Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.
Max CVSS
10.0
EPSS Score
97.37%
Published
2014-09-28
Updated
2018-10-09
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.
Max CVSS
10.0
EPSS Score
97.51%
Published
2014-09-28
Updated
2018-10-09
Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer.
Max CVSS
5.0
EPSS Score
0.36%
Published
2014-09-20
Updated
2014-11-05
The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Max CVSS
5.0
EPSS Score
0.32%
Published
2014-09-20
Updated
2014-11-05
Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position.
Max CVSS
5.0
EPSS Score
0.32%
Published
2014-09-20
Updated
2014-11-05
The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\0' character.
Max CVSS
5.0
EPSS Score
0.32%
Published
2014-09-20
Updated
2014-11-05
The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet.
Max CVSS
5.0
EPSS Score
0.32%
Published
2014-09-20
Updated
2014-11-05
The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector.
Max CVSS
5.0
EPSS Score
0.32%
Published
2014-09-20
Updated
2014-11-05
Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket.
Max CVSS
7.8
EPSS Score
3.91%
Published
2014-09-28
Updated
2023-01-17
Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.
Max CVSS
6.8
EPSS Score
0.50%
Published
2014-09-30
Updated
2020-01-08
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.
Max CVSS
6.8
EPSS Score
7.23%
Published
2014-09-12
Updated
2017-09-08
Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read.
Max CVSS
5.0
EPSS Score
6.31%
Published
2014-09-30
Updated
2014-10-02
Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors.
Max CVSS
6.5
EPSS Score
1.33%
Published
2014-09-05
Updated
2018-12-10
Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.
Max CVSS
6.5
EPSS Score
2.19%
Published
2014-09-30
Updated
2020-10-23
Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.
Max CVSS
7.5
EPSS Score
1.01%
Published
2014-09-30
Updated
2020-10-23
Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file.
Max CVSS
6.8
EPSS Score
50.94%
Published
2014-09-04
Updated
2017-09-08
Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.
Max CVSS
5.0
EPSS Score
0.31%
Published
2014-09-04
Updated
2023-05-03
Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file.
Max CVSS
4.4
EPSS Score
0.04%
Published
2014-09-15
Updated
2014-09-15
Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack.
Max CVSS
5.0
EPSS Score
2.74%
Published
2014-09-05
Updated
2015-05-12
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
Max CVSS
6.8
EPSS Score
1.12%
Published
2014-09-18
Updated
2019-03-08
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
Max CVSS
6.8
EPSS Score
1.17%
Published
2014-09-18
Updated
2019-03-08
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
Max CVSS
6.8
EPSS Score
1.17%
Published
2014-09-18
Updated
2019-03-08
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
Max CVSS
6.8
EPSS Score
1.22%
Published
2014-09-18
Updated
2019-03-08
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
Max CVSS
6.8
EPSS Score
1.17%
Published
2014-09-18
Updated
2019-03-08
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
Max CVSS
6.8
EPSS Score
1.17%
Published
2014-09-18
Updated
2019-03-08
114 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!