LiveActive security incident?Get immediate response
CVE archive

February 2014

Browse CVE records published in February 2014, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 506 matching CVEs · Page 1 of 11.

High · CVSS 8.8 · CISA KEV

CVE-2014-0502: Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0...

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.

Published Feb 21, 2014 · Updated Oct 22, 2025

Medium · CVSS 6.8

CVE-2014-0774: Schneider Electric OFS Stack Buffer Overflow

Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.

Published Feb 28, 2014 · Updated Sep 24, 2025

Medium · CVSS 6.3

CVE-2014-0755: Rockwell RSLogix 5000 Insufficiently Protected Credentials

Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.

Published Feb 5, 2014 · Updated Sep 19, 2025

High · CVSS 7.5

CVE-2014-9200: Schneider Electric Device Type Managers (DTMs) Stack-based Buffer Overflow

Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors.

Published Feb 1, 2015 · Updated Sep 5, 2025

Medium · CVSS 5.5

CVE-2014-125086: Gimmie Plugin trigger_login.php sql injection

A vulnerability has been found in Gimmie Plugin 1.2.2 on vBulletin and classified as critical. Affected by this vulnerability is an unknown functionality of the file trigger_login.php. The manipulation of the argument userid leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The patch is named fe851002d20a8d6196a5abb68bafec4102964d5b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220207.

Published Feb 6, 2023 · Updated Mar 25, 2025

Medium · CVSS 5.5

CVE-2014-125087: java-xmlbuilder xml external entity reference

A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is e6fddca201790abab4f2c274341c0bb8835c3e73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221480.

Published Feb 19, 2023 · Updated Feb 13, 2025

Unknown · CVSS Not scored

CVE-2014-1916: The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in Mumb...

The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d and Mumble for iOS 1.1 through 1.2.2 do not properly check the return value of the copyDataBlock method, which allow remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted length prefix value in an Opus voice packet.

Published Feb 8, 2014 · Updated Sep 17, 2024

Medium · CVSS 5.5

CVE-2014-125084: Gimmie Plugin trigger_referral.php sql injection

A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2 on vBulletin. This issue affects some unknown processing of the file trigger_referral.php. The manipulation of the argument referrername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The identifier of the patch is 7194a09353dd24a274678383a4418f2fd3fce6f7. It is recommended to upgrade the affected component. The identifier VDB-220205 was assigned to this vulnerability.

Published Feb 5, 2023 · Updated Aug 6, 2024

Medium · CVSS 4

CVE-2014-125088: qt-users-jp silk header.qml cross site scripting

A vulnerability was found in qt-users-jp silk 0.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file contents/root/examples/header.qml. The manipulation of the argument model.key/model.value leads to cross site scripting. The attack can be initiated remotely. The name of the patch is bbc5d6eeea800025ef29edda3fd3c57836239eae. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221488.

Published Feb 20, 2023 · Updated Aug 6, 2024

Medium · CVSS 4

CVE-2014-125089: cention-chatserver InternalChatProtocol.fe _formatBody cross site scripting

A vulnerability was found in cention-chatserver 3.8.0-rc1. It has been declared as problematic. Affected by this vulnerability is the function _formatBody of the file lib/InternalChatProtocol.fe. The manipulation of the argument body leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.9 is able to address this issue. The identifier of the patch is c4c0258bbd18f6915f97f91d5fee625384096a26. It is recommended to upgrade the affected component. The identifier VDB-221497 was assigned to this vulnerability.

Published Feb 21, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2014-125085: Gimmie Plugin trigger_ratethread.php sql injection

A vulnerability, which was classified as critical, was found in Gimmie Plugin 1.2.2 on vBulletin. Affected is an unknown function of the file trigger_ratethread.php. The manipulation of the argument t/postusername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The patch is identified as f11a136e9cbd24997354965178728dc22a2aa2ed. It is recommended to upgrade the affected component. VDB-220206 is the identifier assigned to this vulnerability.

Published Feb 5, 2023 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-10070: zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment...

zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env_reset" has been disabled.

Published Feb 27, 2018 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9914: Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3....

Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets.

Published Feb 7, 2017 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9748: The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not prope...

The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition.

Published Feb 11, 2020 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9670: Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2....

Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.

Published Feb 8, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9684: OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove ima...

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.

Published Feb 24, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9674: The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to lengt...

The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.

Published Feb 8, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9665: The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch...

The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file.

Published Feb 8, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9659: cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints af...

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.

Published Feb 8, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9663: The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field b...

The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.

Published Feb 8, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9668: The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculati...

The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file.

Published Feb 8, 2015 · Updated Aug 6, 2024