243351
|
4.9 |
MEDIUM
|
sun
|
sunos
|
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.
|
NVD-CWE-noinfo
|
CVE-2014-6509
|
2016-12-7 12:00 |
2015-01-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243352
|
6.8 |
MEDIUM
|
firebirdsql
|
firebird
|
Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TC…
|
CWE-119
バッファエラー
|
CVE-2013-2492
|
2016-12-7 12:00 |
2013-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243353
|
5.0 |
MEDIUM
|
sgi
|
xfsprogs
|
xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.
|
CWE-200
情報漏えい
|
CVE-2012-2150
|
2016-12-7 12:00 |
2015-08-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243354
|
5.0 |
MEDIUM
|
cisco
|
nac_guest_server nac_guest_server_software
|
The default configuration of the RADIUS authentication feature on the Cisco Network Admission Control (NAC) Guest Server with software before 2.0.3 allows remote attackers to bypass intended access r…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-0963
|
2016-12-7 11:59 |
2011-04-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243355
|
7.5 |
HIGH
|
gnu
|
glibc
|
nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows r…
|
CWE-255
証明書・パスワード管理
|
CVE-2010-0015
|
2016-12-7 11:59 |
2010-01-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243356
|
5.0 |
MEDIUM
|
nullsoft
|
shoutcast_dsp
|
Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.7 allows remote attackers to read arbitrary files via unspecified vectors that are a "slight variation" of CVE-2006-3534.
|
NVD-CWE-Other
|
CVE-2006-3535
|
2016-12-7 11:59 |
2006-07-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243357
|
6.1 |
MEDIUM
ネットワーク
|
sophos
|
unified_threat_management_software
|
Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-2046
|
2016-12-7 05:03 |
2016-02-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243358
|
9.8 |
CRITICAL
ネットワーク
readydesk
|
readydesk
|
SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field.
|
CWE-89
SQLインジェクション
|
CVE-2016-5048
|
2016-12-7 04:56 |
2016-08-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243359
|
7.3 |
HIGH
ネットワーク
ibm
|
bigfix_remote_control
|
IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors.
|
CWE-255
証明書・パスワード管理
|
CVE-2016-2936
|
2016-12-7 04:49 |
2016-11-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243360
|
6.5 |
MEDIUM
ネットワーク
ibm
|
bigfix_remote_control
|
IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive information or spoof e-mail transmission via a crafted POST request, related to an "untrusted information vulnerabil…
|
CWE-200 CWE-20
情報漏えい 不適切な入力確認
|
CVE-2016-2937
|
2016-12-7 04:47 |
2016-11-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243361
|
5.4 |
MEDIUM
ネットワーク
|
ibm
|
urbancode_deploy
|
Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-2994
|
2016-12-7 04:46 |
2016-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243362
|
4.4 |
MEDIUM
ローカル
|
lenovo
|
thinkpad_10_ella_2_bios thinkpad_11e_beema_bios thinkpad_11e_braswell_bios thinkpad_11e_broadwell_bios thinkpad_11e_skylake_bios thinkpad_13e_bios thinkpad_e450_bios thinkpad_e45…
|
A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mo…
|
CWE-284
不適切なアクセス制御
|
CVE-2016-8222
|
2016-12-7 04:43 |
2016-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243363
|
6.1 |
MEDIUM
ネットワーク
|
piwigo
|
piwigo
|
Cross-site scripting (XSS) vulnerability in the search results front end in Piwigo 2.8.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-9751
|
2016-12-7 04:43 |
2016-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243364
|
7.5 |
HIGH
|
restlet
|
restlet
|
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a ser…
|
CWE-502
信頼性のないデータのデシリアライゼーション
|
CVE-2013-4271
|
2016-12-7 04:17 |
2013-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243365
|
4.4 |
MEDIUM
ローカル
|
lenovo
|
bios notebook_110_14ibr_bios notebook_110_15ibr_bios notebook_b70_80_bios notebook_e31_80_bios notebook_e40_80_bios notebook_e41_80_bios notebook_e51_80_bios notebook_g40_80_b…
|
A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Managem…
|
CWE-310
暗号の問題
|
CVE-2016-8224
|
2016-12-7 04:15 |
2016-11-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243366
|
7.8 |
HIGH
ローカル
|
lenovo
|
system_interface_foundation
|
During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with loca…
|
CWE-284
不適切なアクセス制御
|
CVE-2016-8223
|
2016-12-7 03:44 |
2016-11-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243367
|
6.8 |
MEDIUM
|
elasticsearch
|
elasticsearch
|
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search.…
|
CWE-284
不適切なアクセス制御
|
CVE-2014-3120
|
2016-12-7 03:13 |
2014-07-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243368
|
7.5 |
HIGH
ネットワーク
cisco
|
firesight_system_software
|
A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass F…
|
CWE-254
セキュリティ機能
|
CVE-2016-6460
|
2016-12-7 02:45 |
2016-11-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243369
|
7.8 |
HIGH
ローカル
|
solarwinds
|
virtualization_manager
|
SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd."
|
CWE-264
認可・権限・アクセス制御
|
CVE-2016-3643
|
2016-12-7 02:31 |
2016-06-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243370
|
5.5 |
MEDIUM
ローカル
|
google
|
android
|
The NVIDIA GPU driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30259955.
|
CWE-200
情報漏えい
|
CVE-2016-6677
|
2016-12-7 00:09 |
2016-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243371
|
5.5 |
MEDIUM
ローカル
|
google
|
android
|
CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted applicatio…
|
CWE-200
情報漏えい
|
CVE-2016-6679
|
2016-12-7 00:09 |
2016-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243372
|
5.5 |
MEDIUM
ローカル
|
google
|
android
|
drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices does not initialize certain data structures, which all…
|
CWE-200
情報漏えい
|
CVE-2016-6682
|
2016-12-7 00:09 |
2016-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243373
|
9.8 |
CRITICAL
ネットワーク
google
|
android
|
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a craf…
|
CWE-119
バッファエラー
|
CVE-2016-6695
|
2016-12-7 00:09 |
2016-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243374
|
9.8 |
CRITICAL
ネットワーク
google
|
android
|
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a larg…
|
CWE-20
不適切な入力確認
|
CVE-2016-6696
|
2016-12-7 00:09 |
2016-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243375
|
7.8 |
HIGH
ローカル
|
google
|
android
|
A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary c…
|
CWE-284
不適切なアクセス制御
|
CVE-2016-6702
|
2016-12-7 00:09 |
2016-11-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243376
|
7.8 |
HIGH
ローカル
|
google
|
android
|
A remote code execution vulnerability in an Android runtime library in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker using a spe…
|
CWE-284
不適切なアクセス制御
|
CVE-2016-6703
|
2016-12-7 00:09 |
2016-11-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243377
|
5.5 |
MEDIUM
ローカル
|
google
|
android
|
An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is …
|
CWE-254 CWE-284
セキュリティ機能 不適切なアクセス制御
|
CVE-2016-6708
|
2016-12-7 00:09 |
2016-11-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243378
|
5.5 |
MEDIUM
ローカル
|
google
|
android
|
An elevation of privilege vulnerability in the AOSP Launcher in Android 7.0 before 2016-11-01 could allow a local malicious application to create shortcuts that have elevated privileges without the u…
|
CWE-284
不適切なアクセス制御
|
CVE-2016-6716
|
2016-12-7 00:09 |
2016-11-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243379
|
7.8 |
HIGH
ローカル
|
google
|
android
|
Off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial of …
|
CWE-119
バッファエラー
|
CVE-2016-6676
|
2016-12-7 00:08 |
2016-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243380
|
7.8 |
HIGH
ローカル
|
google
|
android
|
CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted application t…
|
CWE-200
情報漏えい
|
CVE-2016-6680
|
2016-12-7 00:08 |
2016-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243381
|
5.5 |
MEDIUM
ローカル
|
google
|
android
|
The kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30143283.
|
CWE-200
情報漏えい
|
CVE-2016-6683
|
2016-12-7 00:08 |
2016-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243382
|
5.5 |
MEDIUM
ローカル
|
google
|
android
|
The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30162222.
|
CWE-200
情報漏えい
|
CVE-2016-6687
|
2016-12-7 00:08 |
2016-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243383
|
9.8 |
CRITICAL
ネットワーク
google
|
android
|
drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in Android before 2016-10-05 allows attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other…
|
CWE-476
NULL ポインタデリファレンス
|
CVE-2016-6692
|
2016-12-7 00:08 |
2016-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243384
|
9.8 |
CRITICAL
ネットワーク
google
|
android
|
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via crafte…
|
CWE-20
不適切な入力確認
|
CVE-2016-6694
|
2016-12-7 00:08 |
2016-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243385
|
5.5 |
MEDIUM
ローカル
|
google
|
android
|
The kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Android One devices allows attackers to obtain sensitive information via a crafted applicat…
|
CWE-200
情報漏えい
|
CVE-2016-6684
|
2016-12-7 00:07 |
2016-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243386
|
7.8 |
HIGH
ローカル
|
google
|
android
|
An elevation of privilege vulnerability in libzipfile in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable a local malicious application to execute arbitrary code with…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2016-6700
|
2016-12-7 00:07 |
2016-11-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243387
|
5.5 |
MEDIUM
ローカル
|
google
|
android
|
The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30593080.
|
CWE-200
情報漏えい
|
CVE-2016-6688
|
2016-12-7 00:05 |
2016-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243388
|
7.8 |
HIGH
ローカル
|
google
|
android
|
A remote code execution vulnerability in libskia in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data process…
|
CWE-284 CWE-119
不適切なアクセス制御 バッファエラー
|
CVE-2016-6701
|
2016-12-7 00:05 |
2016-11-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243389
|
5.5 |
MEDIUM
ローカル
|
google
|
android
|
An elevation of privilege vulnerability in the Account Manager Service in Android 7.0 before 2016-11-01 could enable a local malicious application to retrieve sensitive information without user inter…
|
CWE-200
情報漏えい
|
CVE-2016-6718
|
2016-12-7 00:05 |
2016-11-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243390
|
5.5 |
MEDIUM
ローカル
|
google
|
android
|
The sound driver in the kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Nexus Player devices allows attackers to cause a denial of service (reboot) via a crafted appl…
|
CWE-284
不適切なアクセス制御
|
CVE-2016-6690
|
2016-12-7 00:04 |
2016-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243391
|
9.8 |
CRITICAL
ネットワーク
google
|
android
|
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via an inv…
|
CWE-20
不適切な入力確認
|
CVE-2016-6693
|
2016-12-7 00:04 |
2016-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243392
|
7.8 |
HIGH
ローカル
|
google
|
android
|
Off-by-one error in CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial…
|
CWE-119
バッファエラー
|
CVE-2016-6675
|
2016-12-7 00:03 |
2016-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243393
|
5.5 |
MEDIUM
ローカル
|
google
|
android
|
An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local m…
|
CWE-200
情報漏えい
|
CVE-2016-6698
|
2016-12-7 00:03 |
2016-11-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243394
|
5.5 |
MEDIUM
ローカル
|
google
|
android
|
drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices does not initialize certain data structures, which all…
|
CWE-200
情報漏えい
|
CVE-2016-6681
|
2016-12-6 23:46 |
2016-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243395
|
5.5 |
MEDIUM
ローカル
|
google
|
android
|
The kernel in Android before 2016-10-05 on Nexus 6P devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30402628.
|
CWE-200
情報漏えい
|
CVE-2016-6685
|
2016-12-6 23:46 |
2016-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243396
|
5.5 |
MEDIUM
ローカル
|
google
|
android
|
The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30163101.
|
CWE-200
情報漏えい
|
CVE-2016-6686
|
2016-12-6 23:41 |
2016-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243397
|
9.8 |
CRITICAL
ネットワーク
google
|
android
|
service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm Wi-Fi gbk2utf module in Android before 2016-10-05 allows remote attackers to cause a denial of service (framework crash) or possibly ha…
|
CWE-172
エンコーディングエラー
|
CVE-2016-6691
|
2016-12-6 23:41 |
2016-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243398
|
8.1 |
HIGH
ネットワーク
|
tuxfamily
|
chrony
|
chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arb…
|
CWE-254
セキュリティ機能
|
CVE-2016-1567
|
2016-12-6 12:07 |
2016-01-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243399
|
6.5 |
MEDIUM
ネットワーク
|
firebirdsql
|
firebird
|
FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter.
|
CWE-20
不適切な入力確認
|
CVE-2016-1569
|
2016-12-6 12:07 |
2016-01-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243400
|
5.4 |
MEDIUM
ネットワーク
|
apple
|
iphone_os
|
WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal.
|
CWE-19 CWE-200
データ処理 情報漏えい
|
CVE-2016-1730
|
2016-12-6 12:07 |
2016-02-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|