CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-119

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-9380 119 DoS Overflow 2014-12-19 2014-12-19
5.0
None Remote Low Not required None None Partial
The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature.
2 CVE-2014-9379 119 DoS Exec Code Overflow 2014-12-19 2014-12-19
7.5
None Remote Low Not required Partial Partial Partial
The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which triggers a stack-based buffer overflow.
3 CVE-2014-9377 119 DoS Exec Code Overflow 2014-12-19 2014-12-19
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet.
4 CVE-2014-9319 119 DoS Overflow 2014-12-09 2014-12-10
5.0
None Remote Low Not required None None Partial
The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted .bit file.
5 CVE-2014-9318 119 DoS Overflow 2014-12-09 2014-12-10
7.5
None Remote Low Not required Partial Partial Partial
The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size.
6 CVE-2014-9317 119 DoS Overflow 2014-12-09 2014-12-10
7.5
None Remote Low Not required Partial Partial Partial
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file.
7 CVE-2014-9316 119 DoS Overflow 2014-12-09 2014-12-10
7.5
None Remote Low Not required Partial Partial Partial
The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file.
8 CVE-2014-9275 119 DoS Exec Code Overflow 2014-12-09 2014-12-10
7.5
None Remote Low Not required Partial Partial Partial
UnRTF allows remote attackers to cause a denial of service (out-of-bounds memory access and crash) and possibly execute arbitrary code via a crafted RTF file.
9 CVE-2014-9274 119 DoS Exec Code Overflow 2014-12-09 2014-12-10
7.5
None Remote Low Not required Partial Partial Partial
UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".
10 CVE-2014-9273 119 Exec Code Overflow +Priv 2014-12-08 2014-12-09
4.6
User Local Low Not required Partial Partial Partial
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.
11 CVE-2014-9267 119 Exec Code Overflow 2014-12-08 2014-12-09
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arbitrary code via a crafted ViewPort property value.
12 CVE-2014-9265 119 Exec Code Overflow 2014-12-08 2014-12-09
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors.
13 CVE-2014-9264 119 Exec Code Overflow 2014-12-11 2014-12-12
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias.
14 CVE-2014-9263 119 Exec Code Overflow 2014-12-08 2014-12-09
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 control in 3S Pocketnet Tech VMS allow remote attackers to execute arbitrary code via a crafted string to the (1) StartRecord, (2) StartRecordEx, (3) StartScheduledRecord, (4) SetDisplayText, (5) GetONVIFDeviceInformation, (6) GetONVIFProfiles, or (7) GetONVIFStreamUri method or a crafted filename to the (8) SaveCurrentImage or (9) SaveCurrentImageEx method.
15 CVE-2014-9163 119 Exec Code Overflow 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014.
16 CVE-2014-9140 119 DoS Overflow 2014-12-05 2014-12-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet.
17 CVE-2014-9116 119 DoS Overflow 2014-12-02 2014-12-03
5.0
None Remote Low Not required None None Partial
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.
18 CVE-2014-9112 119 DoS Overflow 2014-12-02 2014-12-17
5.0
None Remote Low Not required None None Partial
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
19 CVE-2014-9050 119 DoS Overflow 2014-12-01 2014-12-17
5.0
None Remote Low Not required None None Partial
Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.95.4 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file.
20 CVE-2014-9028 119 Exec Code Overflow 2014-11-26 2014-12-17
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
21 CVE-2014-8964 119 DoS Overflow 2014-12-16 2014-12-17
5.0
None Remote Low Not required None None Partial
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
22 CVE-2014-8962 119 Exec Code Overflow 2014-11-26 2014-12-17
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
23 CVE-2014-8956 119 Exec Code Overflow 2014-12-12 2014-12-15
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via unspecified vectors.
24 CVE-2014-8884 119 DoS Overflow +Priv 2014-11-29 2014-12-05
6.1
User Local Low Not required Partial Partial Complete
Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call.
25 CVE-2014-8769 119 DoS Overflow +Info 2014-11-20 2014-12-08
6.4
None Remote Low Not required Partial None Partial
tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access.
26 CVE-2014-8713 119 DoS Overflow 2014-11-22 2014-12-17
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
27 CVE-2014-8710 119 DoS Overflow 2014-11-22 2014-12-17
5.0
None Remote Low Not required None None Partial
The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.
28 CVE-2014-8626 119 DoS Exec Code Overflow 2014-11-22 2014-12-02
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding.
29 CVE-2014-8548 119 DoS Overflow 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data.
30 CVE-2014-8547 119 DoS Overflow 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data.
31 CVE-2014-8542 119 DoS Overflow 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.
32 CVE-2014-8541 119 DoS Overflow 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data.
33 CVE-2014-8509 119 Exec Code Overflow 2014-10-31 2014-11-03
7.5
None Remote Low Not required Partial Partial Partial
The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) allows remote attackers to execute arbitrary code via a crafted packet, which triggers an out-of-bounds read, related to "Improper Indexing."
34 CVE-2014-8504 119 DoS Overflow 2014-12-09 2014-12-10
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.
35 CVE-2014-8503 119 DoS Overflow 2014-12-09 2014-12-10
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.
36 CVE-2014-8502 119 DoS Overflow 2014-12-09 2014-12-10
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.
37 CVE-2014-8501 119 DoS Overflow 2014-12-09 2014-12-10
7.5
None Remote Low Not required Partial Partial Partial
The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.
38 CVE-2014-8484 119 DoS Overflow 2014-12-09 2014-12-10
5.0
None Remote Low Not required None None Partial
The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.
39 CVE-2014-8460 119 Exec Code Overflow 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8457 and CVE-2014-9159.
40 CVE-2014-8457 119 Exec Code Overflow 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8460 and CVE-2014-9159.
41 CVE-2014-8439 119 DoS Exec Code Overflow 2014-11-25 2014-12-16
7.5
None Remote Low Not required Partial Partial Partial
Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.
42 CVE-2014-8388 119 Exec Code Overflow 2014-11-20 2014-11-24
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document.
43 CVE-2014-8269 119 Exec Code Overflow 2014-12-12 2014-12-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite before 1.13.4.15 allow remote attackers to execute arbitrary code via a crafted file that is improperly handled by the Open method.
44 CVE-2014-8240 119 DoS Exec Code Overflow 2014-10-16 2014-10-21
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051.
45 CVE-2014-8123 119 DoS Overflow 2014-12-05 2014-12-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in the bGetPPS function in wordole.c in Antiword 0.37 allows remote attackers to cause a denial of service (crash) via a crafted document.
46 CVE-2014-8106 119 Exec Code Overflow 2014-12-08 2014-12-09
4.6
None Local Low Not required Partial Partial Partial
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.
47 CVE-2014-8103 119 DoS Exec Code Overflow 2014-12-10 2014-12-11
6.5
None Remote Low Single system Partial Partial Partial
X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) sproc_dri3_query_version, (2) sproc_dri3_open, (3) sproc_dri3_pixmap_from_buffer, (4) sproc_dri3_buffer_from_pixmap, (5) sproc_dri3_fence_from_fd, (6) sproc_dri3_fd_from_fence, (7) proc_present_query_capabilities, (8) sproc_present_query_version, (9) sproc_present_pixmap, (10) sproc_present_notify_msc, (11) sproc_present_select_input, or (12) sproc_present_query_capabilities function in the (a) DRI3 or (b) Present extension.
48 CVE-2014-8102 119 DoS Exec Code Overflow 2014-12-10 2014-12-16
6.5
None Remote Low Single system Partial Partial Partial
The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length value.
49 CVE-2014-8101 119 DoS Exec Code Overflow 2014-12-10 2014-12-16
6.5
None Remote Low Single system Partial Partial Partial
The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function.
50 CVE-2014-8100 119 DoS Exec Code Overflow 2014-12-10 2014-12-16
6.5
None Remote Low Single system Partial Partial Partial
The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function.
Total number of vulnerabilities : 5293   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.