Vulnerabilities (CVE)

Filtered by CWE-119
Total 13604 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-5384 2 Freebsd, Netbsd 2 Freebsd, Netbsd 2026-06-17 5.0 MEDIUM N/A
The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT from CVE-2014-3951 per ADT2 due to different vulnerability types.
CVE-2014-5349 1 Baidu 1 Spark Browser 2026-06-17 5.0 MEDIUM N/A
Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function.
CVE-2014-5314 1 Cybozu 3 Dezie, Mailwise, Office 2026-06-17 9.0 HIGH N/A
Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.
CVE-2014-5307 1 Pandasecurity 3 Panda Av Pro 2014, Panda Global Protection 2014, Panda Internet Security 2014 2026-06-17 7.2 HIGH N/A
Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Panda Security 2014 products before hft131306s24_r1 allows local users to gain privileges via a crafted argument to a 0x222008 IOCTL call.
CVE-2014-5272 1 Ffmpeg 1 Ffmpeg 2026-06-17 6.8 MEDIUM N/A
libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats.
CVE-2014-5271 2 Ffmpeg, Libav 2 Ffmpeg, Libav 2026-06-17 7.5 HIGH N/A
Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.
CVE-2014-5263 1 Qemu 1 Qemu 2026-06-17 6.8 MEDIUM N/A
vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infinite loop, and memory corruption) and possibly gain privileges via unspecified vectors.
CVE-2014-5256 1 Nodejs 1 Nodejs 2026-06-17 5.0 MEDIUM N/A
Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack.
CVE-2014-5211 1 Attachmate 1 Reflection Ftp Client 2026-06-17 6.8 MEDIUM N/A
Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response.
CVE-2014-5165 1 Wireshark 1 Wireshark 2026-06-17 5.0 MEDIUM N/A
The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet.
CVE-2014-5164 1 Wireshark 1 Wireshark 2026-06-17 5.0 MEDIUM N/A
The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2014-5163 1 Wireshark 1 Wireshark 2026-06-17 5.0 MEDIUM N/A
The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2014-5162 1 Wireshark 1 Wireshark 2026-06-17 5.0 MEDIUM N/A
The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet.
CVE-2014-5161 1 Wireshark 1 Wireshark 2026-06-17 5.0 MEDIUM N/A
The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet.
CVE-2014-5148 1 Xen 1 Xen 2026-06-17 4.6 MEDIUM N/A
Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit userspace, which allows local guest users to cause a denial of service (crash) and possibly gain privileges via a crafted process.
CVE-2014-4979 1 Apple 1 Quicktime 2026-06-17 9.3 HIGH N/A
Apple QuickTime allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed version number and flags in an mvhd atom.
CVE-2014-4975 4 Canonical, Debian, Redhat and 1 more 7 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 4 more 2026-06-17 5.0 MEDIUM N/A
Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.
CVE-2014-4947 1 Citrix 1 Xenserver 2026-06-17 10.0 HIGH N/A
Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors.
CVE-2014-4927 3 Acme, Dlink, Netgear 5 Micro Httpd, Dsl2740u, Dsl2750u and 2 more 2026-06-17 7.8 HIGH N/A
Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.
CVE-2014-4880 1 Hikvision 2 Dvr Ds-7204, Dvr Ds-7204 Firmware 2026-06-17 7.5 HIGH N/A
Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header.