NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年9月13日5:53

No CVSS レベル
攻撃区分
ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
1 5.3 MEDIUM
ネットワーク
softlabbd radio_player The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_settings function in versions up to, and including, 2.0.73. Th… Update CWE-862
認証の欠如
CVE-2023-4027 2024-09-13 02:53 2024-08-17 表示 GitHub Exploit DB Packet Storm
2 6.7 MEDIUM
ローカル
hwameistor hwameistor Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has * verbs of * resources. If a malicious user can access the worker node which has hwameistor's deploy… Update NVD-CWE-noinfo
CVE-2024-45054 2024-09-13 02:50 2024-08-29 表示 GitHub Exploit DB Packet Storm
3 4.3 MEDIUM
ネットワーク
mozilla firefox In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127. Update NVD-CWE-Other
CVE-2024-38313 2024-09-13 02:48 2024-06-14 表示 GitHub Exploit DB Packet Storm
4 7.2 HIGH
ネットワーク
microfocus netiq_advance_authentication A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. T… Update CWE-77
コマンドインジェクション
CVE-2021-38120 2024-09-13 02:41 2024-08-28 表示 GitHub Exploit DB Packet Storm
5 - -
- - No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that may occur on a command line or in a file. NOTE: the vendor's position is that cleartext in /etc/default/noip-duc is recommended … New - CVE-2024-40457 2024-09-13 02:35 2024-09-12 表示 GitHub Exploit DB Packet Storm
6 7.5 HIGH
ネットワーク
clamav clamav A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions… Update CWE-125
境界外読み取り
CVE-2024-20505 2024-09-13 02:28 2024-09-5 表示 GitHub Exploit DB Packet Storm
7 7.5 HIGH
ネットワーク
mozilla firefox An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127. Update CWE-416
解放済みメモリの使用
CVE-2024-5694 2024-09-13 02:28 2024-06-11 表示 GitHub Exploit DB Packet Storm
8 9.8 CRITICAL
ネットワーク
mi getapps A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability t… Update NVD-CWE-noinfo
CVE-2023-26324 2024-09-13 02:27 2024-08-28 表示 GitHub Exploit DB Packet Storm
9 9.8 CRITICAL
ネットワーク
mi getapps A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability t… Update NVD-CWE-noinfo
CVE-2023-26322 2024-09-13 02:27 2024-08-28 表示 GitHub Exploit DB Packet Storm
10 6.1 MEDIUM
ローカル
clamav clamav A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versio… Update CWE-754
例外的な状態における不適切なチェック
CVE-2024-20506 2024-09-13 02:26 2024-09-5 表示 GitHub Exploit DB Packet Storm
11 9.8 CRITICAL
ネットワーク
mi app_market A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code. Update NVD-CWE-noinfo
CVE-2023-26323 2024-09-13 02:22 2024-08-28 表示 GitHub Exploit DB Packet Storm
12 5.5 MEDIUM
ローカル
linux linux_kernel In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() The subs function argument may be NULL, so… Update CWE-476
NULL ポインタデリファレンス
CVE-2023-52904 2024-09-13 02:22 2024-08-21 表示 GitHub Exploit DB Packet Storm
13 6.1 MEDIUM
ネットワーク
forcepoint email_security Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Email Security (Real Time Monitor modules) allows Reflected XSS.This issue affects Ema… Update CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2024-2166 2024-09-13 02:19 2024-09-5 表示 GitHub Exploit DB Packet Storm
14 7.3 HIGH
ローカル
acronis snap_deploy Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569. Update CWE-427
制御されていない検索パスの要素
CVE-2024-34019 2024-09-13 02:18 2024-08-30 表示 GitHub Exploit DB Packet Storm
15 5.3 MEDIUM
ネットワーク
dlink dns-320_firmware A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This affects an unknown part of the file /cgi-bin/discovery.cgi of the component Web Management Interface. T… Update NVD-CWE-noinfo
CVE-2024-8461 2024-09-13 02:17 2024-09-5 表示 GitHub Exploit DB Packet Storm
16 5.5 MEDIUM
ローカル
acronis snap_deploy Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569. Update CWE-276
不適切なデフォルトパーミッション
CVE-2024-34018 2024-09-13 02:17 2024-08-30 表示 GitHub Exploit DB Packet Storm
17 7.3 HIGH
ローカル
acronis snap_deploy Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569. Update CWE-427
制御されていない検索パスの要素
CVE-2024-34017 2024-09-13 02:16 2024-08-30 表示 GitHub Exploit DB Packet Storm
18 - -
- - An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to … New - CVE-2024-8754 2024-09-13 02:15 2024-09-13 表示 GitHub Exploit DB Packet Storm
19 - -
- - An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it w… New - CVE-2024-8640 2024-09-13 02:15 2024-09-13 表示 GitHub Exploit DB Packet Storm
20 - -
- - A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possib… New - CVE-2024-8635 2024-09-13 02:15 2024-09-13 表示 GitHub Exploit DB Packet Storm
21 - -
- - A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. A user assigned the … New - CVE-2024-8631 2024-09-13 02:15 2024-09-13 表示 GitHub Exploit DB Packet Storm
22 - -
- - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.1.7, starting from 17.2 prior to 17.2.5, starting from 17.3 prior to 17.3.2 which could cause Denial of … New - CVE-2024-8124 2024-09-13 02:15 2024-09-13 表示 GitHub Exploit DB Packet Storm
23 - -
- - An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an attacker using the k8S API server to send an HTTP request with a service account token mounted via `aut… New CWE-285
不適切な認可
CVE-2024-6840 2024-09-13 02:15 2024-09-13 表示 GitHub Exploit DB Packet Storm
24 - -
- - An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an at… New - CVE-2024-6446 2024-09-13 02:15 2024-09-13 表示 GitHub Exploit DB Packet Storm
25 - -
- - An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit info… New - CVE-2024-6389 2024-09-13 02:15 2024-09-13 表示 GitHub Exploit DB Packet Storm
26 - -
- - An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before… New - CVE-2024-5435 2024-09-13 02:15 2024-09-13 表示 GitHub Exploit DB Packet Storm
27 - -
- - An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2. It was… New - CVE-2024-4660 2024-09-13 02:15 2024-09-13 表示 GitHub Exploit DB Packet Storm
28 - -
- - An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability … New - CVE-2024-4612 2024-09-13 02:15 2024-09-13 表示 GitHub Exploit DB Packet Storm
29 - -
- - An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permiss… New - CVE-2024-2743 2024-09-13 02:15 2024-09-13 表示 GitHub Exploit DB Packet Storm
30 8.8 HIGH
ネットワーク
phpgurukul job_portal File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell. Update CWE-434
危険なタイプのファイルの無制限アップロード
CVE-2024-8463 2024-09-13 02:15 2024-09-5 表示 GitHub Exploit DB Packet Storm
31 5.5 MEDIUM
ローカル
artifex mupdf In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg f… Update CWE-476
NULL ポインタデリファレンス
CVE-2018-19882 2024-09-13 02:15 2018-12-6 表示 GitHub Exploit DB Packet Storm
32 5.5 MEDIUM
ローカル
artifex mupdf In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted … Update CWE-400
リソースの枯渇
CVE-2018-19881 2024-09-13 02:15 2018-12-6 表示 GitHub Exploit DB Packet Storm
33 5.5 MEDIUM
ローカル
artifex
debian
mupdf
debian_linux
In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. Update CWE-835
無限ループ
CVE-2018-19777 2024-09-13 02:15 2018-11-30 表示 GitHub Exploit DB Packet Storm
34 5.5 MEDIUM
ローカル
artifex mupdf There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool. Update CWE-125
境界外読み取り
CVE-2018-18662 2024-09-13 02:15 2018-10-26 表示 GitHub Exploit DB Packet Storm
35 5.5 MEDIUM
ローカル
artifex mupdf In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-dev… Update CWE-129
配列インデックスの不適切な検証
CVE-2018-16648 2024-09-13 02:15 2018-09-7 表示 GitHub Exploit DB Packet Storm
36 5.5 MEDIUM
ローカル
artifex mupdf In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pd… Update CWE-119
バッファエラー
CVE-2018-16647 2024-09-13 02:15 2018-09-7 表示 GitHub Exploit DB Packet Storm
37 5.5 MEDIUM
ローカル
artifex
debian
mupdf
debian_linux
In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file. Update CWE-772
有効なライフタイム後のリソースの解放の欠如
CVE-2018-1000036 2024-09-13 02:15 2018-05-24 表示 GitHub Exploit DB Packet Storm
38 5.5 MEDIUM
ローカル
artifex
debian
mupdf
debian_linux
In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pd… Update CWE-835
無限ループ
CVE-2018-10289 2024-09-13 02:15 2018-04-22 表示 GitHub Exploit DB Packet Storm
39 5.5 MEDIUM
ローカル
artifex
debian
mupdf
debian_linux
In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vul… Update CWE-835
無限ループ
CVE-2018-5686 2024-09-13 02:15 2018-01-14 表示 GitHub Exploit DB Packet Storm
40 5.5 MEDIUM
ローカル
artifex mupdf The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF docume… Update CWE-119
バッファエラー
CVE-2016-10221 2024-09-13 02:15 2017-04-3 表示 GitHub Exploit DB Packet Storm
41 5.5 MEDIUM
ローカル
artifex
debian
mupdf
debian_linux
Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a cr… Update CWE-787
境界外書き込み
CVE-2016-10247 2024-09-13 02:15 2017-03-16 表示 GitHub Exploit DB Packet Storm
42 5.5 MEDIUM
ローカル
artifex
debian
mupdf
debian_linux
Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted … Update CWE-787
境界外書き込み
CVE-2016-10246 2024-09-13 02:15 2017-03-16 表示 GitHub Exploit DB Packet Storm
43 4.7 MEDIUM
物理
arm trusted_firmware-m An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function. Update NVD-CWE-Other
CVE-2023-51712 2024-09-13 02:11 2024-09-6 表示 GitHub Exploit DB Packet Storm
44 5.5 MEDIUM
ローカル
linux linux_kernel In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity tests to TCP_QUEUE_SEQ Qingyu Li reported a syzkaller bug where the repro changes RCV SEQ _after_ restoring data … Update NVD-CWE-noinfo
CVE-2021-4442 2024-09-13 01:58 2024-08-29 表示 GitHub Exploit DB Packet Storm
45 5.9 MEDIUM
ネットワーク
identityautomation rapididentity RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts excessive authentication attempts and allows a remote attacker to cause a denial of service via the username parame… Update CWE-307
過度な認証試行の不適切な制限
CVE-2024-45589 2024-09-13 01:54 2024-09-6 表示 GitHub Exploit DB Packet Storm
46 4.8 MEDIUM
ネットワーク
themeboy sportspress The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks … Update CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2024-3986 2024-09-13 01:52 2024-07-30 表示 GitHub Exploit DB Packet Storm
47 7.5 HIGH
ネットワーク
mediavine create Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mediavine Create by Mediavine.This issue affects Create by Mediavine: from n/a through 1.9.8. Update NVD-CWE-noinfo
CVE-2024-43264 2024-09-13 01:50 2024-08-27 表示 GitHub Exploit DB Packet Storm
48 6.1 MEDIUM
ネットワーク
linuxos shakal-ng A vulnerability, which was classified as problematic, was found in LinuxOSsk Shakal-NG up to 1.3.3. Affected is an unknown function of the file comments/views.py. The manipulation of the argument nex… Update CWE-601
オープンリダイレクト
CVE-2024-8412 2024-09-13 01:47 2024-09-5 表示 GitHub Exploit DB Packet Storm
49 6.5 MEDIUM
ネットワーク
funnelforms funnelforms_free The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.7.3.2 via the 'af2DeleteFontFile' function. This is due to the plugin not pr… Update CWE-22
パス・トラバーサル
CVE-2024-6312 2024-09-13 01:47 2024-08-28 表示 GitHub Exploit DB Packet Storm
50 7.2 HIGH
ネットワーク
funnelforms funnelforms_free The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2_add_font' function in all versions up to, and including, 3.7.3.2. Thi… Update CWE-434
危険なタイプのファイルの無制限アップロード
CVE-2024-6311 2024-09-13 01:46 2024-08-28 表示 GitHub Exploit DB Packet Storm