Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2014:1852
HistoryNov 13, 2014 - 12:00 a.m.

(RHSA-2014:1852) Critical: flash-plugin security update

2014-11-1300:00:00
access.redhat.com
16

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.8%

JSON

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.

This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB14-24,
listed in the References section.

Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577,
CVE-2014-0581, CVE-2014-0582, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586,
CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8438, CVE-2014-8440,
CVE-2014-8441)

This update also fixes an information disclosure flaw in flash-plugin that
could allow a remote attacker to obtain a victim’s session cookie.
(CVE-2014-8437)

All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.418.

OSVersionArchitecturePackageVersionFilename
RedHat5i386flash-plugin<Β 11.2.202.418-1.el5flash-plugin-11.2.202.418-1.el5.i386.rpm
RedHat6i686flash-plugin<Β 11.2.202.418-1.el6flash-plugin-11.2.202.418-1.el6.i686.rpm

Related

nessus 19
suse 4
openvas 9
archlinux 1
mageia 1
gentoo 1
cvelist 16
ubuntucve 16
prion 16
cve 16
checkpoint_advisories 13
threatpost 6
zdt 1
metasploit 1
packetstorm 1
hackerone 2
symantec 3
exploitdb 1
thn 1
chrome 1
freebsd 1
nessus
nessus
RHEL 5 / 6 : flash-plugin (RHSA-2014:1852)
2014-11-13 00:00:00
SuSE 11.3 Security Update : flash-player (SAT Patch Number 9958)
2014-11-18 00:00:00
Adobe AIR <= 15.0.0.293 Multiple Vulnerabilities (APSB14-24)
2014-11-12 00:00:00
suse
suse
Security update for flash-player (important)
2014-11-18 01:05:27
Security update for flash-player (important)
2014-11-18 12:04:40
Security update for Adobe Flash Player (important)
2015-04-16 13:04:48
openvas
openvas
Adobe Flash Player Multiple Vulnerabilities (APSB14-24) - Linux
2014-11-14 00:00:00
Adobe AIR Multiple Vulnerabilities (APSB14-24) - Windows
2014-11-14 00:00:00
Adobe Flash Player Multiple Vulnerabilities (APSB14-24) - Mac OS X
2014-11-14 00:00:00
archlinux
archlinux
flashplugin: remote code execution
2014-11-13 00:00:00
mageia
mageia
Updated flash-player-plugin packages fix multiple security vulnerabilities
2014-11-14 04:27:45
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2014-11-21 00:00:00
cvelist
cvelist
CVE-2014-0585
2014-11-11 23:00:00
CVE-2014-0586
2014-11-11 23:00:00
CVE-2014-0590
2014-11-11 23:00:00
ubuntucve
ubuntucve
CVE-2014-0577
2014-11-11 00:00:00
CVE-2014-0590
2014-11-11 00:00:00
CVE-2014-0585
2014-11-11 00:00:00
prion
prion
Type confusion
2014-11-11 23:55:00
Type confusion
2014-11-11 23:55:00
Type confusion
2014-11-11 23:55:00
cve
cve
CVE-2014-8440
2014-11-11 23:55:02
CVE-2014-8438
2014-11-11 23:55:02
CVE-2014-0589
2014-11-11 23:55:02
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Use After Free Code Execution (APSB14-24: CVE-2014-8438)
2015-01-25 00:00:00
Adobe Flash Player Memory Corruption (APSB14-24: CVE-2014-8440)
2014-12-10 00:00:00
Adobe Flash Player Heap Buffer Overflow (APSB14-24: CVE-2014-0589)
2015-02-03 00:00:00
threatpost
threatpost
Exploit for Flash Zero Day Appears in Angler Exploit Kit
2015-01-21 11:53:31
Drupal Denial of Service Session Hijacking Patch
2014-11-20 10:03:05
Citadel Variant Targets Password Managers
2014-11-19 14:54:34
zdt
zdt
Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory Exploit
2015-05-01 00:00:00
metasploit
metasploit
Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory
2015-04-29 22:52:04
packetstorm
packetstorm
Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory
2015-05-01 00:00:00
hackerone
hackerone
Internet Bug Bounty: Adobe Flash Player MP4 Use-After-Free Vulnerability
2014-11-17 06:20:07
Internet Bug Bounty: Race condition in Flash workers may cause an exploitabl​e double free
2014-11-24 08:10:24
symantec
symantec
Adobe Flash Player and AIR CVE-2014-8440 Unspecified Memory Corruption Vulnerability
2014-11-11 00:00:00
Adobe Flash Player and AIR CVE-2014-0577 Type Confusion Remote Code Execution Vulnerability
2014-11-11 00:00:00
Adobe Flash Player and AIR CVE-2014-0588 Use After Free Remote Code Execution Vulnerability
2014-11-11 00:00:00
exploitdb
exploitdb
Adobe Flash Player - UncompressViaZlibVariant Uninitialized Memory (Metasploit)
2015-05-01 00:00:00
thn
thn
Adobe Releases Emergency Flash Player Update to Address Critical Vulnerability
2014-11-25 21:27:00
chrome
chrome
Stable Channel Update
2014-11-18 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2014-11-18 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.8%

JSON
Related for RHSA-2014:1852
nessus19suse4openvas9archlinux1mageia1gentoo1cvelist16ubuntucve16prion16cve16checkpoint_advisories13threatpost6zdt1metasploit1packetstorm1hackerone2symantec3exploitdb1thn1chrome1freebsd1