NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月10日5:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
249551	8.8	HIGH ネットワーク	redhat debian gluster opensuse	enterprise_linux enterprise_linux_server debian_linux virtualization_host glusterfs leap	A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execut…	-	CVE-2018-10926	2024-11-21 12:42	2018-09-5	表示	GitHub Exploit DB Packet Storm

249552	6.5	MEDIUM ネットワーク	gluster	glusterfs	It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume…	CWE-772 有効なライフタイム後のリソースの解放の欠如	CVE-2018-10924	2024-11-21 12:42	2018-09-5	表示	GitHub Exploit DB Packet Storm

249553	8.1	HIGH ネットワーク	gluster redhat debian opensuse	glusterfs enterprise_linux_server debian_linux virtualization_host leap	It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and re…	-	CVE-2018-10923	2024-11-21 12:42	2018-09-4	表示	GitHub Exploit DB Packet Storm

249554	6.5	MEDIUM ネットワーク	gluster redhat debian opensuse	glusterfs enterprise_linux_server virtualization_host debian_linux leap	It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enable…	-	CVE-2018-10914	2024-11-21 12:42	2018-09-4	表示	GitHub Exploit DB Packet Storm

249555	6.5	MEDIUM ネットワーク	gluster redhat debian opensuse	glusterfs enterprise_linux_server debian_linux virtualization_host leap	An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.	-	CVE-2018-10913	2024-11-21 12:42	2018-09-4	表示	GitHub Exploit DB Packet Storm

249556	7.5	HIGH ネットワーク	gluster redhat debian opensuse	glusterfs enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server virtualization_host debian_linux leap	A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict …	-	CVE-2018-10911	2024-11-21 12:42	2018-09-4	表示	GitHub Exploit DB Packet Storm

249557	8.8	HIGH ネットワーク	gluster redhat debian opensuse	glusterfs enterprise_linux_server virtualization_host debian_linux leap	It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attac…	-	CVE-2018-10907	2024-11-21 12:42	2018-09-4	表示	GitHub Exploit DB Packet Storm

249558	8.8	HIGH ネットワーク	gluster redhat debian opensuse	glusterfs enterprise_linux_server virtualization_host debian_linux leap	It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw…	-	CVE-2018-10904	2024-11-21 12:42	2018-09-4	表示	GitHub Exploit DB Packet Storm

249559	5.9	MEDIUM ネットワーク	dell oracle	bsafe jd_edwards_enterpriseone_tools security_service enterprise_manager_ops_center application_testing_suite retail_predictive_application_server communications_ip_service_activato…	RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher…	CWE-327 不完全、または危険な暗号アルゴリズムの使用	CVE-2018-11057	2024-11-21 12:42	2018-09-1	表示	GitHub Exploit DB Packet Storm

249560	6.5	MEDIUM ネットワーク	dell oracle	bsafe bsafe_crypto-c jd_edwards_enterpriseone_tools security_service enterprise_manager_ops_center application_testing_suite retail_predictive_application_server communications_i…	RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustio…	CWE-400 リソースの枯渇	CVE-2018-11056	2024-11-21 12:42	2018-09-1	表示	GitHub Exploit DB Packet Storm

249561	5.5	MEDIUM ローカル	dell oracle	bsafe jd_edwards_enterpriseone_tools security_service enterprise_manager_ops_center application_testing_suite retail_predictive_application_server communications_ip_service_activato…	RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Deco…	CWE-404 リソースの不適切なシャットダウンおよびリリース	CVE-2018-11055	2024-11-21 12:42	2018-09-1	表示	GitHub Exploit DB Packet Storm

249562	7.5	HIGH ネットワーク	dell oracle	bsafe jd_edwards_enterpriseone_tools security_service enterprise_manager_ops_center application_testing_suite retail_predictive_application_server communications_ip_service_activato…	RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2018-11054	2024-11-21 12:42	2018-09-1	表示	GitHub Exploit DB Packet Storm

249563	8.1	HIGH ネットワーク	postgresql redhat	postgresql_jdbc_driver enterprise_linux	A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could…	CWE-297 ホストの不一致による証明書の不適切な検証	CVE-2018-10936	2024-11-21 12:42	2018-08-30	表示	GitHub Exploit DB Packet Storm

249564	5.9	MEDIUM ネットワーク	linux canonical debian	linux_kernel ubuntu_linux debian_linux	A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4…	CWE-835 無限ループ	CVE-2018-10938	2024-11-21 12:42	2018-08-27	表示	GitHub Exploit DB Packet Storm

249565	4.3	MEDIUM ネットワーク	rsa	archer	The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. A malicious user could …	CWE-89 SQLインジェクション	CVE-2018-11065	2024-11-21 12:42	2018-08-25	表示	GitHub Exploit DB Packet Storm

249566	9.1	CRITICAL ネットワーク	emc	rsa_security_analytics rsa_netwitness	RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration o…	NVD-CWE-noinfo	CVE-2018-11061	2024-11-21 12:42	2018-08-25	表示	GitHub Exploit DB Packet Storm

249567	6.5	MEDIUM ネットワーク	canonical debian samba	ubuntu_linux debian_linux samba	The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential…	CWE-200 情報漏えい	CVE-2018-10919	2024-11-21 12:42	2018-08-23	表示	GitHub Exploit DB Packet Storm

249568	6.5	MEDIUM ネットワーク	canonical samba	ubuntu_linux samba	A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Dir…	CWE-476 NULL ポインタデリファレンス	CVE-2018-10918	2024-11-21 12:42	2018-08-23	表示	GitHub Exploit DB Packet Storm

249569	8.8	HIGH ネットワーク	debian canonical samba redhat	debian_linux ubuntu_linux samba enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server virtualization_host virtualization	A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a sam…	CWE-119 バッファエラー	CVE-2018-10858	2024-11-21 12:42	2018-08-23	表示	GitHub Exploit DB Packet Storm

249570	8.8	HIGH ネットワーク	redhat	ansible_tower	Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users i…	CWE-352 同一生成元ポリシー違反	CVE-2018-10884	2024-11-21 12:42	2018-08-22	表示	GitHub Exploit DB Packet Storm

249571	5.6	MEDIUM ローカル	gnu redhat canonical fedoraproject debian	gnutls enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server ubuntu_linux fedora debian_linux	A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in…	-	CVE-2018-10846	2024-11-21 12:42	2018-08-22	表示	GitHub Exploit DB Packet Storm

249572	5.9	MEDIUM ネットワーク	gnu redhat canonical fedoraproject debian	gnutls enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server ubuntu_linux fedora debian_linux	It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text reco…	-	CVE-2018-10845	2024-11-21 12:42	2018-08-22	表示	GitHub Exploit DB Packet Storm

249573	5.9	MEDIUM ネットワーク	gnu redhat canonical fedoraproject debian	gnutls enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server ubuntu_linux fedora debian_linux	It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recov…	-	CVE-2018-10844	2024-11-21 12:42	2018-08-22	表示	GitHub Exploit DB Packet Storm

249574	7.8	HIGH ローカル	debian canonical linux redhat	debian_linux ubuntu_linux linux_kernel enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server	It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() whi…	-	CVE-2018-10902	2024-11-21 12:42	2018-08-22	表示	GitHub Exploit DB Packet Storm

249575	4.3	MEDIUM 隣接	intel	lldptool	lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the …	-	CVE-2018-10932	2024-11-21 12:42	2018-08-22	表示	GitHub Exploit DB Packet Storm

249576	8.8	HIGH ネットワーク	spice_project debian canonical redhat	spice debian_linux ubuntu_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server virtualization_host virtualization enterprise_linux_server_eus	A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authenticat…	CWE-20 不適切な入力確認	CVE-2018-10873	2024-11-21 12:42	2018-08-17	表示	GitHub Exploit DB Packet Storm

249577	9.8	CRITICAL ネットワーク	nasdaq	bwise	The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81.	CWE-306 重要な機能に対する認証の欠如解説	CVE-2018-11247	2024-11-21 12:42	2018-08-16	表示	GitHub Exploit DB Packet Storm

249578	6.5	MEDIUM ネットワーク	pulpproject	pulp	pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to …	-	CVE-2018-10917	2024-11-21 12:42	2018-08-16	表示	GitHub Exploit DB Packet Storm

249579	6.2	MEDIUM ローカル	redhat	certification	An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be op…	-	CVE-2018-10864	2024-11-21 12:42	2018-08-14	表示	GitHub Exploit DB Packet Storm

249580	8.1	HIGH ネットワーク	dell	emc_integrated_data_protection_appliance emc_data_protection_advisor	Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in…	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2018-11048	2024-11-21 12:42	2018-08-11	表示	GitHub Exploit DB Packet Storm

249581	7.8	HIGH ローカル	dell	wyse_management_suite	Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executa…	CWE-428 引用されない検索パスまたは要素	CVE-2018-11063	2024-11-21 12:42	2018-08-11	表示	GitHub Exploit DB Packet Storm

249582	7.5	HIGH ネットワーク	smartmesh_project ugtoken_project gg_token_project first_project mtc_project mesh_project	smartmesh ugtoken gg_token first mtc mesh	The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets …	NVD-CWE-noinfo	CVE-2018-10769	2024-11-21 12:42	2018-08-11	表示	GitHub Exploit DB Packet Storm

249583	8.1	HIGH ネットワーク	canonical debian postgresql	ubuntu_linux debian_linux postgresql	It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE…	CWE-863 不正な認証	CVE-2018-10925	2024-11-21 12:42	2018-08-10	表示	GitHub Exploit DB Packet Storm

249584	9.8	CRITICAL ネットワーク	cobbler_project redhat	cobbler satellite	It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler,…	-	CVE-2018-10931	2024-11-21 12:42	2018-08-10	表示	GitHub Exploit DB Packet Storm

249585	7.5	HIGH ネットワーク	redhat canonical debian postgresql	enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server virtualization enterprise_linux_server_eus openstack ubuntu_linux debian_linux postgresql	A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "h…	CWE-89 SQLインジェクション	CVE-2018-10915	2024-11-21 12:42	2018-08-10	表示	GitHub Exploit DB Packet Storm

249586	6.3	MEDIUM ローカル	ovirt redhat	vdsm virtualization	It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to …	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2018-10908	2024-11-21 12:42	2018-08-10	表示	GitHub Exploit DB Packet Storm

249587	5.5	MEDIUM ローカル	ttembed_project	ttembed	An input validation flaw exists in ttembed. With a crafted input file, an attacker may be able to trigger a denial of service condition due to ttembed trusting attacker controlled values.	CWE-20 不適切な入力確認	CVE-2018-10922	2024-11-21 12:42	2018-08-3	表示	GitHub Exploit DB Packet Storm

249588	7.5	HIGH ネットワーク	ttembed_project	ttembed	Certain input files may trigger an integer overflow in ttembed input file processing. This overflow could potentially lead to corruption of the input file due to a lack of checking return codes of fg…	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2018-10921	2024-11-21 12:42	2018-08-3	表示	GitHub Exploit DB Packet Storm

249589	6.8	MEDIUM ネットワーク	nic	knot_resolver	Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache.	CWE-20 不適切な入力確認	CVE-2018-10920	2024-11-21 12:42	2018-08-2	表示	GitHub Exploit DB Packet Storm

249590	7.1	HIGH ローカル	canonical	cloud-init	The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances…	-	CVE-2018-10896	2024-11-21 12:42	2018-08-2	表示	GitHub Exploit DB Packet Storm

249591	5.4	MEDIUM ネットワーク	redhat	keycloak single_sign-on	It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further a…	CWE-295 不正な証明書検証	CVE-2018-10894	2024-11-21 12:42	2018-08-2	表示	GitHub Exploit DB Packet Storm

249592	8.1	HIGH ネットワーク	rpm redhat	yum-utils enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server virtualization	A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may…	-	CVE-2018-10897	2024-11-21 12:42	2018-08-2	表示	GitHub Exploit DB Packet Storm

249593	6.5	MEDIUM ネットワーク	lftp_project canonical opensuse	lftp ubuntu_linux leap	It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A r…	CWE-20 不適切な入力確認	CVE-2018-10916	2024-11-21 12:42	2018-08-1	表示	GitHub Exploit DB Packet Storm

249594	8.8	HIGH 隣接	dell	emc_networker	Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing …	CWE-319 CWE-522 重要な情報の平文での送信認証情報の不十分な保護	CVE-2018-11050	2024-11-21 12:42	2018-08-1	表示	GitHub Exploit DB Packet Storm

249595	8.8	HIGH 隣接	redhat openstack	openstack tripleo_heat_templates	A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily gues…	CWE-798 ハードコードされた認証情報の使用	CVE-2018-10898	2024-11-21 12:42	2018-07-31	表示	GitHub Exploit DB Packet Storm

249596	8.8	HIGH ネットワーク	prosody	prosody	prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts.…	CWE-287 不適切な認証	CVE-2018-10847	2024-11-21 12:42	2018-07-31	表示	GitHub Exploit DB Packet Storm

249597	7.5	HIGH ネットワーク	cryptography canonical redhat	python-cryptography ubuntu_linux openstack	A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing…	CWE-20 不適切な入力確認	CVE-2018-10903	2024-11-21 12:42	2018-07-31	表示	GitHub Exploit DB Packet Storm

249598	5.5	MEDIUM ローカル	debian linux canonical redhat	debian_linux linux_kernel ubuntu_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux enterprise_linux_server	A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operati…	-	CVE-2018-10883	2024-11-21 12:42	2018-07-31	表示	GitHub Exploit DB Packet Storm

249599	5.5	MEDIUM ローカル	linux debian canonical redhat	linux_kernel debian_linux ubuntu_linux enterprise_linux	A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted …	-	CVE-2018-10882	2024-11-21 12:42	2018-07-28	表示	GitHub Exploit DB Packet Storm

249600	5.5	MEDIUM ローカル	redhat	virtualization jboss_enterprise_application_platform wildfly_core	WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance…	CWE-22 パス・トラバーサル	CVE-2018-10862	2024-11-21 12:42	2018-07-27	表示	GitHub Exploit DB Packet Storm