Vulnerability Search Top
Show Search Menu
|
You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database). |
JVN Vulnerability Information
Update Date":May 17, 2026, 6 p.m.
| No | CVSS | Level Attach Vector |
Vendor Name | Project Name | Title | CWE | CVE | Update Date | Publication Date | Impact Show |
Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 224691 | 7.5 | 危険 | Digineo | - | Ruby 用 Thumbshooter gem の lib/thumbshooter.rb における任意のコマンドを実行される脆弱性 |
CWE-94
コード・インジェクション |
CVE-2013-1898 | 2013-04-11 19:42 | 2013-03-25 | Show | GitHub Exploit DB Packet Storm |
| 224692 | 7.5 | 危険 | Dan Kubb | - | Ruby 用 extlib gem におけるオブジェクトインジェクション攻撃を実行される脆弱性 |
CWE-264
認可・権限・アクセス制御 |
CVE-2013-1802 | 2013-04-11 19:41 | 2013-01-14 | Show | GitHub Exploit DB Packet Storm |
| 224693 | 7.5 | 危険 | John Nunemaker | - | Ruby 用 httparty gem におけるオブジェクトインジェクション攻撃を実行される脆弱性 |
CWE-264
認可・権限・アクセス制御 |
CVE-2013-1801 | 2013-04-11 19:41 | 2013-01-14 | Show | GitHub Exploit DB Packet Storm |
| 224694 | 7.5 | 危険 | John Nunemaker | - | Ruby 用 crack gem におけるオブジェクトインジェクション攻撃を実行される脆弱性 |
CWE-264
認可・権限・アクセス制御 |
CVE-2013-1800 | 2013-04-11 19:40 | 2013-01-14 | Show | GitHub Exploit DB Packet Storm |
| 224695 | 7.5 | 危険 | Daniel Harrington | - | Ruby 用 nori gem におけるオブジェクトインジェクション攻撃を実行される脆弱性 |
CWE-20
不適切な入力確認 |
CVE-2013-0285 | 2013-04-11 19:39 | 2013-01-14 | Show | GitHub Exploit DB Packet Storm |
| 224696 | 5 | 警告 | New Relic | - | Ruby Agent における重要な情報を取得される脆弱性 |
CWE-200
情報漏えい |
CVE-2013-0284 | 2013-04-11 19:38 | 2013-02-13 | Show | GitHub Exploit DB Packet Storm |
| 224697 | 6.8 | 警告 | Michael Bleigh and Intridea, Inc. | - | Ruby 用 omniauth-oauth2 gem におけるクロスサイトリクエストフォージェリの脆弱性 |
CWE-352
同一生成元ポリシー違反 |
CVE-2012-6134 | 2013-04-11 19:37 | 2013-02-25 | Show | GitHub Exploit DB Packet Storm |
| 224698 | 5.8 | 警告 | Apache Software Foundation | - | Apache Maven のデフォルト設定におけるサーバになりすまされる脆弱性 |
CWE-16
環境設定 |
CVE-2013-0253 | 2013-04-11 17:36 | 2013-04-2 | Show | GitHub Exploit DB Packet Storm |
| 224699 | 4.3 | 警告 | fedorahosted.org | - | cronie におけるファイル記述子が漏えいする脆弱性 |
CWE-200
情報漏えい |
CVE-2012-6097 | 2013-04-11 17:35 | 2013-01-9 | Show | GitHub Exploit DB Packet Storm |
| 224700 | 2.1 | 注意 | Gluster, Inc. レッドハット |
- | Red Hat Storage の GlusterFS 機能における任意のファイルを上書きされる脆弱性 |
CWE-264
認可・権限・アクセス制御 |
CVE-2012-5635 | 2013-04-11 17:35 | 2013-03-28 | Show | GitHub Exploit DB Packet Storm |
NVD Vulnerability Information
Update Date:May 18, 2026, 4:12 a.m.
| No | CVSS | Level Attach Vector |
Vendor Name | Project Name | Title | CWE | CVE | Update Date | Publication Date | Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 278461 | - |
opensuse canonical debian oracle fedoraproject redhat freetype |
opensuse ubuntu_linux debian_linux solaris fedora enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server_eus enterprise_linux_server enterprise_linux… |
The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer der… |
CWE-476
NULL Pointer Dereference |
CVE-2014-9660 | 2024-11-21 11:21 | 2015-02-8 | Show | GitHub Exploit DB Packet Storm | |
| 278462 | - |
freetype debian opensuse fedoraproject oracle canonical redhat |
freetype debian_linux opensuse fedora solaris ubuntu_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server_eus enterprise_linux_server ente… |
The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a … |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2014-9663 | 2024-11-21 11:21 | 2015-02-8 | Show | GitHub Exploit DB Packet Storm | |
| 278463 | - |
oracle freetype fedoraproject opensuse canonical |
solaris freetype fedora opensuse ubuntu_linux |
cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code… |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2014-9659 | 2024-11-21 11:21 | 2015-02-8 | Show | GitHub Exploit DB Packet Storm | |
| 278464 | - |
oracle canonical fedoraproject freetype debian opensuse redhat |
solaris ubuntu_linux fedora freetype debian_linux opensuse enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server_eus enterprise_linux_server ente… |
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or… |
CWE-125
Out-of-bounds Read |
CVE-2014-9658 | 2024-11-21 11:21 | 2015-02-8 | Show | GitHub Exploit DB Packet Storm | |
| 278465 | - |
opensuse redhat oracle fedoraproject freetype debian canonical |
opensuse enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server_eus enterprise_linux_server enterprise_linux_hpc_node enterprise_linux_hpc_node_eus solaris… |
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read)… |
CWE-125
Out-of-bounds Read |
CVE-2014-9657 | 2024-11-21 11:21 | 2015-02-8 | Show | GitHub Exploit DB Packet Storm | |
| 278466 | - |
fedoraproject freetype debian opensuse canonical |
fedora freetype debian_linux opensuse ubuntu_linux |
The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-b… |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2014-9656 | 2024-11-21 11:21 | 2015-02-8 | Show | GitHub Exploit DB Packet Storm | |
| 278467 | - | k7computing |
k7sentry.sys anti-virus_plus total_security ultimate_security |
K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via … |
CWE-264
Permissions, Privileges, and Access Controls |
CVE-2014-9643 | 2024-11-21 11:21 | 2015-02-7 | Show | GitHub Exploit DB Packet Storm | |
| 278468 | - | bullguard |
bdagent.sys internet_security online_backup premium_protection |
bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protection, and Online Backup before 15.0.288 allows local users to write data to arbitrary memory locations, and consequently gain priv… |
CWE-264
Permissions, Privileges, and Access Controls |
CVE-2014-9642 | 2024-11-21 11:21 | 2015-02-7 | Show | GitHub Exploit DB Packet Storm | |
| 278469 | - | trendmicro | tmeext.sys | The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain privile… |
CWE-264
Permissions, Privileges, and Access Controls |
CVE-2014-9641 | 2024-11-21 11:21 | 2015-02-7 | Show | GitHub Exploit DB Packet Storm | |
| 278470 | - |
unzip_project canonical debian fedoraproject |
unzip ubuntu_linux debian_linux fedora |
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip arc… |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2014-9636 | 2024-11-21 11:21 | 2015-02-7 | Show | GitHub Exploit DB Packet Storm |