Total
11925 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-7913 | 2 Dhcpcd Project, Google | 2 Dhcpcd, Android | 2023-11-07 | 6.8 MEDIUM | N/A |
| The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message. | |||||
| CVE-2014-7912 | 2 Dhcpcd Project, Google | 2 Dhcpcd, Android | 2023-11-07 | 6.8 MEDIUM | N/A |
| The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a large length value of an option in a DHCPACK message. | |||||
| CVE-2014-7904 | 1 Google | 1 Chrome | 2023-11-07 | 7.5 HIGH | N/A |
| Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2014-7903 | 1 Google | 1 Chrome | 2023-11-07 | 7.5 HIGH | N/A |
| Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG image. | |||||
| CVE-2014-6431 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 5.0 MEDIUM | N/A |
| Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer. | |||||
| CVE-2014-6428 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 5.0 MEDIUM | N/A |
| The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2014-6427 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 5.0 MEDIUM | N/A |
| Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position. | |||||
| CVE-2014-6425 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 5.0 MEDIUM | N/A |
| The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\0' character. | |||||
| CVE-2014-6424 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 5.0 MEDIUM | N/A |
| The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet. | |||||
| CVE-2014-6422 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 5.0 MEDIUM | N/A |
| The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector. | |||||
| CVE-2014-6416 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2023-11-07 | 7.8 HIGH | N/A |
| Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket. | |||||
| CVE-2014-5272 | 1 Ffmpeg | 1 Ffmpeg | 2023-11-07 | 6.8 MEDIUM | N/A |
| libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats. | |||||
| CVE-2014-5271 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2023-11-07 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-5263 | 1 Qemu | 1 Qemu | 2023-11-07 | 6.8 MEDIUM | N/A |
| vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infinite loop, and memory corruption) and possibly gain privileges via unspecified vectors. | |||||
| CVE-2014-5165 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 5.0 MEDIUM | N/A |
| The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet. | |||||
| CVE-2014-5164 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 5.0 MEDIUM | N/A |
| The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2014-5163 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 5.0 MEDIUM | N/A |
| The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2014-5162 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 5.0 MEDIUM | N/A |
| The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet. | |||||
| CVE-2014-5161 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 5.0 MEDIUM | N/A |
| The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet. | |||||
| CVE-2014-4044 | 1 Openafs | 1 Openafs | 2023-11-07 | 5.0 MEDIUM | N/A |
| OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors related to TMAY requests. | |||||