NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月10日5:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
249501	5.5	MEDIUM ローカル	pulsesecure	pulse_secure_desktop_client	Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions.	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-11002	2024-11-21 12:42	2018-11-30	表示	GitHub Exploit DB Packet Storm

249502	6.7	MEDIUM ローカル	dell vmware	emc_integrated_data_protection_appliance emc_avamar vsphere_data_protection	'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2…	CWE-78 OSコマンド・インジェクション	CVE-2018-11077	2024-11-21 12:42	2018-11-27	表示	GitHub Exploit DB Packet Storm

249503	6.5	MEDIUM 隣接	dell vmware	emc_integrated_data_protection_appliance emc_avamar vsphere_data_protection	Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar …	NVD-CWE-noinfo	CVE-2018-11076	2024-11-21 12:42	2018-11-27	表示	GitHub Exploit DB Packet Storm

249504	6.1	MEDIUM ネットワーク	dell vmware	emc_integrated_data_protection_appliance emc_avamar vsphere_data_protection	Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2…	CWE-601 オープンリダイレクト	CVE-2018-11067	2024-11-21 12:42	2018-11-27	表示	GitHub Exploit DB Packet Storm

249505	9.8	CRITICAL ネットワーク	dell vmware	emc_integrated_data_protection_appliance emc_avamar vsphere_data_protection	Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2…	NVD-CWE-noinfo	CVE-2018-11066	2024-11-21 12:42	2018-11-27	表示	GitHub Exploit DB Packet Storm

249506	8.8	HIGH ネットワーク	dell	emc_integrated_data_protection_appliance	Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privil…	CWE-798 ハードコードされた認証情報の使用	CVE-2018-11062	2024-11-21 12:42	2018-11-3	表示	GitHub Exploit DB Packet Storm

249507	7.8	HIGH ローカル	emc	secure_remote_services	Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions…	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-11080	2024-11-21 12:42	2018-10-19	表示	GitHub Exploit DB Packet Storm

249508	7.8	HIGH ローカル	emc	secure_remote_services	Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authentica…	CWE-522 認証情報の不十分な保護	CVE-2018-11079	2024-11-21 12:42	2018-10-19	表示	GitHub Exploit DB Packet Storm

249509	9.8	CRITICAL ネットワーク	dlink	dwr-116_firmware dir-140l_firmware dir-640l_firmware dwr-512_firmware dwr-712_firmware dwr-912_firmware dwr-921_firmware dwr-111_firmware	An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-1…	CWE-22 CWE-522 パス・トラバーサル認証情報の不十分な保護	CVE-2018-10824	2024-11-21 12:42	2018-10-17	表示	GitHub Exploit DB Packet Storm

249510	8.8	HIGH ネットワーク	dlink	dwr-116_firmware dwr-512_firmware dwr-912_firmware dwr-111_firmware	An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated atta…	CWE-78 OSコマンド・インジェクション	CVE-2018-10823	2024-11-21 12:42	2018-10-17	表示	GitHub Exploit DB Packet Storm

249511	9.1	CRITICAL ネットワーク	libssh canonical debian redhat netapp oracle	libssh ubuntu_linux debian_linux enterprise_linux snapcenter storage_automation_store oncommand_unified_manager oncommand_workflow_automation mysql_workbench	A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unautho…	CWE-287 不適切な認証	CVE-2018-10933	2024-11-21 12:42	2018-10-17	表示	GitHub Exploit DB Packet Storm

249512	7.5	HIGH ネットワーク	dlink	dwr-116_firmware dir-140l_firmware dir-640l_firmware dwr-512_firmware dwr-712_firmware dwr-912_firmware dwr-921_firmware dwr-111_firmware	Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, …	CWE-22 パス・トラバーサル	CVE-2018-10822	2024-11-21 12:42	2018-10-17	表示	GitHub Exploit DB Packet Storm

249513	7.5	HIGH ネットワーク	amazon	fire_os	kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev…	CWE-88 引数の挿入または変更	CVE-2018-11025	2024-11-21 12:42	2018-10-17	表示	GitHub Exploit DB Packet Storm

249514	7.5	HIGH ネットワーク	amazon	fire_os	kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device…	CWE-88 引数の挿入または変更	CVE-2018-11024	2024-11-21 12:42	2018-10-17	表示	GitHub Exploit DB Packet Storm

249515	7.5	HIGH ネットワーク	amazon	fire_os	kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device…	CWE-88 引数の挿入または変更	CVE-2018-11023	2024-11-21 12:42	2018-10-17	表示	GitHub Exploit DB Packet Storm

249516	7.5	HIGH ネットワーク	amazon	fire_os	kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device …	CWE-88 引数の挿入または変更	CVE-2018-11022	2024-11-21 12:42	2018-10-17	表示	GitHub Exploit DB Packet Storm

249517	7.5	HIGH ネットワーク	amazon	fire_os	kernel/omap/drivers/video/omap2/dsscomp/device.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on de…	CWE-88 引数の挿入または変更	CVE-2018-11021	2024-11-21 12:42	2018-10-17	表示	GitHub Exploit DB Packet Storm

249518	4.4	MEDIUM ローカル	amazon	fire_os	kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device file /…	CWE-88 引数の挿入または変更	CVE-2018-11020	2024-11-21 12:42	2018-10-17	表示	GitHub Exploit DB Packet Storm

249519	7.5	HIGH ネットワーク	amazon	fire_os	kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device …	CWE-88 引数の挿入または変更	CVE-2018-11019	2024-11-21 12:42	2018-10-17	表示	GitHub Exploit DB Packet Storm

249520	6.5	MEDIUM ネットワーク	qemu canonical debian	qemu ubuntu_linux debian_linux	Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the netw…	-	CVE-2018-10839	2024-11-21 12:42	2018-10-16	表示	GitHub Exploit DB Packet Storm

249521	8.1	HIGH ネットワーク	cloud_foundry	bosh	Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prior to v267.2.0, allows refresh tokens to be as access tokens when using UAA for …	NVD-CWE-noinfo	CVE-2018-11083	2024-11-21 12:42	2018-10-6	表示	GitHub Exploit DB Packet Storm

249522	9.8	CRITICAL ネットワーク	pivotal_software	cloudfoundry_uaa_release cloudfoundry_uaa	Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of …	CWE-307 過度な認証試行の不適切な制限	CVE-2018-11082	2024-11-21 12:42	2018-10-6	表示	GitHub Exploit DB Packet Storm

249523	8.8	HIGH ネットワーク	pivotal_software	operations_manager	Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk…	NVD-CWE-noinfo	CVE-2018-11081	2024-11-21 12:42	2018-10-6	表示	GitHub Exploit DB Packet Storm

249524	7.8	HIGH ローカル	dell	emc_unity_operating_environment emc_unityvsa_operating_environment	Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentia…	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-11064	2024-11-21 12:42	2018-10-6	表示	GitHub Exploit DB Packet Storm

249525	7.8	HIGH ローカル	dell	digital_delivery	Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and…	CWE-427 制御されていない検索パスの要素	CVE-2018-11072	2024-11-21 12:42	2018-10-2	表示	GitHub Exploit DB Packet Storm

249526	4.8	MEDIUM ネットワーク	rsa emc	authentication_manager rsa_authentication_manager	RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vuln…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11073	2024-11-21 12:42	2018-09-29	表示	GitHub Exploit DB Packet Storm

249527	4.7	MEDIUM ネットワーク	rsa emc	authentication_manager rsa_authentication_manager	RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11075	2024-11-21 12:42	2018-09-29	表示	GitHub Exploit DB Packet Storm

249528	6.1	MEDIUM ネットワーク	rsa emc	authentication_manager rsa_authentication_manager	RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attac…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11074	2024-11-21 12:42	2018-09-29	表示	GitHub Exploit DB Packet Storm

249529	9.8	CRITICAL ネットワーク	softcase	t-router_firmware	An issue was discovered on SoftCase T-Router build 20112017 devices. A remote attacker can read and write to arbitrary files on the system as root, as demonstrated by code execution after writing to …	NVD-CWE-noinfo	CVE-2018-11241	2024-11-21 12:42	2018-09-22	表示	GitHub Exploit DB Packet Storm

249530	9.8	CRITICAL ネットワーク	softcase	t-router_firmware	An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code …	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-11240	2024-11-21 12:42	2018-09-22	表示	GitHub Exploit DB Packet Storm

249531	6.5	MEDIUM ネットワーク	cloudfoundry	garden-runc	Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with…	NVD-CWE-noinfo	CVE-2018-11084	2024-11-21 12:42	2018-09-19	表示	GitHub Exploit DB Packet Storm

249532	7.5	HIGH ネットワーク	emc	isilon_onefs isilonsd_edge	Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a re…	CWE-20 不適切な入力確認	CVE-2018-11071	2024-11-21 12:42	2018-09-19	表示	GitHub Exploit DB Packet Storm

249533	8.8	HIGH ネットワーク	pivotal_software	pivotal_application_service	Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A sp…	NVD-CWE-noinfo	CVE-2018-11088	2024-11-21 12:42	2018-09-18	表示	GitHub Exploit DB Packet Storm

249534	8.8	HIGH ネットワーク	pivotal_software	pivotal_application_service	Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space dev…	NVD-CWE-noinfo	CVE-2018-11086	2024-11-21 12:42	2018-09-18	表示	GitHub Exploit DB Packet Storm

249535	7.8	HIGH ローカル	synametrics	synaman	Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials.	CWE-522 認証情報の不十分な保護	CVE-2018-10814	2024-11-21 12:42	2018-09-15	表示	GitHub Exploit DB Packet Storm

249536	4.8	MEDIUM ネットワーク	synametrics	synaman	Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-10763	2024-11-21 12:42	2018-09-15	表示	GitHub Exploit DB Packet Storm

249537	5.9	MEDIUM ネットワーク	pivotal_software	spring_advanced_message_queuing_protocol rabbitmq	Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability t…	CWE-295 不正な証明書検証	CVE-2018-11087	2024-11-21 12:42	2018-09-15	表示	GitHub Exploit DB Packet Storm

249538	9.8	CRITICAL ネットワーク	dell oracle	bsafe bsafe_crypto-c jd_edwards_enterpriseone_tools security_service enterprise_manager_ops_center application_testing_suite retail_predictive_application_server communications_i…	RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read …	CWE-125 境界外読み取り	CVE-2018-11058	2024-11-21 12:42	2018-09-15	表示	GitHub Exploit DB Packet Storm

249539	7.5	HIGH ネットワーク	dell	emc_vplex_geosynchrony	Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potential…	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-11078	2024-11-21 12:42	2018-09-12	表示	GitHub Exploit DB Packet Storm

249540	5.9	MEDIUM ネットワーク	dell	bsafe_crypto-j rsa_bsafe_ssl-j	RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbache…	CWE-327 不完全、または危険な暗号アルゴリズムの使用	CVE-2018-11070	2024-11-21 12:42	2018-09-12	表示	GitHub Exploit DB Packet Storm

249541	5.9	MEDIUM ネットワーク	dell	bsafe_ssl-j	RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to …	CWE-327 不完全、または危険な暗号アルゴリズムの使用	CVE-2018-11069	2024-11-21 12:42	2018-09-12	表示	GitHub Exploit DB Packet Storm

249542	4.6	MEDIUM 物理	dell	bsafe_ssl-j	RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material.	CWE-459 不完全なクリーンアップ	CVE-2018-11068	2024-11-21 12:42	2018-09-12	表示	GitHub Exploit DB Packet Storm

249543	5.4	MEDIUM ネットワーク	redhat	openshift_container_platform	A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s A…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-10937	2024-11-21 12:42	2018-09-12	表示	GitHub Exploit DB Packet Storm

249544	6.5	MEDIUM ネットワーク	redhat	389_directory_server	A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.	CWE-20 不適切な入力確認	CVE-2018-10935	2024-11-21 12:42	2018-09-12	表示	GitHub Exploit DB Packet Storm

249545	8.8	HIGH ネットワーク	spice_project	spice	Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute ar…	-	CVE-2018-10893	2024-11-21 12:42	2018-09-12	表示	GitHub Exploit DB Packet Storm

249546	7.8	HIGH ローカル	canonical debian linux	ubuntu_linux debian_linux linux_kernel	A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged …	CWE-269 不適切な権限管理	CVE-2018-10853	2024-11-21 12:42	2018-09-11	表示	GitHub Exploit DB Packet Storm

249547	6.5	MEDIUM ネットワーク	gluster redhat debian opensuse	glusterfs enterprise_linux enterprise_linux_server debian_linux virtualization virtualization_host leap	A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.	-	CVE-2018-10930	2024-11-21 12:42	2018-09-5	表示	GitHub Exploit DB Packet Storm

249548	8.8	HIGH ネットワーク	redhat debian gluster opensuse	enterprise_linux_server debian_linux glusterfs virtualization_host leap	A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.	-	CVE-2018-10929	2024-11-21 12:42	2018-09-5	表示	GitHub Exploit DB Packet Storm

249549	8.8	HIGH ネットワーク	redhat debian gluster opensuse	enterprise_linux enterprise_linux_server debian_linux glusterfs gluster_storage virtualization_host leap	A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use …	-	CVE-2018-10928	2024-11-21 12:42	2018-09-5	表示	GitHub Exploit DB Packet Storm

249550	8.1	HIGH ネットワーク	redhat debian gluster opensuse	enterprise_linux_server debian_linux glusterfs virtualization_host leap	A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster b…	-	CVE-2018-10927	2024-11-21 12:42	2018-09-5	表示	GitHub Exploit DB Packet Storm