NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月21日4:01

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
248351	6.3	MEDIUM 隣接	samsung	galaxy_s6_firmware	Buffer overflow in dhd_bus_flow_ring_delete_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (wh…	CWE-119 バッファエラー	CVE-2018-14854	2024-11-21 12:49	2018-12-18	表示	GitHub Exploit DB Packet Storm

248352	4.3	MEDIUM 隣接	samsung	galaxy_s6_firmware	A NULL pointer dereference in dhd_prot_txdata_write_flush in drivers/net/wireless/bcmdhd4358/dhd_msgbuf.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an atta…	CWE-476 NULL ポインタデリファレンス	CVE-2018-14853	2024-11-21 12:49	2018-12-18	表示	GitHub Exploit DB Packet Storm

248353	6.3	MEDIUM 隣接	samsung	galaxy_s6_firmware	Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has ob…	CWE-119 バッファエラー	CVE-2018-14852	2024-11-21 12:49	2018-12-18	表示	GitHub Exploit DB Packet Storm

248354	4.3	MEDIUM ネットワーク	theforeman	katello	A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal …	-	CVE-2018-14623	2024-11-21 12:49	2018-12-14	表示	GitHub Exploit DB Packet Storm

248355	9.8	CRITICAL ネットワーク	drobo	5n2_firmware	Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation.	CWE-287 不適切な認証	CVE-2018-14709	2024-11-21 12:49	2018-12-4	表示	GitHub Exploit DB Packet Storm

248356	9.8	CRITICAL ネットワーク	drobo	5n2_firmware	An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic.	CWE-287 不適切な認証	CVE-2018-14708	2024-11-21 12:49	2018-12-4	表示	GitHub Exploit DB Packet Storm

248357	7.5	HIGH ネットワーク	drobo	5n2_firmware	Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations.	CWE-22 パス・トラバーサル	CVE-2018-14707	2024-11-21 12:49	2018-12-4	表示	GitHub Exploit DB Packet Storm

248358	9.8	CRITICAL ネットワーク	drobo	5n2_firmware	System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the payload in a POST r…	CWE-78 OSコマンド・インジェクション	CVE-2018-14706	2024-11-21 12:49	2018-12-4	表示	GitHub Exploit DB Packet Storm

248359	6.1	MEDIUM ネットワーク	drobo	5n2_firmware	Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via a malformed URL path.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14704	2024-11-21 12:49	2018-12-4	表示	GitHub Exploit DB Packet Storm

248360	9.8	CRITICAL ネットワーク	drobo	5n2_firmware	Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password.	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-14703	2024-11-21 12:49	2018-12-4	表示	GitHub Exploit DB Packet Storm

248361	7.5	HIGH ネットワーク	drobo	5n2_firmware	Incorrect access control in the /drobopix/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information.	CWE-200 情報漏えい	CVE-2018-14702	2024-11-21 12:49	2018-12-4	表示	GitHub Exploit DB Packet Storm

248362	9.8	CRITICAL ネットワーク	drobo	5n2_firmware	System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL paramet…	CWE-78 OSコマンド・インジェクション	CVE-2018-14701	2024-11-21 12:49	2018-12-4	表示	GitHub Exploit DB Packet Storm

248363	7.5	HIGH ネットワーク	drobo	5n2_firmware	Incorrect access control in the /mysql/api/logfile.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve MySQL log files via the "name" URL parameter.	CWE-532 ログファイルからの情報漏えい	CVE-2018-14700	2024-11-21 12:49	2018-12-4	表示	GitHub Exploit DB Packet Storm

248364	9.8	CRITICAL ネットワーク	drobo	5n2_firmware	System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL paramet…	CWE-78 OSコマンド・インジェクション	CVE-2018-14699	2024-11-21 12:49	2018-12-4	表示	GitHub Exploit DB Packet Storm

248365	6.1	MEDIUM ネットワーク	drobo	5n2_firmware	Cross-site scripting in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the "username" URL parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14698	2024-11-21 12:49	2018-12-4	表示	GitHub Exploit DB Packet Storm

248366	6.1	MEDIUM ネットワーク	drobo	5n2_firmware	Cross-site scripting in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the username URL parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14697	2024-11-21 12:49	2018-12-4	表示	GitHub Exploit DB Packet Storm

248367	7.5	HIGH ネットワーク	drobo	5n2_firmware	Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information.	CWE-200 情報漏えい	CVE-2018-14696	2024-11-21 12:49	2018-12-4	表示	GitHub Exploit DB Packet Storm

248368	7.5	HIGH ネットワーク	drobo	5n2_firmware	Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve diagnostic information via the "name" URL paramet…	CWE-200 情報漏えい	CVE-2018-14695	2024-11-21 12:49	2018-12-4	表示	GitHub Exploit DB Packet Storm

248369	8.1	HIGH ネットワーク	redhat	keycloak	The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.	CWE-287 不適切な認証	CVE-2018-14637	2024-11-21 12:49	2018-11-30	表示	GitHub Exploit DB Packet Storm

248370	7.5	HIGH ネットワーク	powerdns	recursor authoritative	PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of ser…	NVD-CWE-noinfo	CVE-2018-14626	2024-11-21 12:49	2018-11-30	表示	GitHub Exploit DB Packet Storm

248371	9.8	CRITICAL ネットワーク	qnap	qts	Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS.	CWE-119 バッファエラー	CVE-2018-14749	2024-11-21 12:49	2018-11-29	表示	GitHub Exploit DB Packet Storm

248372	7.5	HIGH ネットワーク	qnap	qts	Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to pow…	CWE-863 不正な認証	CVE-2018-14748	2024-11-21 12:49	2018-11-29	表示	GitHub Exploit DB Packet Storm

248373	7.5	HIGH ネットワーク	qnap	qts	NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to c…	CWE-476 NULL ポインタデリファレンス	CVE-2018-14747	2024-11-21 12:49	2018-11-29	表示	GitHub Exploit DB Packet Storm

248374	9.8	CRITICAL ネットワーク	qnap	qts	Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbi…	CWE-77 コマンドインジェクション	CVE-2018-14746	2024-11-21 12:49	2018-11-29	表示	GitHub Exploit DB Packet Storm

248375	6.5	MEDIUM ネットワーク	samba canonical debian	samba ubuntu_linux debian_linux	A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local at…	CWE-835 無限ループ	CVE-2018-14629	2024-11-21 12:49	2018-11-28	表示	GitHub Exploit DB Packet Storm

248376	5.9	MEDIUM ネットワーク	powerdns	dnsdist	An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record wh…	CWE-20 不適切な入力確認	CVE-2018-14663	2024-11-21 12:49	2018-11-27	表示	GitHub Exploit DB Packet Storm

248377	5.5	MEDIUM ローカル	linux redhat	linux_kernel enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server enterprise_linux_server_eus enterprise_linux_server_tus enterprise_linux_server_aus	The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could explo…	CWE-476 NULL ポインタデリファレンス	CVE-2018-14646	2024-11-21 12:49	2018-11-27	表示	GitHub Exploit DB Packet Storm

248378	6.1	MEDIUM ネットワーク	redhat	keycloak	A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. Th…	CWE-601 オープンリダイレクト	CVE-2018-14658	2024-11-21 12:49	2018-11-14	表示	GitHub Exploit DB Packet Storm

248379	8.1	HIGH ネットワーク	redhat	keycloak single_sign-on	A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.	CWE-307 過度な認証試行の不適切な制限	CVE-2018-14657	2024-11-21 12:49	2018-11-14	表示	GitHub Exploit DB Packet Storm

248380	5.4	MEDIUM ネットワーク	redhat	keycloak single_sign-on	A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentica…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14655	2024-11-21 12:49	2018-11-14	表示	GitHub Exploit DB Packet Storm

248381	5.9	MEDIUM ネットワーク	powerdns	recursor	An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DN…	CWE-20 不適切な入力確認	CVE-2018-14644	2024-11-21 12:49	2018-11-10	表示	GitHub Exploit DB Packet Storm

248382	9.8	CRITICAL ネットワーク	redhat	richfaces enterprise_linux	The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary…	CWE-94 コード・インジェクション	CVE-2018-14667	2024-11-21 12:49	2018-11-7	表示	GitHub Exploit DB Packet Storm

248383	6.5	MEDIUM ネットワーク	gluster redhat debian	glusterfs enterprise_linux_server virtualization_host virtualization debian_linux	A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple l…	-	CVE-2018-14660	2024-11-21 12:49	2018-11-1	表示	GitHub Exploit DB Packet Storm

248384	8.8	HIGH ネットワーク	debian redhat gluster	debian_linux enterprise_linux glusterfs	It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execu…	-	CVE-2018-14651	2024-11-21 12:49	2018-11-1	表示	GitHub Exploit DB Packet Storm

248385	6.5	MEDIUM ネットワーク	gluster debian redhat	glusterfs debian_linux virtualization virtualization_host enterprise_linux_server	It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authen…	-	CVE-2018-14661	2024-11-21 12:49	2018-11-1	表示	GitHub Exploit DB Packet Storm

248386	6.5	MEDIUM ネットワーク	redhat debian	gluster_file_system debian_linux enterprise_linux_server virtualization virtualization_host	The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit t…	-	CVE-2018-14659	2024-11-21 12:49	2018-11-1	表示	GitHub Exploit DB Packet Storm

248387	6.5	MEDIUM ネットワーク	redhat debian	gluster_storage enterprise_linux_server enterprise_linux_virtualization virtualization virtualization_host debian_linux	The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN…	-	CVE-2018-14654	2024-11-21 12:49	2018-11-1	表示	GitHub Exploit DB Packet Storm

248388	8.8	HIGH ネットワーク	redhat debian	gluster_storage debian_linux enterprise_linux_server enterprise_linux_virtualization	The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated a…	-	CVE-2018-14653	2024-11-21 12:49	2018-11-1	表示	GitHub Exploit DB Packet Storm

248389	6.5	MEDIUM ネットワーク	redhat debian	gluster_storage debian_linux enterprise_linux_server enterprise_linux_virtualization enterprise_virtualization_host	The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr'…	-	CVE-2018-14652	2024-11-21 12:49	2018-11-1	表示	GitHub Exploit DB Packet Storm

248390	9.8	CRITICAL ネットワーク	tenda	ac7_firmware ac9_firmware ac10_firmware	An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06…	CWE-78 OSコマンド・インジェクション	CVE-2018-14558	2024-11-21 12:49	2018-10-31	表示	GitHub Exploit DB Packet Storm

248391	6.6	MEDIUM 物理	x.org redhat canonical debian	xorg-server enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server enterprise_linux_server_tus enterprise_linux_server_eus enterprise_linux_server_aus ubun…	A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in…	CWE-863 不正な認証	CVE-2018-14665	2024-11-21 12:49	2018-10-26	表示	GitHub Exploit DB Packet Storm

248392	7.8	HIGH ローカル	fujielectric	energy_savings_estimator	An uncontrolled search path element (DLL Hijacking) vulnerability has been identified in Fuji Electric Energy Savings Estimator versions V.1.0.2.0 and prior. Exploitation of this vulnerability could …	CWE-427 制御されていない検索パスの要素	CVE-2018-14812	2024-11-21 12:49	2018-10-25	表示	GitHub Exploit DB Packet Storm

248393	7.8	HIGH ローカル	advantech	webaccess	Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level.	CWE-269 不適切な権限管理	CVE-2018-14828	2024-11-21 12:49	2018-10-24	表示	GitHub Exploit DB Packet Storm

248394	7.5	HIGH ネットワーク	advantech	webaccess	Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.	CWE-20 不適切な入力確認	CVE-2018-14820	2024-11-21 12:49	2018-10-24	表示	GitHub Exploit DB Packet Storm

248395	9.8	CRITICAL ネットワーク	advantech	webaccess	Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.	CWE-787 境界外書き込み	CVE-2018-14816	2024-11-21 12:49	2018-10-24	表示	GitHub Exploit DB Packet Storm

248396	9.8	CRITICAL ネットワーク	advantech	webaccess	Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.	CWE-22 パス・トラバーサル	CVE-2018-14806	2024-11-21 12:49	2018-10-24	表示	GitHub Exploit DB Packet Storm

248397	9.8	CRITICAL ネットワーク	opto22	pac_control	A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution.	CWE-787 境界外書き込み	CVE-2018-14807	2024-11-21 12:49	2018-10-19	表示	GitHub Exploit DB Packet Storm

248398	5.3	MEDIUM ネットワーク	broadcom	ca_identity_governance ca_identity_suite_virtual_appliance	CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate…	CWE-200 情報漏えい	CVE-2018-14597	2024-11-21 12:49	2018-10-18	表示	GitHub Exploit DB Packet Storm

248399	7.2	HIGH ネットワーク	pydio	pydio	Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution vulnerability in which an attacker with administrator access to the web application can execute arbitrary code on the underlying s…	CWE-78 OSコマンド・インジェクション	CVE-2018-14772	2024-11-21 12:49	2018-10-17	表示	GitHub Exploit DB Packet Storm

248400	5.4	MEDIUM ネットワーク	theforeman	foreman	A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions t…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14664	2024-11-21 12:49	2018-10-13	表示	GitHub Exploit DB Packet Storm