CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2015-0326 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereferenc... | N/A | NONE | — | 0 |
| CVE-2015-0327 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary co... | N/A | NONE | — | 0 |
| CVE-2015-0328 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereferenc... | N/A | NONE | — | 0 |
| CVE-2015-0329 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of servic... | N/A | NONE | — | 0 |
| CVE-2015-0330 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of servic... | N/A | NONE | — | 0 |
| CVE-2015-1442 SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via t... | N/A | NONE | — | 0 |
| CVE-2014-0603 The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to cause a denial of service (memory corruption) and execute arbitrary code via vectors rela... | N/A | NONE | — | 0 |
| CVE-2014-0604 Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to th... | N/A | NONE | — | 0 |
| CVE-2014-0605 Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to th... | N/A | NONE | — | 0 |
| CVE-2014-5332 Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 allows local users to gain privileges via a crafted NVMAP_IOC_CREATE IOCTL call, which triggers a use-after-free error, as demonstrated by usi... | N/A | NONE | — | 0 |
| CVE-2014-9353 NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2014-9354 NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage. | N/A | NONE | — | 0 |
| CVE-2015-1209 Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40... | N/A | NONE | — | 0 |
| CVE-2015-1210 The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and be... | N/A | NONE | — | 0 |
| CVE-2015-1211 The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.10... | N/A | NONE | — | 0 |
| CVE-2015-1212 Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have... | N/A | NONE | — | 0 |
| CVE-2014-9632 The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations,... | N/A | NONE | — | 0 |
| CVE-2013-5557 The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software 9.1(.2) and earlier allows remote authenticated users to cause a denial of service... | N/A | NONE | — | 0 |
| CVE-2014-9636 unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip arch... | N/A | NONE | — | 0 |
| CVE-2014-9641 The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain privileg... | N/A | NONE | — | 0 |
| CVE-2014-9642 bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protection, and Online Backup before 15.0.288 allows local users to write data to arbitrary memory locations, and consequently gain privi... | N/A | NONE | — | 0 |
| CVE-2014-9643 K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a... | N/A | NONE | — | 0 |
| CVE-2015-1305 McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 I... | N/A | NONE | — | 0 |
| CVE-2015-1444 Multiple cross-site scripting (XSS) vulnerabilities in the web administration frontend in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allow remote attackers to inject arbitrary ... | N/A | NONE | — | 0 |
| CVE-2015-1467 Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to pri... | N/A | NONE | — | 0 |
| CVE-2015-1512 Multiple cross-site scripting (XSS) vulnerabilities in FancyFon FAMOC before 3.17.4 allow remote attackers to inject arbitrary web script or HTML via the (1) LoginForm[username] to ui/system/login or ... | N/A | NONE | — | 0 |
| CVE-2015-1513 SQL injection vulnerability in SIPhone Enterprise PBX allows remote attackers to execute arbitrary SQL commands via the Username. | N/A | NONE | — | 0 |
| CVE-2015-1514 Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 allow (1) remote attackers to execute arbitrary SQL commands via the device ID REST parameter (PATH_INFO) to /ajax.php or (2) rem... | N/A | NONE | — | 0 |
| CVE-2015-0871 Cross-site scripting (XSS) vulnerability in Mrs. Shiromuku Perl CGI shiromuku(u1)GUESTBOOK 1.62 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2015-0601 Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allow local users to cause a denial of service (device reload) via crafted commands, aka Bug ID CSCup92790. | N/A | NONE | — | 0 |
| CVE-2015-0603 Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use weak permissions for unspecified files, which allows local users to cause a denial of service (persistent hang or reboot) by writing ... | N/A | NONE | — | 0 |
| CVE-2015-0604 The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, ak... | N/A | NONE | — | 0 |
| CVE-2015-0605 The uuencode inspection engine in Cisco AsyncOS on Cisco Email Security Appliance (ESA) devices 8.5 and earlier allows remote attackers to bypass intended content restrictions via a crafted e-mail att... | N/A | NONE | — | 0 |
| CVE-2021-38732 SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2014-9203 Buffer overflow in the Field Device Tool (FDT) Frame application in the HART Device Type Manager (DTM) library, as used in MACTek Bullet DTM 1.00.0, GE Vector DTM 1.00.0, GE SVi1000 Positioner DTM 1.0... | N/A | NONE | — | 0 |
| CVE-2015-0589 The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ... | N/A | NONE | — | 0 |
| CVE-2015-0600 The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to cause a denial of service (logoff) via crafted packets, aka Bug ID CSCuq12139. | N/A | NONE | — | 0 |
| CVE-2015-0602 The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to obtain sensitive information by sniffing the network, aka Bug ID CSCuq12117. | N/A | NONE | — | 0 |
| CVE-2015-0072 Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involv... | N/A | NONE | — | 0 |
| CVE-2014-9656 The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bo... | N/A | NONE | — | 0 |
| CVE-2014-9657 The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) ... | N/A | NONE | — | 0 |
| CVE-2014-9658 The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or ... | N/A | NONE | — | 0 |
| CVE-2014-9659 cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code ... | N/A | NONE | — | 0 |
| CVE-2014-9660 The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dere... | N/A | NONE | — | 0 |
| CVE-2014-9661 type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or... | N/A | NONE | — | 0 |
| CVE-2014-9662 cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possi... | N/A | NONE | — | 0 |
| CVE-2014-9663 The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a d... | N/A | NONE | — | 0 |
| CVE-2014-9673 Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly ... | N/A | NONE | — | 0 |
| CVE-2014-9664 FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecifie... | N/A | NONE | — | 0 |
| CVE-2014-9665 The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overf... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.