{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-03-11T00:00:00", "descriptions": [{"lang": "en", "value": "Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows remote attackers to bypass the Same Origin Policy via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-06-19T14:57:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"name": "openSUSE-SU-2014:0379", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00013.html"}, {"name": "SUSE-SU-2014:0387", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00014.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-08.html"}, {"name": "GLSA-201405-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201405-04.xml"}, {"name": "RHSA-2014:0289", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0289.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "ID": "CVE-2014-0503", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows remote attackers to bypass the Same Origin Policy via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2014:0379", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00013.html"}, {"name": "SUSE-SU-2014:0387", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00014.html"}, {"name": "http://helpx.adobe.com/security/products/flash-player/apsb14-08.html", "refsource": "CONFIRM", "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-08.html"}, {"name": "GLSA-201405-04", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201405-04.xml"}, {"name": "RHSA-2014:0289", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0289.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:20:18.516Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2014:0379", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00013.html"}, {"name": "SUSE-SU-2014:0387", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00014.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-08.html"}, {"name": "GLSA-201405-04", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201405-04.xml"}, {"name": "RHSA-2014:0289", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0289.html"}]}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2014-0503", "datePublished": "2014-03-12T01:00:00", "dateReserved": "2013-12-20T00:00:00", "dateUpdated": "2024-08-06T09:20:18.516Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "0651AAFA-8F34-4A2B-AFEA-98327CBBD8F3", "versionEndExcluding": "11.2.202.346", "versionStartIncluding": "11.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "7396A538-119D-4B2B-A4BE-0D8A183653C0", "versionEndExcluding": "11.7.700.272", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "07AFE51A-F581-482E-9A9E-669CDA6220F2", "versionEndExcluding": "12.0.0.77", "versionStartIncluding": "11.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows remote attackers to bypass the Same Origin Policy via unspecified vectors."}, {"lang": "es", "value": "Adobe Flash Player anterior a 11.7.700.272 y 11.8.x hasta 12.0.x anterior a 12.0.0.77 en Windows y OS X, y anterior a 11.2.202.346 en Linux, permite a atacantes remotos evadir Same Origin Policy a trav\u00e9s de vectores no especificados."}], "id": "CVE-2014-0503", "lastModified": "2018-12-13T16:00:37.443", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-03-12T05:15:20.163", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-08.html"}, {"source": "psirt@adobe.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00013.html"}, {"source": "psirt@adobe.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00014.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0289.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201405-04.xml"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2014:0289", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "flash-plugin-0:11.2.202.346-1.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2014-03-12T00:00:00Z"}, {"advisory": "RHSA-2014:0289", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "flash-plugin-0:11.2.202.346-1.el6", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2014-03-12T00:00:00Z"}], "bugzilla": {"description": "flash-plugin: same origin policy bypass (APSB14-08)", "id": "1075250", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1075250"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified"}, "details": ["Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows remote attackers to bypass the Same Origin Policy via unspecified vectors."], "name": "CVE-2014-0503", "public_date": "2014-03-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-0503\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0503\nhttp://helpx.adobe.com/security/products/flash-player/apsb14-08.html"], "threat_severity": "Moderate", "upstream_fix": "flash-plugin 11.2.202.346"}