Vulnerabilities (CVE)

Filtered by CWE-119
Total 13611 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-9451 1 Vdgsecurity 1 Vdg Sense 2026-06-17 7.5 HIGH N/A
Multiple stack-based buffer overflows in the DIVA web service API (/webservice) in VDG Security SENSE (formerly DIVA) 2.3.13 allow remote attackers to execute arbitrary code via the (1) user or (2) password parameter in an AuthenticateUser request.
CVE-2014-9449 2 Exiv2, Fedoraproject 2 Exiv2, Fedora 2026-06-17 5.0 MEDIUM N/A
Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.
CVE-2014-9448 1 Mini-stream 1 Rm-mp3 Converter 2026-06-17 7.5 HIGH N/A
Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file.
CVE-2014-9427 1 Php 1 Php 2026-06-17 7.5 HIGH N/A
sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping.
CVE-2014-9418 1 Huawei 1 Espace Desktop 2026-06-17 2.1 LOW N/A
The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors.
CVE-2014-9380 1 Ettercap-project 1 Ettercap 2026-06-17 5.0 MEDIUM N/A
The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature.
CVE-2014-9379 1 Ettercap-project 1 Ettercap 2026-06-17 7.5 HIGH N/A
The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 0.8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which triggers a stack-based buffer overflow.
CVE-2014-9377 1 Ettercap-project 1 Ettercap 2026-06-17 7.5 HIGH N/A
Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet.
CVE-2014-9328 2 Clamav, Fedoraproject 2 Clamav, Fedora 2026-06-17 7.5 HIGH N/A
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."
CVE-2014-9319 1 Ffmpeg 1 Ffmpeg 2026-06-17 5.0 MEDIUM N/A
The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted .bit file.
CVE-2014-9318 1 Ffmpeg 1 Ffmpeg 2026-06-17 7.5 HIGH N/A
The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size.
CVE-2014-9317 1 Ffmpeg 1 Ffmpeg 2026-06-17 7.5 HIGH N/A
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file.
CVE-2014-9316 1 Ffmpeg 1 Ffmpeg 2026-06-17 7.5 HIGH N/A
The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file.
CVE-2014-9295 1 Ntp 1 Ntp 2026-06-17 7.5 HIGH N/A
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.
CVE-2014-9275 1 Unrtf Project 1 Unrtf 2026-06-17 7.5 HIGH N/A
UnRTF allows remote attackers to cause a denial of service (out-of-bounds memory access and crash) and possibly execute arbitrary code via a crafted RTF file.
CVE-2014-9274 4 Debian, Fedoraproject, Mageia Project and 1 more 4 Debian Linux, Fedora, Mageia and 1 more 2026-06-17 7.5 HIGH N/A
UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".
CVE-2014-9273 3 Debian, Opensuse, Redhat 6 Hivex, Opensuse, Enterprise Linux Desktop and 3 more 2026-06-17 4.6 MEDIUM N/A
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.
CVE-2014-9267 1 Ptc 1 Isoview 2026-06-17 6.8 MEDIUM N/A
Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arbitrary code via a crafted ViewPort property value.
CVE-2014-9265 1 Samsung 1 Smartviewer 2026-06-17 6.8 MEDIUM N/A
Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2014-9264 1 Sap 1 Sql Anywhere 2026-06-17 7.5 HIGH N/A
Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias.