Lucene search

[email protected]CVE-2014-0535

HistoryJun 11, 2014 - 10:57 a.m.

CVE-2014-0535

2014-06-1110:57:17

CWE-264

[email protected]

web.nvd.nist.gov

cve-2014-0535

adobe flash player

security bypass

vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.071 Low

EPSS

Percentile

94.0%

JSON

Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0534.

Affected configurations

NVD

Node

adobeadobe_air_sdkRange≤13.0.0.111

adobeadobe_air_sdkMatch13.0.0.83

Node

adobeadobe_airRange≤13.0.0.111

adobeadobe_airMatch13.0.0.83

Node

adobeflash_playerRange≤11.2.202.359

adobeflash_playerMatch11.2.202.223

adobeflash_playerMatch11.2.202.228

adobeflash_playerMatch11.2.202.233

adobeflash_playerMatch11.2.202.235

adobeflash_playerMatch11.2.202.236

adobeflash_playerMatch11.2.202.238

adobeflash_playerMatch11.2.202.243

adobeflash_playerMatch11.2.202.251

adobeflash_playerMatch11.2.202.258

adobeflash_playerMatch11.2.202.261

adobeflash_playerMatch11.2.202.262

adobeflash_playerMatch11.2.202.270

adobeflash_playerMatch11.2.202.273

adobeflash_playerMatch11.2.202.275

adobeflash_playerMatch11.2.202.280

adobeflash_playerMatch11.2.202.285

adobeflash_playerMatch11.2.202.291

adobeflash_playerMatch11.2.202.297

adobeflash_playerMatch11.2.202.310

adobeflash_playerMatch11.2.202.332

adobeflash_playerMatch11.2.202.335

adobeflash_playerMatch11.2.202.336

adobeflash_playerMatch11.2.202.341

adobeflash_playerMatch11.2.202.346

adobeflash_playerMatch11.2.202.350

adobeflash_playerMatch11.2.202.356

AND

linuxlinux_kernel

Node

adobeflash_playerRange≤13.0.0.214

adobeflash_playerMatch13.0.0.182

adobeflash_playerMatch13.0.0.201

adobeflash_playerMatch13.0.0.206

AND

applemac_os_x

microsoftwindows

CPENameOperatorVersion
adobe:adobe_air_sdkadobe adobe air sdkle13.0.0.111
adobe:adobe_air_sdkadobe adobe air sdkeq13.0.0.83

CPE	Name	Operator	Version
adobe:adobe_air_sdk	adobe adobe air sdk	le	13.0.0.111
adobe:adobe_air_sdk	adobe adobe air sdk	eq	13.0.0.83

References

helpx.adobe.com/security/products/flash-player/apsb14-16.html

lists.opensuse.org/opensuse-security-announce/2014-06/msg00021.html

lists.opensuse.org/opensuse-updates/2014-06/msg00029.html

lists.opensuse.org/opensuse-updates/2014-06/msg00030.html

rhn.redhat.com/errata/RHSA-2014-0745.html

secunia.com/advisories/58390

secunia.com/advisories/58465

secunia.com/advisories/58585

secunia.com/advisories/59053

secunia.com/advisories/59304

security.gentoo.org/glsa/glsa-201406-17.xml

www.securityfocus.com/bid/67970

www.securitytracker.com/id/1030368

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.071 Low

EPSS

Percentile

94.0%

JSON

Related for CVE-2014-0535

prion2 cvelist2 ubuntucve2 nvd2 cve1 hackerone1 checkpoint_advisories2 nessus11 openvas8 mageia1 redhat1 suse1 gentoo1 altlinux2 kaspersky1