NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年6月16日20:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
244251	4.3	MEDIUM	oracle	fusion_middleware	Per: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html "Please refer to MOS note https://support.oracle.com/epmos/faces/DocumentDisplay?id=1586861.1 for configuration."	NVD-CWE-noinfo	CVE-2013-5773	2013-10-24 12:48	2013-10-17	表示	GitHub Exploit DB Packet Storm

244252	4.3	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0.0 and 11.1.2.1.0 allows remote attackers to affect integrity via unknown vectors related to End…	NVD-CWE-noinfo	CVE-2013-5798	2013-10-24 12:48	2013-10-17	表示	GitHub Exploit DB Packet Storm

244253	7.5	HIGH	oracle	identity_analytics sun_role_manager	Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 4.1 and 5.0 allows remote attackers to affect …	NVD-CWE-noinfo	CVE-2013-5815	2013-10-24 12:48	2013-10-17	表示	GitHub Exploit DB Packet Storm

244254	4.3	MEDIUM	oracle	enterprise_manager_plugin_for_database_control enterprise_manager_grid_control enterprise_manager_database_control	Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.…	NVD-CWE-noinfo	CVE-2013-5827	2013-10-24 12:48	2013-10-17	表示	GitHub Exploit DB Packet Storm

244255	4.3	MEDIUM	oracle	enterprise_manager_database_control enterprise_manager_grid_control enterprise_manager_plugin_for_database_control	Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.…	NVD-CWE-noinfo	CVE-2013-5828	2013-10-24 12:48	2013-10-17	表示	GitHub Exploit DB Packet Storm

244256	4.3	MEDIUM	oracle	enterprise_manager_grid_control enterprise_manager_plugin_for_database_control enterprise_manager_database_control	Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.…	NVD-CWE-noinfo	CVE-2013-3762	2013-10-24 12:47	2013-10-17	表示	GitHub Exploit DB Packet Storm

244257	5.0	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 10.1.3.5.0 and 11.1.1.6.0 allows remote attackers to affect confidentiality via unknown vectors related to T…	NVD-CWE-noinfo	CVE-2013-3828	2013-10-24 12:47	2013-10-17	表示	GitHub Exploit DB Packet Storm

244258	5.5	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Oracle Portal component in Oracle Fusion Middleware 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related t…	NVD-CWE-noinfo	CVE-2013-3831	2013-10-24 12:47	2013-10-17	表示	GitHub Exploit DB Packet Storm

244259	4.3	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5.0 and 11.1.2.0.0 allows remote attackers to affect integrity via unknown vectors related to Authe…	NVD-CWE-noinfo	CVE-2013-3833	2013-10-24 12:47	2013-10-17	表示	GitHub Exploit DB Packet Storm

244260	3.5	LOW	oracle	fusion_middleware	Unspecified vulnerability in the Oracle Web Cache component in Oracle Fusion Middleware 11.1.1.6 and 11.1.1.7 allows remote authenticated users to affect confidentiality via vectors related to ESI/Pa…	NVD-CWE-noinfo	CVE-2013-3836	2013-10-24 12:47	2013-10-17	表示	GitHub Exploit DB Packet Storm

244261	5.1	MEDIUM	vmware	springsource_spring_security	Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows a…	CWE-362 競合状態	CVE-2011-2731	2013-10-24 12:32	2012-12-6	表示	GitHub Exploit DB Packet Storm

244262	4.0	MEDIUM	polarssl	polarssl	The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the sh…	CWE-310 暗号の問題	CVE-2011-1923	2013-10-24 12:31	2012-06-21	表示	GitHub Exploit DB Packet Storm

244263	5.0	MEDIUM	perl	perl	Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular…	CWE-189 数値処理の問題	CVE-2010-1158	2013-10-24 12:22	2010-04-21	表示	GitHub Exploit DB Packet Storm

244264	7.2	HIGH	larry_wall	perl	Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build dir…	NVD-CWE-Other	CVE-2005-4278	2013-10-24 10:56	2005-12-16	表示	GitHub Exploit DB Packet Storm

244265	6.8	MEDIUM	draytek	vigor_2700_router_firmware vigor_2700_router	The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during in…	CWE-78 OSコマンド・インジェクション	CVE-2013-5703	2013-10-23 12:22	2013-10-23	表示	GitHub Exploit DB Packet Storm

244266	2.6	LOW	apple	iphone_os	IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.	CWE-264 認可・権限・アクセス制御	CVE-2013-5137	2013-10-23 05:04	2013-09-19	表示	GitHub Exploit DB Packet Storm

244267	7.8	HIGH	apple	iphone_os	The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.	CWE-20 不適切な入力確認	CVE-2013-5140	2013-10-23 04:59	2013-09-19	表示	GitHub Exploit DB Packet Storm

244268	4.3	MEDIUM	apple	iphone_os	Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attac…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-5151	2013-10-23 04:53	2013-09-19	表示	GitHub Exploit DB Packet Storm

244269	7.1	HIGH	apple	iphone_os	The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.	CWE-20 不適切な入力確認	CVE-2013-5155	2013-10-23 04:52	2013-09-19	表示	GitHub Exploit DB Packet Storm

244270	4.3	MEDIUM	apple	iphone_os	The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a cr…	CWE-264 認可・権限・アクセス制御	CVE-2013-5156	2013-10-23 04:52	2013-09-19	表示	GitHub Exploit DB Packet Storm

244271	5.0	MEDIUM	apple	iphone_os	The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests…	CWE-264 認可・権限・アクセス制御	CVE-2013-5157	2013-10-23 04:26	2013-09-19	表示	GitHub Exploit DB Packet Storm

244272	2.1	LOW	apple	iphone_os	The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Tw…	CWE-264 認可・権限・アクセス制御	CVE-2013-5158	2013-10-23 04:22	2013-09-19	表示	GitHub Exploit DB Packet Storm

244273	4.3	MEDIUM	apple	iphone_os	WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAM…	CWE-264 認可・権限・アクセス制御	CVE-2013-5159	2013-10-23 04:20	2013-09-19	表示	GitHub Exploit DB Packet Storm

244274	2.1	LOW	apple	iphone_os	Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.	CWE-264 認可・権限・アクセス制御	CVE-2013-5153	2013-10-23 04:07	2013-09-19	表示	GitHub Exploit DB Packet Storm

244275	6.8	MEDIUM	cisco	virtualization_experience_client_6000 virtualization_experience_client_6000_series_firmware	The diagnostic module in the firmware on Cisco Virtualization Experience Client 6000 devices allows local users to bypass intended access restrictions and execute arbitrary commands via unspecified v…	CWE-20 不適切な入力確認	CVE-2013-5493	2013-10-23 03:54	2013-09-13	表示	GitHub Exploit DB Packet Storm

244276	6.3	MEDIUM	cisco	telepresence_multipoint_switch	The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot …	CWE-399 リソース管理の問題	CVE-2013-5516	2013-10-23 03:51	2013-10-1	表示	GitHub Exploit DB Packet Storm

244277	4.6	MEDIUM	cisco	unified_computing_system	The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via crafted command parameters that trigger hardware-component write operatio…	CWE-20 不適切な入力確認	CVE-2013-5550	2013-10-23 03:07	2013-10-22	表示	GitHub Exploit DB Packet Storm

244278	5.8	MEDIUM	cisco	unified_computing_system	The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing…	CWE-310 暗号の問題	CVE-2012-4115	2013-10-22 02:18	2013-10-21	表示	GitHub Exploit DB Packet Storm

244279	4.3	MEDIUM	watchguard	fireware watchguard_system_manager	Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware before 11.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-5702	2013-10-22 00:42	2013-10-19	表示	GitHub Exploit DB Packet Storm

244280	4.0	MEDIUM	cisco	unity_connection	Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to creat…	CWE-22 パス・トラバーサル	CVE-2013-5534	2013-10-21 23:43	2013-10-19	表示	GitHub Exploit DB Packet Storm

244281	6.8	MEDIUM	iodata	hdl2-a\/e hdl2-ah hdl2-a_firmware hdl-a\/e hdl-ah hdl-as hdl-a_firmware	I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified v…	CWE-399 リソース管理の問題	CVE-2013-4712	2013-10-21 23:31	2013-10-19	表示	GitHub Exploit DB Packet Storm

244282	5.8	MEDIUM	cisco	unified_computing_system	The fabric-interconnect component in Cisco Unified Computing System (UCS) does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic …	CWE-20 不適切な入力確認	CVE-2012-4117	2013-10-21 22:51	2013-10-19	表示	GitHub Exploit DB Packet Storm

244283	4.3	MEDIUM	cisco	unified_computing_system	The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete …	CWE-200 情報漏えい	CVE-2012-4116	2013-10-21 22:17	2013-10-19	表示	GitHub Exploit DB Packet Storm

244284	5.8	MEDIUM	cisco	unified_computing_system	The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network o…	CWE-310 暗号の問題	CVE-2012-4114	2013-10-21 22:16	2013-10-19	表示	GitHub Exploit DB Packet Storm

244285	4.6	MEDIUM	cisco	unified_computing_system	The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interfa…	CWE-264 認可・権限・アクセス制御	CVE-2012-4113	2013-10-21 22:04	2013-10-19	表示	GitHub Exploit DB Packet Storm

244286	6.8	MEDIUM	cisco	unified_computing_system	The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the comman…	CWE-264 認可・権限・アクセス制御	CVE-2012-4112	2013-10-21 21:45	2013-10-19	表示	GitHub Exploit DB Packet Storm

244287	4.3	MEDIUM	process-one	ejabberd	The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack.	CWE-310 暗号の問題	CVE-2013-6169	2013-10-19 02:46	2013-10-18	表示	GitHub Exploit DB Packet Storm

244288	6.8	MEDIUM	cisco	unified_meetingplace unified_meetingplace_web_conferencing	Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified MeetingPlace Solution, as used in Unified MeetingPlace Web Conferencing and Unified MeetingPlace, allows remote a…	CWE-352 同一生成元ポリシー違反	CVE-2013-5494	2013-10-18 22:51	2013-09-16	表示	GitHub Exploit DB Packet Storm

244289	5.5	MEDIUM	cisco	unified_communications_domain_manager	SQL injection vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh…	CWE-89 SQLインジェクション	CVE-2013-5517	2013-10-18 04:27	2013-10-3	表示	GitHub Exploit DB Packet Storm

244290	4.3	MEDIUM	cisco	wireless_lan_controller	Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-5519	2013-10-18 04:19	2013-10-3	表示	GitHub Exploit DB Packet Storm

244291	6.4	MEDIUM	cisco	video_surveillance_4000_ip_camera video_surveillance_4300e_ip_camera video_surveillance_4500e_ip_camera	The analytics page on Cisco Video Surveillance 4000 IP cameras has hardcoded credentials, which allows remote attackers to watch the video feed by leveraging knowledge of the password, aka Bug IDs CS…	CWE-255 証明書・パスワード管理	CVE-2013-5535	2013-10-18 04:09	2013-10-16	表示	GitHub Exploit DB Packet Storm

244292	5.0	MEDIUM	emc	atmos	EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection.	CWE-255 証明書・パスワード管理	CVE-2013-3279	2013-10-18 03:30	2013-10-17	表示	GitHub Exploit DB Packet Storm

244293	6.8	MEDIUM	oracle	ilearning	Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 5.2.1 and 6.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate…	NVD-CWE-noinfo	CVE-2013-5822	2013-10-17 23:18	2013-10-17	表示	GitHub Exploit DB Packet Storm

244294	5.0	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote attackers to affect availability via unknown vectors related to Me…	NVD-CWE-noinfo	CVE-2013-5816	2013-10-17 23:03	2013-10-17	表示	GitHub Exploit DB Packet Storm

244295	3.5	LOW	oracle	industry_applications	Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5…	NVD-CWE-noinfo	CVE-2013-5811	2013-10-17 22:50	2013-10-17	表示	GitHub Exploit DB Packet Storm

244296	4.3	MEDIUM	oracle	supply_chain_products_suite	Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.2 allows remote attackers to affect integrity via unknown vectors related to Security.	NVD-CWE-noinfo	CVE-2013-5799	2013-10-17 04:15	2013-10-17	表示	GitHub Exploit DB Packet Storm

244297	4.3	MEDIUM	oracle	siebel_crm	Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Web Services.	NVD-CWE-noinfo	CVE-2013-5796	2013-10-17 04:00	2013-10-17	表示	GitHub Exploit DB Packet Storm

244298	5.0	MEDIUM	oracle	e-business_suite	Unspecified vulnerability in the Techstack component in Oracle E-Business Suite 12.1 allows remote attackers to affect confidentiality via unknown vectors related to Apache.	NVD-CWE-noinfo	CVE-2013-5792	2013-10-17 03:56	2013-10-17	表示	GitHub Exploit DB Packet Storm

244299	6.9	MEDIUM	oracle	sun_system_firmware sparc_t4-1 sparc_t4-1b sparc_t4-4	Unspecified vulnerability in Oracle PARC Enterprise T4 Servers running Sun System Firmware before 8.3.0.b allows local users to affect confidentiality, integrity, and availability via vectors related…	NVD-CWE-noinfo	CVE-2013-5781	2013-10-17 03:29	2013-10-17	表示	GitHub Exploit DB Packet Storm

244300	4.0	MEDIUM	oracle	peoplesoft_products	Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect confidentiality via vectors…	NVD-CWE-noinfo	CVE-2013-5779	2013-10-17 03:27	2013-10-17	表示	GitHub Exploit DB Packet Storm