Google Chrome < 34.0.1847.116 Multiple Vulnerabilities

2014-04-08T00:00:00

Description

The version of Google Chrome installed on the remote host is a version prior to 34.0.1847.116. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists in the included Flash version that could lead to arbitrary code execution. (CVE-2014-0506) - A buffer overflow error exists in the included Flash version that could lead to arbitrary code execution. (CVE-2014-0507) - An unspecified error exists in the included Flash version that could allow a security bypass leading to information disclosure. (CVE-2014-0508) - An unspecified error exists in the included Flash version that could allow cross-site scripting attacks. (CVE-2014-0509) - An unspecified flaw exists related to IPC message injection that allows an unauthenticated, remote attacker to bypass sandbox restrictions. (CVE-2014-1709) - An input validation error exists that could allow universal cross-site scripting (UXSS) attacks. (CVE-2014-1716) - An unspecified out-of-bounds access error exists related to the V8 JavaScript engine. (CVE-2014-1717) - An integer overflow error exists related to the compositor. (CVE-2014-1718) - Use-after-free errors exist related to web workers, DOM processing, rendering, speech handling and forms handling. (CVE-2014-1719, CVE-2014-1720, CVE-2014-1722, CVE-2014-1724, CVE-2014-1727) - An unspecified memory corruption error exists related to the V8 JavaScript engine. (CVE-2014-1721) - An URL confusion error exists related to handling RTL characters. (CVE-2014-1723) - An out-of-bounds read error exists related to handling 'window property' processing. (CVE-2014-1725) - An unspecified error exists that could allow local cross-origin bypasses. (CVE-2014-1726) - Various, unspecified memory handling errors exist. (CVE-2014-1728) - Various, unspecified errors exist related to the V8 JavaScript engine. (CVE-2014-1729) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

{"id": "GOOGLE_CHROME_34_0_1847_116.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 34.0.1847.116 Multiple Vulnerabilities", "description": "The version of Google Chrome installed on the remote host is a version prior to 34.0.1847.116. It is, therefore, affected by the following vulnerabilities :\n\n - A use-after-free error exists in the included Flash version that could lead to arbitrary code execution.\n (CVE-2014-0506)\n\n - A buffer overflow error exists in the included Flash version that could lead to arbitrary code execution.\n (CVE-2014-0507)\n\n - An unspecified error exists in the included Flash version that could allow a security bypass leading to information disclosure. (CVE-2014-0508)\n\n - An unspecified error exists in the included Flash version that could allow cross-site scripting attacks.\n (CVE-2014-0509)\n\n - An unspecified flaw exists related to IPC message injection that allows an unauthenticated, remote attacker to bypass sandbox restrictions. (CVE-2014-1709) \n - An input validation error exists that could allow universal cross-site scripting (UXSS) attacks.\n (CVE-2014-1716)\n\n - An unspecified out-of-bounds access error exists related to the V8 JavaScript engine. (CVE-2014-1717)\n\n - An integer overflow error exists related to the compositor. (CVE-2014-1718)\n\n - Use-after-free errors exist related to web workers, DOM processing, rendering, speech handling and forms handling. (CVE-2014-1719, CVE-2014-1720, CVE-2014-1722, CVE-2014-1724, CVE-2014-1727)\n\n - An unspecified memory corruption error exists related to the V8 JavaScript engine. (CVE-2014-1721)\n\n - An URL confusion error exists related to handling RTL characters. (CVE-2014-1723)\n\n - An out-of-bounds read error exists related to handling 'window property' processing. (CVE-2014-1725)\n\n - An unspecified error exists that could allow local cross-origin bypasses. (CVE-2014-1726)\n\n - Various, unspecified memory handling errors exist.\n (CVE-2014-1728)\n\n - Various, unspecified errors exist related to the V8 JavaScript engine. (CVE-2014-1729)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2014-04-08T00:00:00", "modified": "2022-04-07T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/73419", "reporter": "This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0507", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1721", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1725", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1727", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1716", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0506", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1717", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1726", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1720", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1718", "http://www.nessus.org/u?6fd7963a", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1719", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1724", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1729", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1709", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1722", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1728", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1723", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0509", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0508"], "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509", "CVE-2014-1709", "CVE-2014-1716", "CVE-2014-1717", "CVE-2014-1718", "CVE-2014-1719", "CVE-2014-1720", "CVE-2014-1721", "CVE-2014-1722", "CVE-2014-1723", "CVE-2014-1724", "CVE-2014-1725", "CVE-2014-1726", "CVE-2014-1727", "CVE-2014-1728", "CVE-2014-1729"], "immutableFields": [], "lastseen": "2023-12-02T15:27:41", "viewCount": 15, "enchantments": {"dependencies": {"references": [{"type": "altlinux", "idList": ["698F04960C6FDCECD3FAF3107FEF2E6C", "C1698F34A394319E0076F3F1117FE11F"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2014-1337", "CPAI-2014-1338", "CPAI-2014-1340", "CPAI-2014-1341"]}, {"type": "chrome", "idList": ["GCSA-3016467076478755432"]}, {"type": "cve", "idList": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509", "CVE-2014-1709", "CVE-2014-1716", "CVE-2014-1717", "CVE-2014-1718", "CVE-2014-1719", "CVE-2014-1720", "CVE-2014-1721", "CVE-2014-1722", "CVE-2014-1723", "CVE-2014-1724", "CVE-2014-1725", "CVE-2014-1726", "CVE-2014-1727", "CVE-2014-1728", "CVE-2014-1729"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2905-1:6051E", "DEBIAN:DSA-2905-1:E695A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-1716", "DEBIANCVE:CVE-2014-1717", "DEBIANCVE:CVE-2014-1718", "DEBIANCVE:CVE-2014-1719", "DEBIANCVE:CVE-2014-1720", "DEBIANCVE:CVE-2014-1721", "DEBIANCVE:CVE-2014-1722", "DEBIANCVE:CVE-2014-1723", "DEBIANCVE:CVE-2014-1724", "DEBIANCVE:CVE-2014-1725", "DEBIANCVE:CVE-2014-1726", "DEBIANCVE:CVE-2014-1727", "DEBIANCVE:CVE-2014-1728", "DEBIANCVE:CVE-2014-1729"]}, {"type": "freebsd", "idList": ["963413A5-BF50-11E3-A2D6-00262D5ED8EE"]}, {"type": "gentoo", "idList": ["GLSA-201405-04", "GLSA-201408-16"]}, {"type": "hackerone", "idList": ["H1:2140"]}, {"type": "mageia", "idList": ["MGASA-2014-0169", "MGASA-2014-0183"]}, {"type": "nessus", "idList": ["8208.PASL", "8806.PRM", "8809.PRM", "ADOBE_AIR_APSB14-09.NASL", "DEBIAN_DSA-2905.NASL", "FLASH_PLAYER_APSB14-09.NASL", "FREEBSD_PKG_963413A5BF5011E3A2D600262D5ED8EE.NASL", "GENTOO_GLSA-201405-04.NASL", "GENTOO_GLSA-201408-16.NASL", "MACOSX_ADOBE_AIR_13_0_0_83.NASL", "MACOSX_FLASH_PLAYER_13_0_0_182.NASL", "MACOSX_GOOGLE_CHROME_34_0_1847_116.NASL", "OPENSUSE-2014-307.NASL", "OPENSUSE-2014-330.NASL", "REDHAT-RHSA-2014-0380.NASL", "SMB_KB2942844.NASL", "SUSE_11_FLASH-PLAYER-140411.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121179", "OPENVAS:1361412562310121260", "OPENVAS:1361412562310702905", "OPENVAS:1361412562310804350", "OPENVAS:1361412562310804537", "OPENVAS:1361412562310804538", "OPENVAS:1361412562310804539", "OPENVAS:1361412562310804548", "OPENVAS:1361412562310804549", "OPENVAS:1361412562310804550", "OPENVAS:1361412562310851050", "OPENVAS:702905"]}, {"type": "osv", "idList": ["OSV:DSA-2905-1"]}, {"type": "prion", "idList": ["PRION:CVE-2014-0506", "PRION:CVE-2014-0507", "PRION:CVE-2014-0508", "PRION:CVE-2014-0509", "PRION:CVE-2014-1716", "PRION:CVE-2014-1717", "PRION:CVE-2014-1718", "PRION:CVE-2014-1719", "PRION:CVE-2014-1720", "PRION:CVE-2014-1721", "PRION:CVE-2014-1722", "PRION:CVE-2014-1723", "PRION:CVE-2014-1724", "PRION:CVE-2014-1725", "PRION:CVE-2014-1726", "PRION:CVE-2014-1727", "PRION:CVE-2014-1728", "PRION:CVE-2014-1729"]}, {"type": "redhat", "idList": ["RHSA-2014:0380"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30487", "SECURITYVULNS:DOC:30594", "SECURITYVULNS:VULN:13685", "SECURITYVULNS:VULN:13726"]}, {"type": "seebug", "idList": ["SSV:61978", "SSV:62132", "SSV:62133", "SSV:62134", "SSV:62135", "SSV:62136", "SSV:62137", "SSV:62138", "SSV:62139", "SSV:62140", "SSV:62141", "SSV:62142", "SSV:62143", "SSV:62144"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0535-1"]}, {"type": "threatpost", "idList": ["THREATPOST:2ADF5DE0938012FDED13572E2C798A8E"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-0507", "UB:CVE-2014-0508", "UB:CVE-2014-0509", "UB:CVE-2014-1716", "UB:CVE-2014-1717", "UB:CVE-2014-1718", "UB:CVE-2014-1719", "UB:CVE-2014-1720", "UB:CVE-2014-1721", "UB:CVE-2014-1722", "UB:CVE-2014-1723", "UB:CVE-2014-1724", "UB:CVE-2014-1725", "UB:CVE-2014-1726", "UB:CVE-2014-1727", "UB:CVE-2014-1728", "UB:CVE-2014-1729"]}, {"type": "veracode", "idList": ["VERACODE:28095"]}, {"type": "zdi", "idList": ["ZDI-14-070", "ZDI-14-092"]}]}, "score": {"value": 0.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "canvas", "idList": ["SPEECH"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2014-1337", "CPAI-2014-1340", "CPAI-2014-1341"]}, {"type": "chrome", "idList": ["GCSA-3016467076478755432"]}, {"type": "cve", "idList": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-1718", "DEBIANCVE:CVE-2014-1720", "DEBIANCVE:CVE-2014-1721"]}, {"type": "freebsd", "idList": ["963413A5-BF50-11E3-A2D6-00262D5ED8EE"]}, {"type": "gentoo", "idList": ["GLSA-201405-04"]}, {"type": "hackerone", "idList": ["H1:2140"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/GENTOO-LINUX-CVE-2014-1724/"]}, {"type": "nessus", "idList": ["8809.PRM"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310804538", "OPENVAS:1361412562310804539", "OPENVAS:1361412562310804548", "OPENVAS:1361412562310851050", "OPENVAS:702905"]}, {"type": "redhat", "idList": ["RHSA-2014:0380"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30487"]}, {"type": "seebug", "idList": ["SSV:62140", "SSV:62143"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0535-1"]}, {"type": "threatpost", "idList": ["THREATPOST:2ADF5DE0938012FDED13572E2C798A8E"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-0507", "UB:CVE-2014-1718", "UB:CVE-2014-1719"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2014-0506", "epss": "0.205570000", "percentile": "0.955730000", "modified": "2023-03-13"}, {"cve": "CVE-2014-0507", "epss": "0.019740000", "percentile": "0.869550000", "modified": "2023-03-13"}, {"cve": "CVE-2014-0508", "epss": "0.006750000", "percentile": "0.767300000", "modified": "2023-03-13"}, {"cve": "CVE-2014-0509", "epss": "0.002650000", "percentile": "0.623870000", "modified": "2023-03-13"}, {"cve": "CVE-2014-1716", "epss": "0.003440000", "percentile": "0.670140000", "modified": "2023-03-13"}, {"cve": "CVE-2014-1717", "epss": "0.013410000", "percentile": "0.840000000", "modified": "2023-03-13"}, {"cve": "CVE-2014-1718", "epss": "0.012050000", "percentile": "0.830520000", "modified": "2023-03-13"}, {"cve": "CVE-2014-1719", "epss": "0.009740000", "percentile": "0.810600000", "modified": "2023-03-13"}, {"cve": "CVE-2014-1720", "epss": "0.012410000", "percentile": "0.833510000", "modified": "2023-03-13"}, {"cve": "CVE-2014-1721", "epss": "0.013410000", "percentile": "0.840000000", "modified": "2023-03-13"}, {"cve": "CVE-2014-1722", "epss": "0.012410000", "percentile": "0.833510000", "modified": "2023-03-13"}, {"cve": "CVE-2014-1723", "epss": "0.012370000", "percentile": "0.833120000", "modified": "2023-03-13"}, {"cve": "CVE-2014-1724", "epss": "0.012410000", "percentile": "0.833510000", "modified": "2023-03-13"}, {"cve": "CVE-2014-1725", "epss": "0.017550000", "percentile": "0.860310000", "modified": "2023-03-13"}, {"cve": "CVE-2014-1726", "epss": "0.005720000", "percentile": "0.745260000", "modified": "2023-03-13"}, {"cve": "CVE-2014-1727", "epss": "0.009740000", "percentile": "0.810600000", "modified": "2023-03-13"}, {"cve": "CVE-2014-1728", "epss": "0.008110000", "percentile": "0.791350000", "modified": "2023-03-13"}, {"cve": "CVE-2014-1729", "epss": "0.008110000", "percentile": "0.791350000", "modified": "2023-03-13"}], "vulnersScore": 0.7}, "_state": {"dependencies": 1701532666, "score": 1701531375, "epss": 0}, "_internal": {"score_hash": "d89f1503b2765476ad3e47b5fb54a41f"}, "pluginID": "73419", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73419);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2014-0506\",\n \"CVE-2014-0507\",\n \"CVE-2014-0508\",\n \"CVE-2014-0509\",\n \"CVE-2014-1709\",\n \"CVE-2014-1716\",\n \"CVE-2014-1717\",\n \"CVE-2014-1718\",\n \"CVE-2014-1719\",\n \"CVE-2014-1720\",\n \"CVE-2014-1721\",\n \"CVE-2014-1722\",\n \"CVE-2014-1723\",\n \"CVE-2014-1724\",\n \"CVE-2014-1725\",\n \"CVE-2014-1726\",\n \"CVE-2014-1727\",\n \"CVE-2014-1728\",\n \"CVE-2014-1729\"\n );\n script_bugtraq_id(66704);\n\n script_name(english:\"Google Chrome < 34.0.1847.116 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is a version\nprior to 34.0.1847.116. It is, therefore, affected by the following\nvulnerabilities :\n\n - A use-after-free error exists in the included Flash\n version that could lead to arbitrary code execution.\n (CVE-2014-0506)\n\n - A buffer overflow error exists in the included Flash\n version that could lead to arbitrary code execution.\n (CVE-2014-0507)\n\n - An unspecified error exists in the included Flash\n version that could allow a security bypass leading to\n information disclosure. (CVE-2014-0508)\n\n - An unspecified error exists in the included Flash\n version that could allow cross-site scripting attacks.\n (CVE-2014-0509)\n\n - An unspecified flaw exists related to IPC message\n injection that allows an unauthenticated, remote\n attacker to bypass sandbox restrictions. (CVE-2014-1709)\n \n - An input validation error exists that could allow\n universal cross-site scripting (UXSS) attacks.\n (CVE-2014-1716)\n\n - An unspecified out-of-bounds access error exists\n related to the V8 JavaScript engine. (CVE-2014-1717)\n\n - An integer overflow error exists related to the\n compositor. (CVE-2014-1718)\n\n - Use-after-free errors exist related to web workers,\n DOM processing, rendering, speech handling and forms\n handling. (CVE-2014-1719, CVE-2014-1720, CVE-2014-1722,\n CVE-2014-1724, CVE-2014-1727)\n\n - An unspecified memory corruption error exists related\n to the V8 JavaScript engine. (CVE-2014-1721)\n\n - An URL confusion error exists related to handling RTL\n characters. (CVE-2014-1723)\n\n - An out-of-bounds read error exists related to handling\n 'window property' processing. (CVE-2014-1725)\n\n - An unspecified error exists that could allow local\n cross-origin bypasses. (CVE-2014-1726)\n\n - Various, unspecified memory handling errors exist.\n (CVE-2014-1728)\n\n - Various, unspecified errors exist related to the V8\n JavaScript engine. (CVE-2014-1729)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6fd7963a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 34.0.1847.116 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0506\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'34.0.1847.116', severity:SECURITY_HOLE, xss:TRUE);\n", "naslFamily": "Windows", "cpe": ["cpe:/a:google:chrome"], "solution": "Upgrade to Google Chrome 34.0.1847.116 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2014-0506", "vendor_cvss2": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": null, "vector": null}, "vpr": {"risk factor": "High", "score": "8.9"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2014-04-08T00:00:00", "vulnerabilityPublicationDate": "2014-04-08T00:00:00", "exploitableWith": []}

{"nessus": [{"lastseen": "2023-12-02T15:26:58", "description": "The version of Google Chrome installed on the remote Mac OS X host is a version prior to 34.0.1847.116. It is, therefore, affected by the following vulnerabilities :\n\n - A use-after-free error exists in the included Flash version that could lead to arbitrary code execution.\n (CVE-2014-0506)\n\n - A buffer overflow error exists in the included Flash version that could lead to arbitrary code execution.\n (CVE-2014-0507)\n\n - An unspecified error exists in the included Flash version that could allow a security bypass leading to information disclosure. (CVE-2014-0508)\n\n - An unspecified error exists in the included Flash version that could allow cross-site scripting attacks.\n (CVE-2014-0509)\n\n - An unspecified flaw exists related to IPC message injection that allows an unauthenticated, remote attacker to bypass sandbox restrictions. (CVE-2014-1709)\n\n - An input validation error exists that could allow universal cross-site scripting (UXSS) attacks.\n (CVE-2014-1716)\n\n - An unspecified out-of-bounds access error exists related to the V8 JavaScript engine. (CVE-2014-1717)\n\n - An integer overflow error exists related to the compositor. (CVE-2014-1718)\n\n - Use-after-free errors exist related to web workers, DOM processing, rendering, speech handling and forms handling. (CVE-2014-1719, CVE-2014-1720, CVE-2014-1722, CVE-2014-1724, CVE-2014-1727)\n\n - An unspecified memory corruption error exists related to the V8 JavaScript engine. (CVE-2014-1721)\n\n - An URL confusion error exists related to handling RTL characters. (CVE-2014-1723)\n\n - An out-of-bounds read error exists related to handling 'window property' processing. (CVE-2014-1725)\n\n - An unspecified error exists that could allow local cross-origin bypasses. (CVE-2014-1726)\n\n - Various, unspecified memory handling errors exist.\n (CVE-2014-1728)\n\n - Various, unspecified errors exist related to the V8 JavaScript engine. (CVE-2014-1729)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2014-04-08T00:00:00", "type": "nessus", "title": "Google Chrome < 34.0.1847.116 Multiple Vulnerabilities (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509", "CVE-2014-1709", "CVE-2014-1716", "CVE-2014-1717", "CVE-2014-1718", "CVE-2014-1719", "CVE-2014-1720", "CVE-2014-1721", "CVE-2014-1722", "CVE-2014-1723", "CVE-2014-1724", "CVE-2014-1725", "CVE-2014-1726", "CVE-2014-1727", "CVE-2014-1728", "CVE-2014-1729"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_34_0_1847_116.NASL", "href": "https://www.tenable.com/plugins/nessus/73420", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73420);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-0506\",\n \"CVE-2014-0507\",\n \"CVE-2014-0508\",\n \"CVE-2014-0509\",\n \"CVE-2014-1709\",\n \"CVE-2014-1716\",\n \"CVE-2014-1717\",\n \"CVE-2014-1718\",\n \"CVE-2014-1719\",\n \"CVE-2014-1720\",\n \"CVE-2014-1721\",\n \"CVE-2014-1722\",\n \"CVE-2014-1723\",\n \"CVE-2014-1724\",\n \"CVE-2014-1725\",\n \"CVE-2014-1726\",\n \"CVE-2014-1727\",\n \"CVE-2014-1728\",\n \"CVE-2014-1729\"\n );\n script_bugtraq_id(66704);\n\n script_name(english:\"Google Chrome < 34.0.1847.116 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\na version prior to 34.0.1847.116. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A use-after-free error exists in the included Flash\n version that could lead to arbitrary code execution.\n (CVE-2014-0506)\n\n - A buffer overflow error exists in the included Flash\n version that could lead to arbitrary code execution.\n (CVE-2014-0507)\n\n - An unspecified error exists in the included Flash\n version that could allow a security bypass leading to\n information disclosure. (CVE-2014-0508)\n\n - An unspecified error exists in the included Flash\n version that could allow cross-site scripting attacks.\n (CVE-2014-0509)\n\n - An unspecified flaw exists related to IPC message\n injection that allows an unauthenticated, remote\n attacker to bypass sandbox restrictions. (CVE-2014-1709)\n\n - An input validation error exists that could allow\n universal cross-site scripting (UXSS) attacks.\n (CVE-2014-1716)\n\n - An unspecified out-of-bounds access error exists\n related to the V8 JavaScript engine. (CVE-2014-1717)\n\n - An integer overflow error exists related to the\n compositor. (CVE-2014-1718)\n\n - Use-after-free errors exist related to web workers,\n DOM processing, rendering, speech handling and forms\n handling. (CVE-2014-1719, CVE-2014-1720, CVE-2014-1722,\n CVE-2014-1724, CVE-2014-1727)\n\n - An unspecified memory corruption error exists related\n to the V8 JavaScript engine. (CVE-2014-1721)\n\n - An URL confusion error exists related to handling RTL\n characters. (CVE-2014-1723)\n\n - An out-of-bounds read error exists related to handling\n 'window property' processing. (CVE-2014-1725)\n\n - An unspecified error exists that could allow local\n cross-origin bypasses. (CVE-2014-1726)\n\n - Various, unspecified memory handling errors exist.\n (CVE-2014-1728)\n\n - Various, unspecified errors exist related to the V8\n JavaScript engine. (CVE-2014-1729)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6fd7963a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 34.0.1847.116 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0506\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'34.0.1847.116', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:05", "description": "The version of Google Chrome installed on the remote host is a version prior to 34.0.1847.116, and is thus affected by the following vulnerabilities :\n\n - A use-after-free error exists in the included Flash version that could lead to arbitrary code execution. (CVE-2014-0506)\n - A buffer overflow error exists in the included Flash version that could lead to arbitrary code execution. (CVE-2014-0507)\n - An unspecified error exists in the included Flash version that could allow a security bypass leading to information disclosure. (CVE-2014-0508)\n - A flaw exists related to IPC message injection. Combined with another vulnerability that allows compromising a renderer, a context-dependent attacker can bypass sandbox restrictions. (2014-1709)\n - An unspecified error exists in the included Flash version that could allow cross-site scripting attacks. (CVE-2014-0509)\n - An input-validation error exists that could allow universal cross-site scripting (UXSS) attacks. (CVE-2014-1716)\n - An unspecified out-of-bounds access error exists related to the V8 JavaScript engine. (CVE-2014-1717)\n - An integer overflow error exists related to the compositor. (CVE-2014-1718)\n - Use-after-free errors exist related to web workers, DOM processing, rendering, speech handling and forms handling. (CVE-2014-1719, CVE-2014-1720, CVE-2014-1722, CVE-2014-1724, CVE-2014-1727)\n - An unspecified memory corruption error exists related to the V8 JavaScript engine. (CVE-2014-1721)\n - An URL confusion error exists related to handling RTL characters. (CVE-2014-1723)\n - An out-of-bounds read error exists related to handling 'window property' processing. (CVE-2014-1725)\n - An unspecified error exists that could allow local cross-origin bypasses. (CVE-2014-1726)\n - Various, unspecified memory handling errors exist. (CVE-2014-1728)\n - Various, unspecified errors exist related to the V8 JavaScript engine. (CVE-2014-1729)", "cvss3": {}, "published": "2014-04-10T00:00:00", "type": "nessus", "title": "Google Chrome < 34.0.1847.116 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509", "CVE-2014-1716", "CVE-2014-1717", "CVE-2014-1718", "CVE-2014-1719", "CVE-2014-1720", "CVE-2014-1721", "CVE-2014-1722", "CVE-2014-1723", "CVE-2014-1724", "CVE-2014-1725", "CVE-2014-1726", "CVE-2014-1727", "CVE-2014-1728", "CVE-2014-1729"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "8208.PASL", "href": "https://www.tenable.com/plugins/nnm/8208", "sourceData": "Binary data 8208.pasl", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:32:39", "description": "This chromium version update fixes the following security and non-security issues :\n\n - Add patch chromium-fix-arm-skia-memset.patch to resolve a linking issue on ARM with regards to missing symbols.\n\n - Add patch arm_use_gold.patch to use the right gold binaries on ARM. Hopefully this resolves the build issues with running out of memory\n\n - bnc#872805: Update to Chromium 34.0.1847.116\n\n - Responsive Images and Unprefixed Web Audio\n\n - Import supervised users onto new computers\n\n - A number of new apps/extension APIs \n\n - Lots of under the hood changes for stability and performance \n\n - Security fixes :\n\n - CVE-2014-1716: UXSS in V8\n\n - CVE-2014-1717: OOB access in V8\n\n - CVE-2014-1718: Integer overflow in compositor\n\n - CVE-2014-1719: Use-after-free in web workers\n\n - CVE-2014-1720: Use-after-free in DOM\n\n - CVE-2014-1721: Memory corruption in V8\n\n - CVE-2014-1722: Use-after-free in rendering\n\n - CVE-2014-1723: Url confusion with RTL characters\n\n - CVE-2014-1724: Use-after-free in speech\n\n - CVE-2014-1725: OOB read with window property\n\n - CVE-2014-1726: Local cross-origin bypass\n\n - CVE-2014-1727: Use-after-free in forms\n\n - CVE-2014-1728: Various fixes from internal audits, fuzzing and other initiatives\n\n - CVE-2014-1729: Multiple vulnerabilities in V8 \n\n - No longer build against system libraries as that Chromium works a lot better and crashes less on websites than with system libs\n\n - Added package depot_tools.tar.gz as that the chromium build now requires it during the initial build phase. It just contains some utilities and nothing from it is being installed.\n\n - If people want to install newer versions of the ffmpeg library then let them. This is what they want.\n\n - Remove the buildscript from the sources", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : chromium (openSUSE-SU-2014:0601-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1716", "CVE-2014-1717", "CVE-2014-1718", "CVE-2014-1719", "CVE-2014-1720", "CVE-2014-1721", "CVE-2014-1722", "CVE-2014-1723", "CVE-2014-1724", "CVE-2014-1725", "CVE-2014-1726", "CVE-2014-1727", "CVE-2014-1728", "CVE-2014-1729"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium-desktop-kde", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo", "p-cpe:/a:novell:opensuse:chromium-suid-helper", "p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-330.NASL", "href": "https://www.tenable.com/plugins/nessus/75340", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-330.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75340);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-1716\", \"CVE-2014-1717\", \"CVE-2014-1718\", \"CVE-2014-1719\", \"CVE-2014-1720\", \"CVE-2014-1721\", \"CVE-2014-1722\", \"CVE-2014-1723\", \"CVE-2014-1724\", \"CVE-2014-1725\", \"CVE-2014-1726\", \"CVE-2014-1727\", \"CVE-2014-1728\", \"CVE-2014-1729\");\n script_bugtraq_id(66704);\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-SU-2014:0601-1)\");\n script_summary(english:\"Check for the openSUSE-2014-330 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This chromium version update fixes the following security and\nnon-security issues :\n\n - Add patch chromium-fix-arm-skia-memset.patch to resolve\n a linking issue on ARM with regards to missing symbols.\n\n - Add patch arm_use_gold.patch to use the right gold\n binaries on ARM. Hopefully this resolves the build\n issues with running out of memory\n\n - bnc#872805: Update to Chromium 34.0.1847.116\n\n - Responsive Images and Unprefixed Web Audio\n\n - Import supervised users onto new computers\n\n - A number of new apps/extension APIs \n\n - Lots of under the hood changes for stability and\n performance \n\n - Security fixes :\n\n - CVE-2014-1716: UXSS in V8\n\n - CVE-2014-1717: OOB access in V8\n\n - CVE-2014-1718: Integer overflow in compositor\n\n - CVE-2014-1719: Use-after-free in web workers\n\n - CVE-2014-1720: Use-after-free in DOM\n\n - CVE-2014-1721: Memory corruption in V8\n\n - CVE-2014-1722: Use-after-free in rendering\n\n - CVE-2014-1723: Url confusion with RTL characters\n\n - CVE-2014-1724: Use-after-free in speech\n\n - CVE-2014-1725: OOB read with window property\n\n - CVE-2014-1726: Local cross-origin bypass\n\n - CVE-2014-1727: Use-after-free in forms\n\n - CVE-2014-1728: Various fixes from internal audits,\n fuzzing and other initiatives\n\n - CVE-2014-1729: Multiple vulnerabilities in V8 \n\n - No longer build against system libraries as that\n Chromium works a lot better and crashes less on websites\n than with system libs\n\n - Added package depot_tools.tar.gz as that the chromium\n build now requires it during the initial build phase. It\n just contains some utilities and nothing from it is\n being installed.\n\n - If people want to install newer versions of the ffmpeg\n library then let them. This is what they want.\n\n - Remove the buildscript from the sources\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=872805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromedriver-34.0.1847.116-1.37.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromedriver-debuginfo-34.0.1847.116-1.37.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-34.0.1847.116-1.37.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-debuginfo-34.0.1847.116-1.37.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-debugsource-34.0.1847.116-1.37.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-desktop-gnome-34.0.1847.116-1.37.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-desktop-kde-34.0.1847.116-1.37.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-ffmpegsumo-34.0.1847.116-1.37.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-ffmpegsumo-debuginfo-34.0.1847.116-1.37.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-suid-helper-34.0.1847.116-1.37.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-suid-helper-debuginfo-34.0.1847.116-1.37.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-34.0.1847.116-29.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-debuginfo-34.0.1847.116-29.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-34.0.1847.116-29.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debuginfo-34.0.1847.116-29.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debugsource-34.0.1847.116-29.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-gnome-34.0.1847.116-29.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-kde-34.0.1847.116-29.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-34.0.1847.116-29.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-debuginfo-34.0.1847.116-29.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-suid-helper-34.0.1847.116-29.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-suid-helper-debuginfo-34.0.1847.116-29.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:27:31", "description": "Several vulnerabilities were discovered in the chromium web browser.\n\n - CVE-2014-1716 A cross-site scripting issue was discovered in the v8 JavaScript library.\n\n - CVE-2014-1717 An out-of-bounds read issue was discovered in the v8 JavaScript library.\n\n - CVE-2014-1718 Aaron Staple discovered an integer overflow issue in chromium's software compositor.\n\n - CVE-2014-1719 Colin Payne discovered a use-after-free issue in the web workers implementation.\n\n - CVE-2014-1720 cloudfuzzer discovered a use-after-free issue in the Blink/Webkit document object model implementation.\n\n - CVE-2014-1721 Christian Holler discovered a memory corruption issue in the v8 JavaScript library.\n\n - CVE-2014-1722 miaubiz discovered a use-after-free issue in block rendering.\n\n - CVE-2014-1723 George McBay discovered a url spoofing issue. \n\n - CVE-2014-1724 Atte Kettunen discovered a use-after-free issue in freebsoft's libspeechd library.\n\n Because of this issue, the text-to-speech feature is now disabled by default ('--enable-speech-dispatcher' at the command-line can re-enable it).\n\n - CVE-2014-1725 An out-of-bounds read was discovered in the base64 implementation.\n\n - CVE-2014-1726 Jann Horn discovered a way to bypass the same origin policy. \n\n - CVE-2014-1727 Khalil Zhani discovered a use-after-free issue in the web color chooser implementation.\n\n - CVE-2014-1728 The Google Chrome development team discovered and fixed multiple issues with potential security impact.\n\n - CVE-2014-1729 The Google Chrome development team discovered and fixed multiple issues in version 3.24.35.22 of the v8 JavaScript library.", "cvss3": {}, "published": "2014-04-17T00:00:00", "type": "nessus", "title": "Debian DSA-2905-1 : chromium-browser - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1716", "CVE-2014-1717", "CVE-2014-1718", "CVE-2014-1719", "CVE-2014-1720", "CVE-2014-1721", "CVE-2014-1722", "CVE-2014-1723", "CVE-2014-1724", "CVE-2014-1725", "CVE-2014-1726", "CVE-2014-1727", "CVE-2014-1728", "CVE-2014-1729"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium-browser", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2905.NASL", "href": "https://www.tenable.com/plugins/nessus/73581", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2905. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73581);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-1716\", \"CVE-2014-1717\", \"CVE-2014-1718\", \"CVE-2014-1719\", \"CVE-2014-1720\", \"CVE-2014-1721\", \"CVE-2014-1722\", \"CVE-2014-1723\", \"CVE-2014-1724\", \"CVE-2014-1725\", \"CVE-2014-1726\", \"CVE-2014-1727\", \"CVE-2014-1728\", \"CVE-2014-1729\");\n script_bugtraq_id(66704);\n script_xref(name:\"DSA\", value:\"2905\");\n\n script_name(english:\"Debian DSA-2905-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the chromium web browser.\n\n - CVE-2014-1716\n A cross-site scripting issue was discovered in the v8\n JavaScript library.\n\n - CVE-2014-1717\n An out-of-bounds read issue was discovered in the v8\n JavaScript library.\n\n - CVE-2014-1718\n Aaron Staple discovered an integer overflow issue in\n chromium's software compositor.\n\n - CVE-2014-1719\n Colin Payne discovered a use-after-free issue in the web\n workers implementation.\n\n - CVE-2014-1720\n cloudfuzzer discovered a use-after-free issue in the\n Blink/Webkit document object model implementation.\n\n - CVE-2014-1721\n Christian Holler discovered a memory corruption issue in\n the v8 JavaScript library.\n\n - CVE-2014-1722\n miaubiz discovered a use-after-free issue in block\n rendering.\n\n - CVE-2014-1723\n George McBay discovered a url spoofing issue. \n\n - CVE-2014-1724\n Atte Kettunen discovered a use-after-free issue in\n freebsoft's libspeechd library.\n\n Because of this issue, the text-to-speech feature is now disabled by\n default ('--enable-speech-dispatcher' at the command-line can\n re-enable it).\n\n - CVE-2014-1725\n An out-of-bounds read was discovered in the base64\n implementation.\n\n - CVE-2014-1726\n Jann Horn discovered a way to bypass the same origin\n policy. \n\n - CVE-2014-1727\n Khalil Zhani discovered a use-after-free issue in the\n web color chooser implementation.\n\n - CVE-2014-1728\n The Google Chrome development team discovered and fixed\n multiple issues with potential security impact.\n\n - CVE-2014-1729\n The Google Chrome development team discovered and fixed\n multiple issues in version 3.24.35.22 of the v8\n JavaScript library.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2905\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 34.0.1847.116-1~deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"chromium\", reference:\"34.0.1847.116-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser\", reference:\"34.0.1847.116-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-dbg\", reference:\"34.0.1847.116-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-inspector\", reference:\"34.0.1847.116-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-l10n\", reference:\"34.0.1847.116-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-dbg\", reference:\"34.0.1847.116-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-inspector\", reference:\"34.0.1847.116-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-l10n\", reference:\"34.0.1847.116-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:27:18", "description": "Google Chrome Releases reports :\n\n31 vulnerabilities fixed in this release, including :\n\n- [354123] High CVE-2014-1716: UXSS in V8. Credit to Anonymous.\n\n- [353004] High CVE-2014-1717: OOB access in V8. Credit to Anonymous.\n\n- [348332] High CVE-2014-1718: Integer overflow in compositor. Credit to Aaron Staple.\n\n- [343661] High CVE-2014-1719: Use-after-free in web workers. Credit to Collin Payne.\n\n- [356095] High CVE-2014-1720: Use-after-free in DOM. Credit to cloudfuzzer.\n\n- [350434] High CVE-2014-1721: Memory corruption in V8. Credit to Christian Holler.\n\n- [330626] High CVE-2014-1722: Use-after-free in rendering. Credit to miaubiz.\n\n- [337746] High CVE-2014-1723: Url confusion with RTL characters.\nCredit to George McBay.\n\n- [327295] High CVE-2014-1724: Use-after-free in speech. Credit to Atte Kettunen of OUSPG.\n\n- [357332] Medium CVE-2014-1725: OOB read with window property. Credit to Anonymous\n\n- [346135] Medium CVE-2014-1726: Local cross-origin bypass. Credit to Jann Horn.\n\n- [342735] Medium CVE-2014-1727: Use-after-free in forms. Credit to Khalil Zhani.\n\n- [360298] CVE-2014-1728: Various fixes from internal audits, fuzzing and other initiatives.\n\n- [345820, 347262, 348319, 350863, 352982, 355586, 358059] CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version 3.24.35.22.", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (963413a5-bf50-11e3-a2d6-00262d5ed8ee)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1716", "CVE-2014-1717", "CVE-2014-1718", "CVE-2014-1719", "CVE-2014-1720", "CVE-2014-1721", "CVE-2014-1722", "CVE-2014-1723", "CVE-2014-1724", "CVE-2014-1725", "CVE-2014-1726", "CVE-2014-1727", "CVE-2014-1728", "CVE-2014-1729"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_963413A5BF5011E3A2D600262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/nessus/73431", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2015 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73431);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-1716\", \"CVE-2014-1717\", \"CVE-2014-1718\", \"CVE-2014-1719\", \"CVE-2014-1720\", \"CVE-2014-1721\", \"CVE-2014-1722\", \"CVE-2014-1723\", \"CVE-2014-1724\", \"CVE-2014-1725\", \"CVE-2014-1726\", \"CVE-2014-1727\", \"CVE-2014-1728\", \"CVE-2014-1729\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (963413a5-bf50-11e3-a2d6-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n31 vulnerabilities fixed in this release, including :\n\n- [354123] High CVE-2014-1716: UXSS in V8. Credit to Anonymous.\n\n- [353004] High CVE-2014-1717: OOB access in V8. Credit to Anonymous.\n\n- [348332] High CVE-2014-1718: Integer overflow in compositor. Credit\nto Aaron Staple.\n\n- [343661] High CVE-2014-1719: Use-after-free in web workers. Credit\nto Collin Payne.\n\n- [356095] High CVE-2014-1720: Use-after-free in DOM. Credit to\ncloudfuzzer.\n\n- [350434] High CVE-2014-1721: Memory corruption in V8. Credit to\nChristian Holler.\n\n- [330626] High CVE-2014-1722: Use-after-free in rendering. Credit to\nmiaubiz.\n\n- [337746] High CVE-2014-1723: Url confusion with RTL characters.\nCredit to George McBay.\n\n- [327295] High CVE-2014-1724: Use-after-free in speech. Credit to\nAtte Kettunen of OUSPG.\n\n- [357332] Medium CVE-2014-1725: OOB read with window property. Credit\nto Anonymous\n\n- [346135] Medium CVE-2014-1726: Local cross-origin bypass. Credit to\nJann Horn.\n\n- [342735] Medium CVE-2014-1727: Use-after-free in forms. Credit to\nKhalil Zhani.\n\n- [360298] CVE-2014-1728: Various fixes from internal audits, fuzzing\nand other initiatives.\n\n- [345820, 347262, 348319, 350863, 352982, 355586, 358059]\nCVE-2014-1729: Multiple vulnerabilities in V8 fixed in version\n3.24.35.22.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://googlechromereleases.blogspot.nl/\"\n );\n # http://www.freebsd.org/ports/portaudit/963413a5-bf50-11e3-a2d6-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fb0a025b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<34.0.1847.116\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:26:57", "description": "The remote host is missing KB2942844. It is, therefore, affected by the following vulnerabilities :\n\n - A use-after-free error exists that could lead to arbitrary code execution. (CVE-2014-0506)\n\n - A buffer overflow error exists that could lead to arbitrary code execution. (CVE-2014-0507)\n\n - An unspecified error exists that could allow a security bypass leading to information disclosure.\n (CVE-2014-0508)\n\n - An unspecified error exists that could allow cross- site scripting attacks. (CVE-2014-0509)", "cvss3": {}, "published": "2014-04-08T00:00:00", "type": "nessus", "title": "MS KB2942844: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:adobe:flash_player"], "id": "SMB_KB2942844.NASL", "href": "https://www.tenable.com/plugins/nessus/73418", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73418);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-0506\",\n \"CVE-2014-0507\",\n \"CVE-2014-0508\",\n \"CVE-2014-0509\"\n );\n script_bugtraq_id(\n 66208,\n 66699,\n 66701,\n 66703\n );\n script_xref(name:\"MSKB\", value:\"2942844\");\n\n script_name(english:\"MS KB2942844: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer\");\n script_summary(english:\"Checks version of ActiveX control\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an ActiveX control installed that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing KB2942844. It is, therefore, affected by\nthe following vulnerabilities :\n\n - A use-after-free error exists that could lead to\n arbitrary code execution. (CVE-2014-0506)\n\n - A buffer overflow error exists that could lead to\n arbitrary code execution. (CVE-2014-0507)\n\n - An unspecified error exists that could allow a security\n bypass leading to information disclosure.\n (CVE-2014-0508)\n\n - An unspecified error exists that could allow cross-\n site scripting attacks. (CVE-2014-0509)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-09.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/2755801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/2942844/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Microsoft KB2942844.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0506\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n# < 13.0.0.182\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n (\n iver[0] < 13 ||\n (\n iver[0] == 13 &&\n (\n (iver[1] == 0 && iver[2] == 0 && iver[3] < 182)\n )\n )\n )\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 13.0.0.182\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n # XSS\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:26:57", "description": "An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin APSB14-09, listed in the References section.\n\nTwo flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0506, CVE-2014-0507)\n\nA flaw in flash-plugin could allow an attacker to obtain sensitive information if a victim were tricked into visiting a specially crafted web page. (CVE-2014-0508)\n\nA flaw in flash-plugin could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially crafted web page. (CVE-2014-0509)\n\nAll users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.350.", "cvss3": {}, "published": "2014-04-10T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2014:0380)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.5"], "id": "REDHAT-RHSA-2014-0380.NASL", "href": "https://www.tenable.com/plugins/nessus/73451", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0380. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73451);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0506\", \"CVE-2014-0507\", \"CVE-2014-0508\", \"CVE-2014-0509\");\n script_bugtraq_id(66208, 66699, 66701, 66703);\n script_xref(name:\"RHSA\", value:\"2014:0380\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2014:0380)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nThe Red Hat Security Response Team has rated this update as having\nCritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB14-09, listed in the References section.\n\nTwo flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2014-0506, CVE-2014-0507)\n\nA flaw in flash-plugin could allow an attacker to obtain sensitive\ninformation if a victim were tricked into visiting a specially crafted\nweb page. (CVE-2014-0508)\n\nA flaw in flash-plugin could allow an attacker to conduct cross-site\nscripting (XSS) attacks if a victim were tricked into visiting a\nspecially crafted web page. (CVE-2014-0509)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.350.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-09.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0508\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0380\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.350-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.350-1.el6\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:26:45", "description": "According to its version, the instance of Adobe AIR on the remote Windows host is 4.0.0.1628 or earlier. It is, therefore, potentially affected by the following vulnerabilities :\n\n - A use-after-free error exists that could lead to arbitrary code execution. (CVE-2014-0506)\n\n - A buffer overflow error exists that could lead to arbitrary code execution. (CVE-2014-0507)\n\n - An unspecified error exists that could allow a security bypass leading to information disclosure.\n (CVE-2014-0508)\n\n - An unspecified error exists that could allow cross- site scripting attacks. (CVE-2014-0509)", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "nessus", "title": "Adobe AIR <= AIR 4.0.0.1628 Multiple Vulnerabilities (APSB14-09)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:adobe:air"], "id": "ADOBE_AIR_APSB14-09.NASL", "href": "https://www.tenable.com/plugins/nessus/73432", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73432);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2014-0506\",\n \"CVE-2014-0507\",\n \"CVE-2014-0508\",\n \"CVE-2014-0509\"\n );\n script_bugtraq_id(\n 66208,\n 66699,\n 66701,\n 66703\n );\n\n script_name(english:\"Adobe AIR <= AIR 4.0.0.1628 Multiple Vulnerabilities (APSB14-09)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a version of Adobe AIR that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the instance of Adobe AIR on the remote\nWindows host is 4.0.0.1628 or earlier. It is, therefore, potentially\naffected by the following vulnerabilities :\n\n - A use-after-free error exists that could lead to\n arbitrary code execution. (CVE-2014-0506)\n\n - A buffer overflow error exists that could lead to\n arbitrary code execution. (CVE-2014-0507)\n\n - An unspecified error exists that could allow a security\n bypass leading to information disclosure.\n (CVE-2014-0508)\n\n - An unspecified error exists that could allow cross-\n site scripting attacks. (CVE-2014-0509)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/531839/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-09.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe AIR 13.0.0.83 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0506\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:air\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_air_installed.nasl\");\n script_require_keys(\"SMB/Adobe_AIR/Version\", \"SMB/Adobe_AIR/Path\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"SMB/Adobe_AIR/Version\");\npath = get_kb_item_or_exit(\"SMB/Adobe_AIR/Path\");\n\nversion_ui = get_kb_item(\"SMB/Adobe_AIR/Version_UI\");\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui + ' (' + version + ')';\n\ncutoff_version = '4.0.0.1628';\nfix = '13.0.0.83';\nfix_ui = '13.0';\n\nif (ver_compare(ver:version, fix:cutoff_version) <= 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n # XSS\n set_kb_item(name:'www/'+port+'/XSS', value: TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version_report +\n '\\n Fixed version : ' + fix_ui + \" (\" + fix + ')\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Adobe AIR\", version_report, path);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:33", "description": "Versions of Adobe Flash player prior to 11.7.700.275 / 13.0.0.182 are outdated and thus unpatched for the following vulnerabilities :\n\n - A use-after-free error affects the handling of ExternalInterface. With a specially crafted flash object, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (CVE-2014-0506)\n - An overflow condition exists which is triggered as user-supplied input is not properly validated when handling ActionScript regular expressions. This may allow a context-dependent attacker to cause a stack-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2014-0507)\n - An unspecified flaw that may allow a context-dependent attacker to bypass security restrictions and gain access to potentially sensitive information. (CVE-2014-0508)\n - A flaw exists that allows a cross-site scripting (XSS) attack. This flaw exists because the applications do not validate input passed to the 'ExternalInterface.call()' function before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2014-0509)", "cvss3": {}, "published": "2015-07-10T00:00:00", "type": "nessus", "title": "Flash Player < 11.7.700.275 / 13.0.0.182 Multiple Vulnerabilities (APSB14-09)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "8806.PRM", "href": "https://www.tenable.com/plugins/nnm/8806", "sourceData": "Binary data 8806.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:26:57", "description": "According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 11.7.700.272 / 11.8.x / 11.9.x / 12.0.0.77. It is, therefore, potentially affected multiple vulnerabilities :\n\n - A use-after-free error exists that could lead to arbitrary code execution. (CVE-2014-0506)\n\n - A buffer overflow error exists that could lead to arbitrary code execution. (CVE-2014-0507)\n\n - An unspecified error exists that could allow a security bypass leading to information disclosure.\n (CVE-2014-0508)\n\n - An unspecified error exists that could allow cross- site scripting attacks. (CVE-2014-0509)", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "nessus", "title": "Flash Player <= 11.7.700.272 / 12.0.0.77 Multiple Vulnerabilities (APSB14-09)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSB14-09.NASL", "href": "https://www.tenable.com/plugins/nessus/73433", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73433);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2014-0506\",\n \"CVE-2014-0507\",\n \"CVE-2014-0508\",\n \"CVE-2014-0509\"\n );\n script_bugtraq_id(\n 66208,\n 66699,\n 66701,\n 66703\n );\n\n script_name(english:\"Flash Player <= 11.7.700.272 / 12.0.0.77 Multiple Vulnerabilities (APSB14-09)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the instance of Flash Player installed on\nthe remote Windows host is equal or prior to 11.7.700.272 / 11.8.x /\n11.9.x / 12.0.0.77. It is, therefore, potentially affected multiple\nvulnerabilities :\n\n - A use-after-free error exists that could lead to\n arbitrary code execution. (CVE-2014-0506)\n\n - A buffer overflow error exists that could lead to\n arbitrary code execution. (CVE-2014-0507)\n\n - An unspecified error exists that could allow a security\n bypass leading to information disclosure.\n (CVE-2014-0508)\n\n - An unspecified error exists that could allow cross-\n site scripting attacks. (CVE-2014-0509)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/531839/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-09.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 11.7.700.275 / 13.0.0.182 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0506\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (make_list(\"Plugin\", \"ActiveX\", \"Chrome\", \"Chrome_Pepper\"))\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n if (!isnull(vers) && !isnull(files))\n {\n foreach key (keys(vers))\n {\n ver = vers[key];\n\n if (ver)\n {\n iver = split(ver, sep:'.', keep:FALSE);\n for (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n if (\n (\n # Chrome Flash <= 12.0.0.77\n variant == \"Chrome_Pepper\" &&\n (iver[0] == 12 && iver[1] == 0 && iver[2] == 0 && iver[3] <= 77)\n ) ||\n (variant != \"Chrome_Pepper\" &&\n (\n # < 11\n iver[0] < 11 ||\n # 11.x <= 11.7.700.272\n (\n iver[0] == 11 &&\n (\n iver[1] < 7 ||\n (\n iver[1] == 7 &&\n (\n iver[2] < 700 ||\n (iver[2] == 700 && iver[3] <= 272)\n )\n )\n )\n ) ||\n # 11.8.x\n (iver[0] == 11 && iver[1] == 8) ||\n # 11.9.x\n (iver[0] == 11 && iver[1] == 9) ||\n\n # 12.0.0.x <= 12.0.0.77\n (\n iver[0] == 12 &&\n (\n iver[1] == 0 &&\n (\n iver[2] == 0 &&\n (\n iver[3] <= 77\n )\n )\n )\n )\n )\n )\n )\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product: Browser Plugin (for Firefox / Netscape / Opera)';\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 13.0.0.182 (Chrome PepperFlash)';\n else\n {\n if (ver =~ \"^11\\.7\")\n fix = \"11.7.700.275\";\n else\n fix = \"13.0.0.182\";\n info += '\\n Fixed version : '+fix;\n }\n info += '\\n';\n }\n }\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n # XSS\n set_kb_item(name:'www/'+port+'/XSS', value: TRUE);\n\n if (report_verbosity > 0) security_hole(port:port, extra:info);\n else security_hole(port);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:26:45", "description": "According to its version, the instance of Adobe AIR on the remote Mac OS X host is 4.0.0.1628 or earlier. It is, therefore, reportedly affected by the following vulnerabilities :\n\n - A use-after-free error exists that could lead to arbitrary code execution. (CVE-2014-0506)\n\n - A buffer overflow error exists that could lead to arbitrary code execution. (CVE-2014-0507)\n\n - An unspecified error exists that could allow a security bypass leading to information disclosure.\n (CVE-2014-0508)\n\n - An unspecified error exists that could allow cross- site scripting attacks. (CVE-2014-0509)", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "nessus", "title": "Adobe AIR for Mac <= 4.0.0.1628 Multiple Vulnerabilities (APSB14-09)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:adobe:air"], "id": "MACOSX_ADOBE_AIR_13_0_0_83.NASL", "href": "https://www.tenable.com/plugins/nessus/73434", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73434);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-0506\",\n \"CVE-2014-0507\",\n \"CVE-2014-0508\",\n \"CVE-2014-0509\"\n );\n script_bugtraq_id(\n 66208,\n 66699,\n 66701,\n 66703\n );\n\n script_name(english:\"Adobe AIR for Mac <= 4.0.0.1628 Multiple Vulnerabilities (APSB14-09)\");\n script_summary(english:\"Checks version gathered by local check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a version of Adobe AIR that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the instance of Adobe AIR on the remote Mac\nOS X host is 4.0.0.1628 or earlier. It is, therefore, reportedly\naffected by the following vulnerabilities :\n\n - A use-after-free error exists that could lead to\n arbitrary code execution. (CVE-2014-0506)\n\n - A buffer overflow error exists that could lead to\n arbitrary code execution. (CVE-2014-0507)\n\n - An unspecified error exists that could allow a security\n bypass leading to information disclosure.\n (CVE-2014-0508)\n\n - An unspecified error exists that could allow cross-\n site scripting attacks. (CVE-2014-0509)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-09.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe AIR 13.0.0.83 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0506\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:air\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_air_installed.nasl\");\n script_require_keys(\"MacOSX/Adobe_AIR/Version\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nkb_base = \"MacOSX/Adobe_AIR\";\nversion = get_kb_item_or_exit(kb_base+\"/Version\");\npath = get_kb_item_or_exit(kb_base+\"/Path\");\n\n# nb: we're checking for versions less than *or equal to* the cutoff!\ncutoff_version = '4.0.0.1628';\nfixed_version_for_report = '13.0.0.83';\n\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n\n # XSS\n set_kb_item(name:'www/0/XSS', value: TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version_for_report +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Adobe AIR\", version, path);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:33", "description": "Versions of Adobe AIR prior to 13.0.0.83 are unpatched for the following vulnerabilities :\n\n - A use-after-free error exists that could lead to arbitrary code execution. (CVE-2014-0506)\n - A buffer overflow error exists that could lead to arbitrary code execution. (CVE-2014-0507)\n - An unspecified error exists that could allow a security bypass leading to information disclosure. (CVE-2014-0508)\n - An unspecified error exists that could allow cross-site scripting attacks. (CVE-2014-0509)", "cvss3": {}, "published": "2015-07-10T00:00:00", "type": "nessus", "title": "Adobe AIR < 13.0.0.83 Multiple Vulnerabilities (APSB14-09)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:adobe:air"], "id": "8809.PRM", "href": "https://www.tenable.com/plugins/nnm/8809", "sourceData": "Binary data 8809.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:27:02", "description": "Adobe flash-player has been updated to version 11.2.202.350 to resolve security issues and bugs. More information can be found at\n\nhttp://helpx.adobe.com/security/products/flash-player/apsb14-09.html\n\nThe following security issues have been fixed :\n\n - a use-after-free vulnerability that could have resulted in arbitrary code execution. (CVE-2014-0506)\n\n - a buffer overflow vulnerability that could have resulted in arbitrary code execution. (CVE-2014-0507)\n\n - a security bypass vulnerability that could have lead to information disclosure. (CVE-2014-0508)\n\n - a cross-site scripting vulnerability. (CVE-2014-0509)", "cvss3": {}, "published": "2014-04-17T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : flash-player (SAT Patch Number 9120)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:flash-player", "p-cpe:/a:novell:suse_linux:11:flash-player-gnome", "p-cpe:/a:novell:suse_linux:11:flash-player-kde4", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_FLASH-PLAYER-140411.NASL", "href": "https://www.tenable.com/plugins/nessus/73591", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73591);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0506\", \"CVE-2014-0507\", \"CVE-2014-0508\", \"CVE-2014-0509\");\n\n script_name(english:\"SuSE 11.3 Security Update : flash-player (SAT Patch Number 9120)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe flash-player has been updated to version 11.2.202.350 to resolve\nsecurity issues and bugs. More information can be found at\n\nhttp://helpx.adobe.com/security/products/flash-player/apsb14-09.html\n\nThe following security issues have been fixed :\n\n - a use-after-free vulnerability that could have resulted\n in arbitrary code execution. (CVE-2014-0506)\n\n - a buffer overflow vulnerability that could have resulted\n in arbitrary code execution. (CVE-2014-0507)\n\n - a security bypass vulnerability that could have lead to\n information disclosure. (CVE-2014-0508)\n\n - a cross-site scripting vulnerability. (CVE-2014-0509)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=872692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0506.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0507.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0508.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0509.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9120.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-11.2.202.350-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-gnome-11.2.202.350-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-kde4-11.2.202.350-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-11.2.202.350-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-gnome-11.2.202.350-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-kde4-11.2.202.350-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:27:44", "description": "According to its version, the instance of Flash Player installed on the remote Mac OS X host is equal or prior to 11.7.700.272 / 11.8.x / 11.9.x / 12.0.0.77. It is, therefore, potentially affected by multiple vulnerabilities :\n\n - A use-after-free error exists that could lead to arbitrary code execution. (CVE-2014-0506)\n\n - A buffer overflow error exists that could lead to arbitrary code execution. (CVE-2014-0507)\n\n - An unspecified error exists that could allow a security bypass leading to information disclosure.\n (CVE-2014-0508)\n\n - An unspecified error exists that could allow cross- site scripting attacks. (CVE-2014-0509)", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "nessus", "title": "Flash Player for Mac <= 11.7.700.272 / 12.0.0.77 Multiple Vulnerabilities (APSB14-09) (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "MACOSX_FLASH_PLAYER_13_0_0_182.NASL", "href": "https://www.tenable.com/plugins/nessus/73435", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73435);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-0506\",\n \"CVE-2014-0507\",\n \"CVE-2014-0508\",\n \"CVE-2014-0509\"\n );\n script_bugtraq_id(\n 66208,\n 66699,\n 66701,\n 66703\n );\n\n script_name(english:\"Flash Player for Mac <= 11.7.700.272 / 12.0.0.77 Multiple Vulnerabilities (APSB14-09) (Mac OS X)\");\n script_summary(english:\"Checks version of Flash Player\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host has a browser plugin that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the instance of Flash Player installed on\nthe remote Mac OS X host is equal or prior to 11.7.700.272 / 11.8.x /\n11.9.x / 12.0.0.77. It is, therefore, potentially affected by multiple\nvulnerabilities :\n\n - A use-after-free error exists that could lead to\n arbitrary code execution. (CVE-2014-0506)\n\n - A buffer overflow error exists that could lead to\n arbitrary code execution. (CVE-2014-0507)\n\n - An unspecified error exists that could allow a security\n bypass leading to information disclosure.\n (CVE-2014-0508)\n\n - An unspecified error exists that could allow cross-\n site scripting attacks. (CVE-2014-0509)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-09.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 11.7.700.275 / 13.0.0.182 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0506\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_flash_player_installed.nasl\");\n script_require_keys(\"MacOSX/Flash_Player/Version\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Flash_Player/Version\");\npath = get_kb_item_or_exit(\"MacOSX/Flash_Player/Path\");\n\n# nb: we're checking for versions less than *or equal to* the cutoff!\nextended_cutoff_version = \"11.7.700.272\";\nextended_fixed_version = \"11.7.700.275\";\n\nstandard_cutoff_version = \"12.0.0.77\";\nstandard_fixed_version = \"13.0.0.182\";\n\nfixed_version_for_report = NULL;\n\nif (version =~ \"^([0-9]|10)\\.|^11\\.[0-6]\")\n fixed_version_for_report = extended_fixed_version;\n\nelse if (\n version =~ \"^11\\.7\\.\" &&\n ver_compare(ver:version, fix:extended_cutoff_version, strict:FALSE) <= 0\n) fixed_version_for_report = extended_fixed_version;\n\nelse if (version =~ \"^11\\.[89]\\.\") fixed_version_for_report = standard_fixed_version;\nelse if (\n version =~ \"^12\\.0\\.0\\.\" &&\n ver_compare(ver:version, fix:standard_cutoff_version, strict:FALSE) <= 0\n) fixed_version_for_report = standard_fixed_version;\n\nif (!isnull(fixed_version_for_report))\n{\n # XSS\n set_kb_item(name:'www/0/XSS', value: TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version_for_report +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Flash Player for Mac\", version, path);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:32:38", "description": "This flash-player update fixes several security issues :\n\n - bnc#872692: Security update to 11.2.202.350 :\n\n - APSB14-09, CVE-2014-0506, CVE-2014-0507, CVE-2014-0508, CVE-2014-0509", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : flash-player (openSUSE-SU-2014:0549-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:flash-player", "p-cpe:/a:novell:opensuse:flash-player-gnome", "p-cpe:/a:novell:opensuse:flash-player-kde4", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-307.NASL", "href": "https://www.tenable.com/plugins/nessus/75328", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-307.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75328);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0506\", \"CVE-2014-0507\", \"CVE-2014-0508\", \"CVE-2014-0509\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-SU-2014:0549-1)\");\n script_summary(english:\"Check for the openSUSE-2014-307 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This flash-player update fixes several security issues :\n\n - bnc#872692: Security update to 11.2.202.350 :\n\n - APSB14-09, CVE-2014-0506, CVE-2014-0507, CVE-2014-0508,\n CVE-2014-0509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=872692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-04/msg00050.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-11.2.202.350-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-gnome-11.2.202.350-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-kde4-11.2.202.350-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-11.2.202.350-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-gnome-11.2.202.350-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-kde4-11.2.202.350-42.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player / flash-player-gnome / flash-player-kde4\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:29:09", "description": "The remote host is affected by the vulnerability described in GLSA-201405-04 (Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted SWF file using Adobe Flash Player, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass the Same Origin Policy or read the clipboard via unspecified vectors.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2014-05-05T00:00:00", "type": "nessus", "title": "GLSA-201405-04 : Adobe Flash Player: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0499", "CVE-2014-0502", "CVE-2014-0503", "CVE-2014-0504", "CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509", "CVE-2014-0515"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:adobe-flash", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201405-04.NASL", "href": "https://www.tenable.com/plugins/nessus/73860", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201405-04.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73860);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\", \"CVE-2014-0503\", \"CVE-2014-0504\", \"CVE-2014-0506\", \"CVE-2014-0507\", \"CVE-2014-0508\", \"CVE-2014-0509\", \"CVE-2014-0515\");\n script_bugtraq_id(65702, 65703, 65704, 66122, 66127, 66208, 66699, 66701, 66703, 67092);\n script_xref(name:\"GLSA\", value:\"201405-04\");\n\n script_name(english:\"GLSA-201405-04 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201405-04\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted SWF\n file using Adobe Flash Player, possibly resulting in execution of\n arbitrary code with the privileges of the process or a Denial of Service\n condition. Furthermore, a remote attacker may be able to bypass the Same\n Origin Policy or read the clipboard via unspecified vectors.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201405-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-11.2.202.356'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player Shader Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 11.2.202.356\"), vulnerable:make_list(\"lt 11.2.202.356\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:28:39", "description": "The remote host is affected by the vulnerability described in GLSA-201408-16 (Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could conduct a number of attacks which include: cross site scripting attacks, bypassing of sandbox protection, potential execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2014-08-30T00:00:00", "type": "nessus", "title": "GLSA-201408-16 : Chromium: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0538", "CVE-2014-1700", "CVE-2014-1701", "CVE-2014-1702", "CVE-2014-1703", "CVE-2014-1704", "CVE-2014-1705", "CVE-2014-1713", "CVE-2014-1714", "CVE-2014-1715", "CVE-2014-1716", "CVE-2014-1717", "CVE-2014-1718", "CVE-2014-1719", "CVE-2014-1720", "CVE-2014-1721", "CVE-2014-1722", "CVE-2014-1723", "CVE-2014-1724", "CVE-2014-1725", "CVE-2014-1726", "CVE-2014-1727", "CVE-2014-1728", "CVE-2014-1729", "CVE-2014-1730", "CVE-2014-1731", "CVE-2014-1732", "CVE-2014-1733", "CVE-2014-1734", "CVE-2014-1735", "CVE-2014-1740", "CVE-2014-1741", "CVE-2014-1742", "CVE-2014-1743", "CVE-2014-1744", "CVE-2014-1745", "CVE-2014-1746", "CVE-2014-1747", "CVE-2014-1748", "CVE-2014-1749", "CVE-2014-3154", "CVE-2014-3155", "CVE-2014-3156", "CVE-2014-3157", "CVE-2014-3160", "CVE-2014-3162", "CVE-2014-3165", "CVE-2014-3166", "CVE-2014-3167", "CVE-2014-3168", "CVE-2014-3169", "CVE-2014-3170", "CVE-2014-3171", "CVE-2014-3172", "CVE-2014-3173", "CVE-2014-3174", "CVE-2014-3175", "CVE-2014-3176", "CVE-2014-3177"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201408-16.NASL", "href": "https://www.tenable.com/plugins/nessus/77460", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201408-16.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77460);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0538\", \"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\", \"CVE-2014-1715\", \"CVE-2014-1716\", \"CVE-2014-1717\", \"CVE-2014-1718\", \"CVE-2014-1719\", \"CVE-2014-1720\", \"CVE-2014-1721\", \"CVE-2014-1722\", \"CVE-2014-1723\", \"CVE-2014-1724\", \"CVE-2014-1725\", \"CVE-2014-1726\", \"CVE-2014-1727\", \"CVE-2014-1728\", \"CVE-2014-1729\", \"CVE-2014-1730\", \"CVE-2014-1731\", \"CVE-2014-1732\", \"CVE-2014-1733\", \"CVE-2014-1734\", \"CVE-2014-1735\", \"CVE-2014-1740\", \"CVE-2014-1741\", \"CVE-2014-1742\", \"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\", \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3154\", \"CVE-2014-3155\", \"CVE-2014-3156\", \"CVE-2014-3157\", \"CVE-2014-3160\", \"CVE-2014-3162\", \"CVE-2014-3165\", \"CVE-2014-3166\", \"CVE-2014-3167\", \"CVE-2014-3168\", \"CVE-2014-3169\", \"CVE-2014-3170\", \"CVE-2014-3171\", \"CVE-2014-3172\", \"CVE-2014-3173\", \"CVE-2014-3174\", \"CVE-2014-3175\", \"CVE-2014-3176\", \"CVE-2014-3177\");\n script_bugtraq_id(66120, 66239, 66243, 66249, 66252, 66704, 67082, 67374, 67375, 67376, 67517, 67572, 67972, 67977, 67980, 67981, 68677, 69192, 69201, 69202, 69203, 69398, 69400, 69401, 69402, 69403, 69405, 69406, 69407);\n script_xref(name:\"GLSA\", value:\"201408-16\");\n\n script_name(english:\"GLSA-201408-16 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201408-16\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could conduct a number of attacks which include: cross\n site scripting attacks, bypassing of sandbox protection, potential\n execution of arbitrary code with the privileges of the process, or cause\n a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201408-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-37.0.2062.94'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 37.0.2062.94\"), vulnerable:make_list(\"lt 37.0.2062.94\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "chrome": [{"lastseen": "2023-12-02T20:13:53", "description": "The Chrome Team is excited to announce the promotion of Chrome 34 to the Stable channel for Windows, Mac, and Linux. Chrome 34.0.1847.116 contains a number of fixes and improvements, including: \n\n\n * Responsive Images and Unprefixed Web Audio\n * Import supervised users onto new computers\n * A number of new apps/extension APIs \n * A different look for Win8 Metro mode \n * Lots of under the hood changes for stability and performance \nYou can read more about these changes at the [Chrome blog](<http://chrome.blogspot.com/>). \n\nFlash Player has been [updated](<http://helpx.adobe.com/flash-player/release-note/fp_13_air_13_release_notes.html%20>) to 13.0.0.182, which is included w/ this release. \n\n**Security Fixes and Rewards** \n\n\n\n\n\nThis update includes [31 security fixes](<https://code.google.com/p/chromium/issues/list?can=1&q=label%3ARelease-0-M34+label%3AM-34+-Security_Severity%3DNone+&colspec=ID+Pri+M+Iteration+ReleaseBlock+Cr+Status+Owner+Summary+OS+Modified&x=m&y=releaseblock&cells=tiles>). Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the [Chromium security page](<http://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information. \n\n\n\n[$5000][[354123](<https://code.google.com/p/chromium/issues/detail?id=354123>)] **High** CVE-2014-1716: UXSS in V8._ Credit to Anonymous._ \n[$5000][[353004](<https://code.google.com/p/chromium/issues/detail?id=353004>)] **High** CVE-2014-1717: OOB access in V8. _Credit to Anonymous._ \n[$3000][[348332](<https://code.google.com/p/chromium/issues/detail?id=348332>)] **High** CVE-2014-1718: Integer overflow in compositor._ Credit to Aaron Staple._ \n[$3000][[343661](<https://code.google.com/p/chromium/issues/detail?id=343661>)] **High** CVE-2014-1719: Use-after-free in web workers. _Credit to Collin Payne._ \n[$2000][[356095](<https://code.google.com/p/chromium/issues/detail?id=356095>)] **High** CVE-2014-1720: Use-after-free in DOM. _Credit to cloudfuzzer._ \n[$2000][[350434](<https://code.google.com/p/chromium/issues/detail?id=350434>)] **High** CVE-2014-1721: Memory corruption in V8. _Credit to Christian Holler._ \n[$2000][[330626](<https://code.google.com/p/chromium/issues/detail?id=330626>)] **High** CVE-2014-1722: Use-after-free in rendering._ Credit to miaubiz._ \n[$1500][[337746](<https://code.google.com/p/chromium/issues/detail?id=337746>)] **High** CVE-2014-1723: Url confusion with RTL characters. _Credit to George McBay._ \n[$1000][[327295](<https://code.google.com/p/chromium/issues/detail?id=327295>)] **High** CVE-2014-1724: Use-after-free in speech. _Credit to Atte Kettunen of OUSPG._ \n[[351815](<https://bugs.chromium.org/p/chromium/issues/detail?id=351815>)] **High** CVE-2014-1709: IPC message injection. _Credit to geohot._ \n[$3000][[357332](<https://code.google.com/p/chromium/issues/detail?id=357332>)] **Medium** CVE-2014-1725: OOB read with window property. _Credit to Anonymous_ \n[$1000][[346135](<https://code.google.com/p/chromium/issues/detail?id=346135>)] **Medium** CVE-2014-1726: Local cross-origin bypass. _Credit to Jann Horn._ \n[$1000][[342735](<https://code.google.com/p/chromium/issues/detail?id=342735>)] **Medium** CVE-2014-1727: Use-after-free in forms._ Credit to Khalil Zhani._ \n\n\n\nAs usual, our ongoing internal security work responsible for a wide range of fixes:\n\n * [[360298](<https://code.google.com/p/chromium/issues/detail?id=360298>)] CVE-2014-1728: Various fixes from internal audits, fuzzing and other initiatives.\n * [[345820](<https://code.google.com/p/chromium/issues/detail?id=345820>), [347262](<https://code.google.com/p/chromium/issues/detail?id=347262>), [348319](<https://code.google.com/p/chromium/issues/detail?id=348319>), [350863](<https://code.google.com/p/chromium/issues/detail?id=350863>), [352982](<https://code.google.com/p/chromium/issues/detail?id=352982>), [355586](<https://code.google.com/p/chromium/issues/detail?id=355586>), [358059](<https://code.google.com/p/chromium/issues/detail?id=358059>)] CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version 3.24.35.22.\nMany of the above bugs were detected using [AddressSanitizer](<http://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>). \n\nAs we've [previously discussed](<https://groups.google.com/a/chromium.org/d/msg/chromium-dev/zhhj7hCip5c/PxbtDtGbkV0J>), Chrome will now offer to remember and fill password fields in the presence of autocomplete=off. This gives more power to users in spirit of the [priority of constituencies](<http://www.schemehostport.com/2011/10/priority-of-constituencies.html>), and it encourages the use of the Chrome password manager so users can have more complex passwords. This change does not affect non-password fields. \n\nA partial list of changes is available in the [SVN log](<http://build.chromium.org/f/chromium/perf/dashboard/ui/changelog.html?url=/trunk/src&range=241107:251904&mode=html>). Interested in switching release channels? [Find out how](<http://dev.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<http://crbug.com/>). \n\nDaniel Xie \nGoogle Chrome", "cvss3": {}, "published": "2014-04-08T00:00:00", "type": "chrome", "title": "Stable Channel Update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1709", "CVE-2014-1716", "CVE-2014-1717", "CVE-2014-1718", "CVE-2014-1719", "CVE-2014-1720", "CVE-2014-1721", "CVE-2014-1722", "CVE-2014-1723", "CVE-2014-1724", "CVE-2014-1725", "CVE-2014-1726", "CVE-2014-1727", "CVE-2014-1728", "CVE-2014-1729"], "modified": "2014-04-08T00:00:00", "id": "GCSA-3016467076478755432", "href": "https://chromereleases.googleblog.com/2014/04/stable-channel-update.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2021-06-08T18:51:19", "description": "Crossite scripting, integer overflows, DoS, memory corruptions, URL spoofing.", "cvss3": {}, "published": "2014-04-21T00:00:00", "type": "securityvulns", "title": "Google Chrome / Chromium multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-1724", "CVE-2014-1729", "CVE-2014-1720", "CVE-2014-1728", "CVE-2014-1719", "CVE-2014-1726", "CVE-2014-1718", "CVE-2014-1716", "CVE-2014-1722", "CVE-2014-1721", "CVE-2014-1725", "CVE-2014-1727", "CVE-2014-1723", "CVE-2014-1717"], "modified": "2014-04-21T00:00:00", "id": "SECURITYVULNS:VULN:13685", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13685", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:51", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2905-1 security@debian.org\r\nhttp://www.debian.org/security/ Michael Gilbert\r\nApril 15, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : chromium-browser\r\nCVE ID : CVE-2014-1716 CVE-2014-1717 CVE-2014-1718 CVE-2014-1719 \r\n CVE-2014-1720 CVE-2014-1721 CVE-2014-1722 CVE-2014-1723\r\n CVE-2014-1724 CVE-2014-1725 CVE-2014-1726 CVE-2014-1727\r\n CVE-2014-1728 CVE-2014-1729\r\n\r\nSeveral vulnerabilities were discovered in the chromium web browser.\r\n\r\nCVE-2014-1716\r\n\r\n A cross-site scripting issue was discovered in the v8 javascript\r\n library.\r\n\r\nCVE-2014-1717\r\n\r\n An out-of-bounds read issue was discovered in the v8 javascript\r\n library.\r\n\r\nCVE-2014-1718\r\n\r\n Aaron Staple discovered an integer overflow issue in chromium's\r\n software compositor.\r\n\r\nCVE-2014-1719\r\n\r\n Colin Payne discovered a use-after-free issue in the web workers\r\n implementation.\r\n\r\nCVE-2014-1720\r\n\r\n cloudfuzzer discovered a use-after-free issue in the Blink/Webkit\r\n document object model implementation.\r\n\r\nCVE-2014-1721\r\n\r\n Christian Holler discovered a memory corruption issue in the v8\r\n javascript library.\r\n\r\nCVE-2014-1722\r\n\r\n miaubiz discovered a use-after-free issue in block rendering.\r\n\r\nCVE-2014-1723\r\n\r\n George McBay discovered a url spoofing issue. \r\n\r\nCVE-2014-1724\r\n\r\n Atte Kettunen discovered a use-after-free issue in freebsoft's\r\n libspeechd library.\r\n\r\n Because of this issue, the text-to-speech feature is now disabled\r\n by default ("--enable-speech-dispatcher" at the command-line can \r\n re-enable it).\r\n\r\nCVE-2014-1725\r\n\r\n An out-of-bounds read was discovered in the base64 implementation.\r\n\r\nCVE-2014-1726\r\n\r\n Jann Horn discovered a way to bypass the same origin policy. \r\n\r\nCVE-2014-1727\r\n\r\n Khalil Zhani discovered a use-after-free issue in the web color\r\n chooser implementation.\r\n\r\nCVE-2014-1728\r\n\r\n The Google Chrome development team discovered and fixed multiple\r\n issues with potential security impact.\r\n\r\nCVE-2014-1729\r\n\r\n The Google Chrome development team discovered and fixed multiple\r\n issues in version 3.24.35.22 of the v8 javascript library.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 34.0.1847.116-1~deb7u1.\r\n\r\nFor the testing distribution (jessie), these problems will be fixed soon.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 34.0.1847.116-1.\r\n\r\nWe recommend that you upgrade your chromium-browser packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQQcBAEBCgAGBQJTTdpVAAoJELjWss0C1vRzn60gAIm4ZCHrmdSKYiK1Z7E531Cj\r\nd4elA1aU/YTK+yFcaLsvJdUqCoMrWoSa0kSWvHlzjrROhW9UUP5hElc6DYgEzTQ1\r\nrRFQm6i36QA8mXtLkm3okQAiCKiOeEXj/VlE4eMI//5O5btYOohtS3X0z16dEwjJ\r\ncEcoWP/1ryVjBI0+Ml18V5QePyye0sJiJhXKwNFfv/7DpDDznHd7qp8aageqaNie\r\nuusEzp/gOWrHKF+YJjePMuXjp1plDRifmrhtb8BvnNjYQ4IcGMC0ERdw/UJzs/SE\r\nnnP8/4mKO9KbkSYODnCoRrwHyBk9uTUX+oFyC6IhXS2Ko7DVK6ZZ30P5/0LS4ltn\r\n+QAdtTsX619ZqNPVJKmm65sYbyftYderAo9qGKCgHFY7C1Z/ioTKuqz1xfK1Hqg5\r\ntlwiA6+Ikwq4PsPy8SyV/fwYmT7zS3BODvnlnlO1soSH2Sbcwm7h+DRAEG2zXlDF\r\nnLUHn2beh5GRJe5CNNVq6WYeV/b7NT5tvs90/vrvVlb6wQbHwVY55Ivyprq2Kjbr\r\nFcC6bn6bqvcRnLGZKfmezEuq1Y2QFzGBr+UFcrIh4i6q9OG3BOhtbeYUaf8SegT4\r\nP99QX/oKcJ0LHLlF2uHE9Aux6lljnD2jGYc4rMKMdRF05eDWSOzjz1jhc45O0szw\r\nJ96QgYW4SHpQ5YJ2QevlF7J4T9apAvPeyEkiRB0OWAEzROKikKsTejOrXdtC+w7h\r\nszR9UlNbpUmSCnveS1tF5FwquBCaDDwBV39Ix0RNYFuc95+OaGfjnunFKAvilrdR\r\n+g44znk9mx0pMOschW3HrE1R9AOatl5gr0A5bWzqDicNmlIeqY7omSVpsr7wz7z8\r\ndg3UqVX4LWpAXdPD1PRuaY1xW/jOB5GJ4+BEg9DS4qniM3W/pZzh5LJBPXUiZ21O\r\nnCvUZ5apIpn2Pb1qm4nxhTX95QWeRVNw6rW5zW0aBgvlJD4BvCKvUDn8lXVf0Pk7\r\nr7LtlLcT2qBN1eCaF/KzyQjop2Szq7JKl+epbVUwHAyFjr2bkPDGvv56KOEtV+gh\r\nMF0dg0QeNalXQNibm1NhzZFe8d87iYurqI9jSqGobCp4m+B2gyD/ypVJByI1/+EE\r\nqBBgIHqaFR4dJ0brCYghemSk4gQDWBB1RhscnqvUwMI3EAP8zXBmpbJHJFECILyH\r\nBBin/66DexGCZgvc136mlnI3qGlpAfcHFcvK+xzyhZX1LgxBW4UY+JmAwaYrGDBP\r\nKW4JLQhsKA2GKeKB+eZb1iAJrnoSmH7WkyiyBLrcun/WgX2Y4M+Ux5Byv27le2yi\r\nRiEFyKwoPDtr8/MTMnfISmVpVm3mBOCYLqxJqPk/5yvuv+k5x8Zusc66R/OX4JI=\r\n=nUJQ\r\n-----END PGP SIGNATURE-----\r\n\r\n", "cvss3": {}, "published": "2014-04-21T00:00:00", "type": "securityvulns", "title": "[SECURITY] [DSA 2905-1] chromium-browser security update", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-1724", "CVE-2014-1729", "CVE-2014-1720", "CVE-2014-1728", "CVE-2014-1719", "CVE-2014-1726", "CVE-2014-1718", "CVE-2014-1716", "CVE-2014-1722", "CVE-2014-1721", "CVE-2014-1725", "CVE-2014-1727", "CVE-2014-1723", "CVE-2014-1717"], "modified": "2014-04-21T00:00:00", "id": "SECURITYVULNS:DOC:30487", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30487", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:46:17", "description": "Use-after-free, buffer overflow, restrictions bypass, crossite scripting.", "cvss3": {}, "published": "2014-05-04T00:00:00", "type": "securityvulns", "title": "Adobe Flash Player multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-0509", "CVE-2014-0492", "CVE-2014-0508", "CVE-2014-0503", "CVE-2014-0515", "CVE-2014-0498", "CVE-2014-0504", "CVE-2014-0507", "CVE-2014-0491", "CVE-2014-0497", "CVE-2014-0506", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2014-05-04T00:00:00", "id": "SECURITYVULNS:VULN:13726", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13726", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:52", "description": "\r\n\r\nVUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free\r\nCode Execution (Pwn2Own)\r\n\r\nWebsite : http://www.vupen.com\r\n\r\nTwitter : http://twitter.com/vupen\r\n\r\n\r\nI. BACKGROUND\r\n---------------------\r\n\r\nAdobe Flash Player is a cross-platform browser-based application runtime\r\nthat delivers viewing of expressive applications, content, and videos\r\nacross screens and browsers. It is installed on 98% of computers.\r\n\r\n\r\nII. DESCRIPTION\r\n---------------------\r\n\r\nVUPEN Vulnerability Research Team discovered a critical vulnerability\r\nin Adobe Flash.\r\n\r\nThe vulnerability is caused by a use-after-free error when interacting\r\nwith the "ExternalInterface" class from the browser, which could be\r\nexploited to achieve code execution via a malicious web page.\r\n\r\n\r\nIII. AFFECTED PRODUCTS\r\n---------------------------\r\n\r\nAdobe Flash versions prior to 13.0.0.182\r\n\r\n\r\nIV. SOLUTION\r\n----------------\r\n\r\nUpgrade to Adobe Flash v13.0.0.182.\r\n\r\n\r\nV. CREDIT\r\n--------------\r\n\r\nThis vulnerability was discovered by VUPEN Security.\r\n\r\n\r\nVI. ABOUT VUPEN Security\r\n---------------------------\r\n\r\nVUPEN is the leading provider of defensive and offensive cyber security\r\nintelligence and advanced zero-day research. All VUPEN's vulnerability\r\nintelligence results exclusively from its internal and in-house R&D\r\nefforts conducted by its team of world-class researchers.\r\n\r\nVUPEN Solutions: http://www.vupen.com/english/services/\r\n\r\n\r\nVII. REFERENCES\r\n----------------------\r\n\r\nhttp://helpx.adobe.com/security/products/flash-player/apsb14-09.html\r\nhttp://zerodayinitiative.com/advisories/ZDI-14-092/\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0506\r\n\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n-----------------------------\r\n\r\n2014-01-28 - Vulnerability Discovered by VUPEN Security\r\n2014-03-13 - Vulnerability Reported to Adobe During Pwn2Own 2014\r\n2014-04-08 - Vulnerability Fixed by Adobe\r\n2014-04-14 - Public disclosure\r\n\r\n", "cvss3": {}, "published": "2014-05-04T00:00:00", "type": "securityvulns", "title": "VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution (Pwn2Own)", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-0506"], "modified": "2014-05-04T00:00:00", "id": "SECURITYVULNS:DOC:30594", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30594", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2020-04-22T17:03:36", "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "cvss3": {}, "published": "2014-04-22T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities - 01 Apr14 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1724", "CVE-2014-1729", "CVE-2014-1720", "CVE-2014-1728", "CVE-2014-1719", "CVE-2014-1726", "CVE-2014-1718", "CVE-2014-1716", "CVE-2014-1722", "CVE-2014-1721", "CVE-2014-1725", "CVE-2014-1727", "CVE-2014-1723", "CVE-2014-1717"], "modified": "2020-04-20T00:00:00", "id": "OPENVAS:1361412562310804549", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804549", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities - 01 Apr14 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804549\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-1716\", \"CVE-2014-1717\", \"CVE-2014-1718\", \"CVE-2014-1719\",\n \"CVE-2014-1720\", \"CVE-2014-1721\", \"CVE-2014-1722\", \"CVE-2014-1723\",\n \"CVE-2014-1724\", \"CVE-2014-1725\", \"CVE-2014-1726\", \"CVE-2014-1727\",\n \"CVE-2014-1728\", \"CVE-2014-1729\");\n script_bugtraq_id(66704);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-04-22 13:36:13 +0530 (Tue, 22 Apr 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities - 01 Apr14 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A use-after-free error exists within 'web workers', 'DOM', 'forms' and 'speech'.\n\n - An unspecified error exists when handling URLs containing 'RTL' characters.\n\n - An integer overflow error exists within 'compositor'.\n\n - An error when handling certain 'window property'.\n\n - An unspecified error within 'V8'.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct cross-site\nscripting attacks, bypass certain security restrictions, and compromise\na user's system.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 34.0.1847.116 on Mac OS X.\");\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome 34.0.1847.116 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57506\");\n script_xref(name:\"URL\", value:\"http://threatpost.com/google-patches-31-flaws-in-chrome/105326\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/04/stable-channel-update.html\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"34.0.1847.116\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"34.0.1847.116\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-03-20T16:40:33", "description": "Several vulnerabilities were\ndiscovered in the chromium web browser.\n\nCVE-2014-1716\nA cross-site scripting issue was discovered in the v8 javascript\nlibrary.\n\nCVE-2014-1717\nAn out-of-bounds read issue was discovered in the v8 javascript\nlibrary.\n\nCVE-2014-1718\nAaron Staple discovered an integer overflow issue in chromium", "cvss3": {}, "published": "2014-04-15T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2905-1 (chromium-browser - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1724", "CVE-2014-1729", "CVE-2014-1720", "CVE-2014-1728", "CVE-2014-1719", "CVE-2014-1726", "CVE-2014-1718", "CVE-2014-1716", "CVE-2014-1722", "CVE-2014-1721", "CVE-2014-1725", "CVE-2014-1727", "CVE-2014-1723", "CVE-2014-1717"], "modified": "2018-03-19T00:00:00", "id": "OPENVAS:702905", "href": "http://plugins.openvas.org/nasl.php?oid=702905", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2905.nasl 9136 2018-03-19 13:08:02Z cfischer $\n# Auto-generated from advisory DSA 2905-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(702905);\n script_version(\"$Revision: 9136 $\");\n script_cve_id(\"CVE-2014-1716\", \"CVE-2014-1717\", \"CVE-2014-1718\", \"CVE-2014-1719\",\n \"CVE-2014-1720\", \"CVE-2014-1721\", \"CVE-2014-1722\", \"CVE-2014-1723\",\n \"CVE-2014-1724\", \"CVE-2014-1725\", \"CVE-2014-1726\", \"CVE-2014-1727\",\n \"CVE-2014-1728\", \"CVE-2014-1729\");\n script_name(\"Debian Security Advisory DSA 2905-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-03-19 14:08:02 +0100 (Mon, 19 Mar 2018) $\");\n script_tag(name: \"creation_date\", value: \"2014-04-15 00:00:00 +0200 (Tue, 15 Apr 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2905.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"chromium-browser on Debian Linux\");\n script_tag(name: \"insight\", value: \"Chromium is an open-source browser project\nthat aims to build a safer, faster, and more stable way for all Internet users to\nexperience the web.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 34.0.1847.116-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 34.0.1847.116-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were\ndiscovered in the chromium web browser.\n\nCVE-2014-1716\nA cross-site scripting issue was discovered in the v8 javascript\nlibrary.\n\nCVE-2014-1717\nAn out-of-bounds read issue was discovered in the v8 javascript\nlibrary.\n\nCVE-2014-1718\nAaron Staple discovered an integer overflow issue in chromium's\nsoftware compositor.\n\nCVE-2014-1719\nColin Payne discovered a use-after-free issue in the web workers\nimplementation.\n\nCVE-2014-1720\ncloudfuzzer discovered a use-after-free issue in the Blink/Webkit\ndocument object model implementation.\n\nCVE-2014-1721\nChristian Holler discovered a memory corruption issue in the v8\njavascript library.\n\nCVE-2014-1722\nmiaubiz discovered a use-after-free issue in block rendering.\n\nCVE-2014-1723\nGeorge McBay discovered a url spoofing issue.\n\nCVE-2014-1724\nAtte Kettunen discovered a use-after-free issue in freebsoft's\nlibspeechd library.\n\nBecause of this issue, the text-to-speech feature is now disabled\nby default ('--enable-speech-dispatcher' at the command-line can\nre-enable it).\n\nCVE-2014-1725\nAn out-of-bounds read was discovered in the base64 implementation.\n\nCVE-2014-1726\nJann Horn discovered a way to bypass the same origin policy. \n\nCVE-2014-1727\nKhalil Zhani discovered a use-after-free issue in the web color\nchooser implementation.\n\nCVE-2014-1728\nThe Google Chrome development team discovered and fixed multiple\nissues with potential security impact.\n\nCVE-2014-1729\nThe Google Chrome development team discovered and fixed multiple\nissues in version 3.24.35.22 of the v8 javascript library.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"34.0.1847.116-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"34.0.1847.116-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"34.0.1847.116-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"34.0.1847.116-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"34.0.1847.116-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"34.0.1847.116-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"34.0.1847.116-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"34.0.1847.116-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-22T17:03:07", "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "cvss3": {}, "published": "2014-04-22T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities - 01 Apr14 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1724", "CVE-2014-1729", "CVE-2014-1720", "CVE-2014-1728", "CVE-2014-1719", "CVE-2014-1726", "CVE-2014-1718", "CVE-2014-1716", "CVE-2014-1722", "CVE-2014-1721", "CVE-2014-1725", "CVE-2014-1727", "CVE-2014-1723", "CVE-2014-1717"], "modified": "2020-04-20T00:00:00", "id": "OPENVAS:1361412562310804550", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804550", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities - 01 Apr14 (Linux)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804550\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-1716\", \"CVE-2014-1717\", \"CVE-2014-1718\", \"CVE-2014-1719\",\n \"CVE-2014-1720\", \"CVE-2014-1721\", \"CVE-2014-1722\", \"CVE-2014-1723\",\n \"CVE-2014-1724\", \"CVE-2014-1725\", \"CVE-2014-1726\", \"CVE-2014-1727\",\n \"CVE-2014-1728\", \"CVE-2014-1729\");\n script_bugtraq_id(66704);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-04-22 13:38:52 +0530 (Tue, 22 Apr 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities - 01 Apr14 (Linux)\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A use-after-free error exists within 'web workers', 'DOM', 'forms' and 'speech'.\n\n - An unspecified error exists when handling URLs containing 'RTL' characters.\n\n - An integer overflow error exists within 'compositor'.\n\n - An error when handling certain 'window property'.\n\n - An unspecified error within 'V8'.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct cross-site\nscripting attacks, bypass certain security restrictions, and compromise\na user's system.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 34.0.1847.116 on Linux.\");\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome 34.0.1847.116 or later.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57506\");\n script_xref(name:\"URL\", value:\"http://threatpost.com/google-patches-31-flaws-in-chrome/105326\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/04/stable-channel-update.html\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"34.0.1847.116\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"34.0.1847.116\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:25", "description": "Several vulnerabilities were\ndiscovered in the chromium web browser.\n\nCVE-2014-1716\nA cross-site scripting issue was discovered in the v8 javascript\nlibrary.\n\nCVE-2014-1717\nAn out-of-bounds read issue was discovered in the v8 javascript\nlibrary.\n\nCVE-2014-1718\nAaron Staple discovered an integer overflow issue in chromium", "cvss3": {}, "published": "2014-04-15T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2905-1 (chromium-browser - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1724", "CVE-2014-1729", "CVE-2014-1720", "CVE-2014-1728", "CVE-2014-1719", "CVE-2014-1726", "CVE-2014-1718", "CVE-2014-1716", "CVE-2014-1722", "CVE-2014-1721", "CVE-2014-1725", "CVE-2014-1727", "CVE-2014-1723", "CVE-2014-1717"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310702905", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702905", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2905.nasl 14277 2019-03-18 14:45:38Z cfischer $\n# Auto-generated from advisory DSA 2905-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702905\");\n script_version(\"$Revision: 14277 $\");\n script_cve_id(\"CVE-2014-1716\", \"CVE-2014-1717\", \"CVE-2014-1718\", \"CVE-2014-1719\",\n \"CVE-2014-1720\", \"CVE-2014-1721\", \"CVE-2014-1722\", \"CVE-2014-1723\",\n \"CVE-2014-1724\", \"CVE-2014-1725\", \"CVE-2014-1726\", \"CVE-2014-1727\",\n \"CVE-2014-1728\", \"CVE-2014-1729\");\n script_name(\"Debian Security Advisory DSA 2905-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:45:38 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-15 00:00:00 +0200 (Tue, 15 Apr 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2905.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthese problems have been fixed in version 34.0.1847.116-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 34.0.1847.116-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were\ndiscovered in the chromium web browser.\n\nCVE-2014-1716\nA cross-site scripting issue was discovered in the v8 javascript\nlibrary.\n\nCVE-2014-1717\nAn out-of-bounds read issue was discovered in the v8 javascript\nlibrary.\n\nCVE-2014-1718\nAaron Staple discovered an integer overflow issue in chromium's\nsoftware compositor.\n\nCVE-2014-1719\nColin Payne discovered a use-after-free issue in the web workers\nimplementation.\n\nCVE-2014-1720\ncloudfuzzer discovered a use-after-free issue in the Blink/Webkit\ndocument object model implementation.\n\nCVE-2014-1721\nChristian Holler discovered a memory corruption issue in the v8\njavascript library.\n\nCVE-2014-1722\nmiaubiz discovered a use-after-free issue in block rendering.\n\nCVE-2014-1723\nGeorge McBay discovered a url spoofing issue.\n\nCVE-2014-1724\nAtte Kettunen discovered a use-after-free issue in freebsoft's\nlibspeechd library.\n\nBecause of this issue, the text-to-speech feature is now disabled\nby default ('--enable-speech-dispatcher' at the command-line can\nre-enable it).\n\nCVE-2014-1725\nAn out-of-bounds read was discovered in the base64 implementation.\n\nCVE-2014-1726\nJann Horn discovered a way to bypass the same origin policy.\n\nCVE-2014-1727\nKhalil Zhani discovered a use-after-free issue in the web color\nchooser implementation.\n\nCVE-2014-1728\nThe Google Chrome development team discovered and fixed multiple\nissues with potential security impact.\n\nCVE-2014-1729\nThe Google Chrome development team discovered and fixed multiple\nissues in version 3.24.35.22 of the v8 javascript library.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"34.0.1847.116-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"34.0.1847.116-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"34.0.1847.116-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"34.0.1847.116-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"34.0.1847.116-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"34.0.1847.116-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"34.0.1847.116-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"34.0.1847.116-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-22T17:03:47", "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "cvss3": {}, "published": "2014-04-22T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities - 01 Apr14 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1724", "CVE-2014-1729", "CVE-2014-1720", "CVE-2014-1728", "CVE-2014-1719", "CVE-2014-1726", "CVE-2014-1718", "CVE-2014-1716", "CVE-2014-1722", "CVE-2014-1721", "CVE-2014-1725", "CVE-2014-1727", "CVE-2014-1723", "CVE-2014-1717"], "modified": "2020-04-20T00:00:00", "id": "OPENVAS:1361412562310804548", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804548", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities - 01 Apr14 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804548\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-1716\", \"CVE-2014-1717\", \"CVE-2014-1718\", \"CVE-2014-1719\",\n \"CVE-2014-1720\", \"CVE-2014-1721\", \"CVE-2014-1722\", \"CVE-2014-1723\",\n \"CVE-2014-1724\", \"CVE-2014-1725\", \"CVE-2014-1726\", \"CVE-2014-1727\",\n \"CVE-2014-1728\", \"CVE-2014-1729\");\n script_bugtraq_id(66704);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-04-22 12:53:01 +0530 (Tue, 22 Apr 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities - 01 Apr14 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A use-after-free error exists within 'web workers', 'DOM', 'forms' and 'speech'.\n\n - An unspecified error exists when handling URLs containing 'RTL' characters.\n\n - An integer overflow error exists within 'compositor'.\n\n - An error when handling certain 'window property'.\n\n - An unspecified error within 'V8'.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct cross-site\nscripting attacks, bypass certain security restrictions, and compromise\na user's system.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 34.0.1847.116 on Windows.\");\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome 34.0.1847.116 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57506\");\n script_xref(name:\"URL\", value:\"http://threatpost.com/google-patches-31-flaws-in-chrome/105326\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/04/stable-channel-update.html\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"34.0.1847.116\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"34.0.1847.116\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:38:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-16T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for flash-player (SUSE-SU-2014:0535-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0509", "CVE-2014-0508", "CVE-2014-0507", "CVE-2014-0506"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851050", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851050", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851050\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 18:56:30 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-0506\", \"CVE-2014-0507\", \"CVE-2014-0508\", \"CVE-2014-0509\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for flash-player (SUSE-SU-2014:0535-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flash-player'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Adobe flash-player has been updated to version 11.2.202.350\n to resolve security issues and bugs. More information can\n be found at\n\n The following security issues have been fixed:\n\n * a use-after-free vulnerability that could have\n resulted in arbitrary code execution (CVE-2014-0506).\n\n * a buffer overflow vulnerability that could have\n resulted in arbitrary code execution (CVE-2014-0507).\n\n * a security bypass vulnerability that could have lead\n to information disclosure (CVE-2014-0508).\n\n * a cross-site-scripting vulnerability (CVE-2014-0509).\n\n Security Issue references:\n\n * CVE-2014-0506\n\n * CVE-2014-0507\n\n * CVE-2014-0508\n\n * CVE-2014-0509\");\n\n script_tag(name:\"affected\", value:\"flash-player on SUSE Linux Enterprise Desktop 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0535-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.350~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.350~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-kde4\", rpm:\"flash-player-kde4~11.2.202.350~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-22T17:03:08", "description": "This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.", "cvss3": {}, "published": "2014-04-11T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - 02 Apr14 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0509", "CVE-2014-0508", "CVE-2014-0507"], "modified": "2020-04-20T00:00:00", "id": "OPENVAS:1361412562310804539", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804539", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities - 02 Apr14 (Linux)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804539\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-0507\", \"CVE-2014-0508\", \"CVE-2014-0509\");\n script_bugtraq_id(66701, 66699, 66703);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-04-11 13:13:08 +0530 (Fri, 11 Apr 2014)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - 02 Apr14 (Linux)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An error related to regular expressions in ActionScript.\n\n - An use-after-free error and multiple unspecified errors.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct cross-site scripting\nattacks, bypass certain security restrictions, and compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 11.2.202.350 on Linux\");\n script_tag(name:\"solution\", value:\"Update to Adobe Flash Player version 11.2.202.350 or later.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57661\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-09.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.2.202.350\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"11.2.202.350\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:14:38", "description": "This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.", "cvss3": {}, "published": "2014-04-11T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - 02 Apr14 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0509", "CVE-2014-0508", "CVE-2014-0507"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310804537", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804537", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities - 02 Apr14 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804537\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-0507\", \"CVE-2014-0508\", \"CVE-2014-0509\");\n script_bugtraq_id(66701, 66699, 66703);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-04-11 12:45:39 +0530 (Fri, 11 Apr 2014)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - 02 Apr14 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An error related to regular expressions in ActionScript.\n\n - An use-after-free error and multiple unspecified errors.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct cross-site scripting\nattacks, bypass certain security restrictions, and compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 11.7.700.275 and 11.8.x through 13.0.x\nbefore 13.0.0.182 on Windows\");\n script_tag(name:\"solution\", value:\"Update to Adobe Flash Player version 11.7.700.275 or 13.0.0.182 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57661\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-09.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.7.700.275\") ||\n version_in_range(version:playerVer, test_version:\"11.8.0\", test_version2:\"13.0.0.181\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:14:14", "description": "This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.", "cvss3": {}, "published": "2014-04-11T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - 02 Apr14 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0509", "CVE-2014-0508", "CVE-2014-0507"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310804538", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804538", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities - 02 Apr14 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804538\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-0507\", \"CVE-2014-0508\", \"CVE-2014-0509\");\n script_bugtraq_id(66701, 66699, 66703);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-04-11 13:09:05 +0530 (Fri, 11 Apr 2014)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - 02 Apr14 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An error related to regular expressions in ActionScript.\n\n - An use-after-free error and multiple unspecified errors.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct cross-site scripting\nattacks, bypass certain security restrictions, and compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 11.7.700.275 and 11.8.x through 13.0.x\nbefore 13.0.0.182 on Mac OS X\");\n script_tag(name:\"solution\", value:\"Update to Adobe Flash Player version 11.7.700.275 or 13.0.0.182 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57661\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-09.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.7.700.275\") ||\n version_in_range(version:playerVer, test_version:\"11.8.0\", test_version2:\"13.0.0.181\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:11", "description": "Gentoo Linux Local Security Checks GLSA 201405-04", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201405-04", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0509", "CVE-2014-0508", "CVE-2014-0503", "CVE-2014-0515", "CVE-2014-0498", "CVE-2014-0504", "CVE-2014-0507", "CVE-2014-0506", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121179", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121179", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201405-04.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121179\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:06 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201405-04\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201405-04\");\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\", \"CVE-2014-0503\", \"CVE-2014-0504\", \"CVE-2014-0506\", \"CVE-2014-0507\", \"CVE-2014-0508\", \"CVE-2014-0509\", \"CVE-2014-0515\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201405-04\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-plugins/adobe-flash\", unaffected: make_list(\"ge 11.2.202.356\"), vulnerable: make_list(\"lt 11.2.202.356\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:31", "description": "Gentoo Linux Local Security Checks GLSA 201408-16", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201408-16", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3171", "CVE-2014-3155", "CVE-2014-1747", "CVE-2014-3168", "CVE-2014-3176", "CVE-2014-1724", "CVE-2014-3166", "CVE-2014-1735", "CVE-2014-1729", "CVE-2014-3165", "CVE-2014-1720", "CVE-2014-3154", "CVE-2014-1742", "CVE-2014-1728", "CVE-2014-1703", "CVE-2014-1719", "CVE-2014-3157", "CVE-2014-1726", "CVE-2014-1705", "CVE-2014-1734", "CVE-2014-1733", "CVE-2014-1732", "CVE-2014-1718", "CVE-2014-1744", "CVE-2014-0538", "CVE-2014-1716", "CVE-2014-1722", "CVE-2014-1743", "CVE-2014-1731", "CVE-2014-1740", "CVE-2014-3174", "CVE-2014-3175", "CVE-2014-3173", "CVE-2014-3167", "CVE-2014-1746", "CVE-2014-1714", "CVE-2014-1749", "CVE-2014-1713", "CVE-2014-3169", "CVE-2014-1745", "CVE-2014-3172", "CVE-2014-1701", "CVE-2014-1704", "CVE-2014-3162", "CVE-2014-3170", "CVE-2014-1730", "CVE-2014-1721", "CVE-2014-3160", "CVE-2014-1725", "CVE-2014-1715", "CVE-2014-1727", "CVE-2014-1702", "CVE-2014-1723", "CVE-2014-1748", "CVE-2014-1717", "CVE-2014-3177", "CVE-2014-1741", "CVE-2014-1700", "CVE-2014-3156"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121260", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121260", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201408-16.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121260\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:47 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201408-16\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201408-16\");\n script_cve_id(\"CVE-2014-1741\", \"CVE-2014-0538\", \"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\", \"CVE-2014-1715\", \"CVE-2014-1716\", \"CVE-2014-1717\", \"CVE-2014-1718\", \"CVE-2014-1719\", \"CVE-2014-1720\", \"CVE-2014-1721\", \"CVE-2014-1722\", \"CVE-2014-1723\", \"CVE-2014-1724\", \"CVE-2014-1725\", \"CVE-2014-1726\", \"CVE-2014-1727\", \"CVE-2014-1728\", \"CVE-2014-1729\", \"CVE-2014-1730\", \"CVE-2014-1731\", \"CVE-2014-1732\", \"CVE-2014-1733\", \"CVE-2014-1734\", \"CVE-2014-1735\", \"CVE-2014-1740\", \"CVE-2014-1742\", \"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\", \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3154\", \"CVE-2014-3155\", \"CVE-2014-3156\", \"CVE-2014-3157\", \"CVE-2014-3160\", \"CVE-2014-3162\", \"CVE-2014-3165\", \"CVE-2014-3166\", \"CVE-2014-3167\", \"CVE-2014-3168\", \"CVE-2014-3169\", \"CVE-2014-3170\", \"CVE-2014-3171\", \"CVE-2014-3172\", \"CVE-2014-3173\", \"CVE-2014-3174\", \"CVE-2014-3175\", \"CVE-2014-3176\", \"CVE-2014-3177\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201408-16\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-client/chromium\", unaffected: make_list(\"ge 37.0.2062.94\"), vulnerable: make_list(\"lt 37.0.2062.94\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-22T17:03:24", "description": "This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.", "cvss3": {}, "published": "2014-04-01T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - 01 Apr14 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0510", "CVE-2014-0506"], "modified": "2020-04-20T00:00:00", "id": "OPENVAS:1361412562310804350", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804350", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_mult_vuln01_apr14_win.nasl 2014-04-01 12:10:22Z Apr$\n#\n# Adobe Flash Player Multiple Vulnerabilities - 01 Apr14 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804350\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-0506\", \"CVE-2014-0510\");\n script_bugtraq_id(66208, 66241);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-04-01 12:15:19 +0530 (Tue, 01 Apr 2014)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - 01 Apr14 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Flaws exist due to an use-after-free error and some other unspecified error.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to conduct denial of service or\npotentially execute arbitrary code.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 12.0.0.77 on Windows.\");\n script_tag(name:\"solution\", value:\"Upgrade Flash Player to version 13.0.0.182 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1029969\");\n script_xref(name:\"URL\", value:\"https://www.hkcert.org/my_url/en/alert/14033103\");\n script_xref(name:\"URL\", value:\"http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_equal(version:playerVer, test_version:\"12.0.0.77\"))\n{\n report = report_fixed_ver(installed_version:playerVer, vulnerable_range:\"Equal to 12.0.0.77\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2023-12-02T12:06:36", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2905-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nApril 15, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2014-1716 CVE-2014-1717 CVE-2014-1718 CVE-2014-1719 \n CVE-2014-1720 CVE-2014-1721 CVE-2014-1722 CVE-2014-1723\n CVE-2014-1724 CVE-2014-1725 CVE-2014-1726 CVE-2014-1727\n CVE-2014-1728 CVE-2014-1729\n\nSeveral vulnerabilities were discovered in the chromium web browser.\n\nCVE-2014-1716\n\n A cross-site scripting issue was discovered in the v8 javascript\n library.\n\nCVE-2014-1717\n\n An out-of-bounds read issue was discovered in the v8 javascript\n library.\n\nCVE-2014-1718\n\n Aaron Staple discovered an integer overflow issue in chromium's\n software compositor.\n\nCVE-2014-1719\n\n Colin Payne discovered a use-after-free issue in the web workers\n implementation.\n\nCVE-2014-1720\n\n cloudfuzzer discovered a use-after-free issue in the Blink/Webkit\n document object model implementation.\n\nCVE-2014-1721\n\n Christian Holler discovered a memory corruption issue in the v8\n javascript library.\n\nCVE-2014-1722\n\n miaubiz discovered a use-after-free issue in block rendering.\n\nCVE-2014-1723\n\n George McBay discovered a url spoofing issue. \n\nCVE-2014-1724\n\n Atte Kettunen discovered a use-after-free issue in freebsoft's\n libspeechd library.\n\n Because of this issue, the text-to-speech feature is now disabled\n by default ("--enable-speech-dispatcher" at the command-line can \n re-enable it).\n\nCVE-2014-1725\n\n An out-of-bounds read was discovered in the base64 implementation.\n\nCVE-2014-1726\n\n Jann Horn discovered a way to bypass the same origin policy. \n\nCVE-2014-1727\n\n Khalil Zhani discovered a use-after-free issue in the web color\n chooser implementation.\n\nCVE-2014-1728\n\n The Google Chrome development team discovered and fixed multiple\n issues with potential security impact.\n\nCVE-2014-1729\n\n The Google Chrome development team discovered and fixed multiple\n issues in version 3.24.35.22 of the v8 javascript library.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 34.0.1847.116-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 34.0.1847.116-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2014-04-16T01:22:56", "type": "debian", "title": "[SECURITY] [DSA 2905-1] chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1716", "CVE-2014-1717", "CVE-2014-1718", "CVE-2014-1719", "CVE-2014-1720", "CVE-2014-1721", "CVE-2014-1722", "CVE-2014-1723", "CVE-2014-1724", "CVE-2014-1725", "CVE-2014-1726", "CVE-2014-1727", "CVE-2014-1728", "CVE-2014-1729"], "modified": "2014-04-16T01:22:56", "id": "DEBIAN:DSA-2905-1:6051E", "href": "https://lists.debian.org/debian-security-announce/2014/msg00081.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T23:13:13", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2905-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nApril 15, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2014-1716 CVE-2014-1717 CVE-2014-1718 CVE-2014-1719 \n CVE-2014-1720 CVE-2014-1721 CVE-2014-1722 CVE-2014-1723\n CVE-2014-1724 CVE-2014-1725 CVE-2014-1726 CVE-2014-1727\n CVE-2014-1728 CVE-2014-1729\n\nSeveral vulnerabilities were discovered in the chromium web browser.\n\nCVE-2014-1716\n\n A cross-site scripting issue was discovered in the v8 javascript\n library.\n\nCVE-2014-1717\n\n An out-of-bounds read issue was discovered in the v8 javascript\n library.\n\nCVE-2014-1718\n\n Aaron Staple discovered an integer overflow issue in chromium's\n software compositor.\n\nCVE-2014-1719\n\n Colin Payne discovered a use-after-free issue in the web workers\n implementation.\n\nCVE-2014-1720\n\n cloudfuzzer discovered a use-after-free issue in the Blink/Webkit\n document object model implementation.\n\nCVE-2014-1721\n\n Christian Holler discovered a memory corruption issue in the v8\n javascript library.\n\nCVE-2014-1722\n\n miaubiz discovered a use-after-free issue in block rendering.\n\nCVE-2014-1723\n\n George McBay discovered a url spoofing issue. \n\nCVE-2014-1724\n\n Atte Kettunen discovered a use-after-free issue in freebsoft's\n libspeechd library.\n\n Because of this issue, the text-to-speech feature is now disabled\n by default ("--enable-speech-dispatcher" at the command-line can \n re-enable it).\n\nCVE-2014-1725\n\n An out-of-bounds read was discovered in the base64 implementation.\n\nCVE-2014-1726\n\n Jann Horn discovered a way to bypass the same origin policy. \n\nCVE-2014-1727\n\n Khalil Zhani discovered a use-after-free issue in the web color\n chooser implementation.\n\nCVE-2014-1728\n\n The Google Chrome development team discovered and fixed multiple\n issues with potential security impact.\n\nCVE-2014-1729\n\n The Google Chrome development team discovered and fixed multiple\n issues in version 3.24.35.22 of the v8 javascript library.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 34.0.1847.116-1~deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 34.0.1847.116-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2014-04-16T01:22:56", "type": "debian", "title": "[SECURITY] [DSA 2905-1] chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1716", "CVE-2014-1717", "CVE-2014-1718", "CVE-2014-1719", "CVE-2014-1720", "CVE-2014-1721", "CVE-2014-1722", "CVE-2014-1723", "CVE-2014-1724", "CVE-2014-1725", "CVE-2014-1726", "CVE-2014-1727", "CVE-2014-1728", "CVE-2014-1729"], "modified": "2014-04-16T01:22:56", "id": "DEBIAN:DSA-2905-1:E695A", "href": "https://lists.debian.org/debian-security-announce/2014/msg00081.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2023-12-02T20:47:30", "description": "Updated chromium-browser-stable packages fix security vulnerabilities: Multiple vulnerabilities in the V8 JavaScript library, including a UXSS issue (CVE-2014-1716), OOB access (CVE-2014-1717), memory corruption (CVE-2014-1721), and other vulnerabilities fixed in V8 version 3.24.35.22 (CVE-2014-1729). Integer overflow in compositor (CVE-2014-1718). Multiple use-after-free flaws; in web workers (CVE-2014-1719), DOM (CVE-2014-1720), rendering (CVE-2014-1722), speech (CVE-2014-1724), and forms (CVE-2014-1727). Url confusion with RTL characters (CVE-2014-1723). OOB read with window property (CVE-2014-1725). Local cross-origin bypass (CVE-2014-1726). Various fixes from internal audits, fuzzing and other initiatives (CVE-2014-1728). \n", "cvss3": {}, "published": "2014-04-20T15:43:35", "type": "mageia", "title": "Updated chromium-browser packages fix multiple security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1716", "CVE-2014-1717", "CVE-2014-1718", "CVE-2014-1719", "CVE-2014-1720", "CVE-2014-1721", "CVE-2014-1722", "CVE-2014-1723", "CVE-2014-1724", "CVE-2014-1725", "CVE-2014-1726", "CVE-2014-1727", "CVE-2014-1728", "CVE-2014-1729"], "modified": "2014-04-20T15:43:35", "id": "MGASA-2014-0183", "href": "https://advisories.mageia.org/MGASA-2014-0183.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T20:47:30", "description": "Adobe Flash Player 11.2.202.350 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to remotely take control of the affected system. This update resolves a use-after-free vulnerability that could result in arbitrary code execution (CVE-2014-0506). This update resolves a buffer overflow vulnerability that could result in arbitrary code execution (CVE-2014-0507). This update resolves a security bypass vulnerability that could lead to information disclosure (CVE-2014-0508). This update resolves a cross-site-scripting vulnerability (CVE-2014-0509). \n", "cvss3": {}, "published": "2014-04-09T19:40:40", "type": "mageia", "title": "Updated flash-player-plugin package fixes multiple vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2014-04-09T19:40:40", "id": "MGASA-2014-0169", "href": "https://advisories.mageia.org/MGASA-2014-0169.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2016-09-26T17:24:25", "description": "\nGoogle Chrome Releases reports:\n\n31 vulnerabilities fixed in this release, including:\n\n[354123] High CVE-2014-1716: UXSS in V8. Credit to\n\t Anonymous.\n[353004] High CVE-2014-1717: OOB access in V8. Credit to\n\t Anonymous.\n[348332] High CVE-2014-1718: Integer overflow in compositor.\n\t Credit to Aaron Staple.\n[343661] High CVE-2014-1719: Use-after-free in web workers.\n\t Credit to Collin Payne.\n[356095] High CVE-2014-1720: Use-after-free in DOM. Credit to\n\t cloudfuzzer.\n[350434] High CVE-2014-1721: Memory corruption in V8. Credit to\n\t Christian Holler.\n[330626] High CVE-2014-1722: Use-after-free in rendering.\n\t Credit to miaubiz.\n[337746] High CVE-2014-1723: Url confusion with RTL characters.\n\t Credit to George McBay.\n[327295] High CVE-2014-1724: Use-after-free in speech. Credit\n\t to Atte Kettunen of OUSPG.\n[357332] Medium CVE-2014-1725: OOB read with window property.\n\t Credit to Anonymous\n[346135] Medium CVE-2014-1726: Local cross-origin bypass.\n\t Credit to Jann Horn.\n[342735] Medium CVE-2014-1727: Use-after-free in forms. Credit\n\t to Khalil Zhani.\n[360298] CVE-2014-1728: Various fixes from internal audits,\n\t fuzzing and other initiatives.\n[345820, 347262, 348319, 350863, 352982, 355586, 358059]\n\t CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version\n\t 3.24.35.22.\n\n\n", "cvss3": {}, "published": "2014-04-08T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1724", "CVE-2014-1729", "CVE-2014-1720", "CVE-2014-1728", "CVE-2014-1719", "CVE-2014-1726", "CVE-2014-1718", "CVE-2014-1716", "CVE-2014-1722", "CVE-2014-1721", "CVE-2014-1725", "CVE-2014-1727", "CVE-2014-1723", "CVE-2014-1717"], "modified": "2014-04-08T00:00:00", "id": "963413A5-BF50-11E3-A2D6-00262D5ED8EE", "href": "https://vuxml.freebsd.org/freebsd/963413a5-bf50-11e3-a2d6-00262d5ed8ee.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osv": [{"lastseen": "2022-07-21T08:28:56", "description": "\nSeveral vulnerabilities were discovered in the chromium web browser.\n\n\n* [CVE-2014-1716](https://security-tracker.debian.org/tracker/CVE-2014-1716)\nA cross-site scripting issue was discovered in the v8 javascript\n library.\n* [CVE-2014-1717](https://security-tracker.debian.org/tracker/CVE-2014-1717)\nAn out-of-bounds read issue was discovered in the v8 javascript\n library.\n* [CVE-2014-1718](https://security-tracker.debian.org/tracker/CVE-2014-1718)\nAaron Staple discovered an integer overflow issue in chromium's\n software compositor.\n* [CVE-2014-1719](https://security-tracker.debian.org/tracker/CVE-2014-1719)\nColin Payne discovered a use-after-free issue in the web workers\n implementation.\n* [CVE-2014-1720](https://security-tracker.debian.org/tracker/CVE-2014-1720)\ncloudfuzzer discovered a use-after-free issue in the Blink/Webkit\n document object model implementation.\n* [CVE-2014-1721](https://security-tracker.debian.org/tracker/CVE-2014-1721)\nChristian Holler discovered a memory corruption issue in the v8\n javascript library.\n* [CVE-2014-1722](https://security-tracker.debian.org/tracker/CVE-2014-1722)\nmiaubiz discovered a use-after-free issue in block rendering.\n* [CVE-2014-1723](https://security-tracker.debian.org/tracker/CVE-2014-1723)\nGeorge McBay discovered a url spoofing issue.\n* [CVE-2014-1724](https://security-tracker.debian.org/tracker/CVE-2014-1724)\nAtte Kettunen discovered a use-after-free issue in freebsoft's\n libspeechd library.\n\n\nBecause of this issue, the text-to-speech feature is now disabled\n by default (\"--enable-speech-dispatcher\" at the command-line can \n re-enable it).\n* [CVE-2014-1725](https://security-tracker.debian.org/tracker/CVE-2014-1725)\nAn out-of-bounds read was discovered in the base64 implementation.\n* [CVE-2014-1726](https://security-tracker.debian.org/tracker/CVE-2014-1726)\nJann Horn discovered a way to bypass the same origin policy.\n* [CVE-2014-1727](https://security-tracker.debian.org/tracker/CVE-2014-1727)\nKhalil Zhani discovered a use-after-free issue in the web color\n chooser implementation.\n* [CVE-2014-1728](https://security-tracker.debian.org/tracker/CVE-2014-1728)\nThe Google Chrome development team discovered and fixed multiple\n issues with potential security impact.\n* [CVE-2014-1729](https://security-tracker.debian.org/tracker/CVE-2014-1729)\nThe Google Chrome development team discovered and fixed multiple\n issues in version 3.24.35.22 of the v8 javascript library.\n\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 34.0.1847.116-1~deb7u1.\n\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 34.0.1847.116-1.\n\n\nWe recommend that you upgrade your chromium-browser packages.\n\n\n", "cvss3": {}, "published": "2014-04-15T00:00:00", "type": "osv", "title": "chromium-browser - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1724", "CVE-2014-1729", "CVE-2014-1720", "CVE-2014-1728", "CVE-2014-1719", "CVE-2014-1726", "CVE-2014-1718", "CVE-2014-1716", "CVE-2014-1722", "CVE-2014-1721", "CVE-2014-1725", "CVE-2014-1727", "CVE-2014-1723", "CVE-2014-1717"], "modified": "2022-07-21T05:48:14", "id": "OSV:DSA-2905-1", "href": "https://osv.dev/vulnerability/DSA-2905-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2018-10-06T22:59:04", "description": "Google has patched a long list of serious security vulnerabilities in Chrome, including at least 19 highly rated flaws. The company patched a total of 31 vulnerabilities in Chrome 34 and paid out more than $28,000 in rewards to researchers who reported bugs to Google.\n\nAmong the security fixes in Chrome 34 are patches for a number of use-after-free vulnerabilities in various components of the browser. Google\u2019s internal security team also discovered quite a few of the vulnerabilities patched in the latest release.\n\nIn addition to the security patches, Google introduced a change in Chrome 34 that will allow users to save passwords in the browser even if they have the autocomplete feature disabled.\n\n\u201cAs we\u2019ve [**previously discussed**](<https://groups.google.com/a/chromium.org/d/msg/chromium-dev/zhhj7hCip5c/PxbtDtGbkV0J>), Chrome will now offer to remember and fill password fields in the presence of autocomplete=off. This gives more power to users in spirit of the [**priority of constituencies**](<http://www.schemehostport.com/2011/10/priority-of-constituencies.html>), and it encourages the use of the Chrome password manager so users can have more complex passwords. This change does not affect non-password fields,\u201d Daniel Xie of the Chrome team [said](<http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html>).\n\nHere\u2019s the list of public bugs fixed in Chrome 34:\n\n[$5000][[**354123**](<https://code.google.com/p/chromium/issues/detail?id=354123>)] **High** CVE-2014-1716: UXSS in V8._ Credit to Anonymous._\n\n[$5000][[**353004**](<https://code.google.com/p/chromium/issues/detail?id=353004>)] **High** CVE-2014-1717: OOB access in V8. _Credit to Anonymous._\n\n[$3000][[**348332**](<https://code.google.com/p/chromium/issues/detail?id=348332>)] **High** CVE-2014-1718: Integer overflow in compositor._ Credit to Aaron Staple._\n\n[$3000][[**343661**](<https://code.google.com/p/chromium/issues/detail?id=343661>)] **High** CVE-2014-1719: Use-after-free in web workers. _Credit to Collin Payne._\n\n[$2000][[**356095**](<https://code.google.com/p/chromium/issues/detail?id=356095>)] **High** CVE-2014-1720: Use-after-free in DOM. _Credit to cloudfuzzer._\n\n[$2000][[**350434**](<https://code.google.com/p/chromium/issues/detail?id=350434>)] **High** CVE-2014-1721: Memory corruption in V8. _Credit to Christian Holler._\n\n[$2000][[**330626**](<https://code.google.com/p/chromium/issues/detail?id=330626>)] **High** CVE-2014-1722: Use-after-free in rendering._ Credit to miaubiz._\n\n[$1500][[**337746**](<https://code.google.com/p/chromium/issues/detail?id=337746>)] **High** CVE-2014-1723: Url confusion with RTL characters. _Credit to George McBay._\n\n[$1000][[**327295**](<https://code.google.com/p/chromium/issues/detail?id=327295>)] **High** CVE-2014-1724: Use-after-free in speech. _Credit to Atte Kettunen of OUSPG._\n\n[$3000][[**357332**](<https://code.google.com/p/chromium/issues/detail?id=357332>)] **Medium** CVE-2014-1725: OOB read with window property. _Credit to Anonymous_\n\n[$1000][[**346135**](<https://code.google.com/p/chromium/issues/detail?id=346135>)] **Medium** CVE-2014-1726: Local cross-origin bypass. _Credit to Jann Horn._\n\n[$1000][[**342735**](<https://code.google.com/p/chromium/issues/detail?id=342735>)] **Medium** CVE-2014-1727: Use-after-free in forms._ Credit to Khalil Zhani._\n", "cvss3": {}, "published": "2014-04-08T14:55:23", "type": "threatpost", "title": "Google Patches 31 Flaws in Chrome", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2014-1716", "CVE-2014-1717", "CVE-2014-1718", "CVE-2014-1719", "CVE-2014-1720", "CVE-2014-1721", "CVE-2014-1722", "CVE-2014-1723", "CVE-2014-1724", "CVE-2014-1725", "CVE-2014-1726", "CVE-2014-1727"], "modified": "2014-04-08T18:55:23", "id": "THREATPOST:2ADF5DE0938012FDED13572E2C798A8E", "href": "https://threatpost.com/google-patches-31-flaws-in-chrome/105326/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "altlinux": [{"lastseen": "2022-06-10T03:07:05", "description": "3:11-alt28 built April 15, 2014 Sergey V Turchin in task [#118324](<https://git.altlinux.org/tasks/118324/>) \n--- \nApril 15, 2014 Sergey V Turchin \n \n \n - new version\n - security fixes:\n CVE-2014-0506, CVE-2014-0507, CVE-2014-0508, CVE-2014-0509\n", "cvss3": {}, "published": "2014-04-15T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt28", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2014-04-15T00:00:00", "id": "C1698F34A394319E0076F3F1117FE11F", "href": "https://packages.altlinux.org/en/p7/srpms/adobe-flash-player/1707551309196135328", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-10T03:07:30", "description": "3:11-alt28 built April 15, 2014 Sergey V Turchin in task [#118325](<https://git.altlinux.org/tasks/118325/>) \n--- \nApril 15, 2014 Sergey V Turchin \n \n \n - new version\n - security fixes:\n CVE-2014-0506, CVE-2014-0507, CVE-2014-0508, CVE-2014-0509\n", "cvss3": {}, "published": "2014-04-15T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt28", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2014-04-15T00:00:00", "id": "698F04960C6FDCECD3FAF3107FEF2E6C", "href": "https://packages.altlinux.org/en/p6/srpms/adobe-flash-player/1707551309196135328", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:40:21", "description": "Adobe flash-player has been updated to version 11.2.202.350\n to resolve security issues and bugs. More information can\n be found at\n\n <a rel=\"nofollow\" href=\"http://helpx.adobe.com/security/products/flash-player/apsb14\">http://helpx.adobe.com/security/products/flash-player/apsb14</a>\n -09.html\n <<a rel=\"nofollow\" href=\"http://helpx.adobe.com/security/products/flash-player/apsb1\">http://helpx.adobe.com/security/products/flash-player/apsb1</a>\n 4-09.html>\n\n The following security issues have been fixed:\n\n * a use-after-free vulnerability that could have\n resulted in arbitrary code execution (CVE-2014-0506).\n * a buffer overflow vulnerability that could have\n resulted in arbitrary code execution (CVE-2014-0507).\n * a security bypass vulnerability that could have lead\n to information disclosure (CVE-2014-0508).\n * a cross-site-scripting vulnerability (CVE-2014-0509).\n", "cvss3": {}, "published": "2014-04-16T19:04:49", "type": "suse", "title": "Security update for flash-player (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-0509", "CVE-2014-0508", "CVE-2014-0507", "CVE-2014-0506"], "modified": "2014-04-16T19:04:49", "id": "SUSE-SU-2014:0535-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00012.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2023-05-26T10:21:36", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB14-09,\nlisted in the References section.\n\nTwo flaws were found in the way flash-plugin displayed certain SWF content.\nAn attacker could use these flaws to create a specially crafted SWF file\nthat would cause flash-plugin to crash or, potentially, execute arbitrary\ncode when the victim loaded a page containing the malicious SWF content.\n(CVE-2014-0506, CVE-2014-0507)\n\nA flaw in flash-plugin could allow an attacker to obtain sensitive\ninformation if a victim were tricked into visiting a specially crafted web\npage. (CVE-2014-0508)\n\nA flaw in flash-plugin could allow an attacker to conduct cross-site\nscripting (XSS) attacks if a victim were tricked into visiting a specially\ncrafted web page. (CVE-2014-0509)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.350.\n", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "redhat", "title": "(RHSA-2014:0380) Critical: flash-plugin security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2018-06-07T05:04:28", "id": "RHSA-2014:0380", "href": "https://access.redhat.com/errata/RHSA-2014:0380", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2023-12-02T11:05:17", "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted SWF file using Adobe Flash Player, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass the Same Origin Policy or read the clipboard via unspecified vectors. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-plugins/adobe-flash-11.2.202.356\"", "cvss3": {}, "published": "2014-05-03T00:00:00", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities ", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0498", "CVE-2014-0499", "CVE-2014-0502", "CVE-2014-0503", "CVE-2014-0504", "CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509", "CVE-2014-0515"], "modified": "2014-05-03T00:00:00", "id": "GLSA-201405-04", "href": "https://security.gentoo.org/glsa/201405-04", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-02T21:05:02", "description": "### Background\n\nChromium is an open-source web browser project.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could conduct a number of attacks which include: cross site scripting attacks, bypassing of sandbox protection, potential execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-37.0.2062.94\"", "cvss3": {}, "published": "2014-08-30T00:00:00", "type": "gentoo", "title": "Chromium: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0538", "CVE-2014-1700", "CVE-2014-1701", "CVE-2014-1702", "CVE-2014-1703", "CVE-2014-1704", "CVE-2014-1705", "CVE-2014-1713", "CVE-2014-1714", "CVE-2014-1715", "CVE-2014-1716", "CVE-2014-1717", "CVE-2014-1718", "CVE-2014-1719", "CVE-2014-1720", "CVE-2014-1721", "CVE-2014-1722", "CVE-2014-1723", "CVE-2014-1724", "CVE-2014-1725", "CVE-2014-1726", "CVE-2014-1727", "CVE-2014-1728", "CVE-2014-1729", "CVE-2014-1730", "CVE-2014-1731", "CVE-2014-1732", "CVE-2014-1733", "CVE-2014-1734", "CVE-2014-1735", "CVE-2014-1740", "CVE-2014-1741", "CVE-2014-1742", "CVE-2014-1743", "CVE-2014-1744", "CVE-2014-1745", "CVE-2014-1746", "CVE-2014-1747", "CVE-2014-1748", "CVE-2014-1749", "CVE-2014-3154", "CVE-2014-3155", "CVE-2014-3156", "CVE-2014-3157", "CVE-2014-3160", "CVE-2014-3162", "CVE-2014-3165", "CVE-2014-3166", "CVE-2014-3167", "CVE-2014-3168", "CVE-2014-3169", "CVE-2014-3170", "CVE-2014-3171", "CVE-2014-3172", "CVE-2014-3173", "CVE-2014-3174", "CVE-2014-3175", "CVE-2014-3176", "CVE-2014-3177"], "modified": "2014-08-30T00:00:00", "id": "GLSA-201408-16", "href": "https://security.gentoo.org/glsa/201408-16", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T17:27:35", "description": "CVE ID:CVE-2014-0509 \r\n\r\nAdobe Flash Player\u662f\u4e00\u6b3eFlash\u6587\u4ef6\u5904\u7406\u7a0b\u5e8f\u3002Adobe Air\u662f\u4e00\u6b3eAdobe\u516c\u53f8\u51fa\u54c1\u7684\u8de8\u64cd\u4f5c\u7cfb\u7edf\u7684\u8fd0\u884c\u65f6\u5e93\u3002\r\n\r\nAdobe Flash Player/AIR\u5b58\u5728\u672a\u660e\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u811a\u672c\u6216HTML\u4ee3\u7801\uff0c\u5f53\u6076\u610f\u6570\u636e\u88ab\u67e5\u770b\u65f6\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002\n0\nAdobe Flash Player 12.0.0.77\r\nAdobe Flash Player 11.2.202.346\r\nAdobe Flash Player 11.7.700.272\r\nAdobe AIR 4.0.0.1628\nAdobe Flash Player 13.0.0.182, 11.2.202.350\u6216Adobe AIR 13.0.0.83\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.adobe.com", "cvss3": {}, "published": "2014-04-11T00:00:00", "type": "seebug", "title": "Adobe Flash Player/AIR\u672a\u660e\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-0509"], "modified": "2014-04-11T00:00:00", "id": "SSV:62134", "href": "https://www.seebug.org/vuldb/ssvid-62134", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-11-19T17:27:36", "description": "CVE ID:CVE-2014-0508\r\n\r\nAdobe Flash Player\u662f\u4e00\u6b3eFlash\u6587\u4ef6\u5904\u7406\u7a0b\u5e8f\u3002Adobe Air\u662f\u4e00\u6b3eAdobe\u516c\u53f8\u51fa\u54c1\u7684\u8de8\u64cd\u4f5c\u7cfb\u7edf\u7684\u8fd0\u884c\u65f6\u5e93\u3002\r\n\r\nAdobe Flash Player/AIR\u5b58\u5728\u672a\u660e\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u6784\u5efa\u6076\u610f\u6587\u4ef6\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\n0\nAdobe Flash Player 12.0.0.77\r\nAdobe Flash Player 11.2.202.346\r\nAdobe Flash Player 11.7.700.272\r\nAdobe AIR 4.0.0.1628\nAdobe Flash Player 13.0.0.182, 11.2.202.350\u6216Adobe AIR 13.0.0.83\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.adobe.com", "cvss3": {}, "published": "2014-04-11T00:00:00", "type": "seebug", "title": "Adobe Flash Player/AIR\u672a\u660e\u5b89\u5168\u7ed5\u8fc7\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-0508"], "modified": "2014-04-11T00:00:00", "id": "SSV:62133", "href": "https://www.seebug.org/vuldb/ssvid-62133", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-11-19T17:32:13", "description": "CVE ID:CVE-2014-1727\r\n\r\nGoogle Chrome\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome\u5904\u7406\u8868\u5355\u5b58\u5728\u91ca\u653e\u540e\u4f7f\u7528\u9519\u8bef\uff0c\u5373RenderViewObserver::OnDestruct()\u4f1a\u7834\u574fRendererWebColorChooserImpl\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u6076\u610fWEB\u9875\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n0\nGoogle Chrome 33.0.1750.154\r\nGoogle Chrome 33.0.1750.152\nGoogle Chrome 34.0.1847.116\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttps://www.google.com/chrome/", "cvss3": {}, "published": "2014-04-11T00:00:00", "type": "seebug", "title": "Google Chrome\u8868\u5355\u5904\u7406\u91ca\u653e\u540e\u4f7f\u7528\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-1727"], "modified": "2014-04-11T00:00:00", "id": "SSV:62144", "href": "https://www.seebug.org/vuldb/ssvid-62144", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T17:27:40", "description": "CVE ID:CVE-2014-0507\r\n\r\nAdobe Flash Player\u662f\u4e00\u6b3eFlash\u6587\u4ef6\u5904\u7406\u7a0b\u5e8f\u3002Adobe Air\u662f\u4e00\u6b3eAdobe\u516c\u53f8\u51fa\u54c1\u7684\u8de8\u64cd\u4f5c\u7cfb\u7edf\u7684\u8fd0\u884c\u65f6\u5e93\u3002\r\n\r\nAdobe Flash Player/AIR\u5b58\u5728\u672a\u660e\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u6784\u5efa\u6076\u610f\u6587\u4ef6\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n0\nAdobe Flash Player 12.0.0.77\r\nAdobe Flash Player 11.2.202.346\r\nAdobe Flash Player 11.7.700.272\r\nAdobe AIR 4.0.0.1628\nAdobe Flash Player 13.0.0.182, 11.2.202.350\u6216Adobe AIR 13.0.0.83\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.adobe.com", "cvss3": {}, "published": "2014-04-11T00:00:00", "type": "seebug", "title": "Adobe Flash Player/AIR\u672a\u660e\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-0507"], "modified": "2014-04-11T00:00:00", "id": "SSV:62132", "href": "https://www.seebug.org/vuldb/ssvid-62132", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T17:27:45", "description": "CVE ID:CVE-2014-1716\r\n\r\nGoogle Chrome\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle V8\u5b58\u5728\u4e00\u4e2a\u901a\u7528\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u7531\u4e8e\u5bf9Runtime_SetPrototype()\u51fd\u6570(runtime.cc)\u8bbf\u95ee\u68c0\u67e5\u7f3a\u5931\uff0c\u53ef\u5bfc\u81f4\u5bf9\u663e\u793a\u7ed9\u7528\u6237\u7684\u8f93\u5165\u7f3a\u5c11\u6b63\u786e\u6821\u9a8c\uff0c\u653b\u51fb\u8005\u53ef\u6784\u5efa\u7279\u5236\u8bf7\u6c42\uff0c\u4ee5\u7528\u6237\u4f1a\u8bdd\u4e0a\u4e0b\u6587\u6267\u884c\u4efb\u610f\u811a\u672c\u4ee3\u7801\u3002\n0\nGoogle Chrome 33.0.1750.154\r\nGoogle Chrome 33.0.1750.152\nGoogle Chrome 34.0.1847.116\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttps://www.google.com/chrome/", "cvss3": {}, "published": "2014-04-11T00:00:00", "type": "seebug", "title": "Google V8 Runtime_SetPrototype()\u51fd\u6570\u8bbf\u95ee\u68c0\u67e5\u7f3a\u5931\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-1716"], "modified": "2014-04-11T00:00:00", "id": "SSV:62135", "href": "https://www.seebug.org/vuldb/ssvid-62135", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T17:27:38", "description": "CVE ID:CVE-2014-1726\r\n\r\nGoogle Chrome\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome\u5904\u7406\u62d6\u64cd\u4f5c\u5b58\u5728\u4e00\u4e2a\u672a\u660e\u5b89\u5168\u6f0f\u6d1e\uff0c\u53ef\u5bfc\u81f4\u4f2a\u9020\u672c\u5730\u6587\u4ef6\u8def\u5f84\uff0c\u7ed5\u8fc7\u540c\u6e90\u7b56\u7565\u3002\n0\nGoogle Chrome 33.0.1750.154\r\nGoogle Chrome 33.0.1750.152\nGoogle Chrome 34.0.1847.116\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttps://www.google.com/chrome/", "cvss3": {}, "published": "2014-04-11T00:00:00", "type": "seebug", "title": "Google Chrome\u62d6\u5904\u7406\u672c\u5730\u6587\u4ef6\u8def\u5f84\u4f2a\u9020\u8de8\u57df\u7ed5\u8fc7\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-1726"], "modified": "2014-04-11T00:00:00", "id": "SSV:62143", "href": "https://www.seebug.org/vuldb/ssvid-62143", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-11-19T17:30:35", "description": "CVE(CAN) ID: CVE-2014-0506\r\n\r\nAdobe Flash Player\u662f\u4e00\u4e2a\u96c6\u6210\u7684\u591a\u5a92\u4f53\u64ad\u653e\u5668\u3002\r\n\r\nAdobe Flash Player 12.0.0.77 (Windows)\u7248\u672c\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u91ca\u653e\u540e\u91cd\u5229\u7528\u5b89\u5168\u6f0f\u6d1e\uff0c\u53ef\u4f7f\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7IE\u6c99\u76d2\u4fdd\u62a4\u673a\u5236\u5e76\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n0\r\nAdobe Flash Player 12.0.0.77\r\n\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\nhttp://www.adobe.com/support/security/", "cvss3": {}, "published": "2014-03-28T00:00:00", "type": "seebug", "title": "Adobe Flash Player\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-0506"], "modified": "2014-03-28T00:00:00", "id": "SSV:61978", "href": "https://www.seebug.org/vuldb/ssvid-61978", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T17:27:39", "description": "CVE ID:CVE-2014-1723\r\n\r\nGoogle Chrome\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome UnescapeURLWithOffsetsImpl()\u51fd\u6570(net/base/escape.cc)\u5904\u7406URL\u4e2d\u672a\u8f6c\u4e49BiDi\u63a7\u5236\u7b26\u65f6\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u6076\u610fWEB\u9875\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u5bfc\u81f4URL\u6df7\u6dc6\u3002\n0\nGoogle Chrome 33.0.1750.154\r\nGoogle Chrome 33.0.1750.152\nGoogle Chrome 34.0.1847.116\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttps://www.google.com/chrome/", "cvss3": {}, "published": "2014-04-11T00:00:00", "type": "seebug", "title": "Google Chrome UnescapeURLWithOffsetsImpl() Function BiDi\u63a7\u5236\u7b26\u672a\u8f6c\u4e49URL\u6df7\u6dc6\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-1723"], "modified": "2014-04-11T00:00:00", "id": "SSV:62140", "href": "https://www.seebug.org/vuldb/ssvid-62140", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T17:27:39", "description": "CVE ID:CVE-2014-1724\r\n\r\nGoogle Chrome\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome\u4e2d\u76f8\u5173speech\u5b58\u5728\u91ca\u653e\u540e\u4f7f\u7528\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u6076\u610fWEB\u9875\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n0\nGoogle Chrome 33.0.1750.154\r\nGoogle Chrome 33.0.1750.152\nGoogle Chrome 34.0.1847.116\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttps://www.google.com/chrome/", "cvss3": {}, "published": "2014-04-11T00:00:00", "type": "seebug", "title": "Google Chrome speech\u672a\u660e\u91ca\u653e\u540e\u4f7f\u7528\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-1724"], "modified": "2014-04-11T00:00:00", "id": "SSV:62141", "href": "https://www.seebug.org/vuldb/ssvid-62141", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T17:27:46", "description": "CVE ID:CVE-2014-1719\r\n\r\nGoogle Chrome\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome web workers\u5b58\u5728\u91ca\u653e\u540e\u4f7f\u7528\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u6076\u610fWEB\u9875\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n0\nGoogle Chrome 33.0.1750.154\r\nGoogle Chrome 33.0.1750.152\nGoogle Chrome 34.0.1847.116\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttps://www.google.com/chrome/", "cvss3": {}, "published": "2014-04-11T00:00:00", "type": "seebug", "title": "Google Chrome Web Workers\u672a\u660e\u91ca\u653e\u540e\u4f7f\u7528\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-1719"], "modified": "2014-04-11T00:00:00", "id": "SSV:62137", "href": "https://www.seebug.org/vuldb/ssvid-62137", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T17:27:37", "description": "CVE ID:CVE-2014-1718\r\n\r\nGoogle Chrome\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome SoftwareFrameManager::SwapToNewFrame()\u51fd\u6570(renderer_host/software_frame_manager.cc)\u5b58\u5728\u4e00\u4e2a\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u6076\u610fWEB\u9875\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4ee5\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n0\nGoogle Chrome 33.0.1750.154\r\nGoogle Chrome 33.0.1750.152\nGoogle Chrome 34.0.1847.116\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttps://www.google.com/chrome/", "cvss3": {}, "published": "2014-04-11T00:00:00", "type": "seebug", "title": "Google Chrome SoftwareFrameManager::SwapToNewFrame()\u51fd\u6570\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-1718"], "modified": "2014-04-11T00:00:00", "id": "SSV:62136", "href": "https://www.seebug.org/vuldb/ssvid-62136", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T17:28:10", "description": "CVE ID:CVE-2014-1725\r\n\r\nGoogle Chrome\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome base64DecodeInternal() \u51fd\u6570(text/Base64.cpp)\u5904\u7406windows\u5c5e\u6027\u5b58\u5728\u8d8a\u754c\u8bfb(\u5f53\u8f93\u5165\u53ea\u6709\u7a7a\u683c\u65f6window.atob()\u65b9\u6cd5\u6ca1\u6709\u8fd4\u56de\u6b63\u786e\u503c)\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u6076\u610fWEB\u9875\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u8bfb\u53d6\u5185\u5b58\u6d88\u606f\u3002\n0\nGoogle Chrome 33.0.1750.154\r\nGoogle Chrome 33.0.1750.152\nGoogle Chrome 34.0.1847.116\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttps://www.google.com/chrome/", "cvss3": {}, "published": "2014-04-11T00:00:00", "type": "seebug", "title": "Google Chrome base64DecodeInternal()\u51fd\u6570\u8d8a\u754c\u8bfb\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-1725"], "modified": "2014-04-11T00:00:00", "id": "SSV:62142", "href": "https://www.seebug.org/vuldb/ssvid-62142", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-11-19T17:38:56", "description": "CVE ID:CVE-2014-1722\r\n\r\nGoogle Chrome\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome\u4e2d\u76f8\u5173rendering\u5b58\u5728\u91ca\u653e\u540e\u4f7f\u7528\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u6076\u610fWEB\u9875\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n0\nGoogle Chrome 33.0.1750.154\r\nGoogle Chrome 33.0.1750.152\nGoogle Chrome 34.0.1847.116\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttps://www.google.com/chrome/", "cvss3": {}, "published": "2014-04-11T00:00:00", "type": "seebug", "title": "Google Chrome rendering\u672a\u660e\u91ca\u653e\u540e\u4f7f\u7528\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-1722"], "modified": "2014-04-11T00:00:00", "id": "SSV:62139", "href": "https://www.seebug.org/vuldb/ssvid-62139", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T17:27:37", "description": "CVE ID:CVE-2014-1721\r\n\r\nGoogle Chrome\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome V8\u5904\u7406\u7279\u5236\u7684JavaScript\u5b58\u5728\u5185\u5b58\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u6076\u610fWEB\u9875\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n0\nGoogle Chrome 33.0.1750.154\r\nGoogle Chrome 33.0.1750.152\r\nGoogle Chrome V8 3.25.7\nGoogle Chrome 34.0.1847.116\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttps://www.google.com/chrome/", "cvss3": {}, "published": "2014-04-11T00:00:00", "type": "seebug", "title": "Google Chrome V8\u5185\u5b58\u7834\u574f\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-1721"], "modified": "2014-04-11T00:00:00", "id": "SSV:62138", "href": "https://www.seebug.org/vuldb/ssvid-62138", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "checkpoint_advisories": [{"lastseen": "2022-11-28T06:41:06", "description": "A cross-site scripting vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way the browser and the plug-in handle specially crafted URLs. A remote attacker can exploit this vulnerability by enticing an affected user to open a malicious web-page.", "cvss3": {}, "published": "2014-04-13T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player Cross-Site Scripting (APSB14-09: CVE-2014-0509)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0509"], "modified": "2014-04-17T00:00:00", "id": "CPAI-2014-1337", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-11-28T07:02:08", "description": "An information disclosure vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way Adobe Flash Player handles specially crafted SWF files. A remote attacker could exploit this vulnerability by enticing a user to open an HTML document containing an embedded malformed Flash file (SWF) with an affected product.", "cvss3": {}, "published": "2014-04-10T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player Information Disclosure (APSB14-09: CVE-2014-0508)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0508"], "modified": "2014-04-16T00:00:00", "id": "CPAI-2014-1341", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-11-28T06:42:52", "description": "A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error while loading specially crafted SWF files. A remote attacker can exploit this issue by enticing the victim to open a specially crafted SWF file.", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player Use After Free Code Execution (APSB14-09: CVE-2014-0507)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0507"], "modified": "2014-04-10T00:00:00", "id": "CPAI-2014-1340", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-28T06:42:57", "description": "A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error while loading SWF files. A remote attacker can exploit this issue by enticing the victim to open a malicious web page.", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player Use After Free Code Execution (APSB14-09; CVE-2014-0506)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2014-0506"], "modified": "2014-04-09T00:00:00", "id": "CPAI-2014-1338", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntucve": [{"lastseen": "2023-12-02T15:41:54", "description": "Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before\n13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR\nbefore 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR\nSDK & Compiler before 13.0.0.83 allow attackers to bypass intended access\nrestrictions and obtain sensitive information via unspecified vectors.", "cvss3": {}, "published": "2014-04-08T00:00:00", "type": "ubuntucve", "title": "CVE-2014-0508", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0508"], "modified": "2014-04-08T00:00:00", "id": "UB:CVE-2014-0508", "href": "https://ubuntu.com/security/CVE-2014-0508", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-02T15:41:55", "description": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before\n11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS\nX and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android,\nAdobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before\n13.0.0.83 allows remote attackers to inject arbitrary web script or HTML\nvia unspecified vectors.", "cvss3": {}, "published": "2014-04-08T00:00:00", "type": "ubuntucve", "title": "CVE-2014-0509", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0509"], "modified": "2014-04-08T00:00:00", "id": "UB:CVE-2014-0509", "href": "https://ubuntu.com/security/CVE-2014-0509", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-02T15:41:52", "description": "The drag implementation in Google Chrome before 34.0.1847.116 allows\nuser-assisted remote attackers to bypass the Same Origin Policy and forge\nlocal pathnames by leveraging renderer access.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[chrisccoulson](<https://launchpad.net/~chrisccoulson>) | Drag / drop currently not implemented in Oxide\n", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "ubuntucve", "title": "CVE-2014-1726", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1726"], "modified": "2014-04-09T00:00:00", "id": "UB:CVE-2014-1726", "href": "https://ubuntu.com/security/CVE-2014-1726", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-02T15:41:54", "description": "Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x\nthrough 13.0.x before 13.0.0.182 on Windows and OS X and before\n11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK\nbefore 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows\nattackers to execute arbitrary code via unspecified vectors.", "cvss3": {}, "published": "2014-04-08T00:00:00", "type": "ubuntucve", "title": "CVE-2014-0507", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0507"], "modified": "2014-04-08T00:00:00", "id": "UB:CVE-2014-0507", "href": "https://ubuntu.com/security/CVE-2014-0507", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-02T15:41:53", "description": "Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype\nfunction in runtime.cc in Google V8, as used in Google Chrome before\n34.0.1847.116, allows remote attackers to inject arbitrary web script or\nHTML via unspecified vectors, aka \"Universal XSS (UXSS).\"\n\n#### Notes\n\nAuthor| Note \n---|--- \n[chrisccoulson](<https://launchpad.net/~chrisccoulson>) | Issue was fixed prior to Oxide r501, the first version to be included in an Ubuntu release \n[mikesalvatore](<https://launchpad.net/~mikesalvatore>) | The Ubuntu Security Team does not support libv8\n", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "ubuntucve", "title": "CVE-2014-1716", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1716"], "modified": "2014-04-09T00:00:00", "id": "UB:CVE-2014-1716", "href": "https://ubuntu.com/security/CVE-2014-1716", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T15:41:53", "description": "Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.116\nallow attackers to cause a denial of service or possibly have other impact\nvia unknown vectors.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[chrisccoulson](<https://launchpad.net/~chrisccoulson>) | Issue was fixed prior to Oxide r501, the first version to be included in an Ubuntu release\n", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "ubuntucve", "title": "CVE-2014-1728", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1728"], "modified": "2014-04-09T00:00:00", "id": "UB:CVE-2014-1728", "href": "https://ubuntu.com/security/CVE-2014-1728", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T15:41:52", "description": "Use-after-free vulnerability in\ncontent/renderer/renderer_webcolorchooser_impl.h in Google Chrome before\n34.0.1847.116 allows remote attackers to cause a denial of service or\npossibly have unspecified other impact via vectors related to forms.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[chrisccoulson](<https://launchpad.net/~chrisccoulson>) | Issue was fixed prior to Oxide r501, the first version to be included in an Ubuntu release\n", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "ubuntucve", "title": "CVE-2014-1727", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1727"], "modified": "2014-04-09T00:00:00", "id": "UB:CVE-2014-1727", "href": "https://ubuntu.com/security/CVE-2014-1727", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T15:41:54", "description": "Use-after-free vulnerability in the\nWebSharedWorkerStub::OnTerminateWorkerContext function in\ncontent/worker/websharedworker_stub.cc in the Web Workers implementation in\nGoogle Chrome before 34.0.1847.116 allows remote attackers to cause a\ndenial of service (heap memory corruption) or possibly have unspecified\nother impact via vectors that trigger a SharedWorker termination during\nscript loading.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[chrisccoulson](<https://launchpad.net/~chrisccoulson>) | Issue was fixed prior to Oxide r501, the first version to be included in an Ubuntu release\n", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "ubuntucve", "title": "CVE-2014-1719", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1719"], "modified": "2014-04-09T00:00:00", "id": "UB:CVE-2014-1719", "href": "https://ubuntu.com/security/CVE-2014-1719", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T15:41:53", "description": "Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in\ncontent/browser/renderer_host/software_frame_manager.cc in the software\ncompositor in Google Chrome before 34.0.1847.116 allows remote attackers to\ncause a denial of service or possibly have unspecified other impact via\nvectors that trigger an attempted mapping of a large amount of renderer\nmemory.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[chrisccoulson](<https://launchpad.net/~chrisccoulson>) | SoftwareFrameManager is only used in the Mac port\n", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "ubuntucve", "title": "CVE-2014-1718", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1718"], "modified": "2014-04-09T00:00:00", "id": "UB:CVE-2014-1718", "href": "https://ubuntu.com/security/CVE-2014-1718", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T15:41:54", "description": "The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google\nChrome before 34.0.1847.116 does not properly handle bidirectional\nInternationalized Resource Identifiers (IRIs), which makes it easier for\nremote attackers to spoof URLs via crafted use of right-to-left (RTL)\nUnicode text.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[chrisccoulson](<https://launchpad.net/~chrisccoulson>) | Issue was fixed prior to Oxide r501, the first version to be included in an Ubuntu release\n", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "ubuntucve", "title": "CVE-2014-1723", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1723"], "modified": "2014-04-09T00:00:00", "id": "UB:CVE-2014-1723", "href": "https://ubuntu.com/security/CVE-2014-1723", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T15:41:53", "description": "Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher\n0.7.1, as used in Google Chrome before 34.0.1847.116, allows remote\nattackers to cause a denial of service (application hang) or possibly have\nunspecified other impact via a text-to-speech request.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[chrisccoulson](<https://launchpad.net/~chrisccoulson>) | Issues is outside of content\n", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "ubuntucve", "title": "CVE-2014-1724", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1724"], "modified": "2014-04-09T00:00:00", "id": "UB:CVE-2014-1724", "href": "https://ubuntu.com/security/CVE-2014-1724", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T15:41:53", "description": "Google V8, as used in Google Chrome before 34.0.1847.116, does not properly\nuse numeric casts during handling of typed arrays, which allows remote\nattackers to cause a denial of service (out-of-bounds array access) or\npossibly have unspecified other impact via crafted JavaScript code.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[chrisccoulson](<https://launchpad.net/~chrisccoulson>) | Issue was fixed prior to Oxide r501, the first version to be included in an Ubuntu release \n[mikesalvatore](<https://launchpad.net/~mikesalvatore>) | The Ubuntu Security Team does not support libv8\n", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "ubuntucve", "title": "CVE-2014-1717", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1717"], "modified": "2014-04-09T00:00:00", "id": "UB:CVE-2014-1717", "href": "https://ubuntu.com/security/CVE-2014-1717", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T15:41:54", "description": "Use-after-free vulnerability in the\nRenderBlock::addChildIgnoringAnonymousColumnBlocks function in\ncore/rendering/RenderBlock.cpp in Blink, as used in Google Chrome before\n34.0.1847.116, allows remote attackers to cause a denial of service or\npossibly have unspecified other impact via vectors involving addition of a\nchild node.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[chrisccoulson](<https://launchpad.net/~chrisccoulson>) | Issue was fixed prior to Oxide r501, the first version to be included in an Ubuntu release\n", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "ubuntucve", "title": "CVE-2014-1722", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1722"], "modified": "2014-04-09T00:00:00", "id": "UB:CVE-2014-1722", "href": "https://ubuntu.com/security/CVE-2014-1722", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T15:41:51", "description": "Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as\nused in Google Chrome before 34.0.1847.116, allow attackers to cause a\ndenial of service or possibly have other impact via unknown vectors.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[chrisccoulson](<https://launchpad.net/~chrisccoulson>) | Issue was fixed prior to Oxide r501, the first version to be included in an Ubuntu release \n[mikesalvatore](<https://launchpad.net/~mikesalvatore>) | The Ubuntu Security Team does not support libv8\n", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "ubuntucve", "title": "CVE-2014-1729", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1729"], "modified": "2014-04-09T00:00:00", "id": "UB:CVE-2014-1729", "href": "https://ubuntu.com/security/CVE-2014-1729", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T15:41:53", "description": "Use-after-free vulnerability in the HTMLBodyElement::insertedInto function\nin core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before\n34.0.1847.116, allows remote attackers to cause a denial of service or\npossibly have unspecified other impact via vectors involving attributes.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[chrisccoulson](<https://launchpad.net/~chrisccoulson>) | Issue was fixed prior to Oxide r501, the first version to be included in an Ubuntu release\n", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "ubuntucve", "title": "CVE-2014-1720", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1720"], "modified": "2014-04-09T00:00:00", "id": "UB:CVE-2014-1720", "href": "https://ubuntu.com/security/CVE-2014-1720", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T15:41:54", "description": "Google V8, as used in Google Chrome before 34.0.1847.116, does not properly\nimplement lazy deoptimization, which allows remote attackers to cause a\ndenial of service (memory corruption) or possibly have unspecified other\nimpact via crafted JavaScript code, as demonstrated by improper handling of\na heap allocation of a number outside the Small Integer (aka smi) range.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[chrisccoulson](<https://launchpad.net/~chrisccoulson>) | Issue was fixed prior to Oxide r501, the first version to be included in an Ubuntu release \n[mikesalvatore](<https://launchpad.net/~mikesalvatore>) | The Ubuntu Security Team does not support libv8\n", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "ubuntucve", "title": "CVE-2014-1721", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1721"], "modified": "2014-04-09T00:00:00", "id": "UB:CVE-2014-1721", "href": "https://ubuntu.com/security/CVE-2014-1721", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T15:41:52", "description": "The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used\nin Google Chrome before 34.0.1847.116, does not properly handle string data\ncomposed exclusively of whitespace characters, which allows remote\nattackers to cause a denial of service (out-of-bounds read) via a\nwindow.atob method call.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[chrisccoulson](<https://launchpad.net/~chrisccoulson>) | Issue was fixed prior to Oxide r501, the first version to be included in an Ubuntu release\n", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "ubuntucve", "title": "CVE-2014-1725", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1725"], "modified": "2014-04-09T00:00:00", "id": "UB:CVE-2014-1725", "href": "https://ubuntu.com/security/CVE-2014-1725", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-12-02T10:14:14", "description": "Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.", "cvss3": {}, "published": "2014-04-08T23:55:00", "type": "cve", "title": "CVE-2014-0508", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0508"], "modified": "2017-12-16T02:29:00", "cpe": ["cpe:/a:adobe:flash_player:11.2.202.233", "cpe:/a:adobe:adobe_air:3.7.0.2090", "cpe:/a:adobe:flash_player:11.7.700.257", "cpe:/a:adobe:adobe_air:2.7.1", "cpe:/a:adobe:adobe_air_sdk:3.8.0.870", "cpe:/a:adobe:adobe_air_sdk:3.8.0.1430", "cpe:/a:adobe:adobe_air:2.0.3", "cpe:/a:adobe:flash_player:11.7.700.224", "cpe:/a:adobe:flash_player:11.2.202.258", "cpe:/a:adobe:flash_player:11.2.202.327", "cpe:/a:adobe:flash_player:11.2.202.332", "cpe:/a:adobe:adobe_air:3.2.0.207", "cpe:/a:adobe:adobe_air:3.1.0.485", "cpe:/a:adobe:flash_player:11.6.602.171", "cpe:/a:adobe:adobe_air_sdk:3.4.0.2710", "cpe:/a:adobe:adobe_air:3.9.0.1210", "cpe:/a:adobe:adobe_air:3.0.0.4080", "cpe:/a:adobe:flash_player:11.1.111.8", "cpe:/a:adobe:flash_player:11.2.202.238", "cpe:/a:adobe:adobe_air:2.0.2", "cpe:/a:adobe:adobe_air_sdk:3.7.0.1530", "cpe:/a:adobe:flash_player:11.3.300.257", "cpe:/a:adobe:adobe_air_sdk:3.5.0.600", "cpe:/a:adobe:adobe_air_sdk:3.7.0.2090", "cpe:/a:adobe:flash_player:11.1.111.50", "cpe:/a:adobe:flash_player:11.2.202.291", "cpe:/a:adobe:flash_player:11.0", "cpe:/a:adobe:flash_player:11.8.800.168", "cpe:/a:adobe:flash_player:11.2.202.341", "cpe:/a:adobe:flash_player:11.4.402.265", "cpe:/a:adobe:adobe_air_sdk:3.9.0.1380", "cpe:/a:adobe:adobe_air:2.7", "cpe:/a:adobe:adobe_air:3.4.0.2540", "cpe:/a:adobe:adobe_air:1.0.8.4990", "cpe:/a:adobe:adobe_air:3.1.0.4880", "cpe:/a:adobe:adobe_air:1.0.4990", "cpe:/a:adobe:flash_player:11.3.300.262", "cpe:/a:adobe:adobe_air_sdk:3.1.0.488", "cpe:/a:adobe:flash_player:11.2.202.280", "cpe:/a:adobe:flash_player:11.1.115.54", "cpe:/a:adobe:flash_player:11.6.602.167", "cpe:/a:adobe:adobe_air:2.6.0.19120", "cpe:/a:adobe:adobe_air:3.9.0.1060", "cpe:/a:adobe:flash_player:12.0.0.43", "cpe:/a:adobe:flash_player:11.2.202.336", "cpe:/a:adobe:adobe_air:3.8.0.910", "cpe:/a:adobe:flash_player:11.6.602.180", "cpe:/a:adobe:flash_player:11.7.700.169", "cpe:/a:adobe:adobe_air:2.0.4", "cpe:/a:adobe:adobe_air:3.4.0.2710", "cpe:/a:adobe:adobe_air:3.1.0.488", "cpe:/a:adobe:adobe_air:3.3.0.3670", "cpe:/a:adobe:adobe_air:3.5.0.1060", "cpe:/a:adobe:flash_player:11.2.202.273", "cpe:/a:adobe:adobe_air:3.5.0.880", "cpe:/a:adobe:adobe_air:3.8.0.870", "cpe:/a:adobe:adobe_air:2.7.0.19530", "cpe:/a:adobe:adobe_air:1.0", "cpe:/a:adobe:adobe_air:1.5.3", "cpe:/a:adobe:adobe_air:1.0.1", "cpe:/a:adobe:flash_player:11.7.700.260", "cpe:/a:adobe:adobe_air_sdk:3.5.0.1060", "cpe:/a:adobe:flash_player:11.9.900.152", "cpe:/a:adobe:adobe_air_sdk:3.3.0.3690", "cpe:/a:adobe:flash_player:12.0.0.41", "cpe:/a:adobe:flash_player:11.8.800.97", "cpe:/a:adobe:adobe_air_sdk:3.9.0.1210", "cpe:/a:adobe:flash_player:11.2.202.275", "cpe:/a:adobe:adobe_air:2.0.3.13070", "cpe:/a:adobe:adobe_air:1.5.0.7220", "cpe:/a:adobe:flash_player:11.1.102.63", "cpe:/a:adobe:adobe_air:3.6.0.6090", "cpe:/a:adobe:flash_player:11.7.700.252", "cpe:/a:adobe:adobe_air:2.7.0.1948", "cpe:/a:adobe:flash_player:11.2.202.228", "cpe:/a:adobe:flash_player:11.2.202.297", "cpe:/a:adobe:flash_player:11.2.202.285", "cpe:/a:adobe:flash_player:11.3.300.265", "cpe:/a:adobe:adobe_air_sdk:3.9.0.1030", "cpe:/a:adobe:flash_player:11.3.300.270", "cpe:/a:adobe:adobe_air_sdk:3.5.0.880", "cpe:/a:adobe:adobe_air_sdk:3.4.0.2540", "cpe:/a:adobe:flash_player:12.0.0.38", "cpe:/a:adobe:adobe_air_sdk:3.7.0.1860", "cpe:/a:adobe:flash_player:11.2.202.251", "cpe:/a:adobe:flash_player:11.5.502.135", "cpe:/a:adobe:flash_player:11.1.111.44", "cpe:/a:adobe:flash_player:11.2.202.236", "cpe:/a:adobe:adobe_air:1.5", "cpe:/a:adobe:adobe_air_sdk:3.2.0.2070", "cpe:/a:adobe:adobe_air:3.9.0.1380", "cpe:/a:adobe:flash_player:11.2.202.223", "cpe:/a:adobe:adobe_air_sdk:3.6.0.599", "cpe:/a:adobe:flash_player:11.5.502.146", "cpe:/a:adobe:flash_player:11.4.402.278", "cpe:/a:adobe:adobe_air:1.5.3.9130", "cpe:/a:adobe:flash_player:11.5.502.149", "cpe:/a:adobe:flash_player:11.3.300.273", "cpe:/a:adobe:adobe_air:2.7.1.19610", "cpe:/a:adobe:flash_player:11.9.900.170", "cpe:/a:adobe:flash_player:11.3.300.271", "cpe:/a:adobe:flash_player:11.1.102.59", "cpe:/a:adobe:flash_player:11.6.602.168", "cpe:/a:adobe:adobe_air:1.1.0.5790", "cpe:/a:adobe:adobe_air_sdk:3.8.0.910", "cpe:/a:adobe:flash_player:11.5.502.136", "cpe:/a:adobe:adobe_air:2.6.0.19140", "cpe:/a:adobe:flash_player:11.2.202.346", "cpe:/a:adobe:flash_player:11.1.115.7", "cpe:/a:adobe:adobe_air:2.7.0.19480", "cpe:/a:adobe:flash_player:11.7.700.232", "cpe:/a:adobe:adobe_air:3.5.0.600", "cpe:/a:adobe:adobe_air_sdk:3.5.0.890", "cpe:/a:adobe:flash_player:11.1.102.62", "cpe:/a:adobe:adobe_air:3.7.0.1860", "cpe:/a:adobe:flash_player:11.9.900.117", "cpe:/a:adobe:adobe_air:3.6.0.597", "cpe:/a:adobe:adobe_air_sdk:4.0.0.1628", "cpe:/a:adobe:flash_player:11.4.402.287", "cpe:/a:adobe:adobe_air:1.1", "cpe:/a:adobe:flash_player:11.8.800.94", "cpe:/a:adobe:adobe_air:2.6", "cpe:/a:adobe:adobe_air_sdk:3.0.0.4080", "cpe:/a:adobe:adobe_air_sdk:3.6.0.6090", "cpe:/a:adobe:flash_player:11.2.202.310", "cpe:/a:adobe:adobe_air:2.7.0.1953", "cpe:/a:adobe:adobe_air:2.5.0.16600", "cpe:/a:adobe:adobe_air:3.0.0.408", "cpe:/a:adobe:adobe_air:2.5.1.17730", "cpe:/a:adobe:adobe_air:2.0.2.12610", "cpe:/a:adobe:flash_player:11.0.1.153", "cpe:/a:adobe:flash_player:11.3.300.268", "cpe:/a:adobe:adobe_air:3.9.0.1030", "cpe:/a:adobe:flash_player:11.1.115.34", "cpe:/a:adobe:flash_player:11.2.202.335", "cpe:/a:adobe:flash_player:11.7.700.202", "cpe:/a:adobe:flash_player:11.1.115.48", "cpe:/a:adobe:adobe_air:3.7.0.1530", "cpe:/a:adobe:flash_player:11.1.115.58", "cpe:/a:adobe:adobe_air:1.5.3.9120", "cpe:/a:adobe:adobe_air:1.5.1", "cpe:/a:adobe:adobe_air:1.5.2", "cpe:/a:adobe:flash_player:11.5.502.110", "cpe:/a:adobe:adobe_air:3.2.0.2070", "cpe:/a:adobe:flash_player:11.0.1.152", "cpe:/a:adobe:adobe_air:3.5.0.890", "cpe:/a:adobe:flash_player:11.2.202.270", "cpe:/a:adobe:flash_player:11.2.202.243", "cpe:/a:adobe:adobe_air_sdk:4.0.0.1390", "cpe:/a:adobe:adobe_air:1.5.1.8210", "cpe:/a:adobe:adobe_air_sdk:3.3.0.3650", "cpe:/a:adobe:flash_player:11.1.111.54", "cpe:/a:adobe:flash_player:11.7.700.242", "cpe:/a:adobe:flash_player:11.2.202.235", "cpe:/a:adobe:adobe_air:4.0.0.1390", "cpe:/a:adobe:flash_player:11.1", "cpe:/a:adobe:flash_player:11.1.102.55", "cpe:/a:adobe:flash_player:11.2.202.262", "cpe:/a:adobe:flash_player:11.2.202.261"], "id": "CVE-2014-0508", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0508", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:adobe_air_sdk:3.9.0.1380:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.3.0.3670:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.136:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.6.0.19140:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.9.900.117:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.890:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:4.0.0.1628:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:12.0.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.4.0.2540:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.4.0.2540:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.44:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.2.0.2070:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.5.1.17730:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.6.0.6090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.110:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.9.0.1210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.180:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.8.800.168:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:4.0.0.1390:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.8.800.97:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.1.0.485:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.3.9130:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.3.13070:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.0.0.4080:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.6.0.6090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.0.7220:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.1.0.488:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.8.0.870:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.169:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.58:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.224:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.8.0.870:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.5.0.16600:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.1.0.488:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.62:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.8.0.910:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.2.0.2070:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.2.0.207:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.880:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.1.0.4880:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.8.800.94:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.232:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.0.0.4080:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.270:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.3.0.3690:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1030:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1380:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.0.1.152:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.4.402.278:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.880:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.7.0.2090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.202:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.7.0.1860:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.600:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.1060:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.1953:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.1.8210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.34:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.6.0.599:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.149:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.50:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.146:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.1948:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.1060:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.167:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.63:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.0.1.153:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.8.0.1430:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.0.0.408:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.9.0.1030:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.8:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.54:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.265:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.4.0.2710:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.4.402.265:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.7.0.1530:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.3.0.3650:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.242:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.257:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.9.900.170:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.327:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.890:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.273:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:12.0.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.9.900.152:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.262:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.7.0.1530:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.2.12610:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.19480:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.271:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.7.0.2090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.1.0.5790:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.168:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:12.0.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.600:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.4.402.287:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.6.0.19120:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.54:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.7:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.257:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.1.19610:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.48:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.59:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.4.0.2710:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.7.0.1860:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.260:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.135:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.6.0.597:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.19530:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.171:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0.4990:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0.8.4990:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.8.0.910:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.268:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1060:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.252:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.55:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:4.0.0.1390:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.3.9120:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T10:14:14", "description": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "cvss3": {}, "published": "2014-04-08T23:55:00", "type": "cve", "title": "CVE-2014-0509", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0509"], "modified": "2017-12-16T02:29:00", "cpe": ["cpe:/a:adobe:flash_player:11.2.202.233", "cpe:/a:adobe:adobe_air:3.7.0.2090", "cpe:/a:adobe:flash_player:11.7.700.257", "cpe:/a:adobe:adobe_air:2.7.1", "cpe:/a:adobe:adobe_air_sdk:3.8.0.870", "cpe:/a:adobe:adobe_air_sdk:3.8.0.1430", "cpe:/a:adobe:adobe_air:2.0.3", "cpe:/a:adobe:flash_player:11.7.700.224", "cpe:/a:adobe:flash_player:11.2.202.258", "cpe:/a:adobe:flash_player:11.2.202.327", "cpe:/a:adobe:flash_player:11.2.202.332", "cpe:/a:adobe:adobe_air:3.2.0.207", "cpe:/a:adobe:adobe_air:3.1.0.485", "cpe:/a:adobe:flash_player:11.6.602.171", "cpe:/a:adobe:adobe_air:3.9.0.1210", "cpe:/a:adobe:adobe_air_sdk:3.4.0.2710", "cpe:/a:adobe:adobe_air:3.0.0.4080", "cpe:/a:adobe:flash_player:11.1.111.8", "cpe:/a:adobe:flash_player:11.2.202.238", "cpe:/a:adobe:adobe_air:2.0.2", "cpe:/a:adobe:adobe_air_sdk:3.7.0.1530", "cpe:/a:adobe:flash_player:11.3.300.257", "cpe:/a:adobe:adobe_air_sdk:3.5.0.600", "cpe:/a:adobe:adobe_air_sdk:3.7.0.2090", "cpe:/a:adobe:flash_player:11.1.111.50", "cpe:/a:adobe:flash_player:11.8.800.168", "cpe:/a:adobe:flash_player:11.0", "cpe:/a:adobe:flash_player:11.2.202.291", "cpe:/a:adobe:flash_player:11.4.402.265", "cpe:/a:adobe:flash_player:11.2.202.341", "cpe:/a:adobe:adobe_air_sdk:3.9.0.1380", "cpe:/a:adobe:adobe_air:2.7", "cpe:/a:adobe:adobe_air:3.4.0.2540", "cpe:/a:adobe:adobe_air:1.0.8.4990", "cpe:/a:adobe:adobe_air:3.1.0.4880", "cpe:/a:adobe:adobe_air:1.0.4990", "cpe:/a:adobe:flash_player:11.3.300.262", "cpe:/a:adobe:flash_player:11.2.202.280", "cpe:/a:adobe:adobe_air_sdk:3.1.0.488", "cpe:/a:adobe:flash_player:11.1.115.54", "cpe:/a:adobe:flash_player:11.6.602.167", "cpe:/a:adobe:adobe_air:2.6.0.19120", "cpe:/a:adobe:adobe_air:3.9.0.1060", "cpe:/a:adobe:flash_player:12.0.0.43", "cpe:/a:adobe:flash_player:11.2.202.336", "cpe:/a:adobe:flash_player:11.6.602.180", "cpe:/a:adobe:flash_player:11.7.700.169", "cpe:/a:adobe:adobe_air:3.8.0.910", "cpe:/a:adobe:adobe_air:2.0.4", "cpe:/a:adobe:adobe_air:3.4.0.2710", "cpe:/a:adobe:adobe_air:3.1.0.488", "cpe:/a:adobe:adobe_air:3.3.0.3670", "cpe:/a:adobe:adobe_air:3.5.0.1060", "cpe:/a:adobe:flash_player:11.2.202.273", "cpe:/a:adobe:adobe_air:3.5.0.880", "cpe:/a:adobe:adobe_air:3.8.0.870", "cpe:/a:adobe:adobe_air:2.7.0.19530", "cpe:/a:adobe:adobe_air:1.0", "cpe:/a:adobe:adobe_air:1.5.3", "cpe:/a:adobe:flash_player:11.7.700.260", "cpe:/a:adobe:flash_player:11.9.900.152", "cpe:/a:adobe:adobe_air:1.0.1", "cpe:/a:adobe:adobe_air_sdk:3.5.0.1060", "cpe:/a:adobe:adobe_air_sdk:3.3.0.3690", "cpe:/a:adobe:flash_player:12.0.0.41", "cpe:/a:adobe:flash_player:11.8.800.97", "cpe:/a:adobe:adobe_air_sdk:3.9.0.1210", "cpe:/a:adobe:flash_player:11.2.202.275", "cpe:/a:adobe:adobe_air:2.0.3.13070", "cpe:/a:adobe:adobe_air:1.5.0.7220", "cpe:/a:adobe:flash_player:11.1.102.63", "cpe:/a:adobe:adobe_air:3.6.0.6090", "cpe:/a:adobe:flash_player:11.7.700.252", "cpe:/a:adobe:adobe_air:2.7.0.1948", "cpe:/a:adobe:flash_player:11.2.202.228", "cpe:/a:adobe:flash_player:11.2.202.297", "cpe:/a:adobe:flash_player:11.2.202.285", "cpe:/a:adobe:flash_player:11.3.300.265", "cpe:/a:adobe:adobe_air_sdk:3.9.0.1030", "cpe:/a:adobe:flash_player:11.3.300.270", "cpe:/a:adobe:adobe_air_sdk:3.5.0.880", "cpe:/a:adobe:flash_player:12.0.0.38", "cpe:/a:adobe:adobe_air_sdk:3.4.0.2540", "cpe:/a:adobe:adobe_air_sdk:3.7.0.1860", "cpe:/a:adobe:flash_player:11.2.202.251", "cpe:/a:adobe:flash_player:11.5.502.135", "cpe:/a:adobe:flash_player:11.1.111.44", "cpe:/a:adobe:flash_player:11.2.202.236", "cpe:/a:adobe:adobe_air:1.5", "cpe:/a:adobe:adobe_air_sdk:3.2.0.2070", "cpe:/a:adobe:adobe_air:3.9.0.1380", "cpe:/a:adobe:flash_player:11.2.202.223", "cpe:/a:adobe:adobe_air_sdk:3.6.0.599", "cpe:/a:adobe:flash_player:11.5.502.146", "cpe:/a:adobe:flash_player:11.4.402.278", "cpe:/a:adobe:adobe_air:1.5.3.9130", "cpe:/a:adobe:flash_player:11.5.502.149", "cpe:/a:adobe:flash_player:11.3.300.273", "cpe:/a:adobe:adobe_air:2.7.1.19610", "cpe:/a:adobe:flash_player:11.9.900.170", "cpe:/a:adobe:flash_player:11.3.300.271", "cpe:/a:adobe:flash_player:11.1.102.59", "cpe:/a:adobe:flash_player:11.6.602.168", "cpe:/a:adobe:adobe_air:1.1.0.5790", "cpe:/a:adobe:adobe_air_sdk:3.8.0.910", "cpe:/a:adobe:flash_player:11.5.502.136", "cpe:/a:adobe:adobe_air:2.6.0.19140", "cpe:/a:adobe:flash_player:11.2.202.346", "cpe:/a:adobe:flash_player:11.1.115.7", "cpe:/a:adobe:flash_player:11.7.700.232", "cpe:/a:adobe:adobe_air:2.7.0.19480", "cpe:/a:adobe:flash_player:11.1.102.62", "cpe:/a:adobe:adobe_air:3.5.0.600", "cpe:/a:adobe:adobe_air_sdk:3.5.0.890", "cpe:/a:adobe:adobe_air:3.7.0.1860", "cpe:/a:adobe:flash_player:11.9.900.117", "cpe:/a:adobe:adobe_air:3.6.0.597", "cpe:/a:adobe:adobe_air_sdk:4.0.0.1628", "cpe:/a:adobe:flash_player:11.4.402.287", "cpe:/a:adobe:adobe_air:1.1", "cpe:/a:adobe:flash_player:11.8.800.94", "cpe:/a:adobe:adobe_air:2.6", "cpe:/a:adobe:adobe_air_sdk:3.0.0.4080", "cpe:/a:adobe:adobe_air_sdk:3.6.0.6090", "cpe:/a:adobe:flash_player:11.2.202.310", "cpe:/a:adobe:adobe_air:2.7.0.1953", "cpe:/a:adobe:adobe_air:2.5.0.16600", "cpe:/a:adobe:adobe_air:3.0.0.408", "cpe:/a:adobe:adobe_air:2.5.1.17730", "cpe:/a:adobe:adobe_air:2.0.2.12610", "cpe:/a:adobe:flash_player:11.0.1.153", "cpe:/a:adobe:flash_player:11.3.300.268", "cpe:/a:adobe:adobe_air:3.9.0.1030", "cpe:/a:adobe:flash_player:11.1.115.34", "cpe:/a:adobe:flash_player:11.2.202.335", "cpe:/a:adobe:flash_player:11.7.700.202", "cpe:/a:adobe:flash_player:11.1.115.48", "cpe:/a:adobe:flash_player:11.1.115.58", "cpe:/a:adobe:adobe_air:3.7.0.1530", "cpe:/a:adobe:adobe_air:1.5.3.9120", "cpe:/a:adobe:adobe_air:1.5.1", "cpe:/a:adobe:flash_player:11.5.502.110", "cpe:/a:adobe:adobe_air:1.5.2", "cpe:/a:adobe:adobe_air:3.2.0.2070", "cpe:/a:adobe:flash_player:11.0.1.152", "cpe:/a:adobe:adobe_air:3.5.0.890", "cpe:/a:adobe:flash_player:11.2.202.270", "cpe:/a:adobe:flash_player:11.2.202.243", "cpe:/a:adobe:adobe_air_sdk:4.0.0.1390", "cpe:/a:adobe:adobe_air:1.5.1.8210", "cpe:/a:adobe:adobe_air_sdk:3.3.0.3650", "cpe:/a:adobe:flash_player:11.1.111.54", "cpe:/a:adobe:flash_player:11.7.700.242", "cpe:/a:adobe:flash_player:11.2.202.235", "cpe:/a:adobe:flash_player:11.1.102.55", "cpe:/a:adobe:flash_player:11.1", "cpe:/a:adobe:adobe_air:4.0.0.1390", "cpe:/a:adobe:flash_player:11.2.202.262", "cpe:/a:adobe:flash_player:11.2.202.261"], "id": "CVE-2014-0509", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0509", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:adobe:adobe_air_sdk:3.9.0.1380:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.3.0.3670:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.136:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.6.0.19140:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.9.900.117:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.890:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:4.0.0.1628:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:12.0.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.4.0.2540:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.4.0.2540:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.44:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.2.0.2070:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.5.1.17730:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.6.0.6090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.110:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.180:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.8.800.168:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.9.0.1210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:4.0.0.1390:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.8.800.97:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.1.0.485:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.3.9130:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.3.13070:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.0.0.4080:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.6.0.6090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.0.7220:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.1.0.488:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.8.0.870:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.169:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.58:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.224:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.8.0.870:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.5.0.16600:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.1.0.488:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.62:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.8.0.910:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.2.0.2070:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.2.0.207:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.880:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.1.0.4880:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.8.800.94:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.232:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.0.0.4080:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.270:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.3.0.3690:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1030:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1380:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.0.1.152:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.4.402.278:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.880:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.7.0.2090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.202:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.7.0.1860:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.600:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.1953:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.34:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.1.8210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.1060:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.6.0.599:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.149:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.50:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.146:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.1948:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.1060:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.167:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.63:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.0.1.153:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.8.0.1430:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.0.0.408:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.9.0.1030:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.8:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.54:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.265:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.4.0.2710:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.4.402.265:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.7.0.1530:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.3.0.3650:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.242:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.9.900.170:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.327:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.890:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.273:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:12.0.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.9.900.152:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.262:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.7.0.1530:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.271:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.19480:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.2.12610:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.7.0.2090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.1.0.5790:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.168:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:12.0.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.600:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.4.402.287:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.6.0.19120:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.54:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.7:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.257:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.48:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.1.19610:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.3.9120:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.59:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.4.0.2710:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.7.0.1860:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.260:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.135:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.6.0.597:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.19530:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.171:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0.4990:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0.8.4990:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.268:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.8.0.910:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1060:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.252:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.55:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:4.0.0.1390:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.257:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T10:22:11", "description": "The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "cve", "title": "CVE-2014-1726", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1726"], "modified": "2023-11-07T02:19:00", "cpe": ["cpe:/a:google:chrome:34.0.1847.115"], "id": "CVE-2014-1726", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1726", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:34.0.1847.115:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T10:14:17", "description": "Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows attackers to execute arbitrary code via unspecified vectors.", "cvss3": {}, "published": "2014-04-08T23:55:00", "type": "cve", "title": "CVE-2014-0507", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0507"], "modified": "2017-12-16T02:29:00", "cpe": ["cpe:/a:adobe:flash_player:11.2.202.233", "cpe:/a:adobe:adobe_air:3.7.0.2090", "cpe:/a:adobe:flash_player:11.7.700.257", "cpe:/a:adobe:adobe_air:2.7.1", "cpe:/a:adobe:adobe_air_sdk:3.8.0.870", "cpe:/a:adobe:adobe_air_sdk:3.8.0.1430", "cpe:/a:adobe:adobe_air:2.0.3", "cpe:/a:adobe:flash_player:11.7.700.224", "cpe:/a:adobe:flash_player:11.2.202.258", "cpe:/a:adobe:flash_player:11.2.202.327", "cpe:/a:adobe:flash_player:11.2.202.332", "cpe:/a:adobe:adobe_air:3.2.0.207", "cpe:/a:adobe:adobe_air:3.1.0.485", "cpe:/a:adobe:flash_player:11.6.602.171", "cpe:/a:adobe:adobe_air_sdk:3.4.0.2710", "cpe:/a:adobe:adobe_air:3.9.0.1210", "cpe:/a:adobe:adobe_air:3.0.0.4080", "cpe:/a:adobe:flash_player:11.1.111.8", "cpe:/a:adobe:flash_player:11.2.202.238", "cpe:/a:adobe:adobe_air:2.0.2", "cpe:/a:adobe:adobe_air_sdk:3.7.0.1530", "cpe:/a:adobe:flash_player:11.3.300.257", "cpe:/a:adobe:adobe_air_sdk:3.5.0.600", "cpe:/a:adobe:adobe_air_sdk:3.7.0.2090", "cpe:/a:adobe:flash_player:11.1.111.50", "cpe:/a:adobe:flash_player:11.8.800.168", "cpe:/a:adobe:flash_player:11.0", "cpe:/a:adobe:flash_player:11.2.202.291", "cpe:/a:adobe:flash_player:11.4.402.265", "cpe:/a:adobe:flash_player:11.2.202.341", "cpe:/a:adobe:adobe_air_sdk:3.9.0.1380", "cpe:/a:adobe:adobe_air:2.7", "cpe:/a:adobe:adobe_air:3.4.0.2540", "cpe:/a:adobe:adobe_air:1.0.8.4990", "cpe:/a:adobe:adobe_air:3.1.0.4880", "cpe:/a:adobe:adobe_air:1.0.4990", "cpe:/a:adobe:flash_player:11.3.300.262", "cpe:/a:adobe:flash_player:11.2.202.280", "cpe:/a:adobe:adobe_air_sdk:3.1.0.488", "cpe:/a:adobe:flash_player:11.1.115.54", "cpe:/a:adobe:flash_player:11.6.602.167", "cpe:/a:adobe:adobe_air:2.6.0.19120", "cpe:/a:adobe:adobe_air:3.9.0.1060", "cpe:/a:adobe:flash_player:12.0.0.43", "cpe:/a:adobe:flash_player:11.2.202.336", "cpe:/a:adobe:flash_player:11.6.602.180", "cpe:/a:adobe:flash_player:11.7.700.169", "cpe:/a:adobe:adobe_air:3.8.0.910", "cpe:/a:adobe:adobe_air:2.0.4", "cpe:/a:adobe:adobe_air:3.4.0.2710", "cpe:/a:adobe:adobe_air:3.1.0.488", "cpe:/a:adobe:adobe_air:3.3.0.3670", "cpe:/a:adobe:adobe_air:3.5.0.1060", "cpe:/a:adobe:flash_player:11.2.202.273", "cpe:/a:adobe:adobe_air:3.5.0.880", "cpe:/a:adobe:adobe_air:3.8.0.870", "cpe:/a:adobe:adobe_air:2.7.0.19530", "cpe:/a:adobe:adobe_air:1.0", "cpe:/a:adobe:adobe_air:1.5.3", "cpe:/a:adobe:flash_player:11.7.700.260", "cpe:/a:adobe:flash_player:11.9.900.152", "cpe:/a:adobe:adobe_air_sdk:3.5.0.1060", "cpe:/a:adobe:adobe_air:1.0.1", "cpe:/a:adobe:adobe_air_sdk:3.3.0.3690", "cpe:/a:adobe:flash_player:12.0.0.41", "cpe:/a:adobe:flash_player:11.8.800.97", "cpe:/a:adobe:adobe_air_sdk:3.9.0.1210", "cpe:/a:adobe:flash_player:11.2.202.275", "cpe:/a:adobe:adobe_air:2.0.3.13070", "cpe:/a:adobe:adobe_air:1.5.0.7220", "cpe:/a:adobe:flash_player:11.1.102.63", "cpe:/a:adobe:adobe_air:3.6.0.6090", "cpe:/a:adobe:flash_player:11.7.700.252", "cpe:/a:adobe:adobe_air:2.7.0.1948", "cpe:/a:adobe:flash_player:11.2.202.228", "cpe:/a:adobe:flash_player:11.2.202.297", "cpe:/a:adobe:flash_player:11.2.202.285", "cpe:/a:adobe:flash_player:11.3.300.265", "cpe:/a:adobe:adobe_air_sdk:3.9.0.1030", "cpe:/a:adobe:flash_player:11.3.300.270", "cpe:/a:adobe:adobe_air_sdk:3.5.0.880", "cpe:/a:adobe:flash_player:12.0.0.38", "cpe:/a:adobe:adobe_air_sdk:3.4.0.2540", "cpe:/a:adobe:adobe_air_sdk:3.7.0.1860", "cpe:/a:adobe:flash_player:11.2.202.251", "cpe:/a:adobe:flash_player:11.5.502.135", "cpe:/a:adobe:flash_player:11.1.111.44", "cpe:/a:adobe:flash_player:11.2.202.236", "cpe:/a:adobe:adobe_air:1.5", "cpe:/a:adobe:adobe_air_sdk:3.2.0.2070", "cpe:/a:adobe:adobe_air:3.9.0.1380", "cpe:/a:adobe:flash_player:11.2.202.223", "cpe:/a:adobe:adobe_air_sdk:3.6.0.599", "cpe:/a:adobe:flash_player:11.5.502.146", "cpe:/a:adobe:flash_player:11.4.402.278", "cpe:/a:adobe:adobe_air:1.5.3.9130", "cpe:/a:adobe:flash_player:11.5.502.149", "cpe:/a:adobe:flash_player:11.3.300.273", "cpe:/a:adobe:adobe_air:2.7.1.19610", "cpe:/a:adobe:flash_player:11.9.900.170", "cpe:/a:adobe:flash_player:11.3.300.271", "cpe:/a:adobe:flash_player:11.1.102.59", "cpe:/a:adobe:flash_player:11.6.602.168", "cpe:/a:adobe:adobe_air:1.1.0.5790", "cpe:/a:adobe:adobe_air_sdk:3.8.0.910", "cpe:/a:adobe:flash_player:11.5.502.136", "cpe:/a:adobe:flash_player:11.2.202.346", "cpe:/a:adobe:adobe_air:2.6.0.19140", "cpe:/a:adobe:flash_player:11.1.115.7", "cpe:/a:adobe:flash_player:11.7.700.232", "cpe:/a:adobe:adobe_air:2.7.0.19480", "cpe:/a:adobe:flash_player:11.1.102.62", "cpe:/a:adobe:adobe_air_sdk:3.5.0.890", "cpe:/a:adobe:adobe_air:3.5.0.600", "cpe:/a:adobe:adobe_air:3.7.0.1860", "cpe:/a:adobe:flash_player:11.9.900.117", "cpe:/a:adobe:adobe_air:3.6.0.597", "cpe:/a:adobe:adobe_air_sdk:4.0.0.1628", "cpe:/a:adobe:flash_player:11.4.402.287", "cpe:/a:adobe:adobe_air:1.1", "cpe:/a:adobe:flash_player:11.8.800.94", "cpe:/a:adobe:adobe_air:2.6", "cpe:/a:adobe:adobe_air_sdk:3.0.0.4080", "cpe:/a:adobe:adobe_air_sdk:3.6.0.6090", "cpe:/a:adobe:flash_player:11.2.202.310", "cpe:/a:adobe:adobe_air:2.7.0.1953", "cpe:/a:adobe:adobe_air:2.5.0.16600", "cpe:/a:adobe:adobe_air:3.0.0.408", "cpe:/a:adobe:adobe_air:2.5.1.17730", "cpe:/a:adobe:adobe_air:2.0.2.12610", "cpe:/a:adobe:flash_player:11.0.1.153", "cpe:/a:adobe:flash_player:11.3.300.268", "cpe:/a:adobe:adobe_air:3.9.0.1030", "cpe:/a:adobe:flash_player:11.1.115.34", "cpe:/a:adobe:flash_player:11.2.202.335", "cpe:/a:adobe:flash_player:11.7.700.202", "cpe:/a:adobe:flash_player:11.1.115.48", "cpe:/a:adobe:flash_player:11.1.115.58", "cpe:/a:adobe:adobe_air:3.7.0.1530", "cpe:/a:adobe:adobe_air:1.5.3.9120", "cpe:/a:adobe:adobe_air:1.5.1", "cpe:/a:adobe:flash_player:11.5.502.110", "cpe:/a:adobe:adobe_air:1.5.2", "cpe:/a:adobe:adobe_air:3.2.0.2070", "cpe:/a:adobe:flash_player:11.0.1.152", "cpe:/a:adobe:adobe_air:3.5.0.890", "cpe:/a:adobe:flash_player:11.2.202.270", "cpe:/a:adobe:flash_player:11.2.202.243", "cpe:/a:adobe:adobe_air_sdk:4.0.0.1390", "cpe:/a:adobe:adobe_air:1.5.1.8210", "cpe:/a:adobe:adobe_air_sdk:3.3.0.3650", "cpe:/a:adobe:flash_player:11.1.111.54", "cpe:/a:adobe:flash_player:11.7.700.242", "cpe:/a:adobe:flash_player:11.2.202.235", "cpe:/a:adobe:flash_player:11.1.102.55", "cpe:/a:adobe:flash_player:11.1", "cpe:/a:adobe:adobe_air:4.0.0.1390", "cpe:/a:adobe:flash_player:11.2.202.262", "cpe:/a:adobe:flash_player:11.2.202.261"], "id": "CVE-2014-0507", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0507", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:adobe_air_sdk:3.9.0.1380:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.3.0.3670:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.136:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.6.0.19140:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.9.900.117:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.890:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:4.0.0.1628:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:12.0.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.4.0.2540:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.4.0.2540:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.44:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.2.0.2070:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.5.1.17730:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.6.0.6090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.110:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.180:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.8.800.168:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.9.0.1210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:4.0.0.1390:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.8.800.97:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.1.0.485:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.3.9130:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.3.13070:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.0.0.4080:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.6.0.6090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.0.7220:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.1.0.488:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.8.0.870:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.169:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.58:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.224:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.8.0.870:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.5.0.16600:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.1.0.488:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.62:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.8.0.910:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.2.0.2070:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.2.0.207:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.880:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.1.0.4880:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.8.800.94:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.232:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.0.0.4080:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.270:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.3.0.3690:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1030:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1380:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.0.1.152:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.4.402.278:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.880:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.7.0.2090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.202:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.7.0.1860:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.600:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.1060:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.1953:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.34:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.1.8210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.6.0.599:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.149:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.50:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.146:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.1948:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.1060:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.167:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.63:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.0.1.153:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.8.0.1430:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.0.0.408:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.9.0.1030:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.8:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.54:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.265:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.4.0.2710:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.4.402.265:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.7.0.1530:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.3.0.3650:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.242:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.9.900.170:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.327:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.890:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.273:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:12.0.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.9.900.152:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.262:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.7.0.1530:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.271:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.19480:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.2.12610:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.7.0.2090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.1.0.5790:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.168:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:12.0.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.600:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.4.402.287:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.6.0.19120:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.54:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.7:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.257:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.48:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.1.19610:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.3.9120:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.59:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.4.0.2710:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.7.0.1860:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.260:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.135:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.6.0.597:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.19530:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.171:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0.4990:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0.8.4990:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.268:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.8.0.910:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1060:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.252:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.55:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:4.0.0.1390:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.257:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T10:22:13", "description": "Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "cve", "title": "CVE-2014-1728", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1728"], "modified": "2023-11-07T02:19:00", "cpe": ["cpe:/a:google:chrome:34.0.1847.115"], "id": "CVE-2014-1728", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1728", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:34.0.1847.115:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T10:14:13", "description": "Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to execute arbitrary code, and possibly bypass an Internet Explorer sandbox protection mechanism, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.", "cvss3": {}, "published": "2014-03-27T10:55:00", "type": "cve", "title": "CVE-2014-0506", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0506"], "modified": "2017-12-16T02:29:00", "cpe": ["cpe:/a:adobe:flash_player:12.0.0.77"], "id": "CVE-2014-0506", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0506", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:12.0.0.77:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T10:22:09", "description": "Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"Universal XSS (UXSS).\"", "cvss3": {}, "published": "2014-04-09T10:56:00", "type": "cve", "title": "CVE-2014-1716", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1716"], "modified": "2023-11-07T02:19:00", "cpe": ["cpe:/a:google:chrome:34.0.1847.115", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:opensuse:12.3", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:debian:debian_linux:7.0"], "id": "CVE-2014-1716", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1716", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:34.0.1847.115:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T10:22:13", "description": "Use-after-free vulnerability in content/renderer/renderer_webcolorchooser_impl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "cve", "title": "CVE-2014-1727", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1727"], "modified": "2023-11-07T02:19:00", "cpe": ["cpe:/a:google:chrome:34.0.1847.115"], "id": "CVE-2014-1727", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1727", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:34.0.1847.115:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T10:22:13", "description": "Use-after-free vulnerability in the RenderBlock::addChildIgnoringAnonymousColumnBlocks function in core/rendering/RenderBlock.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving addition of a child node.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "cve", "title": "CVE-2014-1722", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1722"], "modified": "2023-11-07T02:19:00", "cpe": ["cpe:/a:google:chrome:34.0.1847.115"], "id": "CVE-2014-1722", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1722", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:34.0.1847.115:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T10:22:11", "description": "Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworker_stub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger a SharedWorker termination during script loading.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "cve", "title": "CVE-2014-1719", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1719"], "modified": "2023-11-07T02:19:00", "cpe": ["cpe:/a:google:chrome:34.0.1847.115"], "id": "CVE-2014-1719", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1719", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:34.0.1847.115:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T10:22:12", "description": "The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes it easier for remote attackers to spoof URLs via crafted use of right-to-left (RTL) Unicode text.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "cve", "title": "CVE-2014-1723", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1723"], "modified": "2023-11-07T02:19:00", "cpe": ["cpe:/a:google:chrome:34.0.1847.115"], "id": "CVE-2014-1723", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1723", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:34.0.1847.115:*:*:*:*:*:*:*"]}, {"lastseen": "2022-02-25T11:33:58", "description": "This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", "cvss3": {}, "published": "2022-02-25T11:33:58", "type": "cve", "title": "CVE-2014-1709", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2014-1709"], "modified": "2022-02-25T11:33:58", "cpe": [], "id": "CVE-2014-1709", "href": "", "cvss": {}, "cpe23": []}, {"lastseen": "2023-12-02T10:22:10", "description": "Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service (application hang) or possibly have unspecified other impact via a text-to-speech request.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "cve", "title": "CVE-2014-1724", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1724"], "modified": "2023-11-07T02:19:00", "cpe": ["cpe:/a:google:chrome:34.0.1847.115"], "id": "CVE-2014-1724", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1724", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:34.0.1847.115:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T10:22:10", "description": "Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by improper handling of a heap allocation of a number outside the Small Integer (aka smi) range.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "cve", "title": "CVE-2014-1721", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1721"], "modified": "2023-11-07T02:19:00", "cpe": ["cpe:/a:google:chrome:34.0.1847.115"], "id": "CVE-2014-1721", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1721", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:34.0.1847.115:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T10:22:12", "description": "The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "cve", "title": "CVE-2014-1725", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1725"], "modified": "2023-11-07T02:19:00", "cpe": ["cpe:/a:google:chrome:34.0.1847.115"], "id": "CVE-2014-1725", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1725", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:34.0.1847.115:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T10:22:12", "description": "Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google Chrome before 34.0.1847.116, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "cve", "title": "CVE-2014-1729", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1729"], "modified": "2023-11-07T02:19:00", "cpe": ["cpe:/a:google:chrome:34.0.1847.115"], "id": "CVE-2014-1729", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1729", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:34.0.1847.115:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T10:22:11", "description": "Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_host/software_frame_manager.cc in the software compositor in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted mapping of a large amount of renderer memory.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "cve", "title": "CVE-2014-1718", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1718"], "modified": "2023-11-07T02:19:00", "cpe": ["cpe:/a:google:chrome:34.0.1847.115"], "id": "CVE-2014-1718", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1718", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:34.0.1847.115:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T10:22:10", "description": "Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "cve", "title": "CVE-2014-1717", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1717"], "modified": "2023-11-07T02:19:00", "cpe": ["cpe:/a:google:chrome:34.0.1847.115"], "id": "CVE-2014-1717", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1717", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:34.0.1847.115:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T10:22:13", "description": "Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attributes.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "cve", "title": "CVE-2014-1720", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1720"], "modified": "2023-11-07T02:19:00", "cpe": ["cpe:/a:google:chrome:34.0.1847.115"], "id": "CVE-2014-1720", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1720", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:34.0.1847.115:*:*:*:*:*:*:*"]}], "prion": [{"lastseen": "2023-11-22T04:00:36", "description": "Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.", "cvss3": {}, "published": "2014-04-08T23:55:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0508"], "modified": "2017-12-16T02:29:00", "id": "PRION:CVE-2014-0508", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2014-0508", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T04:00:35", "description": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "cvss3": {}, "published": "2014-04-08T23:55:00", "type": "prion", "title": "Cross site scripting", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0509"], "modified": "2017-12-16T02:29:00", "id": "PRION:CVE-2014-0509", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2014-0509", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-22T04:02:47", "description": "Use-after-free vulnerability in content/renderer/renderer_webcolorchooser_impl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1727"], "modified": "2023-11-07T02:19:00", "id": "PRION:CVE-2014-1727", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2014-1727", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T04:02:46", "description": "Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1728"], "modified": "2023-11-07T02:19:00", "id": "PRION:CVE-2014-1728", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2014-1728", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T04:00:35", "description": "Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to execute arbitrary code, and possibly bypass an Internet Explorer sandbox protection mechanism, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.", "cvss3": {}, "published": "2014-03-27T10:55:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0506"], "modified": "2017-12-16T02:29:00", "id": "PRION:CVE-2014-0506", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2014-0506", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T04:02:45", "description": "Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"Universal XSS (UXSS).\"", "cvss3": {}, "published": "2014-04-09T10:56:00", "type": "prion", "title": "Cross site scripting", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1716"], "modified": "2023-11-07T02:19:00", "id": "PRION:CVE-2014-1716", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2014-1716", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T04:00:35", "description": "Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows attackers to execute arbitrary code via unspecified vectors.", "cvss3": {}, "published": "2014-04-08T23:55:00", "type": "prion", "title": "Buffer overflow", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0507"], "modified": "2017-12-16T02:29:00", "id": "PRION:CVE-2014-0507", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2014-0507", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T04:02:46", "description": "The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1726"], "modified": "2023-11-07T02:19:00", "id": "PRION:CVE-2014-1726", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2014-1726", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-22T04:02:45", "description": "The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes it easier for remote attackers to spoof URLs via crafted use of right-to-left (RTL) Unicode text.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1723"], "modified": "2023-11-07T02:19:00", "id": "PRION:CVE-2014-1723", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2014-1723", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T04:02:44", "description": "Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "prion", "title": "Out-of-bounds", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1717"], "modified": "2023-11-07T02:19:00", "id": "PRION:CVE-2014-1717", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2014-1717", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T04:02:45", "description": "Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_host/software_frame_manager.cc in the software compositor in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted mapping of a large amount of renderer memory.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "prion", "title": "Integer overflow", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1718"], "modified": "2023-11-07T02:19:00", "id": "PRION:CVE-2014-1718", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2014-1718", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T04:02:46", "description": "Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service (application hang) or possibly have unspecified other impact via a text-to-speech request.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1724"], "modified": "2023-11-07T02:19:00", "id": "PRION:CVE-2014-1724", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2014-1724", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T04:02:45", "description": "Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworker_stub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger a SharedWorker termination during script loading.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1719"], "modified": "2023-11-07T02:19:00", "id": "PRION:CVE-2014-1719", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2014-1719", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T04:02:46", "description": "Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attributes.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1720"], "modified": "2023-11-07T02:19:00", "id": "PRION:CVE-2014-1720", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2014-1720", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T04:02:46", "description": "The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "prion", "title": "Out-of-bounds", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1725"], "modified": "2023-11-07T02:19:00", "id": "PRION:CVE-2014-1725", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2014-1725", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T04:02:45", "description": "Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by improper handling of a heap allocation of a number outside the Small Integer (aka smi) range.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1721"], "modified": "2023-11-07T02:19:00", "id": "PRION:CVE-2014-1721", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2014-1721", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T04:02:46", "description": "Use-after-free vulnerability in the RenderBlock::addChildIgnoringAnonymousColumnBlocks function in core/rendering/RenderBlock.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving addition of a child node.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1722"], "modified": "2023-11-07T02:19:00", "id": "PRION:CVE-2014-1722", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2014-1722", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T04:02:47", "description": "Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google Chrome before 34.0.1847.116, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1729"], "modified": "2023-11-07T02:19:00", "id": "PRION:CVE-2014-1729", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2014-1729", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "zdi": [{"lastseen": "2023-12-02T12:50:27", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of regular expressions in ActionScript where an expression could overflow a data structure on the stack. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss3": {}, "published": "2014-04-08T00:00:00", "type": "zdi", "title": "Adobe Flash Player Regular Expression Stack Overflow Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0507"], "modified": "2014-04-08T00:00:00", "id": "ZDI-14-070", "href": "https://www.zerodayinitiative.com/advisories/ZDI-14-070/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-02T12:50:16", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ExternalInterface. By manipulating a SWF's objects an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss3": {}, "published": "2014-04-11T00:00:00", "type": "zdi", "title": "(Pwn2Own) Adobe Flash ExternalInterface Use-After-Free Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0506"], "modified": "2014-04-11T00:00:00", "id": "ZDI-14-092", "href": "https://www.zerodayinitiative.com/advisories/ZDI-14-092/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2021-12-14T17:47:13", "description": "The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "debiancve", "title": "CVE-2014-1726", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1726"], "modified": "2014-04-09T10:57:00", "id": "DEBIANCVE:CVE-2014-1726", "href": "https://security-tracker.debian.org/tracker/CVE-2014-1726", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-14T17:47:13", "description": "Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"Universal XSS (UXSS).\"", "cvss3": {}, "published": "2014-04-09T10:56:00", "type": "debiancve", "title": "CVE-2014-1716", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1716"], "modified": "2014-04-09T10:56:00", "id": "DEBIANCVE:CVE-2014-1716", "href": "https://security-tracker.debian.org/tracker/CVE-2014-1716", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:13", "description": "Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "debiancve", "title": "CVE-2014-1728", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1728"], "modified": "2014-04-09T10:57:00", "id": "DEBIANCVE:CVE-2014-1728", "href": "https://security-tracker.debian.org/tracker/CVE-2014-1728", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:13", "description": "Use-after-free vulnerability in content/renderer/renderer_webcolorchooser_impl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "debiancve", "title": "CVE-2014-1727", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1727"], "modified": "2014-04-09T10:57:00", "id": "DEBIANCVE:CVE-2014-1727", "href": "https://security-tracker.debian.org/tracker/CVE-2014-1727", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:13", "description": "Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworker_stub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger a SharedWorker termination during script loading.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "debiancve", "title": "CVE-2014-1719", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1719"], "modified": "2014-04-09T10:57:00", "id": "DEBIANCVE:CVE-2014-1719", "href": "https://security-tracker.debian.org/tracker/CVE-2014-1719", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T10:28:27", "description": "Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service (application hang) or possibly have unspecified other impact via a text-to-speech request.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "debiancve", "title": "CVE-2014-1724", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1724"], "modified": "2014-04-09T10:57:00", "id": "DEBIANCVE:CVE-2014-1724", "href": "https://security-tracker.debian.org/tracker/CVE-2014-1724", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:13", "description": "Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by improper handling of a heap allocation of a number outside the Small Integer (aka smi) range.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "debiancve", "title": "CVE-2014-1721", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1721"], "modified": "2014-04-09T10:57:00", "id": "DEBIANCVE:CVE-2014-1721", "href": "https://security-tracker.debian.org/tracker/CVE-2014-1721", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:13", "description": "Use-after-free vulnerability in the RenderBlock::addChildIgnoringAnonymousColumnBlocks function in core/rendering/RenderBlock.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving addition of a child node.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "debiancve", "title": "CVE-2014-1722", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1722"], "modified": "2014-04-09T10:57:00", "id": "DEBIANCVE:CVE-2014-1722", "href": "https://security-tracker.debian.org/tracker/CVE-2014-1722", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:13", "description": "Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google Chrome before 34.0.1847.116, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "debiancve", "title": "CVE-2014-1729", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1729"], "modified": "2014-04-09T10:57:00", "id": "DEBIANCVE:CVE-2014-1729", "href": "https://security-tracker.debian.org/tracker/CVE-2014-1729", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:13", "description": "Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attributes.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "debiancve", "title": "CVE-2014-1720", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1720"], "modified": "2014-04-09T10:57:00", "id": "DEBIANCVE:CVE-2014-1720", "href": "https://security-tracker.debian.org/tracker/CVE-2014-1720", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:13", "description": "Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_host/software_frame_manager.cc in the software compositor in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted mapping of a large amount of renderer memory.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "debiancve", "title": "CVE-2014-1718", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1718"], "modified": "2014-04-09T10:57:00", "id": "DEBIANCVE:CVE-2014-1718", "href": "https://security-tracker.debian.org/tracker/CVE-2014-1718", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:13", "description": "Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "debiancve", "title": "CVE-2014-1717", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1717"], "modified": "2014-04-09T10:57:00", "id": "DEBIANCVE:CVE-2014-1717", "href": "https://security-tracker.debian.org/tracker/CVE-2014-1717", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:13", "description": "The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes it easier for remote attackers to spoof URLs via crafted use of right-to-left (RTL) Unicode text.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "debiancve", "title": "CVE-2014-1723", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1723"], "modified": "2014-04-09T10:57:00", "id": "DEBIANCVE:CVE-2014-1723", "href": "https://security-tracker.debian.org/tracker/CVE-2014-1723", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:13", "description": "The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call.", "cvss3": {}, "published": "2014-04-09T10:57:00", "type": "debiancve", "title": "CVE-2014-1725", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1725"], "modified": "2014-04-09T10:57:00", "id": "DEBIANCVE:CVE-2014-1725", "href": "https://security-tracker.debian.org/tracker/CVE-2014-1725", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "hackerone": [{"lastseen": "2023-10-17T08:03:27", "bounty": 0.0, "description": "The proof of concept attached will exploit the implementation of flash in some browsers that will bypass the local-with-fileaccess sandbox. By encoding in ignored file:// uri characters, and navigating to another page with a decoder script. one is able to read arbitrary files AND parse it to the parent page, bypassing the local sandbox. \r\nThe flash applet has a default mode in which it will parse file content and another mode (by setting flashvars) that will parse the length of the content of a file. And iframe within those 2 makes sure that the original window is persistent and the applet in the iframe will only move the iframe, the data is then passed by localstorage, and if recieved by poc.html, the iframe is reset.\r\nA quick overview of what the poc is doing, in which order.\r\n-Determine the length of the content from the file through the flash applet with mode 2\r\n-Determine the maximum amount of space which can be used for leaking the data (chrome uses a max of 260)\r\n-Since every character uses 8 bits, divide that amount by 8, set as maximum chars in one 'transmission'.\r\n-Determine how much 'transmissions are needed' to get the entire file\r\n-Walk through file to get the entire file by appending all requested parts to variable 'total'\r\n-Call whatever callback function back.\r\n\r\n\r\nDemonstrated in poc2.html:\r\n-The impact of this attack is increased by the ability to download arbitrary remote files (Cross origin) by systematically downloading those files to a know predictable location. (using the download= attribute in a <a >tag). This link will be automatically clicked. Now as long as the user is opening the file from a Drive:/User/Username location. We can simply predict the path to read the downloaded file on windows vista+ (Or any other OS with a default download folder for that matter).\r\n-This stage of exploitation enables an attacker to access a file with the auth of the user the following 'attack use cases' arise:\r\n1. Attacker could access and send users web-mail to his sown erver. (try using 'https://mail.google.com/mail/u/0/feed/atom' in poc2 while logged in with gmail)\r\n2. Attacker could get XSRF-tokens. To bypass such protections.\r\nI could imagine there are countless other possibilities. \r\n-You might notice that loading the Hackerone page is painfully slow. However, In targeted attacks a attacker could filter the desirable data in the flash applet itself.\r\n\r\n\r\n\r\nNow for the exploit itself, I acknowledge that the exploit might look very complex.\r\nWhich is why I added a 'frontend' that is tested under the following conditions.\r\nOS:Windows 8\r\nBrowser: Google Chrome 32.0.1700.107 m", "cvss3": {}, "published": "2014-02-21T01:47:59", "type": "hackerone", "title": "Internet Bug Bounty: Flash local-with-fileaccess Sandbox Bypass", "bulletinFamily": "bugbounty", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0508"], "modified": "2014-04-17T00:41:53", "id": "H1:2140", "href": "https://hackerone.com/reports/2140", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "veracode": [{"lastseen": "2022-07-26T13:33:20", "description": "speech-dispatcher is vulnerable to arbitrary code execution. A use-after-free vulnerability allows remote attackers to cause a denial of service (application hang) or possibly have unspecified other impact via a malicious text-to-speech request.\n", "cvss3": {}, "published": "2020-12-06T03:04:09", "type": "veracode", "title": "Arbitrary Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1724"], "modified": "2022-04-19T18:37:18", "id": "VERACODE:28095", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-28095/summary", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}

Google Chrome &lt; 34.0.1847.116 Multiple Vulnerabilities

Description

Related

Google Chrome < 34.0.1847.116 Multiple Vulnerabilities