NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月21日4:01

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
248451	6.5	MEDIUM ネットワーク	redhat openstack	openstack neutron	When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service cou…	CWE-20 不適切な入力確認	CVE-2018-14635	2024-11-21 12:49	2018-09-11	表示	GitHub Exploit DB Packet Storm

248452	9.8	CRITICAL ネットワーク	redhat	openstack	The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the …	CWE-20 不適切な入力確認	CVE-2018-14620	2024-11-21 12:49	2018-09-11	表示	GitHub Exploit DB Packet Storm

248453	7.0	HIGH ローカル	linux canonical debian	linux_kernel ubuntu_linux debian_linux	A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may al…	-	CVE-2018-14625	2024-11-21 12:49	2018-09-10	表示	GitHub Exploit DB Packet Storm

248454	7.7	HIGH ネットワーク	redhat starcounter-jack	openshift_container_platform json-patch	An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of ser…	CWE-787 境界外書き込み	CVE-2018-14632	2024-11-21 12:49	2018-09-6	表示	GitHub Exploit DB Packet Storm

248455	7.5	HIGH ネットワーク	fedoraproject redhat debian	389_directory_server enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server enterprise_linux_server_eus enterprise_linux_server_tus enterprise_linux_server_au…	A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_eme…	-	CVE-2018-14624	2024-11-21 12:49	2018-09-6	表示	GitHub Exploit DB Packet Storm

248456	8.8	HIGH ネットワーク	vivotek	camera	VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi.	NVD-CWE-noinfo	CVE-2018-14771	2024-11-21 12:49	2018-09-6	表示	GitHub Exploit DB Packet Storm

248457	8.8	HIGH ネットワーク	vivotek	camera	VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service).	NVD-CWE-noinfo	CVE-2018-14770	2024-11-21 12:49	2018-09-6	表示	GitHub Exploit DB Packet Storm

248458	8.8	HIGH ネットワーク	vivotek	camera	VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF.	CWE-352 同一生成元ポリシー違反	CVE-2018-14769	2024-11-21 12:49	2018-09-6	表示	GitHub Exploit DB Packet Storm

248459	9.8	CRITICAL ネットワーク	haxx canonical debian redhat	libcurl ubuntu_linux debian_linux enterprise_linux	curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to fig…	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2018-14618	2024-11-21 12:49	2018-09-6	表示	GitHub Exploit DB Packet Storm

248460	5.9	MEDIUM ネットワーク	redhat	wildfly	The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting al…	CWE-319 重要な情報の平文での送信	CVE-2018-14627	2024-11-21 12:49	2018-09-4	表示	GitHub Exploit DB Packet Storm

248461	7.5	HIGH ネットワーク	libtirpc_project	libtirpc	An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infini…	CWE-835 無限ループ	CVE-2018-14621	2024-11-21 12:49	2018-08-30	表示	GitHub Exploit DB Packet Storm

248462	7.5	HIGH ネットワーク	redhat debian canonical libtirpc_project	enterprise_linux debian_linux ubuntu_linux enterprise_linux_server_aus enterprise_linux_server_eus enterprise_linux_workstation enterprise_linux_desktop libtirpc	A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the serve…	CWE-252 未チェックの戻り値	CVE-2018-14622	2024-11-21 12:49	2018-08-30	表示	GitHub Exploit DB Packet Storm

248463	7.8	HIGH ローカル	linux	linux_kernel	A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was free…	CWE-20 不適切な入力確認	CVE-2018-14619	2024-11-21 12:49	2018-08-30	表示	GitHub Exploit DB Packet Storm

248464	8.8	HIGH ネットワーク	vivotek	camera	Various VIVOTEK FD8, FD9, FE9, IB8, IB9, IP9, IZ9, MS9, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code.	NVD-CWE-noinfo	CVE-2018-14768	2024-11-21 12:49	2018-08-30	表示	GitHub Exploit DB Packet Storm

248465	9.8	CRITICAL ネットワーク	hitachienergy	esoms	ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both cond…	CWE-287 不適切な認証	CVE-2018-14805	2024-11-21 12:49	2018-08-30	表示	GitHub Exploit DB Packet Storm

248466	7.8	HIGH ローカル	pyconuk	conference-scheduler-cli	In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.syste…	CWE-78 CWE-502 OSコマンド・インジェクション信頼性のないデータのデシリアライゼーション	CVE-2018-14572	2024-11-21 12:49	2018-08-29	表示	GitHub Exploit DB Packet Storm

248467	9.8	CRITICAL ネットワーク	x.org debian canonical	libx11 debian_linux ubuntu_linux	An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes…	CWE-787 境界外書き込み	CVE-2018-14600	2024-11-21 12:49	2018-08-25	表示	GitHub Exploit DB Packet Storm

248468	9.8	CRITICAL ネットワーク	x.org debian canonical fedoraproject redhat	libx11 debian_linux ubuntu_linux fedora enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server	An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspec…	CWE-193 境界条件の判定	CVE-2018-14599	2024-11-21 12:49	2018-08-25	表示	GitHub Exploit DB Packet Storm

248469	7.5	HIGH ネットワーク	x.org debian canonical fedoraproject	libx11 debian_linux ubuntu_linux fedora	An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that wil…	CWE-20 不適切な入力確認	CVE-2018-14598	2024-11-21 12:49	2018-08-25	表示	GitHub Exploit DB Packet Storm

248470	7.8	HIGH ローカル	emerson	deltav	Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary co…	CWE-427 制御されていない検索パスの要素	CVE-2018-14797	2024-11-21 12:49	2018-08-24	表示	GitHub Exploit DB Packet Storm

248471	7.8	HIGH ローカル	emerson	deltav	Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products.	CWE-269 不適切な権限管理	CVE-2018-14791	2024-11-21 12:49	2018-08-24	表示	GitHub Exploit DB Packet Storm

248472	9.4	CRITICAL ネットワーク	bd	alaris_gs_firmware alaris_gh_firmware alaris_cc_firmware alaris_tiva_firmware	Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vuln…	CWE-287 不適切な認証	CVE-2018-14786	2024-11-21 12:49	2018-08-24	表示	GitHub Exploit DB Packet Storm

248473	6.2	MEDIUM 物理	philips	pagewriter_tc70_firmware pagewriter_tc50_firmware pagewriter_tc30_firmware pagewriter_tc20_firmware pagewriter_tc10_firmware	In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that…	CWE-798 ハードコードされた認証情報の使用	CVE-2018-14801	2024-11-21 12:49	2018-08-23	表示	GitHub Exploit DB Packet Storm

248474	3.7	LOW 物理	philips	pagewriter_tc70_firmware pagewriter_tc50_firmware pagewriter_tc30_firmware pagewriter_tc20_firmware pagewriter_tc10_firmware	In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or form…	CWE-119 CWE-134 バッファエラー書式文字列の問題	CVE-2018-14799	2024-11-21 12:49	2018-08-23	表示	GitHub Exploit DB Packet Storm

248475	6.7	MEDIUM ローカル	philips	xcelera intellispace_cardiovascular	In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may a…	CWE-428 引用されない検索パスまたは要素	CVE-2018-14789	2024-11-21 12:49	2018-08-23	表示	GitHub Exploit DB Packet Storm

248476	7.8	HIGH ローカル	philips	xcelera intellispace_cardiovascular	In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executab…	CWE-269 不適切な権限管理	CVE-2018-14787	2024-11-21 12:49	2018-08-23	表示	GitHub Exploit DB Packet Storm

248477	8.8	HIGH ネットワーク	emerson	deltav	DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files.	CWE-22 パス・トラバーサル	CVE-2018-14795	2024-11-21 12:49	2018-08-21	表示	GitHub Exploit DB Packet Storm

248478	8.8	HIGH 隣接	emerson	deltav	DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution.	CWE-119 バッファエラー	CVE-2018-14793	2024-11-21 12:49	2018-08-21	表示	GitHub Exploit DB Packet Storm

248479	6.5	MEDIUM ネットワーク	xmlsoft debian canonical	libxml2 debian_linux ubuntu_linux	libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a dif…	CWE-835 無限ループ	CVE-2018-14567	2024-11-21 12:49	2018-08-17	表示	GitHub Exploit DB Packet Storm

248480	8.1	HIGH ネットワーク	btrfsmaintenance_project	btrfsmaintenance	An issue was discovered in evaluate_auto_mountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Code execution as root can occur via a specially crafted filesystem label if btrfs…	NVD-CWE-noinfo	CVE-2018-14722	2024-11-21 12:49	2018-08-16	表示	GitHub Exploit DB Packet Storm

248481	4.6	MEDIUM 物理	yubico	smart_card_minidriver piv_manager piv_tool	An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw …	CWE-125 境界外読み取り	CVE-2018-14780	2024-11-21 12:49	2018-08-16	表示	GitHub Exploit DB Packet Storm

248482	6.8	MEDIUM 物理	yubico	smart_card_minidriver piv_manager piv_tool	A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_le…	CWE-119 CWE-787 バッファエラー境界外書き込み	CVE-2018-14779	2024-11-21 12:49	2018-08-16	表示	GitHub Exploit DB Packet Storm

248483	7.5	HIGH ネットワーク	man-cgi_project	man-cgi	man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI.	CWE-22 パス・トラバーサル	CVE-2018-14429	2024-11-21 12:49	2018-08-15	表示	GitHub Exploit DB Packet Storm

248484	7.8	HIGH ローカル	gnome	gnome_display_manager	The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially…	CWE-416 解放済みメモリの使用	CVE-2018-14424	2024-11-21 12:49	2018-08-15	表示	GitHub Exploit DB Packet Storm

248485	5.3	MEDIUM 隣接	medtronicdiabetes	508_minimed_insulin_pump_firmware 522_paradigm_real-time_firmware 722_paradigm_real-time_firmware 523_paradigm_revel_firmware 723_paradigm_revel_firmware 523k_paradigm_revel_firmware	Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified ab…	CWE-287 不適切な認証	CVE-2018-14781	2024-11-21 12:49	2018-08-14	表示	GitHub Exploit DB Packet Storm

248486	7.8	HIGH ローカル	jetbrains	dotpeek resharper_ultimate	JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because …	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2018-14878	2024-11-21 12:49	2018-08-14	表示	GitHub Exploit DB Packet Storm

248487	5.4	MEDIUM ネットワーク	tiki	tikiwiki_cms\/groupware	Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mo…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14850	2024-11-21 12:49	2018-08-14	表示	GitHub Exploit DB Packet Storm

248488	5.4	MEDIUM ネットワーク	tiki	tikiwiki_cms\/groupware	Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14849	2024-11-21 12:49	2018-08-14	表示	GitHub Exploit DB Packet Storm

248489	7.5	HIGH ネットワーク	netcommwireless	nwl-25_firmware	NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication.	CWE-200 情報漏えい	CVE-2018-14785	2024-11-21 12:49	2018-08-11	表示	GitHub Exploit DB Packet Storm

248490	6.1	MEDIUM ネットワーク	netcommwireless	nwl-25_firmware	NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbi…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14784	2024-11-21 12:49	2018-08-11	表示	GitHub Exploit DB Packet Storm

248491	8.8	HIGH ネットワーク	netcommwireless	nwl-25_firmware	NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site request forgery condition can occur, allowing an attacker to change passwords of the device…	CWE-352 同一生成元ポリシー違反	CVE-2018-14783	2024-11-21 12:49	2018-08-11	表示	GitHub Exploit DB Packet Storm

248492	7.5	HIGH ネットワーク	netcommwireless	nwl-25_firmware	NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user.	CWE-287 不適切な認証	CVE-2018-14782	2024-11-21 12:49	2018-08-11	表示	GitHub Exploit DB Packet Storm

248493	4.8	MEDIUM ネットワーク	wolfcms	wolf_cms	Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ?/admin/snippet/edit/1 URI.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14837	2024-11-21 12:49	2018-08-11	表示	GitHub Exploit DB Packet Storm

248494	6.1	MEDIUM ネットワーク	coremail	coremail_xt	Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14503	2024-11-21 12:49	2018-08-11	表示	GitHub Exploit DB Packet Storm

248495	7.5	HIGH ネットワーク	hitachi	compute_systems_manager device_manager replication_manager tiered_storage_manager tuning_manager command_suite	An Information Exposure issue was discovered in Hitachi Command Suite 8.5.3. A remote attacker may be able to exploit a flaw in the permission of messaging that may allow for information exposure via…	CWE-200 情報漏えい	CVE-2018-14735	2024-11-21 12:49	2018-08-10	表示	GitHub Exploit DB Packet Storm

248496	6.5	MEDIUM 隣接	canonical debian w1.fi	ubuntu_linux debian_linux wpa_supplicant	An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker …	CWE-924 通信チャネルで送信中のメッセージの整合性への不適切な強制	CVE-2018-14526	2024-11-21 12:49	2018-08-9	表示	GitHub Exploit DB Packet Storm

248497	5.4	MEDIUM ネットワーク	php_template_store_script_project	php_template_store_script	PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14869	2024-11-21 12:49	2018-08-7	表示	GitHub Exploit DB Packet Storm

248498	8.8	HIGH ネットワーク	ocsinventory-ng	ocs_inventory_server	Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access t…	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2018-14857	2024-11-21 12:49	2018-08-7	表示	GitHub Exploit DB Packet Storm

248499	7.5	HIGH ネットワーク	nystudio107	seomatic	A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can…	CWE-94 コード・インジェクション	CVE-2018-14716	2024-11-21 12:49	2018-08-7	表示	GitHub Exploit DB Packet Storm

248500	8.8	HIGH ネットワーク	otrs debian	open_ticket_request_system debian_linux	An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their pr…	NVD-CWE-noinfo	CVE-2018-14593	2024-11-21 12:49	2018-08-4	表示	GitHub Exploit DB Packet Storm