NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年10月6日5:12

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
243901	9.8	CRITICAL ネットワーク	adobe	acrobat acrobat_dc acrobat_reader_dc reader	Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker…	CWE-119 バッファエラー	CVE-2016-4097	2016-12-2 05:28	2016-05-11	表示	GitHub Exploit DB Packet Storm

243902	9.8	CRITICAL ネットワーク	adobe	acrobat acrobat_dc acrobat_reader_dc reader	Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker…	CWE-119 バッファエラー	CVE-2016-4101	2016-12-2 05:26	2016-05-11	表示	GitHub Exploit DB Packet Storm

243903	9.8	CRITICAL ネットワーク	adobe	acrobat acrobat_dc acrobat_reader_dc reader	Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker…	CWE-119 バッファエラー	CVE-2016-4099	2016-12-2 05:25	2016-05-11	表示	GitHub Exploit DB Packet Storm

243904	9.8	CRITICAL ネットワーク	adobe	acrobat acrobat_dc acrobat_reader_dc reader	Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker…	CWE-119 バッファエラー	CVE-2016-4100	2016-12-2 05:25	2016-05-11	表示	GitHub Exploit DB Packet Storm

243905	9.8	CRITICAL ネットワーク	adobe	acrobat acrobat_dc acrobat_reader_dc reader	Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker…	CWE-119 バッファエラー	CVE-2016-4104	2016-12-2 05:25	2016-05-11	表示	GitHub Exploit DB Packet Storm

243906	9.8	CRITICAL ネットワーク	adobe	acrobat acrobat_dc acrobat_reader_dc reader	<a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>	NVD-CWE-Other	CVE-2016-4102	2016-12-2 05:22	2016-05-11	表示	GitHub Exploit DB Packet Storm

243907	9.8	CRITICAL ネットワーク	adobe	acrobat acrobat_dc acrobat_reader_dc reader	Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…	NVD-CWE-Other	CVE-2016-4102	2016-12-2 05:22	2016-05-11	表示	GitHub Exploit DB Packet Storm

243908	9.8	CRITICAL ネットワーク	adobe	acrobat acrobat_dc acrobat_reader_dc reader	Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker…	CWE-119 バッファエラー	CVE-2016-4103	2016-12-2 05:22	2016-05-11	表示	GitHub Exploit DB Packet Storm

243909	9.8	CRITICAL ネットワーク	adobe	acrobat acrobat_dc acrobat_reader_dc reader	Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker…	CWE-119 バッファエラー	CVE-2016-4105	2016-12-2 05:22	2016-05-11	表示	GitHub Exploit DB Packet Storm

243910	9.8	CRITICAL ネットワーク	adobe	acrobat acrobat_dc acrobat_reader_dc reader	<a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>	NVD-CWE-Other	CVE-2016-4107	2016-12-2 05:21	2016-05-11	表示	GitHub Exploit DB Packet Storm

243911	9.8	CRITICAL ネットワーク	adobe	acrobat acrobat_dc acrobat_reader_dc reader	Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…	NVD-CWE-Other	CVE-2016-4107	2016-12-2 05:21	2016-05-11	表示	GitHub Exploit DB Packet Storm

243912	7.5	HIGH ネットワーク	apple	iphone_os mac_os_x watchos	MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the netw…	CWE-284 不適切なアクセス制御	CVE-2016-1842	2016-12-2 04:56	2016-05-20	表示	GitHub Exploit DB Packet Storm

243913	7.5	HIGH ネットワーク	apple	mac_os_x	The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors.	CWE-20 不適切な入力確認	CVE-2016-1843	2016-12-2 04:54	2016-05-20	表示	GitHub Exploit DB Packet Storm

243914	5.3	MEDIUM ネットワーク	apple	mac_os_x	The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors.	CWE-284 不適切なアクセス制御	CVE-2016-1844	2016-12-2 04:54	2016-05-20	表示	GitHub Exploit DB Packet Storm

243915	8.8	HIGH ネットワーク	dell	idrac7_firmware idrac8_firmware	Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection.	CWE-74 インジェクション	CVE-2016-5685	2016-12-2 04:54	2016-11-30	表示	GitHub Exploit DB Packet Storm

243916	7.8	HIGH ローカル	ibm	tivoli_monitoring	Stack-based buffer overflow in the ax Shared Libraries in the Agent in IBM Tivoli Monitoring (ITM) 6.2.2 before FP9, 6.2.3 before FP5, and 6.3.0 before FP2 on Linux and UNIX allows local users to gai…	CWE-119 バッファエラー	CVE-2016-2946	2016-12-2 04:42	2016-12-1	表示	GitHub Exploit DB Packet Storm

243917	8.8	HIGH ネットワーク	ibm	tririga_application_platform	The notifications component in IBM TRIRIGA Applications 10.4 and 10.5 before 10.5.1 allows remote authenticated users to obtain sensitive password information, and consequently gain privileges, via u…	CWE-264 認可・権限・アクセス制御	CVE-2016-2917	2016-12-2 04:24	2016-12-1	表示	GitHub Exploit DB Packet Storm

243918	7.5	HIGH ネットワーク	ibm	api_connect network_path_manager	IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended acces…	CWE-200 情報漏えい	CVE-2016-3012	2016-12-2 03:50	2016-12-1	表示	GitHub Exploit DB Packet Storm

243919	6.5	MEDIUM ネットワーク	ibm	qradar_security_information_and_event_manager	IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access restrictions via modified request paramete…	CWE-254 セキュリティ機能	CVE-2016-2881	2016-12-2 03:39	2016-12-1	表示	GitHub Exploit DB Packet Storm

243920	8.0	HIGH ネットワーク	ibm	forms_experience_builder	Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijac…	CWE-352 同一生成元ポリシー違反	CVE-2016-2884	2016-12-2 03:06	2016-12-1	表示	GitHub Exploit DB Packet Storm

243921	6.8	MEDIUM ネットワーク	ibm	filenet_workplace	Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecifi…	CWE-601 オープンリダイレクト	CVE-2016-3047	2016-12-2 01:27	2016-12-1	表示	GitHub Exploit DB Packet Storm

243922	8.1	HIGH ネットワーク	ibm	filenet_workplace	IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an externa…	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2016-3055	2016-12-2 01:23	2016-12-1	表示	GitHub Exploit DB Packet Storm

243923	5.4	MEDIUM ネットワーク	ibm	lotus_protector_for_mail_security	Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Protector for Mail Security 2.8.0.0 through 2.8.1.0 before 2.8.1.0-22115 allow remote authenticated users to inject arbitrary web scri…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-2991	2016-12-2 00:21	2016-12-1	表示	GitHub Exploit DB Packet Storm

243924	5.4	MEDIUM ネットワーク	ibm	connections	Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-2955	2016-12-2 00:16	2016-12-1	表示	GitHub Exploit DB Packet Storm

243925	8.8	HIGH ネットワーク	cacti	cacti	SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter.	CWE-89 SQLインジェクション	CVE-2016-3659	2016-12-1 12:10	2016-04-12	表示	GitHub Exploit DB Packet Storm

243926	7.5	HIGH ネットワーク	enlightenment debian	imlib2 debian_linux	Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafte…	CWE-119 バッファエラー	CVE-2016-3993	2016-12-1 12:10	2016-05-14	表示	GitHub Exploit DB Packet Storm

243927	8.2	HIGH ネットワーク	debian enlightenment	debian_linux imlib2	The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds rea…	CWE-119 バッファエラー	CVE-2016-3994	2016-12-1 12:10	2016-05-14	表示	GitHub Exploit DB Packet Storm

243928	8.4	HIGH ローカル	oracle xen	vm_server xen	The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might al…	CWE-264 認可・権限・アクセス制御	CVE-2016-4480	2016-12-1 12:10	2016-05-18	表示	GitHub Exploit DB Packet Storm

243929	3.0	LOW ローカル	mcafee microsoft	virusscan_enterprise windows	The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and…	CWE-264 認可・権限・アクセス制御	CVE-2016-4534	2016-12-1 12:10	2016-05-6	表示	GitHub Exploit DB Packet Storm

243930	8.8	HIGH ネットワーク	cacti	cacti	SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action.	CWE-89 SQLインジェクション	CVE-2016-3172	2016-12-1 12:09	2016-04-13	表示	GitHub Exploit DB Packet Storm

243931	9.8	CRITICAL ネットワーク	hp	continuous_delivery_automation	HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.	CWE-94 コード・インジェクション	CVE-2016-1986	2016-12-1 12:08	2016-02-12	表示	GitHub Exploit DB Packet Storm

243932	9.8	CRITICAL ネットワーク	hp	operations_orchestration operations_orchestration_content	HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to …	CWE-20 不適切な入力確認	CVE-2016-1997	2016-12-1 12:08	2016-03-22	表示	GitHub Exploit DB Packet Storm

243933	9.8	CRITICAL ネットワーク	hp	service_manager	HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collecti…	CWE-20 不適切な入力確認	CVE-2016-1998	2016-12-1 12:08	2016-03-22	表示	GitHub Exploit DB Packet Storm

243934	9.8	CRITICAL ネットワーク	hp	release_control	The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.	CWE-284 不適切なアクセス制御	CVE-2016-1999	2016-12-1 12:08	2016-05-30	表示	GitHub Exploit DB Packet Storm

243935	9.8	CRITICAL ネットワーク	hp	asset_manager asset_manager_cloudsystem_chargeback	HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache C…	CWE-19 データ処理	CVE-2016-2000	2016-12-1 12:08	2016-04-6	表示	GitHub Exploit DB Packet Storm

243936	9.8	CRITICAL ネットワーク	hp	p9000_command_view_advanced_edition_software xp7_command_view_advanced_edition_suite	HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x before 8.4.0-00 and XP7 CVAE 7.x and 8.x before 8.4.0-00 allow remote attackers to execute arbitrary commands via a crafted seriali…	NVD-CWE-Other	CVE-2016-2003	2016-12-1 12:08	2016-04-21	表示	GitHub Exploit DB Packet Storm

243937	9.8	CRITICAL ネットワーク	hp	p9000_command_view_advanced_edition_software xp7_command_view_advanced_edition_suite	<a href="http://cwe.mitre.org/data/definitions/502.html">CWE-502: Deserialization of Untrusted Data</a>	NVD-CWE-Other	CVE-2016-2003	2016-12-1 12:08	2016-04-21	表示	GitHub Exploit DB Packet Storm

243938	8.8	HIGH ネットワーク	hp	network_node_manager_i	HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache …	CWE-284 不適切なアクセス制御	CVE-2016-2009	2016-12-1 12:08	2016-05-7	表示	GitHub Exploit DB Packet Storm

243939	5.4	MEDIUM ネットワーク	hp	network_node_manager_i	Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via uns…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-2010	2016-12-1 12:08	2016-05-7	表示	GitHub Exploit DB Packet Storm

243940	5.4	MEDIUM ネットワーク	hp	network_node_manager_i	Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via uns…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-2011	2016-12-1 12:08	2016-05-7	表示	GitHub Exploit DB Packet Storm

243941	6.5	MEDIUM ネットワーク	hp	network_node_manager_i	HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors.	CWE-287 不適切な認証	CVE-2016-2012	2016-12-1 12:08	2016-05-7	表示	GitHub Exploit DB Packet Storm

243942	6.5	MEDIUM ネットワーク	hp	network_node_manager_i	HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors.	CWE-200 情報漏えい	CVE-2016-2013	2016-12-1 12:08	2016-05-7	表示	GitHub Exploit DB Packet Storm

243943	8.1	HIGH ネットワーク	hp	network_node_manager_i	HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.	CWE-284 不適切なアクセス制御	CVE-2016-2014	2016-12-1 12:08	2016-05-7	表示	GitHub Exploit DB Packet Storm

243944	7.1	HIGH ローカル	hp	system_management_homepage	HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors.	CWE-200 情報漏えい	CVE-2016-2015	2016-12-1 12:08	2016-05-15	表示	GitHub Exploit DB Packet Storm

243945	5.5	MEDIUM ローカル	hp	base-vxfs-50 base-vxfs-501 base-vxfs-51	Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mi…	CWE-284 不適切なアクセス制御	CVE-2016-2016	2016-12-1 12:08	2016-05-15	表示	GitHub Exploit DB Packet Storm

243946	5.5	MEDIUM ローカル	hp	restful_interface_tool	HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors.	CWE-200 情報漏えい	CVE-2016-2023	2016-12-1 12:08	2016-05-30	表示	GitHub Exploit DB Packet Storm

243947	7.5	HIGH ネットワーク	hp	service_manager	HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Cata…	CWE-200 情報漏えい	CVE-2016-2025	2016-12-1 12:08	2016-05-30	表示	GitHub Exploit DB Packet Storm

243948	9.8	CRITICAL ネットワーク	vmware	player workstation	VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vector…	CWE-264 認可・権限・アクセス制御	CVE-2016-2077	2016-12-1 12:08	2016-05-18	表示	GitHub Exploit DB Packet Storm

243949	9.1	CRITICAL ネットワーク	symantec	anti-virus_engine	The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system …	CWE-399 リソース管理の問題	CVE-2016-2208	2016-12-1 12:08	2016-05-19	表示	GitHub Exploit DB Packet Storm

243950	7.8	HIGH ローカル	apple	mac_os_x	The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of…	CWE-119 バッファエラー	CVE-2016-1846	2016-12-1 12:07	2016-05-20	表示	GitHub Exploit DB Packet Storm