…	CWE-78 OSコマンド・インジェクション	CVE-2011-0378	2011-03-31 12:29	2011-02-25	表示	GitHub Exploit DB Packet Storm

258637	7.5	HIGH	fedoraproject redhat	389_directory_server directory_server	slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a den…	CWE-20 不適切な入力確認	CVE-2011-0019	2011-03-31 12:28	2011-02-24	表示	GitHub Exploit DB Packet Storm

258638	4.7	MEDIUM	fedoraproject redhat	389_directory_server directory_server	The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, whic…	CWE-399 リソース管理の問題	CVE-2011-0022	2011-03-31 12:28	2011-02-24	表示	GitHub Exploit DB Packet Storm

258639	5.0	MEDIUM	ibm	websphere_application_server	Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a de…	CWE-399 リソース管理の問題	CVE-2011-1318	2011-03-30 13:00	2011-03-9	表示	GitHub Exploit DB Packet Storm

258640	4.0	MEDIUM	ibm	websphere_application_server	The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote authenticated users to cause a denial of service (memory consumption) by…	CWE-399 リソース管理の問題	CVE-2011-1319	2011-03-30 13:00	2011-03-9	表示	GitHub Exploit DB Packet Storm

258641	6.8	MEDIUM	ibm	websphere_application_server	The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) …	CWE-20 不適切な入力確認	CVE-2011-1320	2011-03-29 13:00	2011-03-9	表示	GitHub Exploit DB Packet Storm

258642	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font.	CWE-119 バッファエラー	CVE-2011-0175	2011-03-25 03:35	2011-03-23	表示	GitHub Exploit DB Packet Storm

258643	4.9	MEDIUM	apple	mac_os_x mac_os_x_server	AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to cause a denial of service (divide-by-zero error and reboot) via Wi-Fi frames on the local wireless network, a different vulnera…	CWE-189 数値処理の問題	CVE-2011-0172	2011-03-24 13:00	2011-03-23	表示	GitHub Exploit DB Packet Storm

258644	6.8	MEDIUM	apple	mac_os_x applescript mac_os_x_server	Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via …	CWE-134 書式文字列の問題	CVE-2011-0173	2011-03-24 13:00	2011-03-23	表示	GitHub Exploit DB Packet Storm

258645	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code via a document that contains a crafted embedded OpenType font.	CWE-119 バッファエラー	CVE-2011-0174	2011-03-24 13:00	2011-03-23	表示	GitHub Exploit DB Packet Storm

258646	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded Type 1 font.	CWE-119 バッファエラー	CVE-2011-0176	2011-03-24 13:00	2011-03-23	表示	GitHub Exploit DB Packet Storm

258647	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted SFNT table in an embedde…	CWE-119 バッファエラー	CVE-2011-0177	2011-03-24 13:00	2011-03-23	表示	GitHub Exploit DB Packet Storm

258648	2.1	LOW	apple	mac_os_x carboncore mac_os_x_server	The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain pot…	CWE-200 情報漏えい	CVE-2011-0178	2011-03-24 13:00	2011-03-23	表示	GitHub Exploit DB Packet Storm

258649	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a document that contains a crafte…	CWE-119 バッファエラー	CVE-2011-0179	2011-03-24 13:00	2011-03-23	表示	GitHub Exploit DB Packet Storm

258650	2.1	LOW	apple	mac_os_x mac_os_x_server	Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call.	CWE-189 数値処理の問題	CVE-2011-0180	2011-03-24 13:00	2011-03-23	表示	GitHub Exploit DB Packet Storm