Lucene search

[email protected]CVE-2014-0531

HistoryJun 11, 2014 - 10:57 a.m.

CVE-2014-0531

2014-06-1110:57:17

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-0531

cross-site scripting

xss

adobe flash player

remote attackers

arbitrary web script

html

security vulnerability

5.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.1%

JSON

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0532 and CVE-2014-0533.

Affected configurations

NVD

Node

adobeadobe_airRange≤13.0.0.111

adobeadobe_airMatch13.0.0.83

Node

adobeflash_playerRange≤13.0.0.214

adobeflash_playerMatch13.0.0.182

adobeflash_playerMatch13.0.0.201

adobeflash_playerMatch13.0.0.206

AND

applemac_os_x

microsoftwindows

Node

adobeadobe_air_sdkRange≤13.0.0.111

adobeadobe_air_sdkMatch13.0.0.83

Node

adobeflash_playerRange≤11.2.202.359

adobeflash_playerMatch11.2.202.223

adobeflash_playerMatch11.2.202.228

adobeflash_playerMatch11.2.202.233

adobeflash_playerMatch11.2.202.235

adobeflash_playerMatch11.2.202.236

adobeflash_playerMatch11.2.202.238

adobeflash_playerMatch11.2.202.243

adobeflash_playerMatch11.2.202.251

adobeflash_playerMatch11.2.202.258

adobeflash_playerMatch11.2.202.261

adobeflash_playerMatch11.2.202.262

adobeflash_playerMatch11.2.202.270

adobeflash_playerMatch11.2.202.273

adobeflash_playerMatch11.2.202.275

adobeflash_playerMatch11.2.202.280

adobeflash_playerMatch11.2.202.285

adobeflash_playerMatch11.2.202.291

adobeflash_playerMatch11.2.202.297

adobeflash_playerMatch11.2.202.310

adobeflash_playerMatch11.2.202.332

adobeflash_playerMatch11.2.202.335

adobeflash_playerMatch11.2.202.336

adobeflash_playerMatch11.2.202.341

adobeflash_playerMatch11.2.202.346

adobeflash_playerMatch11.2.202.350

adobeflash_playerMatch11.2.202.356

AND

linuxlinux_kernel

CPENameOperatorVersion
adobe:adobe_airadobe adobe airle13.0.0.111
adobe:adobe_airadobe adobe aireq13.0.0.83

CPE	Name	Operator	Version
adobe:adobe_air	adobe adobe air	le	13.0.0.111
adobe:adobe_air	adobe adobe air	eq	13.0.0.83

References

helpx.adobe.com/security/products/flash-player/apsb14-16.html

lists.opensuse.org/opensuse-security-announce/2014-06/msg00021.html

lists.opensuse.org/opensuse-updates/2014-06/msg00029.html

lists.opensuse.org/opensuse-updates/2014-06/msg00030.html

rhn.redhat.com/errata/RHSA-2014-0745.html

secunia.com/advisories/58390

secunia.com/advisories/58465

secunia.com/advisories/58585

secunia.com/advisories/59053

secunia.com/advisories/59304

security.gentoo.org/glsa/glsa-201406-17.xml

www.securityfocus.com/bid/67962

www.securitytracker.com/id/1030368

5.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.1%

JSON

Related for CVE-2014-0531

ubuntucve3 prion3 cvelist3 cve2 nvd3 checkpoint_advisories3 openvas8 mageia1 nessus11 altlinux2 redhat1 suse1 gentoo1 kaspersky1