Security Vulnerabilities, CVEs, Published In 2014 (Overflow)
The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors.
Max CVSS
2.1
EPSS Score
0.08%
Published
2014-12-24
Updated
2019-05-20
The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature.
Max CVSS
5.0
EPSS Score
2.35%
Published
2014-12-19
Updated
2020-02-26
The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 0.8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which triggers a stack-based buffer overflow.
Max CVSS
7.5
EPSS Score
7.94%
Published
2014-12-19
Updated
2020-02-26
Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet.
Max CVSS
7.5
EPSS Score
7.94%
Published
2014-12-19
Updated
2020-02-26
The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted .bit file.
Max CVSS
5.0
EPSS Score
0.57%
Published
2014-12-09
Updated
2016-12-03
The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size.
Max CVSS
7.5
EPSS Score
0.56%
Published
2014-12-09
Updated
2016-12-03
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file.
Max CVSS
7.5
EPSS Score
0.62%
Published
2014-12-09
Updated
2018-12-21
The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file.
Max CVSS
7.5
EPSS Score
0.59%
Published
2014-12-09
Updated
2016-12-03
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.
Max CVSS
7.5
EPSS Score
96.62%
Published
2014-12-20
Updated
2021-11-17
UnRTF allows remote attackers to cause a denial of service (out-of-bounds memory access and crash) and possibly execute arbitrary code via a crafted RTF file.
Max CVSS
7.5
EPSS Score
7.84%
Published
2014-12-09
Updated
2016-12-22
UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".
Max CVSS
7.5
EPSS Score
5.65%
Published
2014-12-09
Updated
2016-12-22
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.
Max CVSS
4.6
EPSS Score
0.04%
Published
2014-12-08
Updated
2018-10-30
Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arbitrary code via a crafted ViewPort property value.
Max CVSS
6.8
EPSS Score
90.01%
Published
2014-12-08
Updated
2014-12-09
Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
6.8
EPSS Score
59.77%
Published
2014-12-08
Updated
2014-12-09
Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias.
Max CVSS
7.5
EPSS Score
92.56%
Published
2014-12-11
Updated
2014-12-12
Multiple buffer overflows in the PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 control in 3S Pocketnet Tech VMS allow remote attackers to execute arbitrary code via a crafted string to the (1) StartRecord, (2) StartRecordEx, (3) StartScheduledRecord, (4) SetDisplayText, (5) GetONVIFDeviceInformation, (6) GetONVIFProfiles, or (7) GetONVIFStreamUri method or a crafted filename to the (8) SaveCurrentImage or (9) SaveCurrentImageEx method.
Max CVSS
6.8
EPSS Score
29.53%
Published
2014-12-08
Updated
2014-12-23
Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization.
Max CVSS
10.0
EPSS Score
4.62%
Published
2014-12-24
Updated
2016-09-06
Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.
Max CVSS
5.0
EPSS Score
26.39%
Published
2014-12-11
Updated
2019-02-01
Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers.
Max CVSS
9.0
EPSS Score
26.97%
Published
2014-12-27
Updated
2014-12-29
CVE-2014-9163
Known exploited
Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014.
Max CVSS
10.0
EPSS Score
7.31%
Published
2014-12-10
Updated
2018-12-20
CISA KEV Added
2022-04-13
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8457 and CVE-2014-8460.
Max CVSS
10.0
EPSS Score
29.50%
Published
2014-12-10
Updated
2014-12-12
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
Max CVSS
7.5
EPSS Score
5.22%
Published
2014-12-03
Updated
2017-09-08
Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet.
Max CVSS
5.0
EPSS Score
15.80%
Published
2014-12-05
Updated
2018-10-09
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.
Max CVSS
5.0
EPSS Score
1.54%
Published
2014-12-02
Updated
2018-10-30
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
Max CVSS
5.0
EPSS Score
2.39%
Published
2014-12-02
Updated
2017-09-08