【目次】
【KEVリスト】
| 公開日 |
登録日 |
CVE番号 |
NVD |
ベンダー |
CVSS v3 |
CWE |
脆弱性 |
KEV |
備考 |
|---|---|---|---|---|---|---|---|---|---|
| 2024/10/21 | 2024/07/22 | CVE-2024-41713 | NVD | Mitel | 9.1(NVD) 9.1(CISA-ADP) |
CWE-22 | パス・トラバーサル | 2025/01/07 | Mitel MiCollab |
| 2024/12/10 | 2024/12/08 | CVE-2024-55550 | NVD | Mitel | 2.7(NVD) 4.7(CISA-ADP) |
CWE-22 | パス・トラバーサル | 2025/01/07 | Mitel MiCollab |
| 2020/04/15 | 2019/12/10 | CVE-2020-2883 | NVD | Oracle | 9.8(NVD) 9.8(CISA-ADP) |
- | - | 2025/01/07 | Oracle WebLogic Server |
| 2025/01/08 | 2025/01/06 | CVE-2025-0282 | NVD | Ivanti | 9.0(Ivanti) |
CWE-787 CWE-121 |
境界外書き込み Status: スタックベースのバッファオーバーフロー |
2025/01/08 | Ivanti Connect Secure |
| 2024/12/18 | 2024/12/16 | CVE-2024-12686 | NVD | BeyondTrust | 7.2(NVD) 6.6(BeyondTrust) |
CWE-78 | OSコマンドインジェクション | 2025/01/13 | BeyondTrust PRA |
| 2023/11/15 | 2023/11/15 | CVE-2023-48365 | NVD | Qlik | 9.8(NVD) 9.8(MITRE) |
CWE-444 | HTTP リクエストスマグリング | 2025/01/13 | Qlik Sense Enterprise |
| 2025/01/14 | 2024/12/09 | CVE-2024-55591 | NVD | FG-IR-24-535 | 9.8(Fortinet) |
CWE-288 | 代替パスまたはチャネルを使用した認証回避 | 2025/01/14 | FortiOS |
| 2025/01/14 | 2024/12/11 | CVE-2025-21333 | NVD | Microsoft | 7.8(Microsoft) |
CWE-122 | ヒープベースのバッファオーバーフロー | 2025/01/14 | Windows Hyper-V |
| 2025/01/14 | 2024/12/11 | CVE-2025-21334 | NVD | Microsoft | 7.8(Microsoft) |
CWE-416 | 解放済みメモリの使用 | 2025/01/14 | Windows Hyper-V |
| 2025/01/14 | 2024/12/11 | CVE-2025-21335 | NVD | Microsoft | 7.8(Microsoft) |
CWE-416 | 解放済みメモリの使用 | 2025/01/14 | Windows Hyper-V |
| 2025/01/07 | 2024/10/27 | CVE-2024-50603 | NVD | Aviatrix | 9.8(NVD) 10.0(MITRE) |
CWE-78 | CWE-78 | 2025/01/16 | Aviatrix Controller |
| 2020/04/29 | 2020/03/30 | CVE-2020-11023 | NVD | JQuery | 6.1(NVD) 6.9(GitHub) |
CWE-79 | クロスサイトスクリプティング | 2025/01/23 | JQuery (Cross-Site Scripting) |
| 2025/01/23 | 2025/01/09 | CVE-2025-23006 | NVD | SonicWALL | 9.8(NVD) 9.8(CISA-ADP) |
CWE-502 | 信頼できないデータのデシリアライゼーション | 2025/01/24 | SMA1000 Appliance Management Console (AMC) |
| 2025/01/27 | 2025/01/17 | CVE-2025-24085 | NVD | Apple | 7.8(NVD) 7.8(CISA-ADP) |
CWE-416 | 解放済みメモリの使用 | 2025/01/29 | Apple (use after free) |
| 2024/09/04 | 2024/08/22 | CVE-2024-45195 | NVD | Apache | 7.5(NVD) 9.8(CISA-ADP) |
CWE-425 | リクエストの直接送信 | 2025/02/04 | Apache OFBiz |
| 2024/03/22 | 2024/03/14 | CVE-2024-29059 | NVD | Microsoft | 7.5(Microsoft) |
CWE-209 | エラーメッセージによる情報漏えい | 2025/02/04 | .NET Framework |
| 2018/07/02 | 2018/04/04 | CVE-2018-9276 | NVD | PRTG | 7.2(NVD) 7.2(CISA-ADP) |
CWE-78 | OSコマンドインジェクション | 2025/02/04 | PRTG |
| 2018/11/21 | 2018/11/21 | CVE-2018-19410 | NVD | PRTG | 9.8(NVD) 9.8(CISA-ADP) |
- | - | 2025/02/04 | PRTG |
| 2024/12/02 | 2024/11/19 | CVE-2024-53104 | NVD | ベンダー | 7.8(NVD) 7.8(CISA-ADP) |
CWE-787 | 境界外書き込み | 2025/02/05 | Linux Kernel |
| 2025/01/25 | 2025/01/13 | CVE-2025-0411 | NVD | ベンダー | 7.0(Zero Day) |
CWE-693 | 保護メカニズムの不具合 | 2025/02/06 | 7-Zip |
| 2022/11/17 | 2022/01/19 | CVE-2022-23748 | NVD | ベンダー | 7.8(NVD) 7.8(CISA-ADP) |
CWE-426 CWE-114 |
信頼できない検索パス プロセス制御 |
2025/02/06 | mDNSResponder.exe |
| 2024/02/13 | 2023/12/08 | CVE-2024-21413 | NVD | Microsoft | 9.8(Microsoft) |
Request Rejected | https://jvndb.jvn.jp/ja/cwe/.html | 2025/02/06 | Outlook |
| 2020/12/11 | 2020/12/05 | CVE-2020-29574 | NVD | Cyberoam | 9.8(NVD) 9.8(CISA-ADP) |
CWE-89 | SQLインジェクション | 2025/02/06 | WebAdmin of Cyberoam OS (SQL Injection) |
| 2020/06/29 | 2020/06/25 | CVE-2020-15069 | NVD | ベンダー | 9.8(NVD) 9.8(CISA-I\ADP) |
CWE-120 | 古典的バッファオーバーフロー | 2025/02/06 | Sophos XG Firewall (Buffer Overflow) |
| 2025/02/06 | 2025/02/03 | CVE-2025-0994 | NVD | Trimble Cityworks | 8.6(ICS-CERT) |
CWE-502 | 信頼できないデータのデシリアライゼーション | 2025/02/07 | Trimble Cityworks |
| 2025/02/19 | 2025/01/30 | CVE-2025-24989 | NVD | Microsoft | 9.8(NVD) 8.2(Microsoft) |
CWE-284 | 不適切なアクセス制御 | 2025/02/21 | Microsoft Power Pages |
| 2024/02/16 | 2023/12/07 | CVE-2024-20953 | NVD | Oracle | 8.8(Oracle) |
CWE-502 | 信頼できないデータのデシリアライゼーション | 2025/02/21 | Oracle Agile PLM |
| 2017/04/27 | 2016/12/02 | CVE-2017-3066 | NVD | Adobe | 9.8(NVD) 9.8(CISA-ADP) |
CWE-502 | 信頼できないデータのデシリアライゼーション | 2025/02/21 | Adobe ColdFusion |
【ニュース】
■2025年
◇2025年2月
◆「Adobe ColdFusion」や「Oracle Agile PLM」の脆弱性悪用に注意喚起 - 米当局 (Security NEXT, 2025/02/25)
https://www.security-next.com/167557
⇒ https://vul.hatenadiary.com/entry/2025/02/25/000000
◇2025年8月
◆米当局、「IE」「Excel」「WinRAR」の脆弱性悪用に注意喚起 (Security NEXT, 2025/08/13)
https://www.security-next.com/173337
⇒ https://vul.hatenadiary.com/entry/2025/08/13/000000
◆CVSS? EPSS? KEVカタログ? 脆弱性管理におけるリスク評価と対応 (ScanNetSecurity, 2025/08/14 08:10)
https://scan.netsecurity.ne.jp/article/2025/08/14/53431.html
⇒ https://vul.hatenadiary.com/entry/2025/08/14/000000_1
【公開情報】
■2025年
◇2025年1月
◆CISA Adds Three Known Exploited Vulnerabilities to Catalog (CISA, 2025/01/07)
[CISA、既知の悪用された脆弱性を3件追加]
https://www.cisa.gov/news-events/alerts/2025/01/07/cisa-adds-three-known-exploited-vulnerabilities-catalog
⇒ https://vul.hatenadiary.com/entry/2025/01/07/000000
◆CISA Adds Two Known Exploited Vulnerabilities to Catalog (CISA, 2025/01/13)
[CISA、既知の悪用された脆弱性を2件追加]
https://www.cisa.gov/news-events/alerts/2025/01/13/cisa-adds-two-known-exploited-vulnerabilities-catalog
⇒ https://vul.hatenadiary.com/entry/2025/01/13/000000_2
◆CISA Adds Four Known Exploited Vulnerabilities to Catalog (CISA, 2025/01/14)
https://www.cisa.gov/news-events/alerts/2025/01/14/cisa-adds-four-known-exploited-vulnerabilities-catalog
⇒ https://vul.hatenadiary.com/entry/2025/01/14/000000_1
◆CISA Adds One Known Exploited Vulnerability to Catalog (CISA, 2025/01/16)
[CISA、既知の悪用された脆弱性を1件追加]
https://www.cisa.gov/news-events/alerts/2025/01/16/cisa-adds-one-known-exploited-vulnerability-catalog
⇒ https://vul.hatenadiary.com/entry/2025/01/16/000000_2
◆CISA Adds One Known Exploited Vulnerability to Catalog (CISA, 2025/01/23)
[CISA、既知の悪用された脆弱性を1件追加]
https://www.cisa.gov/news-events/alerts/2025/01/23/cisa-adds-one-known-exploited-vulnerability-catalog
⇒ https://vul.hatenadiary.com/entry/2025/01/23/000000_1
◆CISA Adds One Known Exploited Vulnerability to Catalog (CISA, 2025/01/29)
[CISA、既知の悪用された脆弱性を1件追加]
https://www.cisa.gov/news-events/alerts/2025/01/29/cisa-adds-one-known-exploited-vulnerability-catalog
⇒ https://vul.hatenadiary.com/entry/2025/01/29/000000
◇2025年2月
◆CISA Adds Four Known Exploited Vulnerabilities to Catalog (CISA, 2025/02/04)
[CISA、既知の悪用された脆弱性4件をカタログに追加]
https://www.cisa.gov/news-events/alerts/2025/02/04/cisa-adds-four-known-exploited-vulnerabilities-catalog
⇒ https://vul.hatenadiary.com/entry/2025/02/04/000000_2
◆CISA Adds One Known Exploited Vulnerability to Catalog (CISA, 2025/02/05)
[CISA、既知の悪用された脆弱性を1件追加]
https://www.cisa.gov/news-events/alerts/2025/02/05/cisa-adds-one-known-exploited-vulnerability-catalog
⇒ https://vul.hatenadiary.com/entry/2025/02/05/000000_1
◆CISA Adds Five Known Exploited Vulnerabilities to Catalog (CISA, 2025/02/06)
[CISA、既知の悪用された脆弱性5件をカタログに追加]
https://www.cisa.gov/news-events/alerts/2025/02/06/cisa-adds-five-known-exploited-vulnerabilities-catalog
⇒ https://vul.hatenadiary.com/entry/2025/02/06/000000
◆CISA Adds One Known Exploited Vulnerability to Catalog (CISA, 2025/02/07)
[CISA、既知の悪用された脆弱性を1件追加]
https://www.cisa.gov/news-events/alerts/2025/02/07/cisa-adds-one-known-exploited-vulnerability-catalog
⇒ https://vul.hatenadiary.com/entry/2025/02/07/000000_1
【検索】
google: KEV 2025
google:news: KEV 2025
google: site:virustotal.com KEV 2025
google: site:github.com KEV 2025
■Bing
https://www.bing.com/search?q=KEV%202025
https://www.bing.com/news/search?q=KEV%202025
https://twitter.com/search?q=%23KEV%202025
https://twitter.com/hashtag/KEV%202025
【関連情報】
◆KEV / Known Exploited Vulnerabilities Catalog (CISA)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
◆Cybersecurity Alerts & Advisories (CISA)
https://www.cisa.gov/news-events/cybersecurity-advisories
【関連まとめ記事】
◆悪用が確認された脆弱性カタログ(KEV) (まとめ)
https://vul.hatenadiary.com/entry/KEV
