Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 25, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
253121 6.2 警告 Puppet - Puppet Labs の Puppet における任意の Puppet コードを実行される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2011-3871 2011-11-4 15:02 2011-09-30 Show GitHub Exploit DB Packet Storm
253122 6.3 警告 Puppet - Puppet Labs の Puppet における任意のファイルのパーミッションを変更される脆弱性 CWE-59
リンク解釈の問題 		CVE-2011-3870 2011-11-4 15:01 2011-09-30 Show GitHub Exploit DB Packet Storm
253123 6.3 警告 Puppet - Puppet Labs の Puppet における任意のファイルを上書きされる脆弱性 CWE-59
リンク解釈の問題 		CVE-2011-3869 2011-11-4 15:01 2011-09-30 Show GitHub Exploit DB Packet Storm
253124 5 警告 Puppet - Puppet Labs の Puppet におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2011-3848 2011-11-4 15:00 2011-09-28 Show GitHub Exploit DB Packet Storm
253125 4.3 警告 アップル - WebObjects におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-3998 2011-11-4 14:03 2011-11-4 Show GitHub Exploit DB Packet Storm
253126 6.4 警告 Opengear - 複数の Opengear 製品における認証回避の脆弱性 CWE-287
不適切な認証 		CVE-2011-3997 2011-11-4 14:02 2011-11-4 Show GitHub Exploit DB Packet Storm
253127 9.3 危険 アップル - Windows 上で稼動する Apple QuickTime における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2011-3251 2011-11-4 11:52 2011-10-26 Show GitHub Exploit DB Packet Storm
253128 9.3 危険 アップル - Apple QuickTime における整数オーバーフローの脆弱性 CWE-189
数値処理の問題 		CVE-2011-3250 2011-11-4 11:38 2011-10-28 Show GitHub Exploit DB Packet Storm
253129 9.3 危険 アップル - Apple QuickTime におけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2011-3249 2011-11-4 11:38 2011-10-28 Show GitHub Exploit DB Packet Storm
253130 9.3 危険 アップル - Apple QuickTime における整数符号エラーの脆弱性 CWE-189
数値処理の問題 		CVE-2011-3248 2011-11-4 11:37 2011-10-28 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 26, 2026, 4:05 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
264701 7.2 HIGH
Network 		puppet puppet_enterprise
puppet_agent 		Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet… CWE-284
Improper Access Control 		CVE-2016-5714 2024-11-21 11:54 2017-10-19 Show GitHub Exploit DB Packet Storm
264702 7.8 HIGH
Local 		novell
opensuse 		suse_linux_enterprise_server
suse_linux_enterprise_desktop
leap 		The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root. CWE-20
 Improper Input Validation  		CVE-2016-5759 2024-11-21 11:54 2017-09-9 Show GitHub Exploit DB Packet Storm
264703 4.7 MEDIUM
Local 		google android In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel stack data can be leaked to userspace by an audio driver. CWE-200
Information Exposure 		CVE-2016-5347 2024-11-21 11:54 2017-08-17 Show GitHub Exploit DB Packet Storm
264704 8.8 HIGH
Network 		puppet puppet_enterprise The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node. CWE-134
Use of Externally-Controlled Format String 		CVE-2016-5716 2024-11-21 11:54 2017-08-9 Show GitHub Exploit DB Packet Storm
264705 6.1 MEDIUM
Network 		apache sling In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to … CWE-79
Cross-site Scripting 		CVE-2016-5394 2024-11-21 11:54 2017-07-20 Show GitHub Exploit DB Packet Storm
264706 7.5 HIGH
Network 		freeipa freeipa FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services. CWE-284
Improper Access Control 		CVE-2016-5414 2024-11-21 11:54 2017-06-28 Show GitHub Exploit DB Packet Storm
264707 7.5 HIGH
Network 		libreswan
fedoraproject 		libreswan
fedora 		libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart). CWE-476
 NULL Pointer Dereference 		CVE-2016-5391 2024-11-21 11:54 2017-06-14 Show GitHub Exploit DB Packet Storm
264708 9.8 CRITICAL
Network 		redhat quickstart_cloud_installer /var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system. CWE-255
Credentials Management 		CVE-2016-5411 2024-11-21 11:54 2017-06-14 Show GitHub Exploit DB Packet Storm
264709 5.3 MEDIUM
Network 		acer acer_portal Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate. CWE-295
Improper Certificate Validation  		CVE-2016-5648 2024-11-21 11:54 2017-06-9 Show GitHub Exploit DB Packet Storm
264710 7.5 HIGH
Network 		redhat enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_hpc_node 		389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstat… CWE-200
Information Exposure 		CVE-2016-5416 2024-11-21 11:54 2017-06-9 Show GitHub Exploit DB Packet Storm