CVE-2014-0554

7 documents7 sources

Severity

10.0CRITICAL

EPSS

10.2%

top 6.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Adobe AIR Adobe Adobe AIR SDK Adobe Flash Player

Timeline

PublishedSep 10

Latest updateMay 17

Description

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to bypass intended access restrictions via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDadobe/flash_player13.0.0.241+41

▶NVDadobe/adobe_air14.0.0.179+5

▶NVDadobe/adobe_air_sdk14.0.0.178+4

▶Ubuntuflashplugin-nonfree< 11.2.202.406ubuntu0.14.04.1

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-257j-jj92-ccj5: Adobe Flash Player before 13↗2022-05-17

▶

CVEList

CVE-2014-0554: Adobe Flash Player before 13↗2014-09-10

▶

OSV

CVE-2014-0554: Adobe Flash Player before 13↗2014-09-10

▶

📋Vendor Advisories

Red Hat

flash-plugin: multiple code execution or security bypass flaws (APSB14-21)↗2014-09-09

▶

💬Community

HackerOne

Flash Local Sandbox Bypass↗2014-10-07

▶

Bugzilla

CVE-2014-0547 CVE-2014-0549 CVE-2014-0550 CVE-2014-0551 CVE-2014-0552 CVE-2014-0553 CVE-2014-0554 CVE-2014-0555 CVE-2014-0556 CVE-2014-0557 CVE-2014-0559 flash-plugin: multiple code execution or secur↗2014-09-09

▶