CVE-2014-0531

EPSS 1.01%
Veröffentlicht 11.06.2014 10:57:17
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle psirt@adobe.com
Teams Watchlist Login
Unerledigt Login

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0532 and CVE-2014-0533.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ Adobe Air Version <= 13.0.0.111

Adobe ≫ Adobe Air Version13.0.0.83

Adobe ≫ Flash Player Version <= 13.0.0.214

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Flash Player Version13.0.0.182

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Flash Player Version13.0.0.201

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Flash Player Version13.0.0.206

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Adobe Air Sdk Version <= 13.0.0.111

Adobe ≫ Adobe Air Sdk Version13.0.0.83

Adobe ≫ Flash Player Version <= 11.2.202.359

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.223

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.228

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.233

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.235

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.236

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.238

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.243

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.251

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.258

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.261

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.262

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.270

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.273

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.275

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.280

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.285

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.291

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.297

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.310

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.332

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.335

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.336

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.341

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.346

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.350

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version11.2.202.356

Linux ≫ Linux Kernel

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.01%	0.764

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://helpx.adobe.com/security/products/flash-player/apsb14-16.html

Patch

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00021.html

http://lists.opensuse.org/opensuse-updates/2014-06/msg00029.html

http://lists.opensuse.org/opensuse-updates/2014-06/msg00030.html

http://rhn.redhat.com/errata/RHSA-2014-0745.html

http://secunia.com/advisories/58390

http://secunia.com/advisories/58465

http://secunia.com/advisories/58585

http://secunia.com/advisories/59053

http://secunia.com/advisories/59304