NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年10月6日20:10

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
243501 7.8 HIGH
ローカル 		xen
canonical 		xen
ubuntu_linux 		The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause… CWE-264
認可・権限・アクセス制御 		CVE-2016-3157 2016-12-3 12:26 2016-04-13 表示 GitHub Exploit DB Packet Storm
243502 3.8 LOW
ローカル 		xen
fedoraproject
oracle 		xen
fedora
vm_server 		The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive … CWE-200
CWE-284
情報漏えい
不適切なアクセス制御 		CVE-2016-3158 2016-12-3 12:26 2016-04-14 表示 GitHub Exploit DB Packet Storm
243503 5.4 MEDIUM
ネットワーク 		oracle peoplesoft_enterprise_peopletools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integri… NVD-CWE-noinfo
CVE-2016-3417 2016-12-3 12:26 2016-04-21 表示 GitHub Exploit DB Packet Storm
243504 7.4 HIGH
ネットワーク 		oracle peoplesoft_enterprise_peopletools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality, integrity,… NVD-CWE-noinfo
CVE-2016-3421 2016-12-3 12:26 2016-04-21 表示 GitHub Exploit DB Packet Storm
243505 5.4 MEDIUM
ネットワーク 		oracle peoplesoft_enterprise_peopletools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integri… NVD-CWE-noinfo
CVE-2016-3423 2016-12-3 12:26 2016-04-21 表示 GitHub Exploit DB Packet Storm
243506 4.5 MEDIUM
物理 		oracle retail_xstore_point_of_service Unspecified vulnerability in the Oracle Retail Xstore Point of Service component in Oracle Retail Applications 5.0, 5.5, 6.0, 6.5, 7.0, and 7.1 allows remote authenticated users to affect confidentia… NVD-CWE-noinfo
CVE-2016-3429 2016-12-3 12:26 2016-04-21 表示 GitHub Exploit DB Packet Storm
243507 4.7 MEDIUM
ネットワーク 		oracle application_object_library Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors rela… NVD-CWE-noinfo
CVE-2016-3434 2016-12-3 12:26 2016-04-21 表示 GitHub Exploit DB Packet Storm
243508 4.7 MEDIUM
ネットワーク 		oracle peoplesoft_enterprise_peopletools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect availability via vectors related to P… NVD-CWE-noinfo
CVE-2016-3435 2016-12-3 12:26 2016-04-21 表示 GitHub Exploit DB Packet Storm
243509 7.5 HIGH
ネットワーク 		autodesk autodesk_backburner Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (… CWE-119
バッファエラー 		CVE-2016-2344 2016-12-3 12:25 2016-03-29 表示 GitHub Exploit DB Packet Storm
243510 6.1 MEDIUM
ネットワーク 		debian
websvn 		debian_linux
websvn 		Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-2511 2016-12-3 12:25 2016-04-8 表示 GitHub Exploit DB Packet Storm
243511 6.2 MEDIUM
ローカル 		linux linux_kernel sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call. CWE-20
不適切な入力確認 		CVE-2016-2549 2016-12-3 12:25 2016-04-28 表示 GitHub Exploit DB Packet Storm
243512 5.4 MEDIUM
ネットワーク 		phpmyadmin phpmyadmin Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to i… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-2559 2016-12-3 12:25 2016-03-1 表示 GitHub Exploit DB Packet Storm
243513 6.1 MEDIUM
ネットワーク 		phpmyadmin phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-2560 2016-12-3 12:25 2016-03-1 表示 GitHub Exploit DB Packet Storm
243514 5.4 MEDIUM
ネットワーク 		phpmyadmin phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normal… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-2561 2016-12-3 12:25 2016-03-1 表示 GitHub Exploit DB Packet Storm
243515 6.8 MEDIUM
ネットワーク 		phpmyadmin phpmyadmin The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to… CWE-20
不適切な入力確認 		CVE-2016-2562 2016-12-3 12:25 2016-03-1 表示 GitHub Exploit DB Packet Storm
243516 9.8 CRITICAL
ネットワーク 		9bis
simon_tatham 		kitty
putty 		Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute… CWE-119
バッファエラー 		CVE-2016-2563 2016-12-3 12:25 2016-04-8 表示 GitHub Exploit DB Packet Storm
243517 6.1 MEDIUM
ネットワーク 		citrix xenmobile_server Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3 before Rolling Patch 1 allows remote attackers to inject arbi… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-2789 2016-12-3 12:25 2016-04-8 表示 GitHub Exploit DB Packet Storm
243518 5.5 MEDIUM
ネットワーク 		mozilla
webrtc_project 		firefox
webrtc 		Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or poss… NVD-CWE-Other
CVE-2016-1976 2016-12-3 12:24 2016-03-14 表示 GitHub Exploit DB Packet Storm
243519 5.5 MEDIUM
ネットワーク 		mozilla
webrtc_project 		firefox
webrtc 		<a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a> NVD-CWE-Other
CVE-2016-1976 2016-12-3 12:24 2016-03-14 表示 GitHub Exploit DB Packet Storm
243520 9.8 CRITICAL
ネットワーク 		hp network_automation HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerabili… NVD-CWE-noinfo
CVE-2016-1988 2016-12-3 12:24 2016-03-15 表示 GitHub Exploit DB Packet Storm
243521 9.8 CRITICAL
ネットワーク 		hp network_automation HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerabili… NVD-CWE-noinfo
CVE-2016-1989 2016-12-3 12:24 2016-03-15 表示 GitHub Exploit DB Packet Storm
243522 6.5 MEDIUM
ネットワーク 		hp enterprise_security_manager
enterprise_security_manager_express 		HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors. CWE-200
情報漏えい 		CVE-2016-1992 2016-12-3 12:24 2016-03-17 表示 GitHub Exploit DB Packet Storm
243523 8.1 HIGH
ネットワーク 		hp system_management_homepage HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. NVD-CWE-noinfo
CVE-2016-1993 2016-12-3 12:24 2016-03-18 表示 GitHub Exploit DB Packet Storm
243524 6.5 MEDIUM
ネットワーク 		hp system_management_homepage HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors. CWE-200
情報漏えい 		CVE-2016-1994 2016-12-3 12:24 2016-03-18 表示 GitHub Exploit DB Packet Storm
243525 9.8 CRITICAL
ネットワーク 		hp system_management_homepage HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors. NVD-CWE-noinfo
CVE-2016-1995 2016-12-3 12:24 2016-03-18 表示 GitHub Exploit DB Packet Storm
243526 7.7 HIGH
ローカル 		hp system_management_homepage HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors. NVD-CWE-noinfo
CVE-2016-1996 2016-12-3 12:24 2016-03-18 表示 GitHub Exploit DB Packet Storm
243527 7.4 HIGH
ネットワーク 		hp universal_cmbd_foundation HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors. NVD-CWE-Other
CVE-2016-2001 2016-12-3 12:24 2016-04-13 表示 GitHub Exploit DB Packet Storm
243528 7.4 HIGH
ネットワーク 		hp universal_cmbd_foundation <a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a> NVD-CWE-Other
CVE-2016-2001 2016-12-3 12:24 2016-04-13 表示 GitHub Exploit DB Packet Storm
243529 9.8 CRITICAL
ネットワーク 		citrix netscaler Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to g… CWE-264
認可・権限・アクセス制御 		CVE-2016-2071 2016-12-3 12:24 2016-02-18 表示 GitHub Exploit DB Packet Storm
243530 6.1 MEDIUM
ネットワーク 		citrix netscaler The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.130… CWE-254
セキュリティ機能 		CVE-2016-2072 2016-12-3 12:24 2016-02-18 表示 GitHub Exploit DB Packet Storm
243531 5.5 MEDIUM
ローカル 		linux linux_kernel The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing si… CWE-19
データ処理 		CVE-2016-2085 2016-12-3 12:24 2016-04-28 表示 GitHub Exploit DB Packet Storm
243532 8.2 HIGH
ローカル 		symantec messaging_gateway The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. CWE-74
インジェクション 		CVE-2016-2204 2016-12-3 12:24 2016-04-23 表示 GitHub Exploit DB Packet Storm
243533 7.9 HIGH
ローカル 		hp 700_series_firmware
800_series_firmware
z240_firmware
z238_firmware
zbook_firmware
1000_series_firmware
elitebook_folio_1012_x2_g2 		Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access. CWE-284
不適切なアクセス制御 		CVE-2016-2243 2016-12-3 12:24 2016-03-5 表示 GitHub Exploit DB Packet Storm
243534 5.9 MEDIUM
ネットワーク 		hp futuresmart_firmware HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors. CWE-200
情報漏えい 		CVE-2016-2244 2016-12-3 12:24 2016-03-5 表示 GitHub Exploit DB Packet Storm
243535 7.3 HIGH
ネットワーク 		ecava integraxor SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. CWE-89
SQLインジェクション 		CVE-2016-2299 2016-12-3 12:24 2016-04-22 表示 GitHub Exploit DB Packet Storm
243536 4.3 MEDIUM
ネットワーク 		apple iphone_os WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical envi… CWE-200
情報漏えい 		CVE-2016-1780 2016-12-3 12:23 2016-03-24 表示 GitHub Exploit DB Packet Storm
243537 5.9 MEDIUM
ネットワーク 		apple iphone_os
mac_os_x
watchos 		Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachmen… CWE-310
暗号の問題 		CVE-2016-1788 2016-12-3 12:23 2016-03-24 表示 GitHub Exploit DB Packet Storm
243538 5.5 MEDIUM
ローカル 		apple ibooks_author Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, relat… NVD-CWE-Other
CVE-2016-1789 2016-12-3 12:23 2016-04-6 表示 GitHub Exploit DB Packet Storm
243539 5.5 MEDIUM
ローカル 		apple ibooks_author <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a> NVD-CWE-Other
CVE-2016-1789 2016-12-3 12:23 2016-04-6 表示 GitHub Exploit DB Packet Storm
243540 5.4 MEDIUM
ネットワーク 		blackberry enterprise_server Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by l… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-1916 2016-12-3 12:23 2016-04-23 表示 GitHub Exploit DB Packet Storm
243541 6.1 MEDIUM
ネットワーク 		blackberry enterprise_server Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-1917 2016-12-3 12:23 2016-04-23 表示 GitHub Exploit DB Packet Storm
243542 6.1 MEDIUM
ネットワーク 		blackberry enterprise_server Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-1918 2016-12-3 12:23 2016-04-23 表示 GitHub Exploit DB Packet Storm
243543 8.8 HIGH
ネットワーク 		mozilla firefox The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified… CWE-119
バッファエラー 		CVE-2016-1959 2016-12-3 12:23 2016-03-14 表示 GitHub Exploit DB Packet Storm
243544 7.4 HIGH
ローカル 		mozilla firefox The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. CWE-264
CWE-119
認可・権限・アクセス制御
バッファエラー 		CVE-2016-1963 2016-12-3 12:23 2016-03-14 表示 GitHub Exploit DB Packet Storm
243545 6.5 MEDIUM
ネットワーク 		mozilla firefox Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive inform… CWE-200
情報漏えい 		CVE-2016-1967 2016-12-3 12:23 2016-03-14 表示 GitHub Exploit DB Packet Storm
243546 8.8 HIGH
ネットワーク 		mozilla firefox Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli comp… CWE-189
数値処理の問題 		CVE-2016-1968 2016-12-3 12:23 2016-03-14 表示 GitHub Exploit DB Packet Storm
243547 8.8 HIGH
ネットワーク 		sil
mozilla 		graphite2
firefox
firefox_esr 		The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) … CWE-119
バッファエラー 		CVE-2016-1969 2016-12-3 12:23 2016-03-14 表示 GitHub Exploit DB Packet Storm
243548 8.8 HIGH
ネットワーク 		mozilla firefox Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) o… CWE-119
バッファエラー 		CVE-2016-1970 2016-12-3 12:23 2016-03-14 表示 GitHub Exploit DB Packet Storm
243549 8.8 HIGH
ネットワーク 		mozilla firefox The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial… CWE-119
バッファエラー 		CVE-2016-1971 2016-12-3 12:23 2016-03-14 表示 GitHub Exploit DB Packet Storm
243550 8.8 HIGH
ネットワーク 		mozilla firefox Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vec… NVD-CWE-Other
CVE-2016-1972 2016-12-3 12:23 2016-03-14 表示 GitHub Exploit DB Packet Storm