NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月11日5:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
249901	6.5	MEDIUM ネットワーク	dell oracle	bsafe bsafe_crypto-c jd_edwards_enterpriseone_tools security_service enterprise_manager_ops_center application_testing_suite retail_predictive_application_server communications_i…	RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustio…	CWE-400 リソースの枯渇	CVE-2018-11056	2024-11-21 12:42	2018-09-1	表示	GitHub Exploit DB Packet Storm

249902	5.5	MEDIUM ローカル	dell oracle	bsafe jd_edwards_enterpriseone_tools security_service enterprise_manager_ops_center application_testing_suite retail_predictive_application_server communications_ip_service_activato…	RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Deco…	CWE-404 リソースの不適切なシャットダウンおよびリリース	CVE-2018-11055	2024-11-21 12:42	2018-09-1	表示	GitHub Exploit DB Packet Storm

249903	7.5	HIGH ネットワーク	dell oracle	bsafe jd_edwards_enterpriseone_tools security_service enterprise_manager_ops_center application_testing_suite retail_predictive_application_server communications_ip_service_activato…	RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2018-11054	2024-11-21 12:42	2018-09-1	表示	GitHub Exploit DB Packet Storm

249904	8.1	HIGH ネットワーク	postgresql redhat	postgresql_jdbc_driver enterprise_linux	A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could…	CWE-297 ホストの不一致による証明書の不適切な検証	CVE-2018-10936	2024-11-21 12:42	2018-08-30	表示	GitHub Exploit DB Packet Storm

249905	5.9	MEDIUM ネットワーク	linux canonical debian	linux_kernel ubuntu_linux debian_linux	A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4…	CWE-835 無限ループ	CVE-2018-10938	2024-11-21 12:42	2018-08-27	表示	GitHub Exploit DB Packet Storm

249906	4.3	MEDIUM ネットワーク	rsa	archer	The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. A malicious user could …	CWE-89 SQLインジェクション	CVE-2018-11065	2024-11-21 12:42	2018-08-25	表示	GitHub Exploit DB Packet Storm

249907	9.1	CRITICAL ネットワーク	emc	rsa_security_analytics rsa_netwitness	RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration o…	NVD-CWE-noinfo	CVE-2018-11061	2024-11-21 12:42	2018-08-25	表示	GitHub Exploit DB Packet Storm

249908	6.5	MEDIUM ネットワーク	canonical debian samba	ubuntu_linux debian_linux samba	The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential…	CWE-200 情報漏えい	CVE-2018-10919	2024-11-21 12:42	2018-08-23	表示	GitHub Exploit DB Packet Storm

249909	6.5	MEDIUM ネットワーク	canonical samba	ubuntu_linux samba	A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Dir…	CWE-476 NULL ポインタデリファレンス	CVE-2018-10918	2024-11-21 12:42	2018-08-23	表示	GitHub Exploit DB Packet Storm

249910	8.8	HIGH ネットワーク	debian canonical samba redhat	debian_linux ubuntu_linux samba enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server virtualization_host virtualization	A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a sam…	CWE-119 バッファエラー	CVE-2018-10858	2024-11-21 12:42	2018-08-23	表示	GitHub Exploit DB Packet Storm

249911	8.8	HIGH ネットワーク	redhat	ansible_tower	Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users i…	CWE-352 同一生成元ポリシー違反	CVE-2018-10884	2024-11-21 12:42	2018-08-22	表示	GitHub Exploit DB Packet Storm

249912	5.6	MEDIUM ローカル	gnu redhat canonical fedoraproject debian	gnutls enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server ubuntu_linux fedora debian_linux	A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in…	-	CVE-2018-10846	2024-11-21 12:42	2018-08-22	表示	GitHub Exploit DB Packet Storm

249913	5.9	MEDIUM ネットワーク	gnu redhat canonical fedoraproject debian	gnutls enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server ubuntu_linux fedora debian_linux	It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text reco…	-	CVE-2018-10845	2024-11-21 12:42	2018-08-22	表示	GitHub Exploit DB Packet Storm

249914	5.9	MEDIUM ネットワーク	gnu redhat canonical fedoraproject debian	gnutls enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server ubuntu_linux fedora debian_linux	It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recov…	-	CVE-2018-10844	2024-11-21 12:42	2018-08-22	表示	GitHub Exploit DB Packet Storm

249915	7.8	HIGH ローカル	debian canonical linux redhat	debian_linux ubuntu_linux linux_kernel enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server	It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() whi…	-	CVE-2018-10902	2024-11-21 12:42	2018-08-22	表示	GitHub Exploit DB Packet Storm

249916	4.3	MEDIUM 隣接	intel	lldptool	lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the …	-	CVE-2018-10932	2024-11-21 12:42	2018-08-22	表示	GitHub Exploit DB Packet Storm

249917	8.8	HIGH ネットワーク	spice_project debian canonical redhat	spice debian_linux ubuntu_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server virtualization_host virtualization enterprise_linux_server_eus	A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authenticat…	CWE-20 不適切な入力確認	CVE-2018-10873	2024-11-21 12:42	2018-08-17	表示	GitHub Exploit DB Packet Storm

249918	9.8	CRITICAL ネットワーク	nasdaq	bwise	The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81.	CWE-306 重要な機能に対する認証の欠如解説	CVE-2018-11247	2024-11-21 12:42	2018-08-16	表示	GitHub Exploit DB Packet Storm

249919	6.5	MEDIUM ネットワーク	pulpproject	pulp	pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to …	-	CVE-2018-10917	2024-11-21 12:42	2018-08-16	表示	GitHub Exploit DB Packet Storm

249920	6.2	MEDIUM ローカル	redhat	certification	An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be op…	-	CVE-2018-10864	2024-11-21 12:42	2018-08-14	表示	GitHub Exploit DB Packet Storm

249921	8.1	HIGH ネットワーク	dell	emc_integrated_data_protection_appliance emc_data_protection_advisor	Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in…	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2018-11048	2024-11-21 12:42	2018-08-11	表示	GitHub Exploit DB Packet Storm

249922	7.8	HIGH ローカル	dell	wyse_management_suite	Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executa…	CWE-428 引用されない検索パスまたは要素	CVE-2018-11063	2024-11-21 12:42	2018-08-11	表示	GitHub Exploit DB Packet Storm

249923	7.5	HIGH ネットワーク	smartmesh_project ugtoken_project gg_token_project first_project mtc_project mesh_project	smartmesh ugtoken gg_token first mtc mesh	The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets …	NVD-CWE-noinfo	CVE-2018-10769	2024-11-21 12:42	2018-08-11	表示	GitHub Exploit DB Packet Storm

249924	8.1	HIGH ネットワーク	canonical debian postgresql	ubuntu_linux debian_linux postgresql	It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE…	CWE-863 不正な認証	CVE-2018-10925	2024-11-21 12:42	2018-08-10	表示	GitHub Exploit DB Packet Storm

249925	9.8	CRITICAL ネットワーク	cobbler_project redhat	cobbler satellite	It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler,…	-	CVE-2018-10931	2024-11-21 12:42	2018-08-10	表示	GitHub Exploit DB Packet Storm

249926	7.5	HIGH ネットワーク	redhat canonical debian postgresql	enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server virtualization enterprise_linux_server_eus openstack ubuntu_linux debian_linux postgresql	A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "h…	CWE-89 SQLインジェクション	CVE-2018-10915	2024-11-21 12:42	2018-08-10	表示	GitHub Exploit DB Packet Storm

249927	6.3	MEDIUM ローカル	ovirt redhat	vdsm virtualization	It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to …	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2018-10908	2024-11-21 12:42	2018-08-10	表示	GitHub Exploit DB Packet Storm

249928	5.5	MEDIUM ローカル	ttembed_project	ttembed	An input validation flaw exists in ttembed. With a crafted input file, an attacker may be able to trigger a denial of service condition due to ttembed trusting attacker controlled values.	CWE-20 不適切な入力確認	CVE-2018-10922	2024-11-21 12:42	2018-08-3	表示	GitHub Exploit DB Packet Storm

249929	7.5	HIGH ネットワーク	ttembed_project	ttembed	Certain input files may trigger an integer overflow in ttembed input file processing. This overflow could potentially lead to corruption of the input file due to a lack of checking return codes of fg…	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2018-10921	2024-11-21 12:42	2018-08-3	表示	GitHub Exploit DB Packet Storm

249930	6.8	MEDIUM ネットワーク	nic	knot_resolver	Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache.	CWE-20 不適切な入力確認	CVE-2018-10920	2024-11-21 12:42	2018-08-2	表示	GitHub Exploit DB Packet Storm

249931	7.1	HIGH ローカル	canonical	cloud-init	The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances…	-	CVE-2018-10896	2024-11-21 12:42	2018-08-2	表示	GitHub Exploit DB Packet Storm

249932	5.4	MEDIUM ネットワーク	redhat	keycloak single_sign-on	It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further a…	CWE-295 不正な証明書検証	CVE-2018-10894	2024-11-21 12:42	2018-08-2	表示	GitHub Exploit DB Packet Storm

249933	8.1	HIGH ネットワーク	rpm redhat	yum-utils enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server virtualization	A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may…	-	CVE-2018-10897	2024-11-21 12:42	2018-08-2	表示	GitHub Exploit DB Packet Storm

249934	6.5	MEDIUM ネットワーク	lftp_project canonical opensuse	lftp ubuntu_linux leap	It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A r…	CWE-20 不適切な入力確認	CVE-2018-10916	2024-11-21 12:42	2018-08-1	表示	GitHub Exploit DB Packet Storm

249935	8.8	HIGH 隣接	dell	emc_networker	Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing …	CWE-319 CWE-522 重要な情報の平文での送信認証情報の不十分な保護	CVE-2018-11050	2024-11-21 12:42	2018-08-1	表示	GitHub Exploit DB Packet Storm

249936	8.8	HIGH 隣接	redhat openstack	openstack tripleo_heat_templates	A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily gues…	CWE-798 ハードコードされた認証情報の使用	CVE-2018-10898	2024-11-21 12:42	2018-07-31	表示	GitHub Exploit DB Packet Storm

249937	8.8	HIGH ネットワーク	prosody	prosody	prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts.…	CWE-287 不適切な認証	CVE-2018-10847	2024-11-21 12:42	2018-07-31	表示	GitHub Exploit DB Packet Storm

249938	7.5	HIGH ネットワーク	cryptography canonical redhat	python-cryptography ubuntu_linux openstack	A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing…	CWE-20 不適切な入力確認	CVE-2018-10903	2024-11-21 12:42	2018-07-31	表示	GitHub Exploit DB Packet Storm

249939	5.5	MEDIUM ローカル	debian linux canonical redhat	debian_linux linux_kernel ubuntu_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux enterprise_linux_server	A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operati…	-	CVE-2018-10883	2024-11-21 12:42	2018-07-31	表示	GitHub Exploit DB Packet Storm

249940	5.5	MEDIUM ローカル	linux debian canonical redhat	linux_kernel debian_linux ubuntu_linux enterprise_linux	A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted …	-	CVE-2018-10882	2024-11-21 12:42	2018-07-28	表示	GitHub Exploit DB Packet Storm

249941	5.5	MEDIUM ローカル	redhat	virtualization jboss_enterprise_application_platform wildfly_core	WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance…	CWE-22 パス・トラバーサル	CVE-2018-10862	2024-11-21 12:42	2018-07-27	表示	GitHub Exploit DB Packet Storm

249942	5.5	MEDIUM ローカル	debian canonical linux redhat	debian_linux ubuntu_linux linux_kernel enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server enterprise_linux_for_real_time enterprise_linux_for_real_time…	A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operatin…	-	CVE-2018-10881	2024-11-21 12:42	2018-07-27	表示	GitHub Exploit DB Packet Storm

249943	7.8	HIGH ローカル	canonical linux debian redhat	ubuntu_linux linux_kernel debian_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux enterprise_linux_server	A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renam…	-	CVE-2018-10879	2024-11-21 12:42	2018-07-27	表示	GitHub Exploit DB Packet Storm

249944	7.8	HIGH ローカル	canonical linux debian redhat	ubuntu_linux linux_kernel debian_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server	A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a craft…	-	CVE-2018-10878	2024-11-21 12:42	2018-07-27	表示	GitHub Exploit DB Packet Storm

249945	5.5	MEDIUM ローカル	linux canonical debian	linux_kernel ubuntu_linux debian_linux	A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.	-	CVE-2018-10876	2024-11-21 12:42	2018-07-27	表示	GitHub Exploit DB Packet Storm

249946	7.8	HIGH ローカル	linux redhat	linux_kernel enterprise_linux_server_aus enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation	A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host…	NVD-CWE-noinfo	CVE-2018-10901	2024-11-21 12:42	2018-07-27	表示	GitHub Exploit DB Packet Storm

249947	7.8	HIGH ローカル	gnome debian	network_manager_vpnc debian_linux	Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into …	CWE-78 OSコマンド・インジェクション	CVE-2018-10900	2024-11-21 12:42	2018-07-27	表示	GitHub Exploit DB Packet Storm

249948	5.5	MEDIUM ローカル	debian linux redhat canonical	debian_linux linux_kernel enterprise_linux ubuntu_linux	Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cau…	-	CVE-2018-10880	2024-11-21 12:42	2018-07-25	表示	GitHub Exploit DB Packet Storm

249949	7.8	HIGH ローカル	debian fuse_project redhat	debian_linux fuse enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server	In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_oth…	CWE-269 不適切な権限管理	CVE-2018-10906	2024-11-21 12:42	2018-07-25	表示	GitHub Exploit DB Packet Storm

249950	8.8	HIGH ネットワーク	rsa	archer	RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elev…	NVD-CWE-noinfo	CVE-2018-11060	2024-11-21 12:42	2018-07-25	表示	GitHub Exploit DB Packet Storm