10

CVE-2014-0558

Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0564.

Data is provided by the National Vulnerability Database (NVD)
AdobeFlash Player Version <= 13.0.0.244
   ApplemacOS X
   MicrosoftWindows
AdobeFlash Player Version13.0.0.182
   ApplemacOS X
   MicrosoftWindows
AdobeFlash Player Version13.0.0.201
   ApplemacOS X
   MicrosoftWindows
AdobeFlash Player Version13.0.0.206
   ApplemacOS X
   MicrosoftWindows
AdobeFlash Player Version13.0.0.214
   ApplemacOS X
   MicrosoftWindows
AdobeFlash Player Version13.0.0.223
   ApplemacOS X
   MicrosoftWindows
AdobeFlash Player Version13.0.0.231
   ApplemacOS X
   MicrosoftWindows
AdobeFlash Player Version13.0.0.241
   ApplemacOS X
   MicrosoftWindows
AdobeFlash Player Version14.0.0.125
   ApplemacOS X
   MicrosoftWindows
AdobeFlash Player Version14.0.0.145
   ApplemacOS X
   MicrosoftWindows
AdobeFlash Player Version14.0.0.176
   ApplemacOS X
   MicrosoftWindows
AdobeFlash Player Version14.0.0.179
   ApplemacOS X
   MicrosoftWindows
AdobeFlash Player Version15.0.0.144
   ApplemacOS X
   MicrosoftWindows
AdobeFlash Player Version15.0.0.152
   ApplemacOS X
   MicrosoftWindows
AdobeAdobe Air Version <= 15.0.0.252
AdobeAdobe Air Version13.0.0.83
AdobeAdobe Air Version13.0.0.111
AdobeAdobe Air Version14.0.0.110
AdobeAdobe Air Version14.0.0.137
AdobeAdobe Air Version14.0.0.179
AdobeAdobe Air Version <= 15.0.0.249
AdobeAdobe Air Version13.0.0.83
AdobeAdobe Air Version13.0.0.111
AdobeAdobe Air Version14.0.0.110
AdobeAdobe Air Version14.0.0.137
AdobeAdobe Air Version14.0.0.178
AdobeFlash Player Version <= 11.2.202.406
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.223
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.228
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.233
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.235
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.236
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.238
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.243
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.251
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.258
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.261
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.262
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.270
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.273
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.275
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.280
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.285
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.291
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.297
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.310
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.332
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.335
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.336
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.341
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.346
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.350
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.356
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.359
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.378
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.394
   LinuxLinux Kernel
AdobeFlash Player Version11.2.202.400
   LinuxLinux Kernel
AdobeAdobe Air Sdk Version <= 15.0.0.249
AdobeAdobe Air Sdk Version13.0.0.83
AdobeAdobe Air Sdk Version13.0.0.111
AdobeAdobe Air Sdk Version14.0.0.110
AdobeAdobe Air Sdk Version14.0.0.137
AdobeAdobe Air Sdk Version14.0.0.178
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 15.43% 0.944
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.