NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月29日5:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
258651	5.0	MEDIUM	apple	mac_os_x mac_os_x_server	Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, o…	CWE-189 数値処理の問題	CVE-2011-0183	2011-03-24 13:00	2011-03-23	表示	GitHub Exploit DB Packet Storm

258652	5.0	MEDIUM	rim	blackberry_torch_9800_firmware blackberry_torch_9800	The Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246 allows attackers to read the contents of memory locations via unknown vectors, as demonstrated by Vincenzo Iozzo, Willem Pin…	CWE-200 情報漏えい	CVE-2011-1416	2011-03-24 13:00	2011-03-12	表示	GitHub Exploit DB Packet Storm

258653	7.5	HIGH	janguo	com_jimtawl	Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in…	CWE-22 パス・トラバーサル	CVE-2010-4769	2011-03-24 13:00	2011-03-24	表示	GitHub Exploit DB Packet Storm

258654	7.5	HIGH	matteoiammarrone	s-cms	SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.	CWE-89 SQLインジェクション	CVE-2010-4771	2011-03-24 13:00	2011-03-24	表示	GitHub Exploit DB Packet Storm

258655	4.3	MEDIUM	matteoiammarrone	s-cms	Cross-site scripting (XSS) vulnerability in blocks/lang.php in S-CMS 2.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter to viewforum.php.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-4772	2011-03-24 13:00	2011-03-24	表示	GitHub Exploit DB Packet Storm

258656	7.5	HIGH	auracms	auracms	SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-4804 and CVE-2007-4171.	CWE-89 SQLインジェクション	CVE-2010-4774	2011-03-24 13:00	2011-03-24	表示	GitHub Exploit DB Packet Storm

258657	3.5	LOW	ibm	lotus_quickr	Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.5 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by deleting an item that is ac…	NVD-CWE-noinfo	CVE-2009-5058	2011-03-24 13:00	2011-03-23	表示	GitHub Exploit DB Packet Storm

258658	3.5	LOW	ibm	lotus_quickr	Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by checking out a docume…	NVD-CWE-noinfo	CVE-2009-5059	2011-03-24 13:00	2011-03-23	表示	GitHub Exploit DB Packet Storm

258659	3.5	LOW	ibm	lotus_quickr	Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by accessing an entry in…	NVD-CWE-noinfo	CVE-2009-5060	2011-03-24 13:00	2011-03-23	表示	GitHub Exploit DB Packet Storm

258660	2.1	LOW	ibm	lotus_quickr	Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 services for Lotus Domino, when Domino Native Authentication is enabled, might allow remote authenticated users to cause a denial of …	NVD-CWE-noinfo	CVE-2009-5061	2011-03-24 13:00	2011-03-23	表示	GitHub Exploit DB Packet Storm

258661	3.5	LOW	ibm	lotus_quickr	IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX allows remote authenticated users to cause a denial of service (daemon crash) by subscribing to an Atom feed, aka SPR JRIE7VKMP9.	CWE-399 リソース管理の問題	CVE-2009-5062	2011-03-24 13:00	2011-03-23	表示	GitHub Exploit DB Packet Storm

258662	3.5	LOW	ibm	lotus_quickr	IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by clicking a download link, aka SPR QCAO7E6AM8.	CWE-399 リソース管理の問題	CVE-2008-7284	2011-03-24 13:00	2011-03-23	表示	GitHub Exploit DB Packet Storm

258663	5.0	MEDIUM	ibm	lotus_quickr	Unspecified vulnerability in the docnote string handling implementation in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allows remote attackers to cause a denial of service (daemon c…	NVD-CWE-noinfo	CVE-2008-7285	2011-03-24 13:00	2011-03-23	表示	GitHub Exploit DB Packet Storm

258664	3.5	LOW	ibm	lotus_quickr	IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not properly handle URLs that request images, which allows remote authenticated users to cause a denial of service (daemon crash) vi…	CWE-20 不適切な入力確認	CVE-2008-7286	2011-03-24 13:00	2011-03-23	表示	GitHub Exploit DB Packet Storm

258665	5.0	MEDIUM	apple	terminal mac_os_x mac_os_x_server	The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attack…	CWE-16 環境設定	CVE-2011-0189	2011-03-23 13:00	2011-03-23	表示	GitHub Exploit DB Packet Storm

258666	4.3	MEDIUM	apple	installer mac_os_x mac_os_x_server	Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an ag…	CWE-20 不適切な入力確認	CVE-2011-0190	2011-03-23 13:00	2011-03-23	表示	GitHub Exploit DB Packet Storm

258667	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.	CWE-119 バッファエラー	CVE-2011-0193	2011-03-23 13:00	2011-03-23	表示	GitHub Exploit DB Packet Storm

258668	6.8	MEDIUM	apple	imageio mac_os_x mac_os_x_server	Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG …	CWE-189 数値処理の問題	CVE-2011-0194	2011-03-23 13:00	2011-03-23	表示	GitHub Exploit DB Packet Storm

258669	1.9	LOW	otrs	otrs	installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier f…	CWE-310 暗号の問題	CVE-2010-4758	2011-03-22 13:00	2011-03-19	表示	GitHub Exploit DB Packet Storm

258670	4.0	MEDIUM	otrs	otrs	Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly restrict the ticket ages that are within the scope of a search, which allows remote authenticated users to cause a denial of ser…	CWE-20 不適切な入力確認	CVE-2010-4759	2011-03-22 13:00	2011-03-19	表示	GitHub Exploit DB Packet Storm

258671	3.5	LOW	otrs	otrs	Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain …	CWE-200 情報漏えい	CVE-2010-4760	2011-03-22 13:00	2011-03-19	表示	GitHub Exploit DB Packet Storm

258672	4.0	MEDIUM	otrs	otrs	The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain …	CWE-264 認可・権限・アクセス制御	CVE-2010-4761	2011-03-22 13:00	2011-03-19	表示	GitHub Exploit DB Packet Storm

258673	3.5	LOW	otrs	otrs	Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3.0.0-beta2 allows remote authenticated users to inject arbitrary web script or …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-4762	2011-03-22 13:00	2011-03-19	表示	GitHub Exploit DB Packet Storm

258674	6.5	MEDIUM	otrs	otrs	The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users …	CWE-264 認可・権限・アクセス制御	CVE-2010-4763	2011-03-22 13:00	2011-03-19	表示	GitHub Exploit DB Packet Storm

258675	5.0	MEDIUM	otrs	otrs	Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it ea…	CWE-255 証明書・パスワード管理	CVE-2010-4764	2011-03-22 13:00	2011-03-19	表示	GitHub Exploit DB Packet Storm

258676	4.9	MEDIUM	otrs	otrs	Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic…	CWE-362 競合状態	CVE-2010-4765	2011-03-22 13:00	2011-03-19	表示	GitHub Exploit DB Packet Storm

258677	4.3	MEDIUM	otrs	otrs	The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially …	CWE-20 不適切な入力確認	CVE-2010-4766	2011-03-22 13:00	2011-03-19	表示	GitHub Exploit DB Packet Storm

258678	5.0	MEDIUM	otrs	otrs	Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, whic…	CWE-20 不適切な入力確認	CVE-2010-4767	2011-03-22 13:00	2011-03-19	表示	GitHub Exploit DB Packet Storm

258679	6.0	MEDIUM	otrs	otrs	Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circ…	CWE-264 認可・権限・アクセス制御	CVE-2010-4768	2011-03-22 13:00	2011-03-19	表示	GitHub Exploit DB Packet Storm

258680	3.5	LOW	otrs	otrs	Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access …	CWE-264 認可・権限・アクセス制御	CVE-2009-5055	2011-03-22 13:00	2011-03-19	表示	GitHub Exploit DB Packet Storm

258681	2.1	LOW	otrs	otrs	Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrict…	CWE-20 不適切な入力確認	CVE-2009-5056	2011-03-22 13:00	2011-03-19	表示	GitHub Exploit DB Packet Storm

258682	5.0	MEDIUM	otrs	otrs	The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to dec…	CWE-310 暗号の問題	CVE-2009-5057	2011-03-22 13:00	2011-03-19	表示	GitHub Exploit DB Packet Storm

258683	4.3	MEDIUM	otrs	otrs	Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) before 2.3.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) AgentTic…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-7275	2011-03-22 13:00	2011-03-19	表示	GitHub Exploit DB Packet Storm

258684	4.6	MEDIUM	otrs	otrs	Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restricti…	CWE-264 認可・権限・アクセス制御	CVE-2008-7276	2011-03-22 13:00	2011-03-19	表示	GitHub Exploit DB Packet Storm

258685	6.5	MEDIUM	otrs	otrs	Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authe…	CWE-264 認可・権限・アクセス制御	CVE-2008-7277	2011-03-22 13:00	2011-03-19	表示	GitHub Exploit DB Packet Storm

258686	5.0	MEDIUM	otrs	otrs	The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easi…	CWE-20 不適切な入力確認	CVE-2008-7278	2011-03-22 13:00	2011-03-19	表示	GitHub Exploit DB Packet Storm

258687	6.5	MEDIUM	otrs	otrs	The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers vi…	CWE-264 認可・権限・アクセス制御	CVE-2008-7279	2011-03-22 13:00	2011-03-19	表示	GitHub Exploit DB Packet Storm

258688	5.0	MEDIUM	otrs	otrs	Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System (OTRS) before 2.2.7 does not properly handle e-mail messages containing malformed UTF-8 characters, which allows remote…	CWE-20 不適切な入力確認	CVE-2008-7280	2011-03-22 13:00	2011-03-19	表示	GitHub Exploit DB Packet Storm

258689	4.3	MEDIUM	otrs	otrs	Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipients, which allows remote attackers to obtain potentially sensitive e-…	CWE-200 情報漏えい	CVE-2008-7281	2011-03-22 13:00	2011-03-19	表示	GitHub Exploit DB Packet Storm

258690	4.6	MEDIUM	otrs	otrs	Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System (OTRS) before 2.2.6, when the CustomerPanelOwnSelection and CustomerGroupSupport options are enabled, allows…	CWE-264 認可・権限・アクセス制御	CVE-2008-7282	2011-03-22 13:00	2011-03-19	表示	GitHub Exploit DB Packet Storm

258691	6.0	MEDIUM	otrs	otrs	Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to t…	CWE-264 認可・権限・アクセス制御	CVE-2008-7283	2011-03-22 13:00	2011-03-19	表示	GitHub Exploit DB Packet Storm

258692	7.6	HIGH	apple	itunes safari webkit	The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing…	CWE-119 バッファエラー	CVE-2011-0115	2011-03-18 11:56	2011-03-4	表示	GitHub Exploit DB Packet Storm

258693	7.6	HIGH	apple	itunes safari webkit	Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows an…	CWE-399 リソース管理の問題	CVE-2011-0132	2011-03-18 11:56	2011-03-4	表示	GitHub Exploit DB Packet Storm

258694	4.3	MEDIUM	hp	web_jetadmin	Unspecified vulnerability in HP Web Jetadmin 10.2 Service Release 3 and 4 allows local users to bypass intended access restrictions via unknown vectors.	NVD-CWE-noinfo	CVE-2011-0278	2011-03-18 11:56	2011-03-2	表示	GitHub Exploit DB Packet Storm

258695	5.0	MEDIUM	dell	dellsystemlite.scanner_activex_control	Directory traversal vulnerability in the GetData method in the Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 allows remote attackers to read arbitrary files via directory …	CWE-22 パス・トラバーサル	CVE-2011-0329	2011-03-18 11:56	2011-02-22	表示	GitHub Exploit DB Packet Storm

258696	5.0	MEDIUM	dell	dellsystemlite.scanner_activex_control	The Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 does not properly restrict the values of the WMIAttributesOfInterest property, which allows remote attackers to execute a…	CWE-264 認可・権限・アクセス制御	CVE-2011-0330	2011-03-18 11:56	2011-02-22	表示	GitHub Exploit DB Packet Storm

258697	6.8	MEDIUM	proftpd	proftpd	Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and po…	CWE-119 バッファエラー	CVE-2010-4652	2011-03-18 11:56	2011-02-2	表示	GitHub Exploit DB Packet Storm

258698	4.3	MEDIUM	apple	safari webkit	The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited …	CWE-200 情報漏えい	CVE-2010-2264	2011-03-18 11:50	2010-06-12	表示	GitHub Exploit DB Packet Storm

258699	10.0	HIGH	apple	webkit	loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has u…	CWE-255 証明書・パスワード管理	CVE-2010-1760	2011-03-18 11:49	2010-08-20	表示	GitHub Exploit DB Packet Storm

258700	5.0	MEDIUM	apple	safari	Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK elemen…	NVD-CWE-Other	CVE-2010-0314	2011-03-18 11:46	2010-01-15	表示	GitHub Exploit DB Packet Storm