CVE-2014-0532 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N
adobe	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 86%

Vendor	Product	Version
adobe	adobe_air_sdk	𝑥 ≤ 13.0.0.111
adobe	adobe_air_sdk	13.0.0.83
adobe	adobe_air	𝑥 ≤ 13.0.0.111
adobe	adobe_air	13.0.0.83
adobe	flash_player	𝑥 ≤ 13.0.0.214
adobe	flash_player	13.0.0.182
adobe	flash_player	13.0.0.201
adobe	flash_player	13.0.0.206
adobe	flash_player	𝑥 ≤ 11.2.202.359
adobe	flash_player	11.2.202.223
adobe	flash_player	11.2.202.228
adobe	flash_player	11.2.202.233
adobe	flash_player	11.2.202.235
adobe	flash_player	11.2.202.236
adobe	flash_player	11.2.202.238
adobe	flash_player	11.2.202.243
adobe	flash_player	11.2.202.251
adobe	flash_player	11.2.202.258
adobe	flash_player	11.2.202.261
adobe	flash_player	11.2.202.262
adobe	flash_player	11.2.202.270
adobe	flash_player	11.2.202.273
adobe	flash_player	11.2.202.275
adobe	flash_player	11.2.202.280
adobe	flash_player	11.2.202.285
adobe	flash_player	11.2.202.291
adobe	flash_player	11.2.202.297
adobe	flash_player	11.2.202.310
adobe	flash_player	11.2.202.332
adobe	flash_player	11.2.202.335
adobe	flash_player	11.2.202.336
adobe	flash_player	11.2.202.341
adobe	flash_player	11.2.202.346
adobe	flash_player	11.2.202.350
adobe	flash_player	11.2.202.356

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

adobe-flashplugin

trusty	Fixed 11.2.202.378-0trusty1 released
saucy	Fixed 11.2.202.378-0saucy1 released
precise	Fixed 11.2.202.378-0precise1 released
lucid	ignored

flashplugin-nonfree

trusty	Fixed 11.2.202.378ubuntu0.14.04.1 released
saucy	Fixed 11.2.202.378ubuntu0.13.10.1 released
precise	Fixed 11.2.202.378ubuntu0.12.04.1 released
lucid	ignored

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://helpx.adobe.com/security/products/flash-player/apsb14-16.html

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00021.html

http://lists.opensuse.org/opensuse-updates/2014-06/msg00029.html

http://lists.opensuse.org/opensuse-updates/2014-06/msg00030.html

http://rhn.redhat.com/errata/RHSA-2014-0745.html

http://secunia.com/advisories/58390

http://secunia.com/advisories/58465

http://secunia.com/advisories/58585

http://secunia.com/advisories/59053

http://secunia.com/advisories/59304

http://security.gentoo.org/glsa/glsa-201406-17.xml

http://www.securityfocus.com/bid/67973

http://www.securitytracker.com/id/1030368

http://helpx.adobe.com/security/products/flash-player/apsb14-16.html

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00021.html

http://lists.opensuse.org/opensuse-updates/2014-06/msg00029.html

http://lists.opensuse.org/opensuse-updates/2014-06/msg00030.html

http://rhn.redhat.com/errata/RHSA-2014-0745.html

http://secunia.com/advisories/58390

http://secunia.com/advisories/58465

http://secunia.com/advisories/58585

http://secunia.com/advisories/59053

http://secunia.com/advisories/59304

http://security.gentoo.org/glsa/glsa-201406-17.xml

http://www.securityfocus.com/bid/67973

http://www.securitytracker.com/id/1030368