LiveActive security incident?Get immediate response
CVE archive

February 2014

Browse CVE records published in February 2014, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 506 matching CVEs · Page 5 of 11.

Unknown · CVSS Not scored

CVE-2014-4813: Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5...

Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5.5.4.3, 6.1.0.0 through 6.1.5.6, 6.2 before 6.2.5.4, 6.3 before 6.3.2.3, 6.4 before 6.4.2.1, and 7.1 before 7.1.1 on UNIX and Linux allows local users to obtain root privileges via unspecified vectors.

Published Feb 13, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-4803: CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management...

CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via an unspecified parameter.

Published Feb 13, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-4660: Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in...

Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format.

Published Feb 20, 2020 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-4650: The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is u...

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.

Published Feb 20, 2020 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-4632: VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EM...

VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.

Published Feb 1, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-4145: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of servi...

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, CVE-2014-2823, CVE-2014-4057, and CVE-2014-8985.

Published Feb 8, 2018 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-3879: OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive r...

OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password.

Published Feb 18, 2020 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-3827: Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow re...

Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the (1) edit or (2) add action in the user-users module or the (3) finduser action or the name parameter in an (4) edit action in the user-user module or the (5) editprofile action to modcp.php.

Published Feb 11, 2020 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-3519: The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux ker...

The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capability to bypass an intended container protection mechanism and access arbitrary files on a filesystem via vectors related to use of the file_handle structure.

Published Feb 1, 2018 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-3484: Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x...

Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output.

Published Feb 20, 2020 · Updated Aug 6, 2024