CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2014-0518 – flash-plugin: security protection bypass (APSB14-14)
https://notcve.org/view.php?id=CVE-2014-0518
Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0519, and CVE-2014-0520. Adobe Flash Player anterior a 13.0.0.214 en Windows y OS X y anterior a 11.2.202.359 en Linux, Adobe AIR SDK anterior a 13.0.0.111 y Adobe AIR SDK & Compiler anterior a 13.0.0.111 permiten a atacantes evadir restricciones de acceso a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-0517, CVE-2014-0519 y CVE-2014-0520. • http://helpx.adobe.com/security/products/flash-player/apsb14-14.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00008.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00051.html http://rhn.redhat.com/errata/RHSA-2014-0496.html http://security.gentoo.org/glsa/glsa-201406-08.xml https://access.redhat.com/security/cve/CVE-2014-0518 https://bugzilla.redhat.com/show_bug.cgi?id=1097369 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 96%CPEs: 6EXPL: 2CVE-2014-0515 – Adobe Flash Player Shader Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-0515
Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014. Desbordamiento de buffer en Adobe Flash Player anterior a 11.7.700.279 y 11.8.x hasta 13.0.x anterior a 13.0.0.206 en Windows y OS X y anterior a 11.2.202.356 en Linux, permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, tal y como fue explotado activamente en abril 2014. • https://www.exploit-db.com/exploits/33333 http://helpx.adobe.com/security/products/flash-player/apsb14-13.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00001.html http://rhn.redhat.com/errata/RHSA-2014-0447.html http://security.gentoo.org/glsa/glsa-201405-04.xml http://www.securityfocus.com/bid/67092 http://www • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 195EXPL: 0CVE-2014-0509 – flash-plugin: cross-site scripting flaw (APSB14-09)
https://notcve.org/view.php?id=CVE-2014-0509
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Adobe Flash Player anterior a 11.7.700.275 y 11.8.x hasta 13.0.x anterior a 13.0.0.182 en Windows y OS X y anteriores 11.2.202.350 en Linux, Adobe AIR anterior a 13.0.0.83 en Android, Adobe AIR SDK anterior a 13.0.0.83 y Adobe AIR SDK & Compiler anterior a 13.0.0.83 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://helpx.adobe.com/security/products/flash-player/apsb14-09.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00012.html http://lists.opensuse.org/opensuse-updates/2014-04/msg00036.html http://lists.opensuse.org/opensuse-updates/2014-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2014-0380.html http://security.gentoo.org/glsa/glsa-201405-04.xml http://www.securityfocus.com/bid/66703 http://www.securitytracker.com/id/1030035 https://access.redhat.com/sec • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 195EXPL: 0CVE-2014-0508 – flash-plugin: information disclosure flaw (APSB14-09)
https://notcve.org/view.php?id=CVE-2014-0508
Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. Adobe Flash Player anterior a 11.7.700.275 y 11.8.x hasta 13.0.x anterior a 13.0.0.182 en Windows y OS X y anteriores 11.2.202.350 en Linux, Adobe AIR anterior a 13.0.0.83 en Android, Adobe AIR SDK anterior a 13.0.0.83 y Adobe AIR SDK & Compiler anterior a 13.0.0.83 permiten a atacantes evadir restricciones de acceso y obtener información sensible a través de vectores no especificados. • http://helpx.adobe.com/security/products/flash-player/apsb14-09.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00012.html http://lists.opensuse.org/opensuse-updates/2014-04/msg00036.html http://lists.opensuse.org/opensuse-updates/2014-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2014-0380.html http://security.gentoo.org/glsa/glsa-201405-04.xml http://www.securitytracker.com/id/1030035 https://access.redhat.com/security/cve/CVE-2014-0508 https://bugzill • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 2%CPEs: 195EXPL: 0CVE-2014-0507 – Adobe Flash Player Regular Expression Stack Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0507
Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de buffer en Adobe Flash Player anterior a 11.7.700.275 y 11.8.x hasta 13.0.x anterior a 13.0.0.182 en Windows y OS X y anteriores 11.2.202.350 en Linux, Adobe AIR anterior a 13.0.0.83 en Android, Adobe AIR SDK anterior a 13.0.0.83 y Adobe AIR SDK & Compiler anterior a 13.0.0.83 permite a atacantes ejecutar código arbitrario a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of regular expressions in ActionScript where an expression could overflow a data structure on the stack. An attacker can leverage this vulnerability to execute code under the context of the current process. • http://helpx.adobe.com/security/products/flash-player/apsb14-09.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00012.html http://lists.opensuse.org/opensuse-updates/2014-04/msg00036.html http://lists.opensuse.org/opensuse-updates/2014-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2014-0380.html http://security.gentoo.org/glsa/glsa-201405-04.xml http://www.securityfocus.com/bid/66701 http://www.securitytracker.com/id/1030035 https://access.redhat.com/sec • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •