The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 0.8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which triggers a stack-based buffer overflow.
Max CVSS
7.5
EPSS Score
7.94%
Published
2014-12-19
Updated
2020-02-26
Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet.
Max CVSS
7.5
EPSS Score
7.94%
Published
2014-12-19
Updated
2020-02-26
The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size.
Max CVSS
7.5
EPSS Score
0.56%
Published
2014-12-09
Updated
2016-12-03
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file.
Max CVSS
7.5
EPSS Score
0.62%
Published
2014-12-09
Updated
2018-12-21
The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file.
Max CVSS
7.5
EPSS Score
0.59%
Published
2014-12-09
Updated
2016-12-03
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.
Max CVSS
7.5
EPSS Score
96.62%
Published
2014-12-20
Updated
2021-11-17
UnRTF allows remote attackers to cause a denial of service (out-of-bounds memory access and crash) and possibly execute arbitrary code via a crafted RTF file.
Max CVSS
7.5
EPSS Score
7.84%
Published
2014-12-09
Updated
2016-12-22
UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".
Max CVSS
7.5
EPSS Score
5.65%
Published
2014-12-09
Updated
2016-12-22
Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias.
Max CVSS
7.5
EPSS Score
92.56%
Published
2014-12-11
Updated
2014-12-12
Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization.
Max CVSS
10.0
EPSS Score
4.62%
Published
2014-12-24
Updated
2016-09-06
Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers.
Max CVSS
9.0
EPSS Score
26.97%
Published
2014-12-27
Updated
2014-12-29

CVE-2014-9163

Known exploited
Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014.
Max CVSS
10.0
EPSS Score
7.31%
Published
2014-12-10
Updated
2018-12-20
CISA KEV Added
2022-04-13
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8457 and CVE-2014-8460.
Max CVSS
10.0
EPSS Score
29.50%
Published
2014-12-10
Updated
2014-12-12
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
Max CVSS
7.5
EPSS Score
5.22%
Published
2014-12-03
Updated
2017-09-08
Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.
Max CVSS
7.5
EPSS Score
1.66%
Published
2014-12-01
Updated
2023-05-18
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
Max CVSS
7.5
EPSS Score
45.71%
Published
2014-12-08
Updated
2018-10-09
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
Max CVSS
7.5
EPSS Score
65.21%
Published
2014-11-26
Updated
2018-10-09
Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
Max CVSS
7.5
EPSS Score
65.21%
Published
2014-11-26
Updated
2018-10-09
Stack-based buffer overflow in the K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.08%
Published
2014-12-12
Updated
2014-12-16
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding.
Max CVSS
7.5
EPSS Score
7.95%
Published
2014-11-23
Updated
2015-04-30
Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data.
Max CVSS
7.5
EPSS Score
0.65%
Published
2014-11-05
Updated
2016-12-03
libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data.
Max CVSS
7.5
EPSS Score
0.65%
Published
2014-11-05
Updated
2016-12-03
libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.
Max CVSS
7.5
EPSS Score
0.95%
Published
2014-11-05
Updated
2019-03-05
libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data.
Max CVSS
7.5
EPSS Score
0.65%
Published
2014-11-05
Updated
2016-12-03
Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers.
Max CVSS
7.5
EPSS Score
20.44%
Published
2014-12-27
Updated
2016-12-31
518 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!