243501
|
7.8 |
HIGH
ローカル
|
xen canonical
|
xen ubuntu_linux
|
The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2016-3157
|
2016-12-3 12:26 |
2016-04-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243502
|
3.8 |
LOW
ローカル
|
xen fedoraproject oracle
|
xen fedora vm_server
|
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive …
|
CWE-200 CWE-284
情報漏えい 不適切なアクセス制御
|
CVE-2016-3158
|
2016-12-3 12:26 |
2016-04-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243503
|
5.4 |
MEDIUM
ネットワーク
|
oracle
|
peoplesoft_enterprise_peopletools
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integri…
|
NVD-CWE-noinfo
|
CVE-2016-3417
|
2016-12-3 12:26 |
2016-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243504
|
7.4 |
HIGH
ネットワーク
|
oracle
|
peoplesoft_enterprise_peopletools
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality, integrity,…
|
NVD-CWE-noinfo
|
CVE-2016-3421
|
2016-12-3 12:26 |
2016-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243505
|
5.4 |
MEDIUM
ネットワーク
|
oracle
|
peoplesoft_enterprise_peopletools
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integri…
|
NVD-CWE-noinfo
|
CVE-2016-3423
|
2016-12-3 12:26 |
2016-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243506
|
4.5 |
MEDIUM
物理
|
oracle
|
retail_xstore_point_of_service
|
Unspecified vulnerability in the Oracle Retail Xstore Point of Service component in Oracle Retail Applications 5.0, 5.5, 6.0, 6.5, 7.0, and 7.1 allows remote authenticated users to affect confidentia…
|
NVD-CWE-noinfo
|
CVE-2016-3429
|
2016-12-3 12:26 |
2016-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243507
|
4.7 |
MEDIUM
ネットワーク
|
oracle
|
application_object_library
|
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors rela…
|
NVD-CWE-noinfo
|
CVE-2016-3434
|
2016-12-3 12:26 |
2016-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243508
|
4.7 |
MEDIUM
ネットワーク
|
oracle
|
peoplesoft_enterprise_peopletools
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect availability via vectors related to P…
|
NVD-CWE-noinfo
|
CVE-2016-3435
|
2016-12-3 12:26 |
2016-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243509
|
7.5 |
HIGH
ネットワーク
autodesk
|
autodesk_backburner
|
Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (…
|
CWE-119
バッファエラー
|
CVE-2016-2344
|
2016-12-3 12:25 |
2016-03-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243510
|
6.1 |
MEDIUM
ネットワーク
|
debian websvn
|
debian_linux websvn
|
Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-2511
|
2016-12-3 12:25 |
2016-04-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243511
|
6.2 |
MEDIUM
ローカル
|
linux
|
linux_kernel
|
sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call.
|
CWE-20
不適切な入力確認
|
CVE-2016-2549
|
2016-12-3 12:25 |
2016-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243512
|
5.4 |
MEDIUM
ネットワーク
|
phpmyadmin
|
phpmyadmin
|
Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to i…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-2559
|
2016-12-3 12:25 |
2016-03-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243513
|
6.1 |
MEDIUM
ネットワーク
|
phpmyadmin
|
phpmyadmin
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-2560
|
2016-12-3 12:25 |
2016-03-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243514
|
5.4 |
MEDIUM
ネットワーク
|
phpmyadmin
|
phpmyadmin
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normal…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-2561
|
2016-12-3 12:25 |
2016-03-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243515
|
6.8 |
MEDIUM
ネットワーク
|
phpmyadmin
|
phpmyadmin
|
The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to…
|
CWE-20
不適切な入力確認
|
CVE-2016-2562
|
2016-12-3 12:25 |
2016-03-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243516
|
9.8 |
CRITICAL
ネットワーク
9bis simon_tatham
|
kitty putty
|
Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute…
|
CWE-119
バッファエラー
|
CVE-2016-2563
|
2016-12-3 12:25 |
2016-04-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243517
|
6.1 |
MEDIUM
ネットワーク
|
citrix
|
xenmobile_server
|
Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3 before Rolling Patch 1 allows remote attackers to inject arbi…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-2789
|
2016-12-3 12:25 |
2016-04-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243518
|
5.5 |
MEDIUM
ネットワーク
|
mozilla webrtc_project
|
firefox webrtc
|
Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or poss…
|
NVD-CWE-Other
|
CVE-2016-1976
|
2016-12-3 12:24 |
2016-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243519
|
5.5 |
MEDIUM
ネットワーク
|
mozilla webrtc_project
|
firefox webrtc
|
<a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>
|
NVD-CWE-Other
|
CVE-2016-1976
|
2016-12-3 12:24 |
2016-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243520
|
9.8 |
CRITICAL
ネットワーク
hp
|
network_automation
|
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerabili…
|
NVD-CWE-noinfo
|
CVE-2016-1988
|
2016-12-3 12:24 |
2016-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243521
|
9.8 |
CRITICAL
ネットワーク
hp
|
network_automation
|
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerabili…
|
NVD-CWE-noinfo
|
CVE-2016-1989
|
2016-12-3 12:24 |
2016-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243522
|
6.5 |
MEDIUM
ネットワーク
|
hp
|
enterprise_security_manager enterprise_security_manager_express
|
HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors.
|
CWE-200
情報漏えい
|
CVE-2016-1992
|
2016-12-3 12:24 |
2016-03-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243523
|
8.1 |
HIGH
ネットワーク
|
hp
|
system_management_homepage
|
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2016-1993
|
2016-12-3 12:24 |
2016-03-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243524
|
6.5 |
MEDIUM
ネットワーク
|
hp
|
system_management_homepage
|
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.
|
CWE-200
情報漏えい
|
CVE-2016-1994
|
2016-12-3 12:24 |
2016-03-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243525
|
9.8 |
CRITICAL
ネットワーク
hp
|
system_management_homepage
|
HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2016-1995
|
2016-12-3 12:24 |
2016-03-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243526
|
7.7 |
HIGH
ローカル
|
hp
|
system_management_homepage
|
HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2016-1996
|
2016-12-3 12:24 |
2016-03-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243527
|
7.4 |
HIGH
ネットワーク
|
hp
|
universal_cmbd_foundation
|
HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2016-2001
|
2016-12-3 12:24 |
2016-04-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243528
|
7.4 |
HIGH
ネットワーク
|
hp
|
universal_cmbd_foundation
|
<a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>
|
NVD-CWE-Other
|
CVE-2016-2001
|
2016-12-3 12:24 |
2016-04-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243529
|
9.8 |
CRITICAL
ネットワーク
citrix
|
netscaler
|
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to g…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2016-2071
|
2016-12-3 12:24 |
2016-02-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243530
|
6.1 |
MEDIUM
ネットワーク
|
citrix
|
netscaler
|
The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.130…
|
CWE-254
セキュリティ機能
|
CVE-2016-2072
|
2016-12-3 12:24 |
2016-02-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243531
|
5.5 |
MEDIUM
ローカル
|
linux
|
linux_kernel
|
The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing si…
|
CWE-19
データ処理
|
CVE-2016-2085
|
2016-12-3 12:24 |
2016-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243532
|
8.2 |
HIGH
ローカル
|
symantec
|
messaging_gateway
|
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input.
|
CWE-74
インジェクション
|
CVE-2016-2204
|
2016-12-3 12:24 |
2016-04-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243533
|
7.9 |
HIGH
ローカル
|
hp
|
700_series_firmware 800_series_firmware z240_firmware z238_firmware zbook_firmware 1000_series_firmware elitebook_folio_1012_x2_g2
|
Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access.
|
CWE-284
不適切なアクセス制御
|
CVE-2016-2243
|
2016-12-3 12:24 |
2016-03-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243534
|
5.9 |
MEDIUM
ネットワーク
|
hp
|
futuresmart_firmware
|
HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors.
|
CWE-200
情報漏えい
|
CVE-2016-2244
|
2016-12-3 12:24 |
2016-03-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243535
|
7.3 |
HIGH
ネットワーク
ecava
|
integraxor
|
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2016-2299
|
2016-12-3 12:24 |
2016-04-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243536
|
4.3 |
MEDIUM
ネットワーク
|
apple
|
iphone_os
|
WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical envi…
|
CWE-200
情報漏えい
|
CVE-2016-1780
|
2016-12-3 12:23 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243537
|
5.9 |
MEDIUM
ネットワーク
|
apple
|
iphone_os mac_os_x watchos
|
Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachmen…
|
CWE-310
暗号の問題
|
CVE-2016-1788
|
2016-12-3 12:23 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243538
|
5.5 |
MEDIUM
ローカル
|
apple
|
ibooks_author
|
Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, relat…
|
NVD-CWE-Other
|
CVE-2016-1789
|
2016-12-3 12:23 |
2016-04-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243539
|
5.5 |
MEDIUM
ローカル
|
apple
|
ibooks_author
|
<a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
|
NVD-CWE-Other
|
CVE-2016-1789
|
2016-12-3 12:23 |
2016-04-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243540
|
5.4 |
MEDIUM
ネットワーク
|
blackberry
|
enterprise_server
|
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by l…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-1916
|
2016-12-3 12:23 |
2016-04-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243541
|
6.1 |
MEDIUM
ネットワーク
|
blackberry
|
enterprise_server
|
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-1917
|
2016-12-3 12:23 |
2016-04-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243542
|
6.1 |
MEDIUM
ネットワーク
|
blackberry
|
enterprise_server
|
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-1918
|
2016-12-3 12:23 |
2016-04-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243543
|
8.8 |
HIGH
ネットワーク
|
mozilla
|
firefox
|
The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified…
|
CWE-119
バッファエラー
|
CVE-2016-1959
|
2016-12-3 12:23 |
2016-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243544
|
7.4 |
HIGH
ローカル
|
mozilla
|
firefox
|
The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation.
|
CWE-264 CWE-119
認可・権限・アクセス制御 バッファエラー
|
CVE-2016-1963
|
2016-12-3 12:23 |
2016-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243545
|
6.5 |
MEDIUM
ネットワーク
|
mozilla
|
firefox
|
Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive inform…
|
CWE-200
情報漏えい
|
CVE-2016-1967
|
2016-12-3 12:23 |
2016-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243546
|
8.8 |
HIGH
ネットワーク
|
mozilla
|
firefox
|
Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli comp…
|
CWE-189
数値処理の問題
|
CVE-2016-1968
|
2016-12-3 12:23 |
2016-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243547
|
8.8 |
HIGH
ネットワーク
|
sil mozilla
|
graphite2 firefox firefox_esr
|
The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) …
|
CWE-119
バッファエラー
|
CVE-2016-1969
|
2016-12-3 12:23 |
2016-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243548
|
8.8 |
HIGH
ネットワーク
|
mozilla
|
firefox
|
Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) o…
|
CWE-119
バッファエラー
|
CVE-2016-1970
|
2016-12-3 12:23 |
2016-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243549
|
8.8 |
HIGH
ネットワーク
|
mozilla
|
firefox
|
The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial…
|
CWE-119
バッファエラー
|
CVE-2016-1971
|
2016-12-3 12:23 |
2016-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243550
|
8.8 |
HIGH
ネットワーク
|
mozilla
|
firefox
|
Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vec…
|
NVD-CWE-Other
|
CVE-2016-1972
|
2016-12-3 12:23 |
2016-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|