NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年10月6日20:10

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
243601 7.5 HIGH
ネットワーク 		cisco ios
ios_xe 		The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parame… CWE-399
リソース管理の問題 		CVE-2016-1349 2016-12-3 12:20 2016-03-26 表示 GitHub Exploit DB Packet Storm
243602 9.8 CRITICAL
ネットワーク 		cisco unified_computing_system_central_software Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856. CWE-78
OSコマンド・インジェクション 		CVE-2016-1352 2016-12-3 12:20 2016-04-14 表示 GitHub Exploit DB Packet Storm
243603 5.3 MEDIUM
ネットワーク 		cisco videoscape_distribution_suite_for_internet_streaming The TCP implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.3(0), 3.3(1), 4.0(0), and 4.1(0) does not properly initiate new TCP sessions when a previous session is… CWE-399
リソース管理の問題 		CVE-2016-1353 2016-12-3 12:20 2016-03-1 表示 GitHub Exploit DB Packet Storm
243604 6.1 MEDIUM
ネットワーク 		cisco firesight_system_software Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTM… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-1355 2016-12-3 12:20 2016-03-4 表示 GitHub Exploit DB Packet Storm
243605 3.7 LOW
ネットワーク 		cisco firesight_system_software Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing dif… CWE-287
CWE-255
不適切な認証
証明書・パスワード管理 		CVE-2016-1356 2016-12-3 12:20 2016-03-4 表示 GitHub Exploit DB Packet Storm
243606 7.1 HIGH
ローカル 		cisco prime_lan_management_solution Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveragin… CWE-200
情報漏えい 		CVE-2016-1360 2016-12-3 12:20 2016-03-12 表示 GitHub Exploit DB Packet Storm
243607 5.3 MEDIUM
隣接 		cisco ios_xr Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to… CWE-399
リソース管理の問題 		CVE-2016-1361 2016-12-3 12:20 2016-03-12 表示 GitHub Exploit DB Packet Storm
243608 7.5 HIGH
ネットワーク 		cisco aireos Cisco AireOS 4.1 through 7.4.120.0, 7.5.x, and 7.6.100.0 on Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device reload) via a crafted HTTP request, aka … CWE-399
リソース管理の問題 		CVE-2016-1362 2016-12-3 12:20 2016-04-21 表示 GitHub Exploit DB Packet Storm
243609 6.5 MEDIUM
ネットワーク 		cisco ios_xr The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denia… CWE-264
認可・権限・アクセス制御 		CVE-2016-1366 2016-12-3 12:20 2016-03-25 表示 GitHub Exploit DB Packet Storm
243610 5.3 MEDIUM
ネットワーク 		cisco ios_xr Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (CRC and symbol errors, and interface flap) via crafted bit patterns in packets, a… CWE-20
不適切な入力確認 		CVE-2016-1376 2016-12-3 12:20 2016-04-13 表示 GitHub Exploit DB Packet Storm
243611 6.1 MEDIUM
ネットワーク 		cisco unity_connection Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-1377 2016-12-3 12:20 2016-04-13 表示 GitHub Exploit DB Packet Storm
243612 5.3 MEDIUM
ネットワーク 		cisco ios Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) por… CWE-200
情報漏えい 		CVE-2016-1378 2016-12-3 12:20 2016-04-14 表示 GitHub Exploit DB Packet Storm
243613 7.5 HIGH
ネットワーク 		cisco ios
ios_xe 		The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898. CWE-264
認可・権限・アクセス制御 		CVE-2016-1384 2016-12-3 12:20 2016-04-21 表示 GitHub Exploit DB Packet Storm
243614 7.5 HIGH
ネットワーク 		cisco application_policy_infrastructure_controller_enterprise_module The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka B… CWE-264
認可・権限・アクセス制御 		CVE-2016-1386 2016-12-3 12:20 2016-04-29 表示 GitHub Exploit DB Packet Storm
243615 7.4 HIGH
ネットワーク 		cisco webex_meetings_server Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID… NVD-CWE-Other
CVE-2016-1389 2016-12-3 12:20 2016-04-29 表示 GitHub Exploit DB Packet Storm
243616 7.4 HIGH
ネットワーク 		cisco webex_meetings_server <a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a> NVD-CWE-Other
CVE-2016-1389 2016-12-3 12:20 2016-04-29 表示 GitHub Exploit DB Packet Storm
243617 9.8 CRITICAL
ネットワーク 		adobe acrobat
acrobat_dc
acrobat_reader
acrobat_reader_dc 		Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attacker… CWE-119
バッファエラー 		CVE-2016-1007 2016-12-3 12:19 2016-03-9 表示 GitHub Exploit DB Packet Storm
243618 8.4 HIGH
ローカル 		adobe acrobat
acrobat_dc
acrobat_reader
acrobat_reader_dc 		Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.2… CWE-20
不適切な入力確認 		CVE-2016-1008 2016-12-3 12:19 2016-03-9 表示 GitHub Exploit DB Packet Storm
243619 9.8 CRITICAL
ネットワーク 		adobe acrobat
acrobat_dc
acrobat_reader
acrobat_reader_dc 		Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attacker… CWE-119
バッファエラー 		CVE-2016-1009 2016-12-3 12:19 2016-03-9 表示 GitHub Exploit DB Packet Storm
243620 5.9 MEDIUM
ネットワーク 		samba samba The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial… CWE-119
バッファエラー 		CVE-2016-0771 2016-12-3 12:18 2016-03-14 表示 GitHub Exploit DB Packet Storm
243621 6.8 MEDIUM
ローカル 		linux
google 		linux_kernel
android 		The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-… CWE-20
不適切な入力確認 		CVE-2016-0774 2016-12-3 12:18 2016-04-28 表示 GitHub Exploit DB Packet Storm
243622 9.8 CRITICAL
ネットワーク 		advantech webaccess Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to … NVD-CWE-Other
CVE-2016-0854 2016-12-3 12:18 2016-01-15 表示 GitHub Exploit DB Packet Storm
243623 9.8 CRITICAL
ネットワーク 		advantech webaccess <a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a> NVD-CWE-Other
CVE-2016-0854 2016-12-3 12:18 2016-01-15 表示 GitHub Exploit DB Packet Storm
243624 7.5 HIGH
ネットワーク 		advantech webaccess Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors. CWE-22
パス・トラバーサル 		CVE-2016-0855 2016-12-3 12:18 2016-01-15 表示 GitHub Exploit DB Packet Storm
243625 9.8 CRITICAL
ネットワーク 		advantech webaccess Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. CWE-119
バッファエラー 		CVE-2016-0856 2016-12-3 12:18 2016-01-15 表示 GitHub Exploit DB Packet Storm
243626 9.8 CRITICAL
ネットワーク 		advantech webaccess Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. CWE-119
バッファエラー 		CVE-2016-0857 2016-12-3 12:18 2016-01-15 表示 GitHub Exploit DB Packet Storm
243627 8.1 HIGH
ネットワーク 		advantech webaccess Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted request. CWE-362
CWE-119
競合状態
バッファエラー 		CVE-2016-0858 2016-12-3 12:18 2016-01-15 表示 GitHub Exploit DB Packet Storm
243628 9.8 CRITICAL
ネットワーク 		advantech webaccess Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC… CWE-189
数値処理の問題 		CVE-2016-0859 2016-12-3 12:18 2016-01-15 表示 GitHub Exploit DB Packet Storm
243629 4.4 MEDIUM
ローカル 		oracle mysql Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking. NVD-CWE-noinfo
CVE-2016-0667 2016-12-3 12:17 2016-04-21 表示 GitHub Exploit DB Packet Storm
243630 6.0 MEDIUM
ローカル 		oracle solaris Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Fwflash. NVD-CWE-noinfo
CVE-2016-0669 2016-12-3 12:17 2016-04-21 表示 GitHub Exploit DB Packet Storm
243631 3.7 LOW
ネットワーク 		oracle http_server Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to OSSL Module. NVD-CWE-noinfo
CVE-2016-0671 2016-12-3 12:17 2016-04-21 表示 GitHub Exploit DB Packet Storm
243632 6.1 MEDIUM
ネットワーク 		oracle flexcube_direct_banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.2 and 12.0.3 allows remote attackers to affect confidentiality and integrity via v… NVD-CWE-noinfo
CVE-2016-0672 2016-12-3 12:17 2016-04-21 表示 GitHub Exploit DB Packet Storm
243633 5.4 MEDIUM
ネットワーク 		oracle siebel_ui_framework Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to UI… NVD-CWE-noinfo
CVE-2016-0673 2016-12-3 12:17 2016-04-21 表示 GitHub Exploit DB Packet Storm
243634 4.4 MEDIUM
ローカル 		oracle siebel_core-common_components Unspecified vulnerability in the Siebel Core - Common Components component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows local users to affect confidentiality and integrity via vectors related to Email. NVD-CWE-noinfo
CVE-2016-0674 2016-12-3 12:17 2016-04-21 表示 GitHub Exploit DB Packet Storm
243635 4.7 MEDIUM
ローカル 		oracle solaris Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to the kernel. NVD-CWE-noinfo
CVE-2016-0676 2016-12-3 12:17 2016-04-21 表示 GitHub Exploit DB Packet Storm
243636 5.9 MEDIUM
ネットワーク 		oracle database Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors. NVD-CWE-noinfo
CVE-2016-0677 2016-12-3 12:17 2016-04-21 表示 GitHub Exploit DB Packet Storm
243637 6.7 MEDIUM
ローカル 		oracle vm_virtualbox Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors… NVD-CWE-noinfo
CVE-2016-0678 2016-12-3 12:17 2016-04-21 表示 GitHub Exploit DB Packet Storm
243638 8.7 HIGH
ネットワーク 		oracle peoplesoft_enterprise_peopletools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect integrity and availability … NVD-CWE-noinfo
CVE-2016-0679 2016-12-3 12:17 2016-04-21 表示 GitHub Exploit DB Packet Storm
243639 5.4 MEDIUM
ネットワーク 		oracle peoplesoft_supply_chain_management_eprocurement Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors re… NVD-CWE-noinfo
CVE-2016-0680 2016-12-3 12:17 2016-04-21 表示 GitHub Exploit DB Packet Storm
243640 7.8 HIGH
ローカル 		oracle olap Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unspeci… NVD-CWE-noinfo
CVE-2016-0681 2016-12-3 12:17 2016-04-21 表示 GitHub Exploit DB Packet Storm
243641 5.4 MEDIUM
ネットワーク 		oracle peoplesoft_enterprise_peopletools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integri… NVD-CWE-noinfo
CVE-2016-0683 2016-12-3 12:17 2016-04-21 表示 GitHub Exploit DB Packet Storm
243642 6.5 MEDIUM
ネットワーク 		oracle micros_arspos Unspecified vulnerability in the Oracle Retail MICROS ARS POS component in Oracle Retail Applications 1.5 allows remote authenticated users to affect confidentiality via vectors related to POS. NVD-CWE-noinfo
CVE-2016-0684 2016-12-3 12:17 2016-04-21 表示 GitHub Exploit DB Packet Storm
243643 5.4 MEDIUM
ネットワーク 		oracle peoplesoft_enterprise_peopletools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integri… NVD-CWE-noinfo
CVE-2016-0685 2016-12-3 12:17 2016-04-21 表示 GitHub Exploit DB Packet Storm
243644 3.3 LOW
ローカル 		oracle database Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerabil… NVD-CWE-noinfo
CVE-2016-0690 2016-12-3 12:17 2016-04-21 表示 GitHub Exploit DB Packet Storm
243645 3.3 LOW
ローカル 		oracle database Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerabil… NVD-CWE-noinfo
CVE-2016-0691 2016-12-3 12:17 2016-04-21 表示 GitHub Exploit DB Packet Storm
243646 9.8 CRITICAL
ネットワーク 		oracle solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the PAM LDAP module. NVD-CWE-noinfo
CVE-2016-0693 2016-12-3 12:17 2016-04-21 表示 GitHub Exploit DB Packet Storm
243647 6.0 MEDIUM
ローカル 		oracle application_object_library Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows local users to affect confidentiality and integrity v… NVD-CWE-noinfo
CVE-2016-0697 2016-12-3 12:17 2016-04-21 表示 GitHub Exploit DB Packet Storm
243648 5.4 MEDIUM
ネットワーク 		oracle peoplesoft_enterprise_peopletools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integri… NVD-CWE-noinfo
CVE-2016-0698 2016-12-3 12:17 2016-04-21 表示 GitHub Exploit DB Packet Storm
243649 9.1 CRITICAL
ネットワーク 		oracle flexcube_direct_banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.2 and 12.0.3 allows remote attackers to affect confidentiality and integrity via v… NVD-CWE-noinfo
CVE-2016-0699 2016-12-3 12:17 2016-04-21 表示 GitHub Exploit DB Packet Storm
243650 4.3 MEDIUM
ネットワーク 		ibm db2
db2_connect 		IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA mess… CWE-20
不適切な入力確認 		CVE-2016-0211 2016-12-3 12:16 2016-04-28 表示 GitHub Exploit DB Packet Storm