Security Vulnerabilities, CVEs, Published In March 2014 (Denial of service)
Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file.
Max CVSS
6.8
EPSS Score
31.09%
Published
2014-03-31
Updated
2017-08-29
Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.
Max CVSS
5.0
EPSS Score
5.58%
Published
2014-03-28
Updated
2017-12-16
The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests and a large input.
Max CVSS
4.9
EPSS Score
0.06%
Published
2014-03-28
Updated
2017-01-07
The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.
Max CVSS
2.3
EPSS Score
0.29%
Published
2014-03-25
Updated
2014-03-26
Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
Max CVSS
7.8
EPSS Score
1.29%
Published
2014-03-18
Updated
2014-04-01
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
Max CVSS
10.0
EPSS Score
7.47%
Published
2014-03-24
Updated
2023-01-19
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
Max CVSS
4.3
EPSS Score
0.98%
Published
2014-03-21
Updated
2022-09-28
Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow.
Max CVSS
5.0
EPSS Score
0.96%
Published
2014-03-25
Updated
2018-10-30
The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.
Max CVSS
6.1
EPSS Score
1.53%
Published
2014-03-11
Updated
2020-08-27
CVE-2014-2299
Public exploit
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.
Max CVSS
9.3
EPSS Score
95.27%
Published
2014-03-11
Updated
2016-06-02
The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors.
Max CVSS
5.0
EPSS Score
4.28%
Published
2014-03-24
Updated
2014-09-13
epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet.
Max CVSS
4.3
EPSS Score
0.63%
Published
2014-03-11
Updated
2015-08-12
The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet.
Max CVSS
4.3
EPSS Score
0.26%
Published
2014-03-11
Updated
2016-04-04
The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet.
Max CVSS
4.3
EPSS Score
0.62%
Published
2014-03-11
Updated
2015-08-12
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
Max CVSS
4.3
EPSS Score
95.86%
Published
2014-03-14
Updated
2022-10-28
Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets.
Max CVSS
7.8
EPSS Score
0.39%
Published
2014-03-16
Updated
2020-02-10
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets, a different vulnerability than CVE-2014-2259.
Max CVSS
7.8
EPSS Score
0.79%
Published
2014-03-24
Updated
2020-02-10
Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets.
Max CVSS
7.8
EPSS Score
0.70%
Published
2014-03-16
Updated
2020-02-10
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets, a different vulnerability than CVE-2014-2257.
Max CVSS
7.8
EPSS Score
0.70%
Published
2014-03-24
Updated
2020-02-10
Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets.
Max CVSS
7.8
EPSS Score
0.39%
Published
2014-03-16
Updated
2020-02-10
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets, a different vulnerability than CVE-2014-2255.
Max CVSS
7.8
EPSS Score
0.79%
Published
2014-03-24
Updated
2020-02-10
Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted Profinet packets.
Max CVSS
6.1
EPSS Score
0.54%
Published
2014-03-16
Updated
2020-02-10
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability than CVE-2014-2253.
Max CVSS
6.1
EPSS Score
0.54%
Published
2014-03-24
Updated
2020-02-10
The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file.
Max CVSS
6.8
EPSS Score
1.06%
Published
2014-03-18
Updated
2014-04-01
Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file.
Max CVSS
7.5
EPSS Score
13.91%
Published
2014-03-12
Updated
2021-01-26