NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年11月5日5:17

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
258851	1.9	LOW	google	authenticator	pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions…	CWE-200 情報漏えい	CVE-2012-6140	2013-05-7 13:00	2013-04-24	表示	GitHub Exploit DB Packet Storm

258852	5.0	MEDIUM	cisco	webex_meetings_server webex_node_for_asr_1000_series webex_node_for_mcs	The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings Server, and WebEx Node for ASR 1000 Series allows remote attackers to read the contents of uninitialized memory locations via a cra…	CWE-20 不適切な入力確認	CVE-2013-1232	2013-05-6 22:40	2013-05-4	表示	GitHub Exploit DB Packet Storm

258853	9.3	HIGH	hexagon	erdas_er_viewer	Stack-based buffer overflow in the ERM_convert_to_correct_webpath function in ermapper_u.dll in ERDAS ER Viewer before 13.00.0001 allows remote attackers to execute arbitrary code via a crafted pathn…	CWE-119 バッファエラー	CVE-2013-0726	2013-05-6 13:00	2013-05-5	表示	GitHub Exploit DB Packet Storm

258854	10.0	HIGH	hexagon	erdas_apollo_ecwp	Multiple stack-based buffer overflows in NCSAddOn.dll in the ERDAS APOLLO ECWP plugin before 13.00.0001 for Internet Explorer, Firefox, and Chrome allow remote attackers to execute arbitrary code via…	CWE-119 バッファエラー	CVE-2013-0728	2013-05-6 13:00	2013-04-25	表示	GitHub Exploit DB Packet Storm

258855	7.2	HIGH	novell	zenworks_desktop_management	Multiple unquoted Windows search path vulnerabilities in Novell ZENworks Desktop Management (ZDM) 7 through 7.1 might allow local users to gain privileges via a Trojan horse "program" file in the C: …	NVD-CWE-Other	CVE-2013-1092	2013-05-6 13:00	2013-05-5	表示	GitHub Exploit DB Packet Storm

258856	5.0	MEDIUM	cisco	2000_wireless_lan_controller 2100_wireless_lan_controller 2106_wireless_lan_controller 2112_wireless_lan_controller 2125_wireless_lan_controller 2500_wireless_lan_controller 2504_wi…	Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) …	NVD-CWE-Other	CVE-2013-1235	2013-05-6 13:00	2013-05-4	表示	GitHub Exploit DB Packet Storm

258857	4.6	MEDIUM	cisco	unified_communications_manager	The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue2…	CWE-20 不適切な入力確認	CVE-2013-1240	2013-05-6 13:00	2013-05-4	表示	GitHub Exploit DB Packet Storm

258858	6.8	MEDIUM	thulasidas	easy-adsense-lite	Cross-site request forgery (CSRF) vulnerability in the Easy AdSense Lite plugin before 6.10 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that mod…	CWE-352 同一生成元ポリシー違反	CVE-2013-2702	2013-05-6 13:00	2013-05-5	表示	GitHub Exploit DB Packet Storm

258859	6.8	MEDIUM	crunchify	facebook_members	Cross-site request forgery (CSRF) vulnerability in the Facebook Members plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modi…	CWE-352 同一生成元ポリシー違反	CVE-2013-2703	2013-05-6 13:00	2013-05-5	表示	GitHub Exploit DB Packet Storm

258860	10.0	HIGH	adobe	shockwave_player	Adobe Shockwave Player before 12.0.0.112 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.	CWE-119 バッファエラー	CVE-2013-0635	2013-05-4 12:23	2013-02-14	表示	GitHub Exploit DB Packet Storm

258861	10.0	HIGH	adobe	shockwave_player	Stack-based buffer overflow in Adobe Shockwave Player before 12.0.0.112 allows attackers to execute arbitrary code via unspecified vectors.	CWE-119 バッファエラー	CVE-2013-0636	2013-05-4 12:23	2013-02-14	表示	GitHub Exploit DB Packet Storm

258862	5.0	MEDIUM	zend	zend_framework	(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via…	CWE-399 リソース管理の問題	CVE-2012-6532	2013-05-4 12:22	2013-02-14	表示	GitHub Exploit DB Packet Storm

258863	9.3	HIGH	cisco	webex_recording_format_player	Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCu…	CWE-119 バッファエラー	CVE-2012-3936	2013-05-4 12:20	2012-10-25	表示	GitHub Exploit DB Packet Storm

258864	9.3	HIGH	cisco	webex_recording_format_player	Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCt…	CWE-119 バッファエラー	CVE-2012-3937	2013-05-4 12:20	2012-10-25	表示	GitHub Exploit DB Packet Storm

258865	9.3	HIGH	cisco	webex_recording_format_player	Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCt…	CWE-119 バッファエラー	CVE-2012-3938	2013-05-4 12:20	2012-10-25	表示	GitHub Exploit DB Packet Storm

258866	9.3	HIGH	cisco	webex_recording_format_player	Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory co…	CWE-119 バッファエラー	CVE-2012-3939	2013-05-4 12:20	2012-10-25	表示	GitHub Exploit DB Packet Storm

258867	9.3	HIGH	cisco	webex_recording_format_player	Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCt…	CWE-119 バッファエラー	CVE-2012-3940	2013-05-4 12:20	2012-10-25	表示	GitHub Exploit DB Packet Storm

258868	9.3	HIGH	cisco	webex_recording_format_player	Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka …	CWE-119 バッファエラー	CVE-2012-3941	2013-05-4 12:20	2012-10-25	表示	GitHub Exploit DB Packet Storm

258869	4.0	MEDIUM	mozilla	firefox	Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.	CWE-264 認可・権限・アクセス制御	CVE-2012-3987	2013-05-4 12:20	2012-10-11	表示	GitHub Exploit DB Packet Storm

258870	6.4	MEDIUM	djangoproject	django	The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host…	CWE-20 不適切な入力確認	CVE-2012-4520	2013-05-4 12:20	2012-11-19	表示	GitHub Exploit DB Packet Storm

258871	5.0	MEDIUM	ruby-lang	ruby	The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected…	CWE-264 認可・権限・アクセス制御	CVE-2012-4522	2013-05-4 12:20	2012-11-25	表示	GitHub Exploit DB Packet Storm

258872	4.3	MEDIUM	joomla	joomla\!	Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-3267	2013-05-4 03:23	2013-05-3	表示	GitHub Exploit DB Packet Storm

258873	4.3	MEDIUM	joomla	joomla\!	Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vect…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-3059	2013-05-4 03:19	2013-05-3	表示	GitHub Exploit DB Packet Storm

258874	9.3	HIGH	emc	avamar	EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man…	CWE-20 不適切な入力確認	CVE-2013-0945	2013-05-4 01:54	2013-05-3	表示	GitHub Exploit DB Packet Storm

258875	7.2	HIGH	emc	networker	The nsrpush process in the client in EMC NetWorker before 7.6.5.3 and 8.x before 8.0.1.4 sets weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.	CWE-264 認可・権限・アクセス制御	CVE-2013-0940	2013-05-3 20:57	2013-05-3	表示	GitHub Exploit DB Packet Storm

258876	3.5	LOW	emc	avamar	The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL.	CWE-200 情報漏えい	CVE-2013-0944	2013-05-3 20:57	2013-05-3	表示	GitHub Exploit DB Packet Storm

258877	5.0	MEDIUM	cisco	webex_meetings_server webex_node_for_mcs	The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629.	CWE-200 CWE-20 情報漏えい不適切な入力確認	CVE-2013-1231	2013-05-3 20:57	2013-05-3	表示	GitHub Exploit DB Packet Storm

258878	4.0	MEDIUM	cisco	ios_xr	The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472.	CWE-119 バッファエラー	CVE-2013-1234	2013-05-3 20:57	2013-05-3	表示	GitHub Exploit DB Packet Storm

258879	4.0	MEDIUM	joomla	joomla\!	Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vecto…	CWE-264 認可・権限・アクセス制御	CVE-2013-3056	2013-05-3 20:57	2013-05-3	表示	GitHub Exploit DB Packet Storm

258880	4.0	MEDIUM	joomla	joomla\!	Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors.	CWE-264 認可・権限・アクセス制御	CVE-2013-3057	2013-05-3 20:57	2013-05-3	表示	GitHub Exploit DB Packet Storm

258881	4.3	MEDIUM	joomla	joomla\!	Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-3058	2013-05-3 20:57	2013-05-3	表示	GitHub Exploit DB Packet Storm

258882	4.3	MEDIUM	ibm	tivoli_federated_identity_manager tivoli_federated_identity_manager_business_gateway	Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.12, 6.2.1 before 6.2.1.5, and 6.2.2 before 6.2.2.4 and Tivoli Federated Identity Manager Bu…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-0582	2013-05-3 13:00	2013-05-3	表示	GitHub Exploit DB Packet Storm

258883	5.0	MEDIUM	zend	zend_framework	The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests t…	CWE-200 情報漏えい	CVE-2012-5657	2013-05-3 13:00	2013-05-2	表示	GitHub Exploit DB Packet Storm

258884	5.0	MEDIUM	gnu	glibc	The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.	CWE-399 リソース管理の問題	CVE-2011-4609	2013-05-3 13:00	2013-05-2	表示	GitHub Exploit DB Packet Storm

258885	10.0	HIGH	novell	file_reporter	Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary code via a large number of VOL elements in an SRS record.	CWE-119 バッファエラー	CVE-2012-4956	2013-05-3 12:25	2012-11-19	表示	GitHub Exploit DB Packet Storm

258886	7.5	HIGH	cisco	unified_computing_system_infrastructure_and_unified_computing_system_software unified_computing_system_6120xp_fabric_interconnect unified_computing_system_6140xp_fabric_interconnect unified_…	Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated Managemen…	CWE-287 不適切な認証	CVE-2013-1186	2013-05-2 13:00	2013-04-25	表示	GitHub Exploit DB Packet Storm

258887	5.4	MEDIUM	citrix	netscaler_access_gateway_firmware netscaler_access_gateway	Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows rem…	NVD-CWE-noinfo	CVE-2013-2767	2013-05-2 13:00	2013-04-26	表示	GitHub Exploit DB Packet Storm

258888	4.3	MEDIUM	cisco	prime_central_for_hosted_collaboration_solution	Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring (ITM) help menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-1158	2013-05-1 22:51	2013-05-1	表示	GitHub Exploit DB Packet Storm

258889	5.0	MEDIUM	matrikonopc	matrikonopc_security_gateway	The configuration utility in MatrikonOPC Security Gateway 1.0 allows remote attackers to cause a denial of service (unhandled exception and application crash) via a TCP RST packet.	CWE-399 リソース管理の問題	CVE-2013-0666	2013-05-1 21:00	2013-05-1	表示	GitHub Exploit DB Packet Storm

258890	9.4	HIGH	matrikonopc	matrikonopc_a\&e_historian	Directory traversal vulnerability in the web interface in the Health Monitor service in MatrikonOPC A&E Historian 1.0.0.0 allows remote attackers to read and delete arbitrary files via a crafted URL.	CWE-22 パス・トラバーサル	CVE-2013-0673	2013-05-1 21:00	2013-05-1	表示	GitHub Exploit DB Packet Storm

258891	5.0	MEDIUM	cisco	prime_central_for_hosted_collaboration_solution	Directory traversal vulnerability in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCud51034.	CWE-22 パス・トラバーサル	CVE-2013-1156	2013-05-1 21:00	2013-05-1	表示	GitHub Exploit DB Packet Storm

258892	4.3	MEDIUM	cisco	prime_central_for_hosted_collaboration_solution	Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring (ITM) Java servlet container in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-1157	2013-05-1 21:00	2013-05-1	表示	GitHub Exploit DB Packet Storm

258893	4.3	MEDIUM	cisco	prime_central_for_hosted_collaboration_solution	Cross-site scripting (XSS) vulnerability in the Netcool Impact (NCI) web menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-1159	2013-05-1 21:00	2013-05-1	表示	GitHub Exploit DB Packet Storm

258894	4.3	MEDIUM	cisco	prime_central_for_hosted_collaboration_solution	Cross-site scripting (XSS) vulnerability in the OpenView web menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspe…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-1160	2013-05-1 21:00	2013-05-1	表示	GitHub Exploit DB Packet Storm

258895	5.0	MEDIUM	cisco	telepresence_management_suite	TMSSNMPService.exe in TelePresence Manager in Cisco TelePresence Management Suite (TMS) on 64-bit platforms allows remote attackers to cause a denial of service (process crash) via SNMP traps, aka Bu…	CWE-20 不適切な入力確認	CVE-2013-1229	2013-05-1 21:00	2013-05-1	表示	GitHub Exploit DB Packet Storm

258896	5.0	MEDIUM	cisco	unified_communications_domain_manager	Cisco Unified Communications Domain Manager allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets, aka Bug ID CSCug47057.	CWE-119 バッファエラー	CVE-2013-1230	2013-05-1 21:00	2013-05-1	表示	GitHub Exploit DB Packet Storm

258897	9.0	HIGH	vmware	vcenter_server_appliance	VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface (V…	CWE-94 コード・インジェクション	CVE-2013-3079	2013-05-1 21:00	2013-05-1	表示	GitHub Exploit DB Packet Storm

258898	9.0	HIGH	vmware	vcenter_server_appliance	VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of servi…	CWE-264 認可・権限・アクセス制御	CVE-2013-3080	2013-05-1 21:00	2013-05-1	表示	GitHub Exploit DB Packet Storm

258899	4.3	MEDIUM	vmware	vcenter_server_appliance	VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction w…	CWE-264 認可・権限・アクセス制御	CVE-2013-3107	2013-05-1 21:00	2013-05-1	表示	GitHub Exploit DB Packet Storm

258900	4.0	MEDIUM	cisco	ios_xr	Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546.	CWE-200 情報漏えい	CVE-2013-1216	2013-05-1 13:00	2013-04-29	表示	GitHub Exploit DB Packet Storm