NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年6月16日20:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
245251	4.0	MEDIUM	siemens	simatic_pcs7 wincc	The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the use…	CWE-200 情報漏えい	CVE-2013-3959	2013-06-17 13:00	2013-06-15	表示	GitHub Exploit DB Packet Storm

245252	4.3	MEDIUM	orchardproject	orchard	Cross-site scripting (XSS) vulnerability in the Orchard.Comments module in Orchard before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-3645	2013-06-15 00:12	2013-06-14	表示	GitHub Exploit DB Packet Storm

245253	5.0	MEDIUM	hp	insight_diagnostics	hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/front…	CWE-20 不適切な入力確認	CVE-2013-3575	2013-06-15 00:00	2013-06-14	表示	GitHub Exploit DB Packet Storm

245254	7.8	HIGH	hp	insight_diagnostics	Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full path…	CWE-20 不適切な入力確認	CVE-2013-3574	2013-06-14 23:59	2013-06-14	表示	GitHub Exploit DB Packet Storm

245255	4.3	MEDIUM	cisco	video_surveillance_operations_manager	Open redirect vulnerability in the help page in Cisco Video Surveillance Operations Manager allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted…	CWE-20 不適切な入力確認	CVE-2013-3376	2013-06-14 22:18	2013-06-14	表示	GitHub Exploit DB Packet Storm

245256	4.3	MEDIUM	cisco	prime_central_for_hosted_collaboration_solution	Cross-site scripting (XSS) vulnerability in the portal page in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via a crafted URL, …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-3375	2013-06-14 22:10	2013-06-14	表示	GitHub Exploit DB Packet Storm

245257	10.0	HIGH	hp	insight_diagnostics	HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors.	CWE-20 不適切な入力確認	CVE-2013-3573	2013-06-14 22:07	2013-06-14	表示	GitHub Exploit DB Packet Storm

245258	4.3	MEDIUM	juniper	junos_pulse_secure_access_service junos_pulse_access_control_service	Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 includ…	CWE-310 暗号の問題	CVE-2013-3970	2013-06-14 02:47	2013-06-14	表示	GitHub Exploit DB Packet Storm

245259	5.0	MEDIUM	cisco	hosted_collaboration_solution	Cisco Hosted Collaboration Mediation allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets on port 162, aka Bug ID CSCug85756.	CWE-399 リソース管理の問題	CVE-2013-3381	2013-06-12 13:00	2013-06-12	表示	GitHub Exploit DB Packet Storm

245260	5.8	MEDIUM	cisco	nx-os nexus_1000v	The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervi…	CWE-310 暗号の問題	CVE-2013-1212	2013-06-11 13:00	2013-05-30	表示	GitHub Exploit DB Packet Storm

245261	4.3	MEDIUM	filemaker	filemaker_pro filemaker_pro_advanced	Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via u…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-3640	2013-06-11 13:00	2013-06-11	表示	GitHub Exploit DB Packet Storm

245262	4.0	MEDIUM	linux	linux_kernel	The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resource…	CWE-264 認可・権限・アクセス制御	CVE-2011-4347	2013-06-11 02:30	2013-06-8	表示	GitHub Exploit DB Packet Storm

245263	6.8	MEDIUM	qnap	viostor_network_video_recorder	Cross-site request forgery (CSRF) vulnerability in cgi-bin/create_user.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for r…	CWE-352 同一生成元ポリシー違反	CVE-2013-0144	2013-06-10 22:19	2013-06-8	表示	GitHub Exploit DB Packet Storm

245264	5.0	MEDIUM	qnap	viostor_network_video_recorder surveillance_station_pro nas	QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access v…	CWE-255 証明書・パスワード管理	CVE-2013-0142	2013-06-10 13:00	2013-06-8	表示	GitHub Exploit DB Packet Storm

245265	6.5	MEDIUM	qnap	viostor_network_video_recorder surveillance_station_pro nas	cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by lev…	CWE-94 コード・インジェクション	CVE-2013-0143	2013-06-10 13:00	2013-06-8	表示	GitHub Exploit DB Packet Storm

245266	2.1	LOW	rsa	authentication_manager	EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in proxy passwords, and SNMP communities by reading a (1) log file or (2) c…	CWE-255 証明書・パスワード管理	CVE-2013-0947	2013-06-10 13:00	2013-06-8	表示	GitHub Exploit DB Packet Storm

245267	2.6	LOW	jig	movatwitouch movatwitouch_paid	The Content Provider in the MovatwiTouch application before 1.793 and MovatwiTouch Paid application before 1.793 for Android does not properly restrict access to authorization information, which allo…	CWE-264 認可・権限・アクセス制御	CVE-2013-2318	2013-06-7 13:00	2013-06-6	表示	GitHub Exploit DB Packet Storm

245268	4.3	MEDIUM	cisco	webex_meetings_server	The Event Center module in Cisco WebEx Meetings Server does not perform request authentication in all intended circumstances, which allows remote attackers to discover host keys and event passwords v…	CWE-287 不適切な認証	CVE-2013-1205	2013-06-6 23:34	2013-06-6	表示	GitHub Exploit DB Packet Storm

245269	2.1	LOW	apple	mac_os_x	The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_…	CWE-264 認可・権限・アクセス制御	CVE-2013-3952	2013-06-6 13:00	2013-06-5	表示	GitHub Exploit DB Packet Storm

245270	2.1	LOW	apple	mac_os_x mac_os_x_server	Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that interc…	CWE-200 情報漏えい	CVE-2012-3718	2013-06-6 13:00	2012-09-21	表示	GitHub Exploit DB Packet Storm

245271	4.9	MEDIUM	microsoft	windows_7 windows_8 windows_rt windows_server_2003 windows_server_2008 windows_server_2012 windows_vista windows_xp	The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Se…	CWE-22 パス・トラバーサル	CVE-2013-3661	2013-06-6 12:26	2013-05-25	表示	GitHub Exploit DB Packet Storm

245272	2.6	LOW	openssl	openssl	The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly …	CWE-310 暗号の問題	CVE-2011-1945	2013-06-6 12:10	2011-06-1	表示	GitHub Exploit DB Packet Storm

245273	6.8	MEDIUM	apple	safari	WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ…	CWE-119 バッファエラー	CVE-2013-1009	2013-06-6 01:55	2013-06-5	表示	GitHub Exploit DB Packet Storm

245274	9.3	HIGH	apple	mac_os_x mac_os_x_server	Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.	CWE-119 バッファエラー	CVE-2013-0984	2013-06-6 01:11	2013-06-5	表示	GitHub Exploit DB Packet Storm

245275	1.7	LOW	apple	mac_os_x mac_os_x_server	The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypa…	CWE-200 情報漏えい	CVE-2013-0982	2013-06-6 00:13	2013-06-5	表示	GitHub Exploit DB Packet Storm

245276	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.	CWE-119 バッファエラー	CVE-2013-0975	2013-06-5 23:39	2013-06-5	表示	GitHub Exploit DB Packet Storm

245277	6.8	MEDIUM	apple	mac_os_x	Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text …	CWE-119 バッファエラー	CVE-2013-0983	2013-06-5 23:39	2013-06-5	表示	GitHub Exploit DB Packet Storm

245278	2.1	LOW	apple	mac_os_x	Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) …	CWE-287 不適切な認証	CVE-2013-0985	2013-06-5 23:39	2013-06-5	表示	GitHub Exploit DB Packet Storm

245279	4.9	MEDIUM	apple	mac_os_x mac_os_x_server	SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors.	CWE-264 認可・権限・アクセス制御	CVE-2013-0990	2013-06-5 23:39	2013-06-5	表示	GitHub Exploit DB Packet Storm

245280	4.3	MEDIUM	apple	safari	XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors.	CWE-20 不適切な入力確認	CVE-2013-1013	2013-06-5 23:39	2013-06-5	表示	GitHub Exploit DB Packet Storm

245281	6.8	MEDIUM	apple	safari	WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ…	CWE-119 バッファエラー	CVE-2013-1023	2013-06-5 23:39	2013-06-5	表示	GitHub Exploit DB Packet Storm

245282	2.1	LOW	apple	mac_os_x	The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, whi…	CWE-264 認可・権限・アクセス制御	CVE-2013-3949	2013-06-5 23:39	2013-06-5	表示	GitHub Exploit DB Packet Storm

245283	6.8	MEDIUM	apple	mac_os_x	IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted graphics image.	CWE-119 バッファエラー	CVE-2013-0976	2013-06-5 13:00	2013-03-16	表示	GitHub Exploit DB Packet Storm

245284	7.5	HIGH	typo3	typo3	SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL com…	CWE-89 SQLインジェクション	CVE-2013-1842	2013-06-5 12:42	2013-03-21	表示	GitHub Exploit DB Packet Storm

245285	6.4	MEDIUM	typo3	typo3	Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to…	CWE-399 リソース管理の問題	CVE-2013-1843	2013-06-5 12:42	2013-03-21	表示	GitHub Exploit DB Packet Storm

245286	10.0	HIGH	mozilla	firefox	Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows remote attackers to cause a denial of service (stack memory corruption and application crash) or possi…	NVD-CWE-noinfo	CVE-2013-0790	2013-06-5 12:41	2013-04-3	表示	GitHub Exploit DB Packet Storm

245287	4.3	MEDIUM	mozilla	firefox	Mozilla Firefox before 20.0 on Android uses world-writable and world-readable permissions for the app_tmp installation directory in the local filesystem, which allows attackers to modify add-ons befo…	CWE-264 認可・権限・アクセス制御	CVE-2013-0798	2013-06-5 12:41	2013-04-3	表示	GitHub Exploit DB Packet Storm

245288	6.0	MEDIUM	openstack canonical	essex folsom grizzly ubuntu_linux	OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM t…	CWE-264 認可・権限・アクセス制御	CVE-2013-0335	2013-06-5 12:40	2013-03-23	表示	GitHub Exploit DB Packet Storm

245289	6.0	MEDIUM	openstack canonical	essex folsom grizzly ubuntu_linux	Per http://www.ubuntu.com/usn/USN-1771-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10"	CWE-264 認可・権限・アクセス制御	CVE-2013-0335	2013-06-5 12:40	2013-03-23	表示	GitHub Exploit DB Packet Storm

245290	7.5	HIGH	nagios icinga	nagios icinga	Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow re…	CWE-119 バッファエラー	CVE-2012-6096	2013-06-5 12:40	2013-01-23	表示	GitHub Exploit DB Packet Storm

245291	5.0	MEDIUM	cisco	nx-os nexus_1000v	Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to ca…	CWE-399 リソース管理の問題	CVE-2013-1213	2013-06-4 13:00	2013-05-30	表示	GitHub Exploit DB Packet Storm

245292	4.0	MEDIUM	lockon	ec-cube	Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors.	CWE-287 不適切な認証	CVE-2013-2313	2013-06-4 13:00	2013-05-30	表示	GitHub Exploit DB Packet Storm

245293	4.3	MEDIUM	lockon	ec-cube	Cross-site scripting (XSS) vulnerability in the adminAuthorization function in data/class/helper/SC_Helper_Session.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject ar…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-2314	2013-06-4 13:00	2013-05-30	表示	GitHub Exploit DB Packet Storm

245294	5.8	MEDIUM	yahoo	yahoo\!_browser	The Yahoo! Browser application 1.4.4 and earlier for Android allows remote attackers to spoof the address bar via vectors related to URL display, a different vulnerability than CVE-2013-2307.	NVD-CWE-noinfo	CVE-2013-2316	2013-06-4 13:00	2013-06-4	表示	GitHub Exploit DB Packet Storm

245295	5.8	MEDIUM	fenrir-inc	sleipnir_mobile	The Sleipnir Mobile application 2.9.1 and earlier and Sleipnir Mobile Black Edition application 2.9.1 and earlier for Android allow remote attackers to spoof the address bar via vectors involving the…	NVD-CWE-noinfo	CVE-2013-2317	2013-06-4 13:00	2013-06-4	表示	GitHub Exploit DB Packet Storm

245296	4.3	MEDIUM	photogallerycreator	flash-album-gallery	Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parame…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-3261	2013-06-4 00:30	2013-06-1	表示	GitHub Exploit DB Packet Storm

245297	8.5	HIGH	mutiny	mutiny mutiny_virtual_appliance mutiny_appliance	Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbi…	CWE-22 パス・トラバーサル	CVE-2013-0136	2013-06-3 13:00	2013-06-1	表示	GitHub Exploit DB Packet Storm

245298	6.8	MEDIUM	cisco	telepresence_system_software	Cisco TelePresence System Software does not properly handle inactive t-shell sessions, which allows remote authenticated users to cause a denial of service (memory consumption and service outage) by …	CWE-399 リソース管理の問題	CVE-2013-1246	2013-06-3 13:00	2013-06-1	表示	GitHub Exploit DB Packet Storm

245299	4.3	MEDIUM	cisco	prime_infrastructure	Cross-site scripting (XSS) vulnerability in the wireless configuration module in Cisco Prime Infrastructure allows remote attackers to inject arbitrary web script or HTML via an SSID that is not prop…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-1247	2013-06-3 13:00	2013-06-1	表示	GitHub Exploit DB Packet Storm

245300	6.5	MEDIUM	tibco	silver_mobile	The server in TIBCO Silver Mobile 1.1.0 does not properly verify access to the administrator role before executing a command, which allows authenticated users to gain privileges via unspecified vecto…	CWE-264 認可・権限・アクセス制御	CVE-2013-3315	2013-06-3 13:00	2013-06-1	表示	GitHub Exploit DB Packet Storm