NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年10月6日12:02

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
243851	7.3	HIGH ネットワーク	yandex	yandex_browser	Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special J…	CWE-254 セキュリティ機能	CVE-2016-8502	2016-12-3 08:55	2016-10-27	表示	GitHub Exploit DB Packet Storm

243852	5.3	MEDIUM ネットワーク	yandex	yandex_browser	Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled.	CWE-264 認可・権限・アクセス制御	CVE-2016-8501	2016-12-3 08:53	2016-10-27	表示	GitHub Exploit DB Packet Storm

243853	4.3	MEDIUM ネットワーク	yandex	yandex_browser	CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile.	CWE-352 同一生成元ポリシー違反	CVE-2016-8504	2016-12-3 08:51	2016-10-27	表示	GitHub Exploit DB Packet Storm

243854	6.1	MEDIUM ネットワーク	yandex	yandex.browser	XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-8505	2016-12-3 08:48	2016-10-27	表示	GitHub Exploit DB Packet Storm

243855	6.1	MEDIUM ネットワーク	yandex	yandex_browser	XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-8506	2016-12-3 08:48	2016-10-27	表示	GitHub Exploit DB Packet Storm

243856	9.8	CRITICAL ネットワーク	google	android	On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can resul…	CWE-190 CWE-388 整数オーバーフローまたはラップアラウンドエラー処理	CVE-2016-7990	2016-12-3 08:38	2016-10-31	表示	GitHub Exploit DB Packet Storm

243857	7.5	HIGH ネットワーク	google	android	On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and …	CWE-388 エラー処理	CVE-2016-7991	2016-12-3 08:37	2016-10-31	表示	GitHub Exploit DB Packet Storm

243858	5.5	MEDIUM ローカル	intel	integrated_performance_primitives	Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack.	CWE-200 情報漏えい	CVE-2016-8100	2016-12-3 08:37	2016-10-11	表示	GitHub Exploit DB Packet Storm

243859	7.8	HIGH ローカル	intel	solid-state_drive_toolbox	The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local users to gain privileges via unspecified vectors.	CWE-264 認可・権限・アクセス制御	CVE-2016-8101	2016-12-3 08:37	2016-10-11	表示	GitHub Exploit DB Packet Storm

243860	5.5	MEDIUM ローカル	huawei	p8_firmware mate_s_firmware honor6_firmware	The video driver in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B362, CRR-UL20 before CRR-UL20C00B362, CRR-CL00 before CRR-CL00C92B362, and CRR-CL20 before CRR-CL20C92B362; P8 …	CWE-284 不適切なアクセス制御	CVE-2016-8279	2016-12-3 08:37	2016-09-26	表示	GitHub Exploit DB Packet Storm

243861	9.8	CRITICAL ネットワーク	exponentcms	exponent_cms	The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.	CWE-89 SQLインジェクション	CVE-2016-7453	2016-12-3 08:19	2016-11-3	表示	GitHub Exploit DB Packet Storm

243862	7.8	HIGH ローカル	teradata	studio_express	The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber syste…	CWE-59 CWE-264 リンク解釈の問題認可・権限・アクセス制御	CVE-2016-7490	2016-12-3 08:18	2016-11-11	表示	GitHub Exploit DB Packet Storm

243863	9.8	CRITICAL ネットワーク	teradata	virtual_machine	Teradata Virtual Machine Community Edition v15.10's perl script /opt/teradata/gsctools/bin/t2a.pl creates files in /tmp in an insecure manner, this may lead to elevated code execution.	CWE-264 認可・権限・アクセス制御	CVE-2016-7489	2016-12-3 08:17	2016-11-11	表示	GitHub Exploit DB Packet Storm

243864	9.8	CRITICAL ネットワーク	artifex	mujs	A use-after-free vulnerability was observed in Rp_toString function of Artifex Software, Inc. MuJS before 5c337af4b3df80cf967e4f9f6a21522de84b392a. A successful exploitation of this issue can lead to…	CWE-416 解放済みメモリの使用	CVE-2016-7504	2016-12-3 08:17	2016-10-29	表示	GitHub Exploit DB Packet Storm

243865	9.8	CRITICAL ネットワーク	artifex	mujs	A buffer overflow vulnerability was observed in divby function of Artifex Software, Inc. MuJS before 8c805b4eb19cf2af689c860b77e6111d2ee439d5. A successful exploitation of this issue can lead to code…	CWE-119 バッファエラー	CVE-2016-7505	2016-12-3 08:17	2016-10-29	表示	GitHub Exploit DB Packet Storm

243866	7.5	HIGH ネットワーク	artifex	mujs	An out-of-bounds read vulnerability was observed in Sp_replace_regexp function of Artifex Software, Inc. MuJS before 5000749f5afe3b956fc916e407309de840997f4a. A successful exploitation of this issue …	CWE-125 境界外読み取り	CVE-2016-7506	2016-12-3 08:15	2016-10-29	表示	GitHub Exploit DB Packet Storm

243867	9.8	CRITICAL ネットワーク	fortinet	fortiwlc	The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrar…	CWE-798 ハードコードされた認証情報の使用	CVE-2016-7560	2016-12-3 08:15	2016-10-6	表示	GitHub Exploit DB Packet Storm

243868	7.2	HIGH ネットワーク	fortinet	fortiwlc	Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file.	CWE-200 情報漏えい	CVE-2016-7561	2016-12-3 08:13	2016-10-6	表示	GitHub Exploit DB Packet Storm

243869	5.0	MEDIUM ローカル	linux	linux_kernel	The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain …	CWE-125 CWE-200 境界外読み取り情報漏えい	CVE-2016-7917	2016-12-3 08:13	2016-11-16	表示	GitHub Exploit DB Packet Storm

243870	7.8	HIGH ローカル	adobe	acrobat acrobat_dc acrobat_reader_dc reader	Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.2…	NVD-CWE-Other	CVE-2016-4106	2016-12-3 08:12	2016-05-11	表示	GitHub Exploit DB Packet Storm

243871	7.8	HIGH ローカル	adobe	acrobat acrobat_dc acrobat_reader_dc reader	<a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a>	NVD-CWE-Other	CVE-2016-4106	2016-12-3 08:12	2016-05-11	表示	GitHub Exploit DB Packet Storm

243872	9.8	CRITICAL ネットワーク	adobe	acrobat acrobat_dc acrobat_reader_dc reader	Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on W…	CWE-119 バッファエラー	CVE-2016-4092	2016-12-3 08:09	2016-05-11	表示	GitHub Exploit DB Packet Storm

243873	8.6	HIGH ネットワーク	dokuwiki	dokuwiki	The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This …	CWE-918 サーバサイドリクエストフォージェリ	CVE-2016-7964	2016-12-3 08:09	2016-10-31	表示	GitHub Exploit DB Packet Storm

243874	7.5	HIGH ネットワーク	google	android	On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configur…	CWE-388 CWE-275 エラー処理パーミッションの問題	CVE-2016-7988	2016-12-3 08:09	2016-10-31	表示	GitHub Exploit DB Packet Storm

243875	7.8	HIGH ローカル	teradata	virtual_machine	Teradata Virtual Machine Community Edition v15.10 has insecure file permissions on /etc/luminex/pkgmgr. These could allow a local user to modify its contents and execute commands as root.	CWE-264 認可・権限・アクセス制御	CVE-2016-7488	2016-12-3 08:05	2016-11-11	表示	GitHub Exploit DB Packet Storm

243876	7.5	HIGH ネットワーク	google	android	On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the…	CWE-254 セキュリティ機能	CVE-2016-7989	2016-12-3 08:05	2016-10-31	表示	GitHub Exploit DB Packet Storm

243877	6.1	MEDIUM ネットワーク	mediaelementjs wordpress	mediaelement.js wordpress	Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or H…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-4567	2016-12-3 08:01	2016-05-22	表示	GitHub Exploit DB Packet Storm

243878	6.1	MEDIUM ネットワーク	wordpress plupload	wordpress plupload	Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-O…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-4566	2016-12-3 07:56	2016-05-22	表示	GitHub Exploit DB Packet Storm

243879	7.8	HIGH ローカル	apple	mac_os_x	Buffer overflow in IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.	CWE-119 バッファエラー	CVE-2016-1820	2016-12-3 07:49	2016-05-20	表示	GitHub Exploit DB Packet Storm

243880	7.8	HIGH ローカル	apple	mac_os_x	IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.	NVD-CWE-Other	CVE-2016-1821	2016-12-3 07:49	2016-05-20	表示	GitHub Exploit DB Packet Storm

243881	7.8	HIGH ローカル	apple	mac_os_x	<a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>	NVD-CWE-Other	CVE-2016-1821	2016-12-3 07:49	2016-05-20	表示	GitHub Exploit DB Packet Storm

243882	7.8	HIGH ローカル	apple	mac_os_x	Integer overflow in the dtrace implementation in the kernel in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.	NVD-CWE-Other	CVE-2016-1826	2016-12-3 07:48	2016-05-20	表示	GitHub Exploit DB Packet Storm

243883	7.8	HIGH ローカル	apple	mac_os_x	<a href="http://cwe.mitre.org/data/definitions/190.html">CWE-190: Integer Overflow or Wraparound</a>	NVD-CWE-Other	CVE-2016-1826	2016-12-3 07:48	2016-05-20	表示	GitHub Exploit DB Packet Storm

243884	7.8	HIGH ローカル	apple	mac_os_x	SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.	CWE-119 バッファエラー	CVE-2016-1850	2016-12-3 07:46	2016-05-20	表示	GitHub Exploit DB Packet Storm

243885	7.8	HIGH ローカル	apple	mac_os_x	IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	CWE-119 バッファエラー	CVE-2016-1825	2016-12-3 07:45	2016-05-20	表示	GitHub Exploit DB Packet Storm

243886	7.8	HIGH ローカル	apple	mac_os_x	IOFireWireFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	CWE-119 バッファエラー	CVE-2016-1822	2016-12-3 07:40	2016-05-20	表示	GitHub Exploit DB Packet Storm

243887	4.6	MEDIUM 物理	apple	mac_os_x	The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vect…	NVD-CWE-noinfo	CVE-2016-1851	2016-12-3 07:39	2016-05-20	表示	GitHub Exploit DB Packet Storm

243888	2.4	LOW 物理	apple	iphone_os	Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via…	CWE-200 情報漏えい	CVE-2016-1852	2016-12-3 07:39	2016-05-20	表示	GitHub Exploit DB Packet Storm

243889	7.5	HIGH ネットワーク	apple	mac_os_x	Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support.	CWE-200 情報漏えい	CVE-2016-1853	2016-12-3 07:38	2016-05-20	表示	GitHub Exploit DB Packet Storm

243890	9.8	CRITICAL ネットワーク	adobe	acrobat acrobat_dc acrobat_reader_dc reader	Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on W…	CWE-119 バッファエラー	CVE-2016-4091	2016-12-3 07:15	2016-05-11	表示	GitHub Exploit DB Packet Storm

243891	4.0	MEDIUM ローカル	docker2aci_project	docker2aci	docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain.	CWE-399 CWE-20 リソース管理の問題不適切な入力確認	CVE-2016-8579	2016-12-3 07:08	2016-10-29	表示	GitHub Exploit DB Packet Storm

243892	8.1	HIGH ネットワーク	ibm	appscan_source	IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity de…	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2016-3033	2016-12-2 19:45	2016-12-1	表示	GitHub Exploit DB Packet Storm

243893	9.8	CRITICAL ネットワーク	adobe	acrobat acrobat_dc acrobat_reader_dc reader	Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker…	CWE-119 バッファエラー	CVE-2016-4088	2016-12-2 05:29	2016-05-11	表示	GitHub Exploit DB Packet Storm

243894	9.8	CRITICAL ネットワーク	adobe	acrobat acrobat_dc acrobat_reader_dc reader	Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker…	CWE-119 バッファエラー	CVE-2016-4089	2016-12-2 05:29	2016-05-11	表示	GitHub Exploit DB Packet Storm

243895	9.8	CRITICAL ネットワーク	adobe	acrobat acrobat_dc acrobat_reader_dc reader	Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker…	CWE-119 バッファエラー	CVE-2016-4090	2016-12-2 05:29	2016-05-11	表示	GitHub Exploit DB Packet Storm

243896	9.8	CRITICAL ネットワーク	adobe	acrobat acrobat_dc acrobat_reader_dc reader	Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker…	CWE-119 バッファエラー	CVE-2016-4093	2016-12-2 05:29	2016-05-11	表示	GitHub Exploit DB Packet Storm

243897	9.8	CRITICAL ネットワーク	adobe	acrobat acrobat_dc acrobat_reader_dc reader	Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker…	CWE-119 バッファエラー	CVE-2016-4098	2016-12-2 05:29	2016-05-11	表示	GitHub Exploit DB Packet Storm

243898	8.8	HIGH ネットワーク	apache	hadoop	In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service.	CWE-284 不適切なアクセス制御	CVE-2016-5393	2016-12-2 05:29	2016-11-29	表示	GitHub Exploit DB Packet Storm

243899	9.8	CRITICAL ネットワーク	adobe	acrobat acrobat_dc acrobat_reader_dc reader	Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker…	CWE-119 バッファエラー	CVE-2016-4094	2016-12-2 05:28	2016-05-11	表示	GitHub Exploit DB Packet Storm

243900	9.8	CRITICAL ネットワーク	adobe	acrobat acrobat_dc acrobat_reader_dc reader	Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker…	CWE-119 バッファエラー	CVE-2016-4096	2016-12-2 05:28	2016-05-11	表示	GitHub Exploit DB Packet Storm