CVE-2014-0564high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0558.
References
http://helpx.adobe.com/security/products/flash-player/apsb14-22.html
http://lists.opensuse.org/opensuse-updates/2014-10/msg00033.html
http://rhn.redhat.com/errata/RHSA-2014-1648.html
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00002.html
http://www.securitytracker.com/id/1031019
http://secunia.com/advisories/61980
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html
Details
Source: MITRE
Published: 2014-10-15
Updated: 2021-11-10
Type: NVD-CWE-noinfo
Risk Information
CVSS v2
Base Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 10
Severity: HIGH
Vulnerable Software
Configuration 1
AND
OR
OR
Configuration 2
AND
OR
OR
Configuration 3
AND
OR
OR
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
Configuration 4
AND
OR
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_10:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*
OR
Configuration 5
AND
OR
cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*
OR
Configuration 6
AND
OR
OR
Configuration 7
AND
OR
OR
cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*
Configuration 8
AND
OR
OR
Configuration 9
OR
cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 8810 | Adobe AIR < 15.0.0.293 Multiple Vulnerabilities (APSB14-22) | Nessus Network Monitor | Web Clients | high |
| 8808 | Flash Player < 13.0.0.250 / 15.0.0.167 Multiple Vulnerabilities (APSB14-22) | Nessus Network Monitor | Web Clients | high |
| 79404 | GLSA-201411-06 : Adobe Flash Player: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
| 78885 | SuSE 11.3 Security Update : flash-player (SAT Patch Number 9898) | Nessus | SuSE Local Security Checks | critical |
| 78719 | openSUSE Security Update : flash-player (openSUSE-SU-2014:1329-1) | Nessus | SuSE Local Security Checks | critical |
| 78503 | RHEL 5 / 6 : flash-plugin (RHSA-2014:1648) | Nessus | Red Hat Local Security Checks | critical |
| 78476 | Google Chrome < 38.0.2125.104 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
| 78475 | Google Chrome < 38.0.2125.104 Multiple Vulnerabilities | Nessus | Windows | critical |
| 78444 | MS KB3001237: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer | Nessus | Windows | critical |
| 78443 | Flash Player for Mac <= 15.0.0.167 Multiple Vulnerabilities (APSB14-22) | Nessus | MacOS X Local Security Checks | critical |
| 78442 | Adobe AIR for Mac <= 15.0.0.249 Multiple Vulnerabilities (APSB14-21) | Nessus | MacOS X Local Security Checks | critical |
| 78441 | Flash Player <= 15.0.0.167 Multiple Vulnerabilities (APSB14-22) | Nessus | Windows | critical |
| 78440 | Adobe AIR <= AIR 15.0.0.249 Multiple Vulnerabilities (APSB14-22) | Nessus | Windows | critical |