243851
|
7.3 |
HIGH
ネットワーク
yandex
|
yandex_browser
|
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special J…
|
CWE-254
セキュリティ機能
|
CVE-2016-8502
|
2016-12-3 08:55 |
2016-10-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243852
|
5.3 |
MEDIUM
ネットワーク
yandex
|
yandex_browser
|
Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2016-8501
|
2016-12-3 08:53 |
2016-10-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243853
|
4.3 |
MEDIUM
ネットワーク
|
yandex
|
yandex_browser
|
CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile.
|
CWE-352
同一生成元ポリシー違反
|
CVE-2016-8504
|
2016-12-3 08:51 |
2016-10-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243854
|
6.1 |
MEDIUM
ネットワーク
|
yandex
|
yandex.browser
|
XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-8505
|
2016-12-3 08:48 |
2016-10-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243855
|
6.1 |
MEDIUM
ネットワーク
|
yandex
|
yandex_browser
|
XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-8506
|
2016-12-3 08:48 |
2016-10-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243856
|
9.8 |
CRITICAL
ネットワーク
google
|
android
|
On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can resul…
|
CWE-190 CWE-388
整数オーバーフローまたはラップアラウンド エラー処理
|
CVE-2016-7990
|
2016-12-3 08:38 |
2016-10-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243857
|
7.5 |
HIGH
ネットワーク
google
|
android
|
On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and …
|
CWE-388
エラー処理
|
CVE-2016-7991
|
2016-12-3 08:37 |
2016-10-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243858
|
5.5 |
MEDIUM
ローカル
|
intel
|
integrated_performance_primitives
|
Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack.
|
CWE-200
情報漏えい
|
CVE-2016-8100
|
2016-12-3 08:37 |
2016-10-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243859
|
7.8 |
HIGH
ローカル
|
intel
|
solid-state_drive_toolbox
|
The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local users to gain privileges via unspecified vectors.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2016-8101
|
2016-12-3 08:37 |
2016-10-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243860
|
5.5 |
MEDIUM
ローカル
|
huawei
|
p8_firmware mate_s_firmware honor6_firmware
|
The video driver in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B362, CRR-UL20 before CRR-UL20C00B362, CRR-CL00 before CRR-CL00C92B362, and CRR-CL20 before CRR-CL20C92B362; P8 …
|
CWE-284
不適切なアクセス制御
|
CVE-2016-8279
|
2016-12-3 08:37 |
2016-09-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243861
|
9.8 |
CRITICAL
ネットワーク
exponentcms
|
exponent_cms
|
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.
|
CWE-89
SQLインジェクション
|
CVE-2016-7453
|
2016-12-3 08:19 |
2016-11-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243862
|
7.8 |
HIGH
ローカル
|
teradata
|
studio_express
|
The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber syste…
|
CWE-59 CWE-264
リンク解釈の問題 認可・権限・アクセス制御
|
CVE-2016-7490
|
2016-12-3 08:18 |
2016-11-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243863
|
9.8 |
CRITICAL
ネットワーク
teradata
|
virtual_machine
|
Teradata Virtual Machine Community Edition v15.10's perl script /opt/teradata/gsctools/bin/t2a.pl creates files in /tmp in an insecure manner, this may lead to elevated code execution.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2016-7489
|
2016-12-3 08:17 |
2016-11-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243864
|
9.8 |
CRITICAL
ネットワーク
artifex
|
mujs
|
A use-after-free vulnerability was observed in Rp_toString function of Artifex Software, Inc. MuJS before 5c337af4b3df80cf967e4f9f6a21522de84b392a. A successful exploitation of this issue can lead to…
|
CWE-416
解放済みメモリの使用
|
CVE-2016-7504
|
2016-12-3 08:17 |
2016-10-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243865
|
9.8 |
CRITICAL
ネットワーク
artifex
|
mujs
|
A buffer overflow vulnerability was observed in divby function of Artifex Software, Inc. MuJS before 8c805b4eb19cf2af689c860b77e6111d2ee439d5. A successful exploitation of this issue can lead to code…
|
CWE-119
バッファエラー
|
CVE-2016-7505
|
2016-12-3 08:17 |
2016-10-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243866
|
7.5 |
HIGH
ネットワーク
artifex
|
mujs
|
An out-of-bounds read vulnerability was observed in Sp_replace_regexp function of Artifex Software, Inc. MuJS before 5000749f5afe3b956fc916e407309de840997f4a. A successful exploitation of this issue …
|
CWE-125
境界外読み取り
|
CVE-2016-7506
|
2016-12-3 08:15 |
2016-10-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243867
|
9.8 |
CRITICAL
ネットワーク
fortinet
|
fortiwlc
|
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrar…
|
CWE-798
ハードコードされた認証情報の使用
|
CVE-2016-7560
|
2016-12-3 08:15 |
2016-10-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243868
|
7.2 |
HIGH
ネットワーク
|
fortinet
|
fortiwlc
|
Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file.
|
CWE-200
情報漏えい
|
CVE-2016-7561
|
2016-12-3 08:13 |
2016-10-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243869
|
5.0 |
MEDIUM
ローカル
|
linux
|
linux_kernel
|
The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain …
|
CWE-125 CWE-200
境界外読み取り 情報漏えい
|
CVE-2016-7917
|
2016-12-3 08:13 |
2016-11-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243870
|
7.8 |
HIGH
ローカル
|
adobe
|
acrobat acrobat_dc acrobat_reader_dc reader
|
Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.2…
|
NVD-CWE-Other
|
CVE-2016-4106
|
2016-12-3 08:12 |
2016-05-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243871
|
7.8 |
HIGH
ローカル
|
adobe
|
acrobat acrobat_dc acrobat_reader_dc reader
|
<a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a>
|
NVD-CWE-Other
|
CVE-2016-4106
|
2016-12-3 08:12 |
2016-05-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243872
|
9.8 |
CRITICAL
ネットワーク
adobe
|
acrobat acrobat_dc acrobat_reader_dc reader
|
Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on W…
|
CWE-119
バッファエラー
|
CVE-2016-4092
|
2016-12-3 08:09 |
2016-05-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243873
|
8.6 |
HIGH
ネットワーク
dokuwiki
|
dokuwiki
|
The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This …
|
CWE-918
サーバサイドリクエストフォージェリ
|
CVE-2016-7964
|
2016-12-3 08:09 |
2016-10-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243874
|
7.5 |
HIGH
ネットワーク
google
|
android
|
On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configur…
|
CWE-388 CWE-275
エラー処理 パーミッションの問題
|
CVE-2016-7988
|
2016-12-3 08:09 |
2016-10-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243875
|
7.8 |
HIGH
ローカル
|
teradata
|
virtual_machine
|
Teradata Virtual Machine Community Edition v15.10 has insecure file permissions on /etc/luminex/pkgmgr. These could allow a local user to modify its contents and execute commands as root.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2016-7488
|
2016-12-3 08:05 |
2016-11-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243876
|
7.5 |
HIGH
ネットワーク
google
|
android
|
On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the…
|
CWE-254
セキュリティ機能
|
CVE-2016-7989
|
2016-12-3 08:05 |
2016-10-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243877
|
6.1 |
MEDIUM
ネットワーク
|
mediaelementjs wordpress
|
mediaelement.js wordpress
|
Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or H…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-4567
|
2016-12-3 08:01 |
2016-05-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243878
|
6.1 |
MEDIUM
ネットワーク
|
wordpress plupload
|
wordpress plupload
|
Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-O…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-4566
|
2016-12-3 07:56 |
2016-05-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243879
|
7.8 |
HIGH
ローカル
|
apple
|
mac_os_x
|
Buffer overflow in IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
|
CWE-119
バッファエラー
|
CVE-2016-1820
|
2016-12-3 07:49 |
2016-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243880
|
7.8 |
HIGH
ローカル
|
apple
|
mac_os_x
|
IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
|
NVD-CWE-Other
|
CVE-2016-1821
|
2016-12-3 07:49 |
2016-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243881
|
7.8 |
HIGH
ローカル
|
apple
|
mac_os_x
|
<a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>
|
NVD-CWE-Other
|
CVE-2016-1821
|
2016-12-3 07:49 |
2016-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243882
|
7.8 |
HIGH
ローカル
|
apple
|
mac_os_x
|
Integer overflow in the dtrace implementation in the kernel in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
|
NVD-CWE-Other
|
CVE-2016-1826
|
2016-12-3 07:48 |
2016-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243883
|
7.8 |
HIGH
ローカル
|
apple
|
mac_os_x
|
<a href="http://cwe.mitre.org/data/definitions/190.html">CWE-190: Integer Overflow or Wraparound</a>
|
NVD-CWE-Other
|
CVE-2016-1826
|
2016-12-3 07:48 |
2016-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243884
|
7.8 |
HIGH
ローカル
|
apple
|
mac_os_x
|
SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.
|
CWE-119
バッファエラー
|
CVE-2016-1850
|
2016-12-3 07:46 |
2016-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243885
|
7.8 |
HIGH
ローカル
|
apple
|
mac_os_x
|
IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
CWE-119
バッファエラー
|
CVE-2016-1825
|
2016-12-3 07:45 |
2016-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243886
|
7.8 |
HIGH
ローカル
|
apple
|
mac_os_x
|
IOFireWireFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
CWE-119
バッファエラー
|
CVE-2016-1822
|
2016-12-3 07:40 |
2016-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243887
|
4.6 |
MEDIUM
物理
|
apple
|
mac_os_x
|
The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vect…
|
NVD-CWE-noinfo
|
CVE-2016-1851
|
2016-12-3 07:39 |
2016-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243888
|
2.4 |
LOW
物理
|
apple
|
iphone_os
|
Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via…
|
CWE-200
情報漏えい
|
CVE-2016-1852
|
2016-12-3 07:39 |
2016-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243889
|
7.5 |
HIGH
ネットワーク
apple
|
mac_os_x
|
Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support.
|
CWE-200
情報漏えい
|
CVE-2016-1853
|
2016-12-3 07:38 |
2016-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243890
|
9.8 |
CRITICAL
ネットワーク
adobe
|
acrobat acrobat_dc acrobat_reader_dc reader
|
Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on W…
|
CWE-119
バッファエラー
|
CVE-2016-4091
|
2016-12-3 07:15 |
2016-05-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243891
|
4.0 |
MEDIUM
ローカル
|
docker2aci_project
|
docker2aci
|
docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain.
|
CWE-399 CWE-20
リソース管理の問題 不適切な入力確認
|
CVE-2016-8579
|
2016-12-3 07:08 |
2016-10-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243892
|
8.1 |
HIGH
ネットワーク
|
ibm
|
appscan_source
|
IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity de…
|
CWE-611
XML 外部エンティティ参照の不適切な制限
|
CVE-2016-3033
|
2016-12-2 19:45 |
2016-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243893
|
9.8 |
CRITICAL
ネットワーク
adobe
|
acrobat acrobat_dc acrobat_reader_dc reader
|
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker…
|
CWE-119
バッファエラー
|
CVE-2016-4088
|
2016-12-2 05:29 |
2016-05-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243894
|
9.8 |
CRITICAL
ネットワーク
adobe
|
acrobat acrobat_dc acrobat_reader_dc reader
|
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker…
|
CWE-119
バッファエラー
|
CVE-2016-4089
|
2016-12-2 05:29 |
2016-05-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243895
|
9.8 |
CRITICAL
ネットワーク
adobe
|
acrobat acrobat_dc acrobat_reader_dc reader
|
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker…
|
CWE-119
バッファエラー
|
CVE-2016-4090
|
2016-12-2 05:29 |
2016-05-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243896
|
9.8 |
CRITICAL
ネットワーク
adobe
|
acrobat acrobat_dc acrobat_reader_dc reader
|
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker…
|
CWE-119
バッファエラー
|
CVE-2016-4093
|
2016-12-2 05:29 |
2016-05-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243897
|
9.8 |
CRITICAL
ネットワーク
adobe
|
acrobat acrobat_dc acrobat_reader_dc reader
|
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker…
|
CWE-119
バッファエラー
|
CVE-2016-4098
|
2016-12-2 05:29 |
2016-05-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243898
|
8.8 |
HIGH
ネットワーク
|
apache
|
hadoop
|
In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service.
|
CWE-284
不適切なアクセス制御
|
CVE-2016-5393
|
2016-12-2 05:29 |
2016-11-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243899
|
9.8 |
CRITICAL
ネットワーク
adobe
|
acrobat acrobat_dc acrobat_reader_dc reader
|
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker…
|
CWE-119
バッファエラー
|
CVE-2016-4094
|
2016-12-2 05:28 |
2016-05-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243900
|
9.8 |
CRITICAL
ネットワーク
adobe
|
acrobat acrobat_dc acrobat_reader_dc reader
|
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker…
|
CWE-119
バッファエラー
|
CVE-2016-4096
|
2016-12-2 05:28 |
2016-05-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|