Search
Total
11946 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5651 | 1 Redhat | 1 Libvirt | 2015-01-03 | 5.0 MEDIUM | N/A |
| The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune. | |||||
| CVE-2011-5288 | 1 Threedify | 1 Threedify Designer | 2015-01-03 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the ThreeDify.ThreeDifyDesigner.1 ActiveX control in ActiveSolid.dll in ThreeDify Designer 5.0.2 allow remote attackers to execute arbitrary code via a long argument to the (1) cmdExport, (2) cmdImport, (3) cmdOpen, or (4) cmdSave method. | |||||
| CVE-2011-5295 | 1 Gogago | 1 Gogago Youtube Video Converter | 2015-01-03 | 9.3 HIGH | N/A |
| Buffer overflow in the Download method in a certain ActiveX control in MDIEEx.dll in Gogago YouTube Video Converter 1.1.6 allows remote attackers to execute arbitrary code via a long argument. | |||||
| CVE-2011-5293 | 1 Threediffy | 1 Threedify Designer | 2015-01-03 | 9.3 HIGH | N/A |
| The cmdSave method in the ThreeDify.ThreeDifyDesigner.1 ActiveX control in ActiveSolid.dll in ThreeDify Designer 5.0.2 allows remote attackers to write to arbitrary files via a pathname in the argument. | |||||
| CVE-2013-4297 | 1 Redhat | 1 Libvirt | 2015-01-02 | 4.0 MEDIUM | N/A |
| The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors. | |||||
| CVE-2014-5314 | 1 Cybozu | 3 Dezie, Mailwise, Office | 2014-12-30 | 9.0 HIGH | N/A |
| Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages. | |||||
| CVE-2014-9188 | 1 Schneider Electric | 1 Proclima | 2014-12-29 | 9.0 HIGH | N/A |
| Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers. | |||||
| CVE-2014-8513 | 1 Schneider Electric | 1 Proclima | 2014-12-29 | 7.5 HIGH | N/A |
| Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers. | |||||
| CVE-2014-8512 | 1 Schneider Electric | 1 Proclima | 2014-12-29 | 7.5 HIGH | N/A |
| Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511. NOTE: this may be clarified later based on details provided by researchers. | |||||
| CVE-2011-3623 | 1 Videolan | 1 Vlc Media Player | 2014-12-29 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a crafted ASF file, related to the ASF_ObjectDumpDebug function in modules/demux/asf/libasf.c; (2) a crafted AVI file, related to the AVI_ChunkDumpDebug_level function in modules/demux/avi/libavi.c; or (3) a crafted MP4 file, related to the __MP4_BoxDumpStructure function in modules/demux/mp4/libmp4.c. | |||||
| CVE-2010-1445 | 1 Videolan | 1 Vlc Media Player | 2014-12-29 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP session. | |||||
| CVE-2010-1444 | 1 Videolan | 1 Vlc Media Player | 2014-12-29 | 7.5 HIGH | N/A |
| The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive. | |||||
| CVE-2010-1441 | 1 Videolan | 1 Vlc Media Player | 2014-12-29 | 7.5 HIGH | N/A |
| Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder. | |||||
| CVE-2010-1442 | 1 Videolan | 1 Vlc Media Player | 2014-12-29 | 7.5 HIGH | N/A |
| VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer. | |||||
| CVE-2014-9263 | 1 3s Pocketnet Tech | 1 3s Pocketnet Tech Video Management Software | 2014-12-23 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in the PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 control in 3S Pocketnet Tech VMS allow remote attackers to execute arbitrary code via a crafted string to the (1) StartRecord, (2) StartRecordEx, (3) StartScheduledRecord, (4) SetDisplayText, (5) GetONVIFDeviceInformation, (6) GetONVIFProfiles, or (7) GetONVIFStreamUri method or a crafted filename to the (8) SaveCurrentImage or (9) SaveCurrentImageEx method. | |||||
| CVE-2014-7249 | 1 Alliedtelesis | 48 Ar440s, Ar440s Firmware, Ar441s and 45 more | 2014-12-19 | 10.0 HIGH | N/A |
| Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i, and SwitchBlade4000 with firmware before 2.9.1-21 allows remote attackers to execute arbitrary code via a crafted HTTP POST request. | |||||
| CVE-2014-8269 | 1 Honeywell | 1 Opos Suite | 2014-12-16 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite before 1.13.4.15 allow remote attackers to execute arbitrary code via a crafted file that is improperly handled by the Open method. | |||||
| CVE-2014-8956 | 1 K7computing | 1 K7av Sentry Device Driver | 2014-12-16 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in the K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via unspecified vectors. | |||||
| CVE-2014-7136 | 1 K7computing | 1 K7firewall Packet Driver | 2014-12-15 | 7.2 HIGH | N/A |
| Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver (aka K7Firewall Packet Driver) before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call. | |||||
| CVE-2014-9264 | 1 Sap | 1 Sql Anywhere | 2014-12-12 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias. | |||||
| CVE-2014-8460 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8457 and CVE-2014-9159. | |||||
| CVE-2014-8457 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8460 and CVE-2014-9159. | |||||
| CVE-2014-9265 | 1 Samsung | 1 Smartviewer | 2014-12-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-9267 | 1 Ptc | 1 Isoview | 2014-12-09 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arbitrary code via a crafted ViewPort property value. | |||||
| CVE-2014-4880 | 1 Hikvision | 2 Dvr Ds-7204, Dvr Ds-7204 Firmware | 2014-12-08 | 7.5 HIGH | N/A |
| Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header. | |||||
| CVE-2014-8123 | 1 Antiword Project | 1 Antiword | 2014-12-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in the bGetPPS function in wordole.c in Antiword 0.37 allows remote attackers to cause a denial of service (crash) via a crafted document. | |||||
| CVE-2014-8002 | 1 Cisco | 1 Openh264 | 2014-11-26 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. | |||||
| CVE-2014-8001 | 1 Cisco | 1 Openh264 | 2014-11-26 | 7.5 HIGH | N/A |
| Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. | |||||
| CVE-2014-8388 | 1 Advantech | 1 Webaccess | 2014-11-24 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document. | |||||
| CVE-2014-5263 | 1 Qemu | 1 Qemu | 2014-11-19 | 6.8 MEDIUM | N/A |
| vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infinite loop, and memory corruption) and possibly gain privileges via unspecified vectors. | |||||
| CVE-2014-3953 | 1 Freebsd | 1 Freebsd | 2014-11-19 | 4.9 MEDIUM | N/A |
| FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a (4) SCTP_PEER_ADDR_CHANGE, (5) SCTP_REMOTE_ERROR, or (6) SCTP_AUTHENTICATION_EVENT notification. | |||||
| CVE-2014-0205 | 1 Linux | 1 Linux Kernel | 2014-11-19 | 6.9 MEDIUM | N/A |
| The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that triggers a zero count. | |||||
| CVE-2014-3535 | 1 Linux | 1 Linux Kernel | 2014-11-14 | 7.8 HIGH | N/A |
| include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending invalid packets to a VxLAN interface. | |||||
| CVE-2014-3461 | 1 Qemu | 1 Qemu | 2014-11-05 | 6.8 MEDIUM | N/A |
| hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks." | |||||
| CVE-2013-4150 | 1 Qemu | 1 Qemu | 2014-11-05 | 7.5 HIGH | N/A |
| The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an out-of-bounds write. | |||||
| CVE-2013-4149 | 1 Qemu | 1 Qemu | 2014-11-05 | 7.5 HIGH | N/A |
| Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table. | |||||
| CVE-2014-6427 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
| Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position. | |||||
| CVE-2014-6431 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer. | |||||
| CVE-2014-6422 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
| The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector. | |||||
| CVE-2014-6425 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
| The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\0' character. | |||||
| CVE-2014-6424 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
| The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet. | |||||
| CVE-2014-6428 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
| The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2014-8509 | 1 Bittorrent | 1 Bootstrap-dht | 2014-11-03 | 7.5 HIGH | N/A |
| The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) allows remote attackers to execute arbitrary code via a crafted packet, which triggers an out-of-bounds read, related to "Improper Indexing." | |||||
| CVE-2014-6251 | 1 Cpuminer Project | 1 Cpuminer | 2014-10-27 | 6.0 MEDIUM | N/A |
| Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request. | |||||
| CVE-2011-2713 | 2 Libreoffice, Sun | 2 Libreoffice, Openoffice.org | 2014-10-24 | 4.3 MEDIUM | N/A |
| oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser. | |||||
| CVE-2014-3201 | 1 Google | 1 Chrome | 2014-10-10 | 5.0 MEDIUM | N/A |
| core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar. | |||||
| CVE-2014-5501 | 1 Cyberoam | 1 Cyberoam Os | 2014-10-08 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary code via a crafted webpage or file. | |||||
| CVE-2014-0994 | 1 Embarcadero | 2 Embarcadero C\+\+builder Xe6, Embarcadero Delphi Xe6 | 2014-10-07 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the ReadDIB function in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows context-dependent attackers to execute arbitrary code via the BITMAPINFOHEADER.biClrUsed field in a BMP file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0993. | |||||
| CVE-2012-3423 | 1 Redhat | 1 Icedtea-web | 2014-10-04 | 7.5 HIGH | N/A |
| The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet. | |||||
| CVE-2012-3422 | 1 Redhat | 1 Icedtea-web | 2014-10-04 | 6.8 MEDIUM | N/A |
| The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read. | |||||