Security Vulnerabilities Published In 2014 (Overflow)
The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors.
Max Base Score | 2.1 |
Published | 2014-12-24 |
Updated | 2019-05-20 |
EPSS | 0.08% |
The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature.
Max Base Score | 5.0 |
Published | 2014-12-19 |
Updated | 2020-02-26 |
EPSS | 1.67% |
The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 0.8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which triggers a stack-based buffer overflow.
Max Base Score | 7.5 |
Published | 2014-12-19 |
Updated | 2020-02-26 |
EPSS | 7.94% |
Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet.
Max Base Score | 7.5 |
Published | 2014-12-19 |
Updated | 2020-02-26 |
EPSS | 7.94% |
The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted .bit file.
Max Base Score | 5.0 |
Published | 2014-12-09 |
Updated | 2016-12-03 |
EPSS | 0.41% |
The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size.
Max Base Score | 7.5 |
Published | 2014-12-09 |
Updated | 2016-12-03 |
EPSS | 0.39% |
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file.
Max Base Score | 7.5 |
Published | 2014-12-09 |
Updated | 2018-12-21 |
EPSS | 0.44% |
The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file.
Max Base Score | 7.5 |
Published | 2014-12-09 |
Updated | 2016-12-03 |
EPSS | 0.41% |
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.
Max Base Score | 7.5 |
Published | 2014-12-20 |
Updated | 2021-11-17 |
EPSS | 96.62% |
UnRTF allows remote attackers to cause a denial of service (out-of-bounds memory access and crash) and possibly execute arbitrary code via a crafted RTF file.
Max Base Score | 7.5 |
Published | 2014-12-09 |
Updated | 2016-12-22 |
EPSS | 7.84% |
UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".
Max Base Score | 7.5 |
Published | 2014-12-09 |
Updated | 2016-12-22 |
EPSS | 5.65% |
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.
Max Base Score | 4.6 |
Published | 2014-12-08 |
Updated | 2018-10-30 |
EPSS | 0.04% |
Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arbitrary code via a crafted ViewPort property value.
Max Base Score | 6.8 |
Published | 2014-12-08 |
Updated | 2014-12-09 |
EPSS | 91.09% |
Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors.
Max Base Score | 6.8 |
Published | 2014-12-08 |
Updated | 2014-12-09 |
EPSS | 60.33% |
Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias.
Max Base Score | 7.5 |
Published | 2014-12-11 |
Updated | 2014-12-12 |
EPSS | 87.25% |
Multiple buffer overflows in the PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 control in 3S Pocketnet Tech VMS allow remote attackers to execute arbitrary code via a crafted string to the (1) StartRecord, (2) StartRecordEx, (3) StartScheduledRecord, (4) SetDisplayText, (5) GetONVIFDeviceInformation, (6) GetONVIFProfiles, or (7) GetONVIFStreamUri method or a crafted filename to the (8) SaveCurrentImage or (9) SaveCurrentImageEx method.
Max Base Score | 6.8 |
Published | 2014-12-08 |
Updated | 2014-12-23 |
EPSS | 23.84% |
Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization.
Max Base Score | 10.0 |
Published | 2014-12-24 |
Updated | 2016-09-06 |
EPSS | 4.62% |
Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.
Max Base Score | 5.0 |
Published | 2014-12-11 |
Updated | 2019-02-01 |
EPSS | 37.67% |
Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers.
Max Base Score | 9.0 |
Published | 2014-12-27 |
Updated | 2014-12-29 |
EPSS | 25.49% |
CVE-2014-9163
Known Exploited Vulnerability
Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014.
Max Base Score | 10.0 |
Published | 2014-12-10 |
Updated | 2018-12-20 |
EPSS | 4.10% |
KEV Added | 2022-04-13 |
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8457 and CVE-2014-8460.
Max Base Score | 10.0 |
Published | 2014-12-10 |
Updated | 2014-12-12 |
EPSS | 13.37% |
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
Max Base Score | 7.5 |
Published | 2014-12-03 |
Updated | 2017-09-08 |
EPSS | 5.22% |
Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet.
Max Base Score | 5.0 |
Published | 2014-12-05 |
Updated | 2018-10-09 |
EPSS | 15.80% |
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.
Max Base Score | 5.0 |
Published | 2014-12-02 |
Updated | 2018-10-30 |
EPSS | 1.54% |
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
Max Base Score | 5.0 |
Published | 2014-12-02 |
Updated | 2017-09-08 |
EPSS | 2.39% |