NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年10月6日20:10

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
243551	8.8	HIGH ネットワーク	mozilla	firefox	<a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>	NVD-CWE-Other	CVE-2016-1972	2016-12-3 12:23	2016-03-14	表示	GitHub Exploit DB Packet Storm

243552	6.3	MEDIUM ネットワーク	webrtc_project mozilla	webrtc firefox	Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service …	CWE-362 競合状態	CVE-2016-1975	2016-12-3 12:23	2016-03-14	表示	GitHub Exploit DB Packet Storm

243553	5.9	MEDIUM ネットワーク	apple	software_update	Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream.	CWE-345 CWE-310 データの信頼性についての不十分な検証暗号の問題	CVE-2016-1731	2016-12-3 12:22	2016-03-14	表示	GitHub Exploit DB Packet Storm

243554	5.5	MEDIUM ローカル	apple	mac_os_x	AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.	CWE-119 バッファエラー	CVE-2016-1732	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243555	7.8	HIGH ローカル	apple	mac_os_x	AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	CWE-119 CWE-20 バッファエラー不適切な入力確認	CVE-2016-1733	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243556	6.8	MEDIUM 物理	apple	iphone_os mac_os_x	AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corrupt…	CWE-264 CWE-119 認可・権限・アクセス制御バッファエラー	CVE-2016-1734	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243557	7.8	HIGH ローカル	apple	mac_os_x	Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability…	CWE-119 バッファエラー	CVE-2016-1735	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243558	7.8	HIGH ローカル	apple	mac_os_x	Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability…	CWE-119 バッファエラー	CVE-2016-1736	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243559	6.3	MEDIUM ネットワーク	apple	mac_os_x	Carbon in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dfont file.	CWE-119 バッファエラー	CVE-2016-1737	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243560	7.8	HIGH ローカル	apple	mac_os_x	dyld in Apple OS X before 10.11.4 allows attackers to bypass a code-signing protection mechanism via a modified app.	CWE-254 セキュリティ機能	CVE-2016-1738	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243561	5.5	MEDIUM ローカル	apple	mac_os_x	IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.	NVD-CWE-Other	CVE-2016-1745	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243562	5.5	MEDIUM ローカル	apple	mac_os_x	<a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>	NVD-CWE-Other	CVE-2016-1745	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243563	7.8	HIGH ローカル	apple	mac_os_x	IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerabilit…	CWE-119 CWE-20 バッファエラー不適切な入力確認	CVE-2016-1746	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243564	7.8	HIGH ローカル	apple	mac_os_x	IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerabilit…	CWE-119 CWE-20 バッファエラー不適切な入力確認	CVE-2016-1747	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243565	7.8	HIGH ローカル	apple	iphone_os mac_os_x	The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.	NVD-CWE-Other	CVE-2016-1756	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243566	7.8	HIGH ローカル	apple	iphone_os mac_os_x	<a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>	NVD-CWE-Other	CVE-2016-1756	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243567	7.0	HIGH ローカル	apple	iphone_os mac_os_x	Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.	CWE-362 競合状態	CVE-2016-1757	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243568	3.3	LOW ローカル	apple	iphone_os mac_os_x	The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.	CWE-200 CWE-119 情報漏えいバッファエラー	CVE-2016-1758	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243569	7.8	HIGH ローカル	apple	mac_os_x	The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	CWE-119 バッファエラー	CVE-2016-1759	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243570	6.2	MEDIUM ローカル	apple	iphone_os	The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app.	CWE-284 不適切なアクセス制御	CVE-2016-1760	2016-12-3 12:22	2016-03-30	表示	GitHub Exploit DB Packet Storm

243571	9.8	CRITICAL ネットワーク	apple	iphone_os mac_os_x watchos	libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML docum…	CWE-119 バッファエラー	CVE-2016-1761	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243572	3.5	LOW ネットワーク	apple	iphone_os	Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing …	CWE-20 不適切な入力確認	CVE-2016-1763	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243573	4.3	MEDIUM ネットワーク	apple	mac_os_x	The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.	CWE-200 情報漏えい	CVE-2016-1764	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243574	7.8	HIGH ローカル	apple	xcode	otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors.	CWE-119 バッファエラー	CVE-2016-1765	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243575	7.5	HIGH ネットワーク	apple	iphone_os	The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.	NVD-CWE-noinfo	CVE-2016-1766	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243576	7.8	HIGH ローカル	apple	mac_os_x	QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than …	CWE-119 バッファエラー	CVE-2016-1767	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243577	6.5	MEDIUM ネットワーク	apple	mac_os_x	The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.	CWE-284 不適切なアクセス制御	CVE-2016-1770	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243578	3.3	LOW ローカル	apple	mac_os_x	The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.	CWE-264 認可・権限・アクセス制御	CVE-2016-1773	2016-12-3 12:22	2016-03-24	表示	GitHub Exploit DB Packet Storm

243579	9.1	CRITICAL ネットワーク	adobe	creative_cloud	The Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop Application before 3.6.0.244 allows remote attackers to read or write to arbitrary files via unspec…	NVD-CWE-noinfo	CVE-2016-1034	2016-12-3 12:20	2016-04-13	表示	GitHub Exploit DB Packet Storm

243580	7.5	HIGH ネットワーク	adobe	robohelp	Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which allows attackers to obtain sensitive information via unspecified vectors.	CWE-200 情報漏えい	CVE-2016-1035	2016-12-3 12:20	2016-04-13	表示	GitHub Exploit DB Packet Storm

243581	6.1	MEDIUM ネットワーク	adobe	analytics_appmeasurement_for_flash_library	Cross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasurement for Flash Library before 4.0.1, when debugTracking is enabled, allows remote attackers to inject arbitrary web script or HTM…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-1036	2016-12-3 12:20	2016-04-23	表示	GitHub Exploit DB Packet Storm

243582	5.3	MEDIUM ネットワーク	juniper	junos	Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D40, 13.3 befo…	CWE-399 リソース管理の問題	CVE-2016-1256	2016-12-3 12:20	2016-01-16	表示	GitHub Exploit DB Packet Storm

243583	5.9	MEDIUM ネットワーク	juniper	junos	The Routing Engine in Juniper Junos OS 13.2R5 through 13.2R8, 13.3R1 before 13.3R8, 13.3R7 before 13.3R7-S3, 14.1R1 before 14.1R6, 14.1R3 before 14.1R3-S9, 14.1R4 before 14.1R4-S7, 14.1X51 before 14.…	CWE-20 不適切な入力確認	CVE-2016-1257	2016-12-3 12:20	2016-01-16	表示	GitHub Exploit DB Packet Storm

243584	5.3	MEDIUM ネットワーク	juniper	junos	Embedthis Appweb, as used in J-Web in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2X51 before 13.2…	CWE-20 不適切な入力確認	CVE-2016-1258	2016-12-3 12:20	2016-01-16	表示	GitHub Exploit DB Packet Storm

243585	5.3	MEDIUM ネットワーク	juniper	junos	Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 15.2 before 15.2R1 on EX4300 series switches allow remote attackers to cause a denial of service (network loop and bandwidth consu…	CWE-399 リソース管理の問題	CVE-2016-1260	2016-12-3 12:20	2016-01-16	表示	GitHub Exploit DB Packet Storm

243586	5.9	MEDIUM ネットワーク	juniper	junos	Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X48 before 12.3X48-D20, and 15.1X49 before 15.1X49-D30 on SRX series devices, when the Real Time Streaming Protocol Application La…	CWE-20 不適切な入力確認	CVE-2016-1262	2016-12-3 12:20	2016-01-16	表示	GitHub Exploit DB Packet Storm

243587	7.5	HIGH ネットワーク	juniper	screenos	The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service (reboot) via a crafted SSL packet.	CWE-20 不適切な入力確認	CVE-2016-1268	2016-12-3 12:20	2016-04-15	表示	GitHub Exploit DB Packet Storm

243588	8.8	HIGH ネットワーク	juniper	junos	Race condition in the Op command in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 12.3X50 before 12.3X5…	CWE-264 認可・権限・アクセス制御	CVE-2016-1264	2016-12-3 12:20	2016-04-15	表示	GitHub Exploit DB Packet Storm

243589	6.7	MEDIUM ローカル	juniper	junos	Race condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13…	CWE-362 競合状態	CVE-2016-1267	2016-12-3 12:20	2016-04-15	表示	GitHub Exploit DB Packet Storm

243590	7.8	HIGH ローカル	juniper	junos	Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D25, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.2 before 14.2R4, 15.1 …	CWE-20 不適切な入力確認	CVE-2016-1271	2016-12-3 12:20	2016-04-15	表示	GitHub Exploit DB Packet Storm

243591	7.5	HIGH ネットワーク	cisco	asa_5500_csc-ssm_firmware	The HTTPS inspection engine in the Content Security and Control Security Services Module (CSC-SSM) 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of servic…	CWE-399 CWE-119 リソース管理の問題バッファエラー	CVE-2016-1312	2016-12-3 12:20	2016-03-10	表示	GitHub Exploit DB Packet Storm

243592	9.8	CRITICAL ネットワーク	cisco	ucs_invicta_c3124sa_appliance	Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to…	CWE-264 認可・権限・アクセス制御	CVE-2016-1313	2016-12-3 12:20	2016-04-7	表示	GitHub Exploit DB Packet Storm

243593	6.1	MEDIUM ネットワーク	cisco	unified_communications_domain_manager	Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (CDM) 8.1(1) allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bu…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-1314	2016-12-3 12:20	2016-03-29	表示	GitHub Exploit DB Packet Storm

243594	7.5	HIGH ネットワーク	cisco	dpc3939_wireless_residential_voice_gateway_firmware	The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506.	CWE-200 情報漏えい	CVE-2016-1325	2016-12-3 12:20	2016-03-10	表示	GitHub Exploit DB Packet Storm

243595	7.5	HIGH ネットワーク	cisco	dpq3925_8x4_docsis_3.0_wireless_residential_gateway_with_embedded_digital_voice_adapter	The administration interface on Cisco DPQ3925 devices with firmware r1 allows remote attackers to cause a denial of service (device restart) via a crafted HTTP request, aka Bug ID CSCup48105.	CWE-399 リソース管理の問題	CVE-2016-1326	2016-12-3 12:20	2016-03-10	表示	GitHub Exploit DB Packet Storm

243596	9.8	CRITICAL ネットワーク	cisco	dpc2203_cable_modem_firmware epc2203_cable_modem_firmware	Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05…	CWE-119 バッファエラー	CVE-2016-1327	2016-12-3 12:20	2016-03-10	表示	GitHub Exploit DB Packet Storm

243597	9.8	CRITICAL ネットワーク	cisco	nx-os nx-ox	Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to…	CWE-287 不適切な認証	CVE-2016-1329	2016-12-3 12:20	2016-03-3	表示	GitHub Exploit DB Packet Storm

243598	7.5	HIGH ネットワーク	cisco	asa_with_firepower_services firesight_system_software	Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka B…	CWE-20 不適切な入力確認	CVE-2016-1345	2016-12-3 12:20	2016-04-1	表示	GitHub Exploit DB Packet Storm

243599	5.9	MEDIUM ネットワーク	cisco	telepresence_server_software	The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequ…	CWE-399 リソース管理の問題	CVE-2016-1346	2016-12-3 12:20	2016-04-7	表示	GitHub Exploit DB Packet Storm

243600	7.5	HIGH ネットワーク	cisco	ios ios_xe	Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821.	CWE-399 リソース管理の問題	CVE-2016-1348	2016-12-3 12:20	2016-03-26	表示	GitHub Exploit DB Packet Storm