243551
|
8.8 |
HIGH
ネットワーク
|
mozilla
|
firefox
|
<a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>
|
NVD-CWE-Other
|
CVE-2016-1972
|
2016-12-3 12:23 |
2016-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243552
|
6.3 |
MEDIUM
ネットワーク
|
webrtc_project mozilla
|
webrtc firefox
|
Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service …
|
CWE-362
競合状態
|
CVE-2016-1975
|
2016-12-3 12:23 |
2016-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243553
|
5.9 |
MEDIUM
ネットワーク
|
apple
|
software_update
|
Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream.
|
CWE-345 CWE-310
データの信頼性についての不十分な検証 暗号の問題
|
CVE-2016-1731
|
2016-12-3 12:22 |
2016-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243554
|
5.5 |
MEDIUM
ローカル
|
apple
|
mac_os_x
|
AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.
|
CWE-119
バッファエラー
|
CVE-2016-1732
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243555
|
7.8 |
HIGH
ローカル
|
apple
|
mac_os_x
|
AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
CWE-119 CWE-20
バッファエラー 不適切な入力確認
|
CVE-2016-1733
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243556
|
6.8 |
MEDIUM
物理
|
apple
|
iphone_os mac_os_x
|
AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corrupt…
|
CWE-264 CWE-119
認可・権限・アクセス制御 バッファエラー
|
CVE-2016-1734
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243557
|
7.8 |
HIGH
ローカル
|
apple
|
mac_os_x
|
Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability…
|
CWE-119
バッファエラー
|
CVE-2016-1735
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243558
|
7.8 |
HIGH
ローカル
|
apple
|
mac_os_x
|
Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability…
|
CWE-119
バッファエラー
|
CVE-2016-1736
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243559
|
6.3 |
MEDIUM
ネットワーク
|
apple
|
mac_os_x
|
Carbon in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dfont file.
|
CWE-119
バッファエラー
|
CVE-2016-1737
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243560
|
7.8 |
HIGH
ローカル
|
apple
|
mac_os_x
|
dyld in Apple OS X before 10.11.4 allows attackers to bypass a code-signing protection mechanism via a modified app.
|
CWE-254
セキュリティ機能
|
CVE-2016-1738
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243561
|
5.5 |
MEDIUM
ローカル
|
apple
|
mac_os_x
|
IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2016-1745
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243562
|
5.5 |
MEDIUM
ローカル
|
apple
|
mac_os_x
|
<a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>
|
NVD-CWE-Other
|
CVE-2016-1745
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243563
|
7.8 |
HIGH
ローカル
|
apple
|
mac_os_x
|
IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerabilit…
|
CWE-119 CWE-20
バッファエラー 不適切な入力確認
|
CVE-2016-1746
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243564
|
7.8 |
HIGH
ローカル
|
apple
|
mac_os_x
|
IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerabilit…
|
CWE-119 CWE-20
バッファエラー 不適切な入力確認
|
CVE-2016-1747
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243565
|
7.8 |
HIGH
ローカル
|
apple
|
iphone_os mac_os_x
|
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
|
NVD-CWE-Other
|
CVE-2016-1756
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243566
|
7.8 |
HIGH
ローカル
|
apple
|
iphone_os mac_os_x
|
<a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>
|
NVD-CWE-Other
|
CVE-2016-1756
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243567
|
7.0 |
HIGH
ローカル
|
apple
|
iphone_os mac_os_x
|
Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.
|
CWE-362
競合状態
|
CVE-2016-1757
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243568
|
3.3 |
LOW
ローカル
|
apple
|
iphone_os mac_os_x
|
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.
|
CWE-200 CWE-119
情報漏えい バッファエラー
|
CVE-2016-1758
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243569
|
7.8 |
HIGH
ローカル
|
apple
|
mac_os_x
|
The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
CWE-119
バッファエラー
|
CVE-2016-1759
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243570
|
6.2 |
MEDIUM
ローカル
|
apple
|
iphone_os
|
The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app.
|
CWE-284
不適切なアクセス制御
|
CVE-2016-1760
|
2016-12-3 12:22 |
2016-03-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243571
|
9.8 |
CRITICAL
ネットワーク
apple
|
iphone_os mac_os_x watchos
|
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML docum…
|
CWE-119
バッファエラー
|
CVE-2016-1761
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243572
|
3.5 |
LOW
ネットワーク
|
apple
|
iphone_os
|
Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing …
|
CWE-20
不適切な入力確認
|
CVE-2016-1763
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243573
|
4.3 |
MEDIUM
ネットワーク
|
apple
|
mac_os_x
|
The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.
|
CWE-200
情報漏えい
|
CVE-2016-1764
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243574
|
7.8 |
HIGH
ローカル
|
apple
|
xcode
|
otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors.
|
CWE-119
バッファエラー
|
CVE-2016-1765
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243575
|
7.5 |
HIGH
ネットワーク
apple
|
iphone_os
|
The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2016-1766
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243576
|
7.8 |
HIGH
ローカル
|
apple
|
mac_os_x
|
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than …
|
CWE-119
バッファエラー
|
CVE-2016-1767
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243577
|
6.5 |
MEDIUM
ネットワーク
|
apple
|
mac_os_x
|
The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.
|
CWE-284
不適切なアクセス制御
|
CVE-2016-1770
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243578
|
3.3 |
LOW
ローカル
|
apple
|
mac_os_x
|
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2016-1773
|
2016-12-3 12:22 |
2016-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243579
|
9.1 |
CRITICAL
ネットワーク
adobe
|
creative_cloud
|
The Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop Application before 3.6.0.244 allows remote attackers to read or write to arbitrary files via unspec…
|
NVD-CWE-noinfo
|
CVE-2016-1034
|
2016-12-3 12:20 |
2016-04-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243580
|
7.5 |
HIGH
ネットワーク
adobe
|
robohelp
|
Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which allows attackers to obtain sensitive information via unspecified vectors.
|
CWE-200
情報漏えい
|
CVE-2016-1035
|
2016-12-3 12:20 |
2016-04-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243581
|
6.1 |
MEDIUM
ネットワーク
|
adobe
|
analytics_appmeasurement_for_flash_library
|
Cross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasurement for Flash Library before 4.0.1, when debugTracking is enabled, allows remote attackers to inject arbitrary web script or HTM…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-1036
|
2016-12-3 12:20 |
2016-04-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243582
|
5.3 |
MEDIUM
ネットワーク
juniper
|
junos
|
Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D40, 13.3 befo…
|
CWE-399
リソース管理の問題
|
CVE-2016-1256
|
2016-12-3 12:20 |
2016-01-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243583
|
5.9 |
MEDIUM
ネットワーク
|
juniper
|
junos
|
The Routing Engine in Juniper Junos OS 13.2R5 through 13.2R8, 13.3R1 before 13.3R8, 13.3R7 before 13.3R7-S3, 14.1R1 before 14.1R6, 14.1R3 before 14.1R3-S9, 14.1R4 before 14.1R4-S7, 14.1X51 before 14.…
|
CWE-20
不適切な入力確認
|
CVE-2016-1257
|
2016-12-3 12:20 |
2016-01-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243584
|
5.3 |
MEDIUM
ネットワーク
juniper
|
junos
|
Embedthis Appweb, as used in J-Web in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2X51 before 13.2…
|
CWE-20
不適切な入力確認
|
CVE-2016-1258
|
2016-12-3 12:20 |
2016-01-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243585
|
5.3 |
MEDIUM
ネットワーク
juniper
|
junos
|
Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 15.2 before 15.2R1 on EX4300 series switches allow remote attackers to cause a denial of service (network loop and bandwidth consu…
|
CWE-399
リソース管理の問題
|
CVE-2016-1260
|
2016-12-3 12:20 |
2016-01-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243586
|
5.9 |
MEDIUM
ネットワーク
|
juniper
|
junos
|
Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X48 before 12.3X48-D20, and 15.1X49 before 15.1X49-D30 on SRX series devices, when the Real Time Streaming Protocol Application La…
|
CWE-20
不適切な入力確認
|
CVE-2016-1262
|
2016-12-3 12:20 |
2016-01-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243587
|
7.5 |
HIGH
ネットワーク
juniper
|
screenos
|
The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service (reboot) via a crafted SSL packet.
|
CWE-20
不適切な入力確認
|
CVE-2016-1268
|
2016-12-3 12:20 |
2016-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243588
|
8.8 |
HIGH
ネットワーク
|
juniper
|
junos
|
Race condition in the Op command in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 12.3X50 before 12.3X5…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2016-1264
|
2016-12-3 12:20 |
2016-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243589
|
6.7 |
MEDIUM
ローカル
|
juniper
|
junos
|
Race condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13…
|
CWE-362
競合状態
|
CVE-2016-1267
|
2016-12-3 12:20 |
2016-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243590
|
7.8 |
HIGH
ローカル
|
juniper
|
junos
|
Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D25, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.2 before 14.2R4, 15.1 …
|
CWE-20
不適切な入力確認
|
CVE-2016-1271
|
2016-12-3 12:20 |
2016-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243591
|
7.5 |
HIGH
ネットワーク
cisco
|
asa_5500_csc-ssm_firmware
|
The HTTPS inspection engine in the Content Security and Control Security Services Module (CSC-SSM) 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of servic…
|
CWE-399 CWE-119
リソース管理の問題 バッファエラー
|
CVE-2016-1312
|
2016-12-3 12:20 |
2016-03-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243592
|
9.8 |
CRITICAL
ネットワーク
cisco
|
ucs_invicta_c3124sa_appliance
|
Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2016-1313
|
2016-12-3 12:20 |
2016-04-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243593
|
6.1 |
MEDIUM
ネットワーク
|
cisco
|
unified_communications_domain_manager
|
Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (CDM) 8.1(1) allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bu…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-1314
|
2016-12-3 12:20 |
2016-03-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243594
|
7.5 |
HIGH
ネットワーク
cisco
|
dpc3939_wireless_residential_voice_gateway_firmware
|
The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506.
|
CWE-200
情報漏えい
|
CVE-2016-1325
|
2016-12-3 12:20 |
2016-03-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243595
|
7.5 |
HIGH
ネットワーク
cisco
|
dpq3925_8x4_docsis_3.0_wireless_residential_gateway_with_embedded_digital_voice_adapter
|
The administration interface on Cisco DPQ3925 devices with firmware r1 allows remote attackers to cause a denial of service (device restart) via a crafted HTTP request, aka Bug ID CSCup48105.
|
CWE-399
リソース管理の問題
|
CVE-2016-1326
|
2016-12-3 12:20 |
2016-03-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243596
|
9.8 |
CRITICAL
ネットワーク
cisco
|
dpc2203_cable_modem_firmware epc2203_cable_modem_firmware
|
Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05…
|
CWE-119
バッファエラー
|
CVE-2016-1327
|
2016-12-3 12:20 |
2016-03-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243597
|
9.8 |
CRITICAL
ネットワーク
cisco
|
nx-os nx-ox
|
Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to…
|
CWE-287
不適切な認証
|
CVE-2016-1329
|
2016-12-3 12:20 |
2016-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243598
|
7.5 |
HIGH
ネットワーク
cisco
|
asa_with_firepower_services firesight_system_software
|
Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka B…
|
CWE-20
不適切な入力確認
|
CVE-2016-1345
|
2016-12-3 12:20 |
2016-04-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243599
|
5.9 |
MEDIUM
ネットワーク
|
cisco
|
telepresence_server_software
|
The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequ…
|
CWE-399
リソース管理の問題
|
CVE-2016-1346
|
2016-12-3 12:20 |
2016-04-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243600
|
7.5 |
HIGH
ネットワーク
cisco
|
ios ios_xe
|
Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821.
|
CWE-399
リソース管理の問題
|
CVE-2016-1348
|
2016-12-3 12:20 |
2016-03-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|