NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年10月7日5:11

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
243351	4.9	MEDIUM	sun	sunos	Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.	NVD-CWE-noinfo	CVE-2014-6509	2016-12-7 12:00	2015-01-21	表示	GitHub Exploit DB Packet Storm

243352	6.8	MEDIUM	firebirdsql	firebird	Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TC…	CWE-119 バッファエラー	CVE-2013-2492	2016-12-7 12:00	2013-03-16	表示	GitHub Exploit DB Packet Storm

243353	5.0	MEDIUM	sgi	xfsprogs	xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.	CWE-200 情報漏えい	CVE-2012-2150	2016-12-7 12:00	2015-08-26	表示	GitHub Exploit DB Packet Storm

243354	5.0	MEDIUM	cisco	nac_guest_server nac_guest_server_software	The default configuration of the RADIUS authentication feature on the Cisco Network Admission Control (NAC) Guest Server with software before 2.0.3 allows remote attackers to bypass intended access r…	CWE-264 認可・権限・アクセス制御	CVE-2011-0963	2016-12-7 11:59	2011-04-1	表示	GitHub Exploit DB Packet Storm

243355	7.5	HIGH	gnu	glibc	nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows r…	CWE-255 証明書・パスワード管理	CVE-2010-0015	2016-12-7 11:59	2010-01-15	表示	GitHub Exploit DB Packet Storm

243356	5.0	MEDIUM	nullsoft	shoutcast_dsp	Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.7 allows remote attackers to read arbitrary files via unspecified vectors that are a "slight variation" of CVE-2006-3534.	NVD-CWE-Other	CVE-2006-3535	2016-12-7 11:59	2006-07-13	表示	GitHub Exploit DB Packet Storm

243357	6.1	MEDIUM ネットワーク	sophos	unified_threat_management_software	Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-2046	2016-12-7 05:03	2016-02-18	表示	GitHub Exploit DB Packet Storm

243358	9.8	CRITICAL ネットワーク	readydesk	readydesk	SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field.	CWE-89 SQLインジェクション	CVE-2016-5048	2016-12-7 04:56	2016-08-27	表示	GitHub Exploit DB Packet Storm

243359	7.3	HIGH ネットワーク	ibm	bigfix_remote_control	IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors.	CWE-255 証明書・パスワード管理	CVE-2016-2936	2016-12-7 04:49	2016-11-30	表示	GitHub Exploit DB Packet Storm

243360	6.5	MEDIUM ネットワーク	ibm	bigfix_remote_control	IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive information or spoof e-mail transmission via a crafted POST request, related to an "untrusted information vulnerabil…	CWE-200 CWE-20 情報漏えい不適切な入力確認	CVE-2016-2937	2016-12-7 04:47	2016-11-30	表示	GitHub Exploit DB Packet Storm

243361	5.4	MEDIUM ネットワーク	ibm	urbancode_deploy	Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-2994	2016-12-7 04:46	2016-12-1	表示	GitHub Exploit DB Packet Storm

243362	4.4	MEDIUM ローカル	lenovo	thinkpad_10_ella_2_bios thinkpad_11e_beema_bios thinkpad_11e_braswell_bios thinkpad_11e_broadwell_bios thinkpad_11e_skylake_bios thinkpad_13e_bios thinkpad_e450_bios thinkpad_e45…	A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mo…	CWE-284 不適切なアクセス制御	CVE-2016-8222	2016-12-7 04:43	2016-12-1	表示	GitHub Exploit DB Packet Storm

243363	6.1	MEDIUM ネットワーク	piwigo	piwigo	Cross-site scripting (XSS) vulnerability in the search results front end in Piwigo 2.8.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-9751	2016-12-7 04:43	2016-12-1	表示	GitHub Exploit DB Packet Storm

243364	7.5	HIGH	restlet	restlet	The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a ser…	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2013-4271	2016-12-7 04:17	2013-10-10	表示	GitHub Exploit DB Packet Storm

243365	4.4	MEDIUM ローカル	lenovo	bios notebook_110_14ibr_bios notebook_110_15ibr_bios notebook_b70_80_bios notebook_e31_80_bios notebook_e40_80_bios notebook_e41_80_bios notebook_e51_80_bios notebook_g40_80_b…	A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Managem…	CWE-310 暗号の問題	CVE-2016-8224	2016-12-7 04:15	2016-11-30	表示	GitHub Exploit DB Packet Storm

243366	7.8	HIGH ローカル	lenovo	system_interface_foundation	During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with loca…	CWE-284 不適切なアクセス制御	CVE-2016-8223	2016-12-7 03:44	2016-11-30	表示	GitHub Exploit DB Packet Storm

243367	6.8	MEDIUM	elasticsearch	elasticsearch	The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search.…	CWE-284 不適切なアクセス制御	CVE-2014-3120	2016-12-7 03:13	2014-07-29	表示	GitHub Exploit DB Packet Storm

243368	7.5	HIGH ネットワーク	cisco	firesight_system_software	A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass F…	CWE-254 セキュリティ機能	CVE-2016-6460	2016-12-7 02:45	2016-11-19	表示	GitHub Exploit DB Packet Storm

243369	7.8	HIGH ローカル	solarwinds	virtualization_manager	SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd."	CWE-264 認可・権限・アクセス制御	CVE-2016-3643	2016-12-7 02:31	2016-06-18	表示	GitHub Exploit DB Packet Storm

243370	5.5	MEDIUM ローカル	google	android	The NVIDIA GPU driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30259955.	CWE-200 情報漏えい	CVE-2016-6677	2016-12-7 00:09	2016-10-10	表示	GitHub Exploit DB Packet Storm

243371	5.5	MEDIUM ローカル	google	android	CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted applicatio…	CWE-200 情報漏えい	CVE-2016-6679	2016-12-7 00:09	2016-10-10	表示	GitHub Exploit DB Packet Storm

243372	5.5	MEDIUM ローカル	google	android	drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices does not initialize certain data structures, which all…	CWE-200 情報漏えい	CVE-2016-6682	2016-12-7 00:09	2016-10-10	表示	GitHub Exploit DB Packet Storm

243373	9.8	CRITICAL ネットワーク	google	android	sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a craf…	CWE-119 バッファエラー	CVE-2016-6695	2016-12-7 00:09	2016-10-10	表示	GitHub Exploit DB Packet Storm

243374	9.8	CRITICAL ネットワーク	google	android	sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a larg…	CWE-20 不適切な入力確認	CVE-2016-6696	2016-12-7 00:09	2016-10-10	表示	GitHub Exploit DB Packet Storm

243375	7.8	HIGH ローカル	google	android	A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary c…	CWE-284 不適切なアクセス制御	CVE-2016-6702	2016-12-7 00:09	2016-11-26	表示	GitHub Exploit DB Packet Storm

243376	7.8	HIGH ローカル	google	android	A remote code execution vulnerability in an Android runtime library in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker using a spe…	CWE-284 不適切なアクセス制御	CVE-2016-6703	2016-12-7 00:09	2016-11-26	表示	GitHub Exploit DB Packet Storm

243377	5.5	MEDIUM ローカル	google	android	An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is …	CWE-254 CWE-284 セキュリティ機能不適切なアクセス制御	CVE-2016-6708	2016-12-7 00:09	2016-11-26	表示	GitHub Exploit DB Packet Storm

243378	5.5	MEDIUM ローカル	google	android	An elevation of privilege vulnerability in the AOSP Launcher in Android 7.0 before 2016-11-01 could allow a local malicious application to create shortcuts that have elevated privileges without the u…	CWE-284 不適切なアクセス制御	CVE-2016-6716	2016-12-7 00:09	2016-11-26	表示	GitHub Exploit DB Packet Storm

243379	7.8	HIGH ローカル	google	android	Off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial of …	CWE-119 バッファエラー	CVE-2016-6676	2016-12-7 00:08	2016-10-10	表示	GitHub Exploit DB Packet Storm

243380	7.8	HIGH ローカル	google	android	CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted application t…	CWE-200 情報漏えい	CVE-2016-6680	2016-12-7 00:08	2016-10-10	表示	GitHub Exploit DB Packet Storm

243381	5.5	MEDIUM ローカル	google	android	The kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30143283.	CWE-200 情報漏えい	CVE-2016-6683	2016-12-7 00:08	2016-10-10	表示	GitHub Exploit DB Packet Storm

243382	5.5	MEDIUM ローカル	google	android	The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30162222.	CWE-200 情報漏えい	CVE-2016-6687	2016-12-7 00:08	2016-10-10	表示	GitHub Exploit DB Packet Storm

243383	9.8	CRITICAL ネットワーク	google	android	drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in Android before 2016-10-05 allows attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other…	CWE-476 NULL ポインタデリファレンス	CVE-2016-6692	2016-12-7 00:08	2016-10-10	表示	GitHub Exploit DB Packet Storm

243384	9.8	CRITICAL ネットワーク	google	android	sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via crafte…	CWE-20 不適切な入力確認	CVE-2016-6694	2016-12-7 00:08	2016-10-10	表示	GitHub Exploit DB Packet Storm

243385	5.5	MEDIUM ローカル	google	android	The kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Android One devices allows attackers to obtain sensitive information via a crafted applicat…	CWE-200 情報漏えい	CVE-2016-6684	2016-12-7 00:07	2016-10-10	表示	GitHub Exploit DB Packet Storm

243386	7.8	HIGH ローカル	google	android	An elevation of privilege vulnerability in libzipfile in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable a local malicious application to execute arbitrary code with…	CWE-264 認可・権限・アクセス制御	CVE-2016-6700	2016-12-7 00:07	2016-11-26	表示	GitHub Exploit DB Packet Storm

243387	5.5	MEDIUM ローカル	google	android	The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30593080.	CWE-200 情報漏えい	CVE-2016-6688	2016-12-7 00:05	2016-10-10	表示	GitHub Exploit DB Packet Storm

243388	7.8	HIGH ローカル	google	android	A remote code execution vulnerability in libskia in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data process…	CWE-284 CWE-119 不適切なアクセス制御バッファエラー	CVE-2016-6701	2016-12-7 00:05	2016-11-26	表示	GitHub Exploit DB Packet Storm

243389	5.5	MEDIUM ローカル	google	android	An elevation of privilege vulnerability in the Account Manager Service in Android 7.0 before 2016-11-01 could enable a local malicious application to retrieve sensitive information without user inter…	CWE-200 情報漏えい	CVE-2016-6718	2016-12-7 00:05	2016-11-26	表示	GitHub Exploit DB Packet Storm

243390	5.5	MEDIUM ローカル	google	android	The sound driver in the kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Nexus Player devices allows attackers to cause a denial of service (reboot) via a crafted appl…	CWE-284 不適切なアクセス制御	CVE-2016-6690	2016-12-7 00:04	2016-10-10	表示	GitHub Exploit DB Packet Storm

243391	9.8	CRITICAL ネットワーク	google	android	sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via an inv…	CWE-20 不適切な入力確認	CVE-2016-6693	2016-12-7 00:04	2016-10-10	表示	GitHub Exploit DB Packet Storm

243392	7.8	HIGH ローカル	google	android	Off-by-one error in CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial…	CWE-119 バッファエラー	CVE-2016-6675	2016-12-7 00:03	2016-10-10	表示	GitHub Exploit DB Packet Storm

243393	5.5	MEDIUM ローカル	google	android	An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local m…	CWE-200 情報漏えい	CVE-2016-6698	2016-12-7 00:03	2016-11-26	表示	GitHub Exploit DB Packet Storm

243394	5.5	MEDIUM ローカル	google	android	drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices does not initialize certain data structures, which all…	CWE-200 情報漏えい	CVE-2016-6681	2016-12-6 23:46	2016-10-10	表示	GitHub Exploit DB Packet Storm

243395	5.5	MEDIUM ローカル	google	android	The kernel in Android before 2016-10-05 on Nexus 6P devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30402628.	CWE-200 情報漏えい	CVE-2016-6685	2016-12-6 23:46	2016-10-10	表示	GitHub Exploit DB Packet Storm

243396	5.5	MEDIUM ローカル	google	android	The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30163101.	CWE-200 情報漏えい	CVE-2016-6686	2016-12-6 23:41	2016-10-10	表示	GitHub Exploit DB Packet Storm

243397	9.8	CRITICAL ネットワーク	google	android	service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm Wi-Fi gbk2utf module in Android before 2016-10-05 allows remote attackers to cause a denial of service (framework crash) or possibly ha…	CWE-172 エンコーディングエラー	CVE-2016-6691	2016-12-6 23:41	2016-10-10	表示	GitHub Exploit DB Packet Storm

243398	8.1	HIGH ネットワーク	tuxfamily	chrony	chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arb…	CWE-254 セキュリティ機能	CVE-2016-1567	2016-12-6 12:07	2016-01-27	表示	GitHub Exploit DB Packet Storm

243399	6.5	MEDIUM ネットワーク	firebirdsql	firebird	FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter.	CWE-20 不適切な入力確認	CVE-2016-1569	2016-12-6 12:07	2016-01-14	表示	GitHub Exploit DB Packet Storm

243400	5.4	MEDIUM ネットワーク	apple	iphone_os	WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal.	CWE-19 CWE-200 データ処理情報漏えい	CVE-2016-1730	2016-12-6 12:07	2016-02-1	表示	GitHub Exploit DB Packet Storm