Vulnerability Name:

CVE-2014-0520 (CCN-93118)

Assigned:2013-12-20
Published:2014-05-13
Updated:2018-12-13
Summary:Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0518, and CVE-2014-0519.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-264
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2014-0520

Source: CCN
Type: Adobe Product Security Bulletin APSB14-14
Security updates available for Adobe Flash Player

Source: CONFIRM
Type: Vendor Advisory
http://helpx.adobe.com/security/products/flash-player/apsb14-14.html

Source: SUSE
Type: Mailing List, Third Party Advisory
SUSE-SU-2014:0671

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2014:0673

Source: CCN
Type: RHSA-2014-0496
Critical: flash-plugin security update

Source: REDHAT
Type: Third Party Advisory
RHSA-2014:0496

Source: GENTOO
Type: Third Party Advisory
GLSA-201406-08

Source: CCN
Type: BID-67372
Adobe Flash Player and AIR CVE-2014-0520 Unspecified Remote Security Bypass Vulnerability

Source: XF
Type: UNKNOWN
adobe-flash-cve20140520-sec-bypass(93118)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-0520

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 13.0 and < 13.0.0.214)
  • AND
  • cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 11.0 and < 11.2.202.359)
  • AND
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/a:adobe:adobe_air:*:*:*:*:*:*:*:* (Version < 13.0.0.111)

  • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras:6:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:adobe:flash_player:13.0.0.206:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:11.2.202.356:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux_server_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_8:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:*
  • OR cpe:/a:google:chrome:34.0.1847.131:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:52002
    P
    Security update for haproxy (Critical)
    2023-02-14
    oval:org.opensuse.security:def:51934
    P
    Security update for python3 (Important)
    2022-10-06
    oval:org.opensuse.security:def:5302
    P
    Security update for postgresql12 (Important) (in QA)
    2022-08-31
    oval:org.opensuse.security:def:5335
    P
    Security update for postgresql10 (Important)
    2022-08-26
    oval:org.opensuse.security:def:5277
    P
    Security update for the Linux Kernel (Important)
    2022-06-20
    oval:org.opensuse.security:def:20140520
    V
    CVE-2014-0520
    2022-05-20
    oval:org.opensuse.security:def:6026
    P
    Security update for xen (Moderate)
    2022-05-03
    oval:org.opensuse.security:def:5366
    P
    Security update for flac (Moderate)
    2022-03-14
    oval:org.opensuse.security:def:5353
    P
    Security update for php72 (Moderate)
    2022-02-25
    oval:org.opensuse.security:def:5344
    P
    Security update for xen (Important)
    2022-02-17
    oval:org.opensuse.security:def:6004
    P
    Security update for MozillaFirefox (Important)
    2022-01-18
    oval:org.opensuse.security:def:10711
    P
    Security update for MozillaThunderbird (Important)
    2022-01-12
    oval:org.opensuse.security:def:51768
    P
    Security update for apache2 (Important)
    2022-01-12
    oval:org.opensuse.security:def:5168
    P
    Security update for mozilla-nss (Important)
    2021-12-06
    oval:org.opensuse.security:def:10663
    P
    Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:5132
    P
    Security update for the Linux Kernel (Important)
    2021-10-12
    oval:org.opensuse.security:def:5121
    P
    Security update for the Linux Kernel (Important)
    2021-09-23
    oval:org.opensuse.security:def:51662
    P
    Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)
    2021-09-23
    oval:org.opensuse.security:def:5119
    P
    Security update for MozillaFirefox (Important)
    2021-09-22
    oval:org.opensuse.security:def:5110
    P
    Security update for openssl-1_0_0 (Low)
    2021-09-09
    oval:org.opensuse.security:def:10692
    P
    Security update for ffmpeg (Important)
    2021-09-02
    oval:org.opensuse.security:def:5101
    P
    Security update for openexr (Important)
    2021-09-02
    oval:org.opensuse.security:def:5792
    P
    Security update for apache-commons-compress (Important)
    2021-08-05
    oval:org.opensuse.security:def:5770
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:5075
    P
    Security update for the Linux Kernel (Important)
    2021-07-14
    oval:org.opensuse.security:def:5068
    P
    Security update for libgcrypt (Important)
    2021-06-24
    oval:org.opensuse.security:def:11513
    P
    cups-pk-helper-0.2.5-3.75 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:76830
    P
    flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17001
    P
    flash-player-11.2.202.406-1.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11535
    P
    freerdp-1.0.2-7.9 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:10644
    P
    Security update for the Linux Kernel (Important)
    2021-06-08
    oval:org.opensuse.security:def:48670
    P
    flash-player-11.2.202.406-1.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17049
    P
    flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48718
    P
    flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11300
    P
    flash-player-11.2.202.406-1.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11465
    P
    sysvinit-tools-2.88+-94.13 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:76596
    P
    flash-player-11.2.202.406-1.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11534
    P
    flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11487
    P
    zoo-2.10-1020.62 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:5053
    P
    Security update for gstreamer-plugins-bad (Important)
    2021-06-07
    oval:org.opensuse.security:def:10677
    P
    Security update for MozillaThunderbird (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:51896
    P
    Security update for djvulibre (Important)
    2021-05-31
    oval:org.opensuse.security:def:5045
    P
    Security update for postgresql10 (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:5043
    P
    Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:38122
    P
    Security update for djvulibre (Important)
    2021-05-19
    oval:org.opensuse.security:def:38103
    P
    Security update for clamav (Important)
    2021-04-14
    oval:org.opensuse.security:def:5202
    P
    Security update for openssl-1_1 (Important)
    2021-03-25
    oval:org.opensuse.security:def:5183
    P
    Security update for ImageMagick (Moderate)
    2021-02-19
    oval:org.opensuse.security:def:51723
    P
    Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)
    2021-02-10
    oval:org.opensuse.security:def:51485
    P
    Security update for cyrus-sasl (Important)
    2020-12-28
    oval:org.opensuse.security:def:4968
    P
    Security update for PackageKit (Low)
    2020-12-22
    oval:org.opensuse.security:def:51088
    P
    Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)
    2020-12-07
    oval:org.opensuse.security:def:51089
    P
    Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)
    2020-12-07
    oval:org.opensuse.security:def:10584
    P
    Security update for MozillaThunderbird (Important)
    2020-12-07
    oval:org.opensuse.security:def:4887
    P
    Security update for xen (Important)
    2020-12-02
    oval:org.opensuse.security:def:4811
    P
    Security update for apache2 (Moderate)
    2020-12-02
    oval:org.opensuse.security:def:4934
    P
    Security update for libvirt (Important)
    2020-12-02
    oval:org.opensuse.security:def:4819
    P
    Security update for apache2 (Important)
    2020-12-02
    oval:org.opensuse.security:def:4949
    P
    Security update for spice-gtk (Moderate)
    2020-12-02
    oval:org.opensuse.security:def:4841
    P
    Security update for 389-ds (Important)
    2020-12-02
    oval:org.opensuse.security:def:37307
    P
    ppc64-diag on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10629
    P
    augeas-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10763
    P
    libneon-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52612
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:10630
    P
    Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:10786
    P
    librsvg-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52765
    P
    Security update for the Linux Kernel (Live Patch 15 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:51251
    P
    Security update for djvulibre (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38094
    P
    wpa_supplicant on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38846
    P
    flash-player on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51345
    P
    Security update for freetype2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:38852
    P
    gnome-shell-calendar on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37308
    P
    ppp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37640
    P
    perl-Config-IniFiles on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38006
    P
    mozilla-nspr-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10554
    P
    libtiff-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37587
    P
    libspice-server1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37995
    P
    libz1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10814
    P
    libxslt-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10853
    P
    systemtap-sdt-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10514
    P
    libksba-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52419
    P
    Security update for libqt5-qtbase (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:53888
    P
    Security update for LibreOffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37355
    P
    xalan-j2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10811
    P
    libxcb-composite0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52846
    P
    Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP1) (Important)
    2020-12-01
    oval:org.opensuse.security:def:51489
    P
    Security update for python3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:52219
    P
    Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52168
    P
    Security update for java-11-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:38142
    P
    bubblewrap on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38894
    P
    flash-player on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37319
    P
    radvd on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37697
    P
    update-alternatives on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37356
    P
    xdg-utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37688
    P
    sysvinit-tools on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38054
    P
    rrdtool on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10827
    P
    ocaml on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10862
    P
    xfig on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10536
    P
    libraptor-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52493
    P
    Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2) (Important)
    2020-12-01
    oval:org.opensuse.security:def:53962
    P
    flash-player on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10562
    P
    libwmf-0_2-7 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52653
    P
    Security update for the Linux Kernel (Live Patch 2 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:54122
    P
    squashfs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52327
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:38166
    P
    dbus-1-glib on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52453
    P
    Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38170
    P
    dovecot22 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37403
    P
    cracklib on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37787
    P
    ft2demos on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37367
    P
    yast2-core on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37745
    P
    busybox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51322
    P
    Security update for jasper (Low)
    2020-12-01
    oval:org.opensuse.security:def:10875
    P
    aaa_base-malloccheck on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10582
    P
    pam-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10738
    P
    libgnutls-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52531
    P
    Security update for munge (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52727
    P
    Security update for the Linux Kernel (Live Patch 9 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:54196
    P
    flash-player on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51111
    P
    Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38055
    P
    rsync on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38804
    P
    sudo on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51323
    P
    Security update for vim (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52561
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:38214
    P
    gv on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10506
    P
    libidn-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37539
    P
    libjbig2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37947
    P
    libpulse-mainloop-glib0-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37451
    P
    grub2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37835
    P
    krb5-appl-clients on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10805
    P
    libunrar-devel on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:24319
    V
    Adobe Flash Player before 13.0.0.214 on Windows, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK and Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions
    2015-08-03
    oval:org.mitre.oval:def:25159
    P
    SUSE-SU-2014:0671-1 -- Security update for flash-player
    2014-09-08
    oval:org.mitre.oval:def:24229
    P
    ELSA-2014:0496: flash-plugin security update (Critical)
    2014-09-01
    oval:org.mitre.oval:def:24789
    P
    RHSA-2014:0496: flash-plugin security update (Critical)
    2014-06-30
    oval:com.redhat.rhsa:def:20140496
    P
    RHSA-2014:0496: flash-plugin security update (Critical)
    2014-05-14
    oval:com.ubuntu.precise:def:20140520000
    V
    CVE-2014-0520 on Ubuntu 12.04 LTS (precise) - medium.
    2014-05-14
    oval:com.ubuntu.trusty:def:20140520000
    V
    CVE-2014-0520 on Ubuntu 14.04 LTS (trusty) - medium.
    2014-05-14
    BACK
    adobe flash player *
    apple mac os x *
    microsoft windows -
    adobe flash player *
    linux linux kernel *
    adobe adobe air *
    adobe flash player 13.0.0.206
    adobe flash player 11.2.202.356
    redhat enterprise linux server supplementary 6
    redhat enterprise linux workstation supplementary 6
    redhat enterprise linux desktop supplementary 6
    microsoft windows server 2012
    microsoft windows 8 -
    microsoft windows rt -
    microsoft windows 8.1 - -
    google chrome 34.0.1847.131