Vulnerabilities (CVE)

Filtered by CWE-119
Total 13604 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-3493 1 Samba 1 Samba 2026-06-17 2.7 LOW N/A
The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference.
CVE-2014-3488 1 Netty 1 Netty 2026-06-17 5.0 MEDIUM N/A
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.
CVE-2014-3478 2 Christos Zoulas, Php 2 File, Php 2026-06-17 5.0 MEDIUM 6.5 MEDIUM
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.
CVE-2014-3466 1 Gnu 1 Gnutls 2026-06-17 6.8 MEDIUM N/A
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
CVE-2014-3461 1 Qemu 1 Qemu 2026-06-17 6.8 MEDIUM N/A
hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."
CVE-2014-3459 1 Solarwinds 1 Network Configuration Manager 2026-06-17 6.8 MEDIUM N/A
Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property.
CVE-2014-3452 1 Codecguide 1 K-lite Codec Pack 2026-06-17 4.3 MEDIUM N/A
Filters\LAV\avfilter-lav-4.dll in K-lite Codec 10.4.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .jpg file.
CVE-2014-3443 1 Jetaudio 1 Jetaudio 2026-06-17 4.3 MEDIUM N/A
JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file.
CVE-2014-3442 1 Nullsoft 1 Winamp 2026-06-17 4.3 MEDIUM N/A
Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s.
CVE-2014-3441 1 Videolan 1 Vlc Media Player 2026-06-17 4.3 MEDIUM N/A
codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file.
CVE-2014-3434 1 Symantec 1 Endpoint Protection 2026-06-17 6.9 MEDIUM N/A
Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call.
CVE-2014-3361 1 Cisco 1 Ios 2026-06-17 7.1 HIGH N/A
The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka Bug ID CSCun54071.
CVE-2014-3356 1 Cisco 1 Ios Xe 2026-06-17 7.8 HIGH N/A
The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCue22753.
CVE-2014-3355 1 Cisco 1 Ios Xe 2026-06-17 7.8 HIGH N/A
The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCug75942.
CVE-2014-3311 1 Cisco 2 Webex Meeting Center, Webex Meetings Server 2026-06-17 5.1 MEDIUM N/A
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.
CVE-2014-3261 1 Cisco 27 Cg-os, Cgr 1120, Cgr 1240 and 24 more 2026-06-17 7.6 HIGH N/A
Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405, and CSCuf61322.
CVE-2014-3243 1 Makina-corpus 1 Soappy 2026-06-17 5.0 MEDIUM N/A
SOAPpy 0.12.5 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted SOAP request containing a large number of nested entity references.
CVE-2014-3208 1 Askpop3d Project 1 Askpop3d 2026-06-17 5.0 MEDIUM 7.5 HIGH
A Denial of Service vulnerability exists in askpop3d 0.7.7 in free (pszQuery),
CVE-2014-3201 1 Google 1 Chrome 2026-06-17 5.0 MEDIUM N/A
core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar.
CVE-2014-3198 2 Google, Redhat 5 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 2 more 2026-06-17 5.0 MEDIUM N/A
The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.