Export limit exceeded: 10816 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9120 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-7818 | 1 Japan Pension Service | 4 Device Data Encryption Program, Specification Check Program, Todokesho Creation Program and 1 more | 2025-04-20 | N/A |
| Untrusted search path vulnerability in Installers for Specification check program (social insurance) Ver. 9.00 and earlier, TODOKESHO print program Ver. 5.00 and earlier, Device data encryption program Ver. 1.00 and earlier, and TODOKESHO creation program Ver. 15.00 and earlier available prior to October 17, 2016 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2016-7845 | 1 Gigaccsecure | 1 Gigacc Office | 2025-04-20 | N/A |
| GigaCC OFFICE ver.2.3 and earlier allows remote attackers to upload arbitrary files as a user profile image, which may be exploited for unauthorized file sharing. | ||||
| CVE-2016-6902 | 1 Lshell Project | 1 Lshell | 2025-04-20 | N/A |
| lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. | ||||
| CVE-2016-8479 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31824853. References: QC-CR#1093687. | ||||
| CVE-2016-8480 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31804432. References: QC-CR#1086186. | ||||
| CVE-2016-8493 | 1 Fortinet | 1 Forticlient | 2025-04-20 | N/A |
| In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability. | ||||
| CVE-2016-8494 | 1 Fortinet | 1 Connect | 2025-04-20 | N/A |
| Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme. | ||||
| CVE-2015-8993 | 1 Mcafee | 3 Cloud Av, Security Scan Plus, Security Webadvisor | 2025-04-20 | N/A |
| Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. | ||||
| CVE-2017-5664 | 2 Apache, Redhat | 4 Tomcat, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2025-04-20 | N/A |
| The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method. | ||||
| CVE-2015-9004 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-20 | 7.8 High |
| kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions. | ||||
| CVE-2015-7561 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2025-04-20 | N/A |
| Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. | ||||
| CVE-2016-8585 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | N/A |
| admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter. | ||||
| CVE-2016-8586 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | N/A |
| detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||
| CVE-2016-8589 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | N/A |
| log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||
| CVE-2016-8590 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | N/A |
| log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||
| CVE-2016-8591 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | N/A |
| log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||
| CVE-2016-8592 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | N/A |
| log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||
| CVE-2016-8644 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. | ||||
| CVE-2016-8649 | 1 Linuxcontainers | 1 Lxc | 2025-04-20 | N/A |
| lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls. | ||||
| CVE-2016-8659 | 1 Bubblewrap Project | 1 Bubblewrap | 2025-04-20 | N/A |
| Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket. | ||||