| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
401 |
CVE-2014-3654 |
79 |
|
XSS |
2014-11-03 |
2022-02-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do. |
|
402 |
CVE-2014-3647 |
|
|
DoS |
2014-11-10 |
2020-08-13 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. |
|
403 |
CVE-2014-3646 |
|
|
DoS |
2014-11-10 |
2020-08-13 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. |
|
404 |
CVE-2014-3645 |
20 |
|
DoS |
2014-11-10 |
2015-03-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. |
|
405 |
CVE-2014-3640 |
476 |
|
DoS |
2014-11-07 |
2017-11-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket. |
|
406 |
CVE-2014-3634 |
119 |
|
DoS Exec Code Overflow |
2014-11-02 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access. |
|
407 |
CVE-2014-3629 |
19 |
|
|
2014-11-17 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message. |
|
408 |
CVE-2014-3625 |
22 |
|
Dir. Trav. |
2014-11-20 |
2022-04-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling. |
|
409 |
CVE-2014-3620 |
310 |
|
Bypass |
2014-11-18 |
2022-05-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. |
|
410 |
CVE-2014-3615 |
200 |
|
+Info |
2014-11-01 |
2020-08-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. |
|
411 |
CVE-2014-3613 |
310 |
|
|
2014-11-18 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. |
|
412 |
CVE-2014-3611 |
362 |
|
DoS |
2014-11-10 |
2020-08-12 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation. |
|
413 |
CVE-2014-3610 |
|
|
DoS |
2014-11-10 |
2020-08-13 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c. |
|
414 |
CVE-2014-3602 |
264 |
|
+Info |
2014-11-13 |
2019-12-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp. |
|
415 |
CVE-2014-3502 |
200 |
|
+Info |
2014-11-15 |
2014-11-17 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent. |
|
416 |
CVE-2014-3501 |
254 |
|
Bypass |
2014-11-15 |
2014-11-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView. |
|
417 |
CVE-2014-3500 |
17 |
|
|
2014-11-15 |
2014-11-17 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL. |
|
418 |
CVE-2014-3461 |
119 |
|
Exec Code Overflow |
2014-11-04 |
2014-11-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks." |
|
419 |
CVE-2014-3439 |
|
|
|
2014-11-07 |
2018-10-09 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors. |
|
420 |
CVE-2014-3438 |
79 |
|
XSS |
2014-11-07 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
421 |
CVE-2014-3437 |
|
|
|
2014-11-07 |
2018-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
|
422 |
CVE-2014-3407 |
400 |
|
DoS |
2014-11-28 |
2022-06-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888. |
|
423 |
CVE-2014-3248 |
17 |
|
+Priv |
2014-11-16 |
2019-07-16 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine. |
|
424 |
CVE-2014-3209 |
264 |
|
|
2014-11-16 |
2014-11-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file. |
|
425 |
CVE-2014-3158 |
119 |
|
Overflow |
2014-11-15 |
2020-02-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] security-relevant variables." |
|
426 |
CVE-2014-2718 |
345 |
|
Exec Code |
2014-11-04 |
2017-08-29 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
Complete |
None |
|
ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image. |
|
427 |
CVE-2014-2684 |
264 |
|
Bypass |
2014-11-16 |
2017-11-04 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remote attackers to bypass authentication and spoof arbitrary OpenID identities by using a malicious OpenID Provider that generates OpenID tokens with arbitrary identifier and claimed_id values. |
|
428 |
CVE-2014-2683 |
17 |
|
DoS |
2014-11-16 |
2019-07-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-6532. |
|
429 |
CVE-2014-2682 |
19 |
|
|
2014-11-16 |
2019-07-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0, when PHP-FPM is used, does not properly share the libxml_disable_entity_loader setting between threads, which might allow remote attackers to conduct XML External Entity (XXE) attacks via an XML external entity declaration in conjunction with an entity reference. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657. |
|
430 |
CVE-2014-2681 |
19 |
|
DoS |
2014-11-16 |
2019-07-16 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657. |
|
431 |
CVE-2014-2667 |
362 |
|
Bypass |
2014-11-16 |
2017-07-01 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. |
|
432 |
CVE-2014-2382 |
399 |
|
DoS Exec Code |
2014-11-20 |
2014-11-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function. |
|
433 |
CVE-2014-2374 |
200 |
|
+Info |
2014-11-05 |
2014-11-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript. |
|
434 |
CVE-2014-2373 |
287 |
|
Bypass |
2014-11-05 |
2014-11-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The web server on the AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to bypass authentication and modify settings via a direct request to an unspecified URL. |
|
435 |
CVE-2014-2268 |
264 |
1
|
|
2014-11-16 |
2017-11-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter. |
|
436 |
CVE-2014-2179 |
20 |
|
|
2014-11-07 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998. |
|
437 |
CVE-2014-2178 |
352 |
|
CSRF |
2014-11-07 |
2018-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145. |
|
438 |
CVE-2014-2177 |
94 |
|
Exec Code |
2014-11-07 |
2018-10-09 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126. |
|
439 |
CVE-2014-2037 |
20 |
|
DoS |
2014-11-26 |
2019-07-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466. |
|
440 |
CVE-2014-2015 |
119 |
|
DoS Exec Code Overflow |
2014-11-02 |
2018-01-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash. |
|
441 |
CVE-2014-1635 |
119 |
1
|
Exec Code Overflow |
2014-11-12 |
2016-03-31 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter. |
|
442 |
CVE-2014-1424 |
264 |
|
Bypass |
2014-11-24 |
2014-11-24 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw." |
|
443 |
CVE-2014-1421 |
264 |
|
Bypass |
2014-11-25 |
2016-12-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors. |
|
444 |
CVE-2014-0995 |
20 |
|
DoS |
2014-11-06 |
2018-12-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern. |
|
445 |
CVE-2014-0590 |
|
|
Exec Code |
2014-11-11 |
2018-12-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, and CVE-2014-0586. |
|
446 |
CVE-2014-0589 |
119 |
|
Exec Code Overflow |
2014-11-11 |
2018-12-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0582. |
|
447 |
CVE-2014-0588 |
|
|
Exec Code |
2014-11-11 |
2018-12-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0573 and CVE-2014-8438. |
|
448 |
CVE-2014-0586 |
94 |
|
Exec Code |
2014-11-11 |
2018-12-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, and CVE-2014-0590. |
|
449 |
CVE-2014-0585 |
94 |
|
Exec Code |
2014-11-11 |
2018-12-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0586, and CVE-2014-0590. |
|
450 |
CVE-2014-0584 |
94 |
|
Exec Code |
2014-11-11 |
2018-12-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0585, CVE-2014-0586, and CVE-2014-0590. |
