NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月10日5:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
249601	5.5	MEDIUM ローカル	debian canonical linux redhat	debian_linux ubuntu_linux linux_kernel enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server enterprise_linux_for_real_time enterprise_linux_for_real_time…	A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operatin…	-	CVE-2018-10881	2024-11-21 12:42	2018-07-27	表示	GitHub Exploit DB Packet Storm

249602	7.8	HIGH ローカル	canonical linux debian redhat	ubuntu_linux linux_kernel debian_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux enterprise_linux_server	A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renam…	-	CVE-2018-10879	2024-11-21 12:42	2018-07-27	表示	GitHub Exploit DB Packet Storm

249603	7.8	HIGH ローカル	canonical linux debian redhat	ubuntu_linux linux_kernel debian_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server	A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a craft…	-	CVE-2018-10878	2024-11-21 12:42	2018-07-27	表示	GitHub Exploit DB Packet Storm

249604	5.5	MEDIUM ローカル	linux canonical debian	linux_kernel ubuntu_linux debian_linux	A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.	-	CVE-2018-10876	2024-11-21 12:42	2018-07-27	表示	GitHub Exploit DB Packet Storm

249605	7.8	HIGH ローカル	linux redhat	linux_kernel enterprise_linux_server_aus enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation	A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host…	NVD-CWE-noinfo	CVE-2018-10901	2024-11-21 12:42	2018-07-27	表示	GitHub Exploit DB Packet Storm

249606	7.8	HIGH ローカル	gnome debian	network_manager_vpnc debian_linux	Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into …	CWE-78 OSコマンド・インジェクション	CVE-2018-10900	2024-11-21 12:42	2018-07-27	表示	GitHub Exploit DB Packet Storm

249607	5.5	MEDIUM ローカル	debian linux redhat canonical	debian_linux linux_kernel enterprise_linux ubuntu_linux	Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cau…	-	CVE-2018-10880	2024-11-21 12:42	2018-07-25	表示	GitHub Exploit DB Packet Storm

249608	7.8	HIGH ローカル	debian fuse_project redhat	debian_linux fuse enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server	In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_oth…	CWE-269 不適切な権限管理	CVE-2018-10906	2024-11-21 12:42	2018-07-25	表示	GitHub Exploit DB Packet Storm

249609	8.8	HIGH ネットワーク	rsa	archer	RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elev…	NVD-CWE-noinfo	CVE-2018-11060	2024-11-21 12:42	2018-07-25	表示	GitHub Exploit DB Packet Storm

249610	5.4	MEDIUM ネットワーク	rsa	archer	RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store maliciou…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11059	2024-11-21 12:42	2018-07-25	表示	GitHub Exploit DB Packet Storm

249611	6.5	MEDIUM ネットワーク	pivotal_software	pivotal_application_service	Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-pr…	CWE-20 不適切な入力確認	CVE-2018-11044	2024-11-21 12:42	2018-07-25	表示	GitHub Exploit DB Packet Storm

249612	7.5	HIGH ネットワーク	pivotal_software	cloud_foundry_uaa	Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by…	CWE-863 不正な認証	CVE-2018-11047	2024-11-21 12:42	2018-07-25	表示	GitHub Exploit DB Packet Storm

249613	7.8	HIGH ローカル	redhat	cloudforms cloudforms_management_engine	CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to e…	CWE-78 OSコマンド・インジェクション	CVE-2018-10905	2024-11-21 12:42	2018-07-24	表示	GitHub Exploit DB Packet Storm

249614	4.9	MEDIUM ネットワーク	redhat	keycloak single_sign-on	keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infin…	CWE-835 無限ループ	CVE-2018-10912	2024-11-21 12:42	2018-07-24	表示	GitHub Exploit DB Packet Storm

249615	9.8	CRITICAL ネットワーク	redhat	certification	redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.	CWE-20 不適切な入力確認	CVE-2018-10870	2024-11-21 12:42	2018-07-20	表示	GitHub Exploit DB Packet Storm

249616	7.5	HIGH ネットワーク	redhat	enterprise_linux certification	redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.	-	CVE-2018-10869	2024-11-21 12:42	2018-07-20	表示	GitHub Exploit DB Packet Storm

249617	6.5	MEDIUM ローカル	canonical linux debian redhat	ubuntu_linux linux_kernel debian_linux enterprise_linux	Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.	-	CVE-2018-10877	2024-11-21 12:42	2018-07-19	表示	GitHub Exploit DB Packet Storm

249618	7.2	HIGH ネットワーク	fedoraproject debian	389_directory_server debian_linux	389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores…	CWE-312 重要な情報の平文保存	CVE-2018-10871	2024-11-21 12:42	2018-07-18	表示	GitHub Exploit DB Packet Storm

249619	7.5	HIGH ネットワーク	git-annex_project debian	git-annex debian_linux	git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on loca…	CWE-200 情報漏えい	CVE-2018-10857	2024-11-21 12:42	2018-07-17	表示	GitHub Exploit DB Packet Storm

249620	6.6	MEDIUM 物理	linux canonical redhat	linux_kernel ubuntu_linux enterprise_linux	Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.	-	CVE-2018-10840	2024-11-21 12:42	2018-07-17	表示	GitHub Exploit DB Packet Storm

249621	7.5	HIGH ネットワーク	git-annex_project debian	git-annex debian_linux	git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key…	CWE-200 情報漏えい	CVE-2018-10859	2024-11-21 12:42	2018-07-17	表示	GitHub Exploit DB Packet Storm

249622	7.8	HIGH ローカル	redhat debian suse canonical	openshift virtualization_host virtualization ceph_storage ansible_engine openstack gluster_storage debian_linux package_hub ubuntu_linux	A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing …	CWE-426 信頼性のない検索パス	CVE-2018-10875	2024-11-21 12:42	2018-07-14	表示	GitHub Exploit DB Packet Storm

249623	8.8	HIGH ネットワーク	qutebrowser	qutebrowser	qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/s…	CWE-352 同一生成元ポリシー違反	CVE-2018-10895	2024-11-21 12:42	2018-07-12	表示	GitHub Exploit DB Packet Storm

249624	7.3	HIGH ローカル	emc rsa	rsa_identity_management_and_governance rsa_identity_governance_and_lifecycle rsa_via_lifecycle_and_governance	RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an uni…	CWE-427 制御されていない検索パスの要素	CVE-2018-11049	2024-11-21 12:42	2018-07-12	表示	GitHub Exploit DB Packet Storm

249625	5.9	MEDIUM ネットワーク	pivotal_software	operations_manager	Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance i…	CWE-330 不十分なランダム値の使用	CVE-2018-11045	2024-11-21 12:42	2018-07-12	表示	GitHub Exploit DB Packet Storm

249626	5.5	MEDIUM ローカル	redhat	enterprise_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation	A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliv…	-	CVE-2018-10872	2024-11-21 12:42	2018-07-11	表示	GitHub Exploit DB Packet Storm

249627	7.3	HIGH ネットワーク	moodle	moodle	A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is…	NVD-CWE-noinfo	CVE-2018-10891	2024-11-21 12:42	2018-07-11	表示	GitHub Exploit DB Packet Storm

249628	5.3	MEDIUM ネットワーク	moodle	moodle	A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. It was possible for the core_course_get_categories web service to return hidden categories, which should be omitted when fetchi…	CWE-200 情報漏えい	CVE-2018-10890	2024-11-21 12:42	2018-07-11	表示	GitHub Exploit DB Packet Storm

249629	5.3	MEDIUM ネットワーク	moodle	moodle	A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester.	CWE-532 ログファイルからの情報漏えい	CVE-2018-10889	2024-11-21 12:42	2018-07-11	表示	GitHub Exploit DB Packet Storm

249630	7.5	HIGH ネットワーク	barco	clickshare_cse-200_firmware clickshare_cs-100_firmware	An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0.3. Sending an arbitrary unexpected string to TCP port 7100 respecting a certain frequency timing d…	CWE-20 不適切な入力確認	CVE-2018-10943	2024-11-21 12:42	2018-07-11	表示	GitHub Exploit DB Packet Storm

249631	6.5	MEDIUM ネットワーク	libgit2 debian	libgit2 debian_linux	A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use…	CWE-125 境界外読み取り	CVE-2018-10888	2024-11-21 12:42	2018-07-10	表示	GitHub Exploit DB Packet Storm

249632	8.1	HIGH ネットワーク	libgit2 debian	libgit2 debian_linux	A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn l…	CWE-125 CWE-190 CWE-681 境界外読み取り整数オーバーフローまたはラップアラウンド数値型間の変換の誤り	CVE-2018-10887	2024-11-21 12:42	2018-07-10	表示	GitHub Exploit DB Packet Storm

249633	8.1	HIGH ネットワーク	ceph redhat opensuse debian	ceph enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server ceph_storage_osd ceph_storage_mon ceph_storage leap debian_linux	A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches mas…	CWE-287 不適切な認証	CVE-2018-10861	2024-11-21 12:42	2018-07-10	表示	GitHub Exploit DB Packet Storm

249634	5.3	MEDIUM ネットワーク	docker mobyproject redhat opensuse	docker moby enterprise_linux enterprise_linux_server openstack leap	The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disa…	-	CVE-2018-10892	2024-11-21 12:42	2018-07-7	表示	GitHub Exploit DB Packet Storm

249635	5.4	MEDIUM ネットワーク	opmantek	open-audit	Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribut…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11124	2024-11-21 12:42	2018-07-6	表示	GitHub Exploit DB Packet Storm

249636	7.8	HIGH ローカル	diqee	diqee360_firmware	An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, w…	CWE-347 デジタル署名の不適切な検証	CVE-2018-10988	2024-11-21 12:42	2018-07-6	表示	GitHub Exploit DB Packet Storm

249637	7.5	HIGH ネットワーク	diqee	diqee360_firmware	An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. An authenticated attacker can send a special…	CWE-78 OSコマンド・インジェクション	CVE-2018-10987	2024-11-21 12:42	2018-07-6	表示	GitHub Exploit DB Packet Storm

249638	7.5	HIGH ネットワーク	redhat	openshift	In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a D…	CWE-20 不適切な入力確認	CVE-2018-10885	2024-11-21 12:42	2018-07-5	表示	GitHub Exploit DB Packet Storm

249639	9.8	CRITICAL ネットワーク	dellemc	elastic_cloud_storage	Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to read and modify S3 objects by supplying…	CWE-287 不適切な認証	CVE-2018-11052	2024-11-21 12:42	2018-07-4	表示	GitHub Exploit DB Packet Storm

249640	7.5	HIGH ネットワーク	emc	rsa_certificate_manager	RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attac…	CWE-22 パス・トラバーサル	CVE-2018-11051	2024-11-21 12:42	2018-07-4	表示	GitHub Exploit DB Packet Storm

249641	8.8	HIGH ネットワーク	libpod_project	libpod	It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-10856	2024-11-21 12:42	2018-07-3	表示	GitHub Exploit DB Packet Storm

249642	5.9	MEDIUM ネットワーク	redhat debian canonical	virtualization cloudforms ansible_engine openstack debian_linux ubuntu_linux	Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged…	CWE-532 ログファイルからの情報漏えい	CVE-2018-10855	2024-11-21 12:42	2018-07-3	表示	GitHub Exploit DB Packet Storm

249643	8.8	HIGH ネットワーク	redhat	openshift_container_platform	source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to …	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-10843	2024-11-21 12:42	2018-07-3	表示	GitHub Exploit DB Packet Storm

249644	7.8	HIGH ローカル	redhat	virtualization_host virtualization ansible_engine openstack	In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.	-	CVE-2018-10874	2024-11-21 12:42	2018-07-2	表示	GitHub Exploit DB Packet Storm

249645	7.5	HIGH ネットワーク	debian canonical perl-archive-zip_project	debian_linux ubuntu_linux perl-archive-zip	perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to prov…	CWE-22 パス・トラバーサル	CVE-2018-10860	2024-11-21 12:42	2018-06-30	表示	GitHub Exploit DB Packet Storm

249646	6.5	MEDIUM ネットワーク	dell	emc_idrac_service_module	Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating …	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-11053	2024-11-21 12:42	2018-06-27	表示	GitHub Exploit DB Packet Storm

249647	7.5	HIGH ネットワーク	debian fedoraproject redhat	debian_linux sssd enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server	The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sud…	CWE-200 情報漏えい	CVE-2018-10852	2024-11-21 12:42	2018-06-26	表示	GitHub Exploit DB Packet Storm

249648	6.5	MEDIUM ネットワーク	pivotal_software	operations_manager	Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and kno…	CWE-20 不適切な入力確認	CVE-2018-11046	2024-11-21 12:42	2018-06-26	表示	GitHub Exploit DB Packet Storm

249649	6.1	MEDIUM ネットワーク	pivotal_software	cloud_foundry_uaa cloud_foundry_uaa-release	Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect UR…	CWE-601 オープンリダイレクト	CVE-2018-11041	2024-11-21 12:42	2018-06-26	表示	GitHub Exploit DB Packet Storm

249650	7.5	HIGH ネットワーク	vmware oracle debian	spring_framework flexcube_private_banking retail_xstore_point_of_service application_testing_suite hospitality_guest_access weblogic_server enterprise_manager_ops_center endeca_i…	Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through…	CWE-829 信頼性のない制御領域からの機能の組み込み	CVE-2018-11040	2024-11-21 12:42	2018-06-26	表示	GitHub Exploit DB Packet Storm