CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-8769 119 DoS Overflow +Info 2014-11-20 2014-11-20
6.4
None Remote Low Not required Partial None Partial
tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access.
2 CVE-2014-8713 DoS Overflow 2014-11-22 2014-11-22
0.0
None ??? ??? ??? ??? ??? ???
Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
3 CVE-2014-8711 DoS Overflow 2014-11-22 2014-11-22
0.0
None ??? ??? ??? ??? ??? ???
Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet.
4 CVE-2014-8626 DoS Exec Code Overflow 2014-11-22 2014-11-22
0.0
None ??? ??? ??? ??? ??? ???
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding.
5 CVE-2014-8589 189 DoS Overflow 2014-11-04 2014-11-13
5.0
None Remote Low Not required None None Partial
Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests.
6 CVE-2014-8566 200 DoS Overflow +Info 2014-11-15 2014-11-20
6.4
None Remote Low Not required Partial None Partial
The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "sessions overlapping in memory."
7 CVE-2014-8548 119 DoS Overflow 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data.
8 CVE-2014-8547 119 DoS Overflow 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data.
9 CVE-2014-8542 119 DoS Overflow 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.
10 CVE-2014-8541 119 DoS Overflow 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data.
11 CVE-2014-8509 119 Exec Code Overflow 2014-10-31 2014-11-03
7.5
None Remote Low Not required Partial Partial Partial
The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) allows remote attackers to execute arbitrary code via a crafted packet, which triggers an out-of-bounds read, related to "Improper Indexing."
12 CVE-2014-8388 119 Exec Code Overflow 2014-11-20 2014-11-21
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document.
13 CVE-2014-8240 119 DoS Exec Code Overflow 2014-10-16 2014-10-21
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051.
14 CVE-2014-8074 119 Exec Code Overflow 2014-10-17 2014-10-22
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the SetLogFile method in Foxit.FoxitPDFSDKProCtrl.5 in Foxit PDF SDK ActiveX 2.3 through 5.0.1820 before 5.0.2.924 allows remote attackers to execute arbitrary code via a long string, related to global variables.
15 CVE-2014-7908 189 DoS Overflow 2014-11-19 2014-11-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in the CheckMov function in media/base/container_names.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a large atom in (1) MPEG-4 or (2) QuickTime .mov data.
16 CVE-2014-7904 119 DoS Overflow 2014-11-19 2014-11-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
17 CVE-2014-7903 119 DoS Overflow 2014-11-19 2014-11-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG image.
18 CVE-2014-7901 189 DoS Overflow 2014-11-19 2014-11-19
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long segment in a JPEG image.
19 CVE-2014-7825 119 DoS Overflow Bypass 2014-11-10 2014-11-10
4.9
None Local Low Not required None None Complete
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application.
20 CVE-2014-7187 119 DoS Overflow 2014-09-28 2014-11-19
10.0
None Remote Low Not required Complete Complete Complete
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.
21 CVE-2014-7186 119 DoS Overflow 2014-09-28 2014-11-19
10.0
None Remote Low Not required Complete Complete Complete
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.
22 CVE-2014-7185 189 Overflow +Info 2014-10-08 2014-10-24
6.4
None Remote Low Not required Partial None Partial
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
23 CVE-2014-6431 119 DoS Overflow 2014-09-20 2014-11-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer.
24 CVE-2014-6428 119 DoS Overflow 2014-09-20 2014-11-05
5.0
None Remote Low Not required None None Partial
The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
25 CVE-2014-6427 119 DoS Overflow 2014-09-20 2014-11-05
5.0
None Remote Low Not required None None Partial
Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position.
26 CVE-2014-6425 119 DoS Overflow 2014-09-20 2014-11-05
5.0
None Remote Low Not required None None Partial
The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\0' character.
27 CVE-2014-6424 119 DoS Overflow 2014-09-20 2014-11-05
5.0
None Remote Low Not required None None Partial
The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet.
28 CVE-2014-6422 119 DoS Overflow 2014-09-20 2014-11-05
5.0
None Remote Low Not required None None Partial
The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector.
29 CVE-2014-6416 119 DoS Overflow Mem. Corr. 2014-09-28 2014-10-24
7.8
None Remote Low Not required None None Complete
Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket.
30 CVE-2014-6283 264 Overflow 2014-10-17 2014-10-24
6.5
None Remote Low Single system Partial Partial Partial
SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 before ESD#5.4, and 15.0.3 before ESD#4.4 does not properly restrict access, which allows remote authenticated database users to (1) overwrite the master encryption key or (2) trigger a buffer overflow via a crafted RPC message to the hacmpmsgxchg function, and possibly other vectors.
31 CVE-2014-6273 119 DoS Exec Code Overflow 2014-09-30 2014-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.
32 CVE-2014-6270 119 DoS Exec Code Overflow 2014-09-12 2014-09-22
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.
33 CVE-2014-6269 189 DoS Overflow 2014-09-30 2014-10-02
5.0
None Remote Low Not required None None Partial
Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read.
34 CVE-2014-6252 119 DoS Exec Code Overflow 2014-09-05 2014-09-08
6.5
None Remote Low Single system Partial Partial Partial
Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors.
35 CVE-2014-6251 119 Overflow 2014-10-24 2014-10-27
6.0
None Remote Medium Single system Partial Partial Partial
Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request.
36 CVE-2014-6055 119 DoS Exec Code Overflow 2014-09-30 2014-10-04
6.5
None Remote Low Single system Partial Partial Partial
Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.
37 CVE-2014-6051 189 DoS Exec Code Overflow 2014-09-30 2014-10-04
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.
38 CVE-2014-5508 189 DoS Overflow 2014-09-05 2014-09-08
3.5
None Remote Medium Single system None None Partial
Multiple integer overflows in the HelpServ module (mod-helpserv.c) in srvx 1.3.1 allow remote authenticated IRCops or HelpServ bot managers to cause a denial of service (infinite loop) via a large value in the EmptyInterval parameter or certain other interval configurations.
39 CVE-2014-5505 119 Exec Code Overflow 2014-09-04 2014-09-13
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file.
40 CVE-2014-5501 119 Exec Code Overflow 2014-10-07 2014-10-08
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary code via a crafted webpage or file.
41 CVE-2014-5461 119 DoS Overflow 2014-09-04 2014-11-13
5.0
None Remote Low Not required None None Partial
Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.
42 CVE-2014-5407 119 DoS Overflow 2014-09-15 2014-09-15
4.4
None Local Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file.
43 CVE-2014-5388 119 Overflow Mem. Corr. +Info 2014-11-15 2014-11-17
4.6
None Local Low Not required Partial Partial Partial
Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.
44 CVE-2014-5384 119 DoS Overflow 2014-08-21 2014-08-21
5.0
None Remote Low Not required None None Partial
The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT from CVE-2014-3951 per ADT2 due to different vulnerability types.
45 CVE-2014-5349 119 1 DoS Overflow 2014-08-19 2014-08-20
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function.
46 CVE-2014-5328 399 DoS Overflow 2014-10-11 2014-10-15
6.8
None Remote Low Single system None None Complete
Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long parameter in an API service request message.
47 CVE-2014-5327 399 DoS Overflow 2014-10-11 2014-10-15
6.8
None Remote Low Single system None None Complete
Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long URI.
48 CVE-2014-5307 119 Overflow +Priv 2014-08-26 2014-08-27
7.2
None Local Low Not required Complete Complete Complete
Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Panda Security 2014 products before hft131306s24_r1 allows local users to gain privileges via a crafted argument to a 0x222008 IOCTL call.
49 CVE-2014-5272 119 Overflow 2014-11-03 2014-11-04
6.8
None Remote Medium Not required Partial Partial Partial
libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats.
50 CVE-2014-5271 119 DoS Exec Code Overflow 2014-11-03 2014-11-04
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.