Details of VAR-201402-0253

ID

VAR-201402-0253

CVE

CVE-2014-0502

TITLE

Adobe Flash Player and Adobe AIR Memory double free vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001442

DESCRIPTION

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014. Attacks on this vulnerability 2014 Year 2 Observed on the moon.A third party may execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. Adobe AIR is a technology developed for the combination of network and desktop applications, which can control cloud programs on the network without going through a browser. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted SWF file using Adobe Flash Player, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass the Same Origin Policy or read the clipboard via unspecified vectors. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.356" References ========== [ 1 ] CVE-2014-0498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0498 [ 2 ] CVE-2014-0499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0499 [ 3 ] CVE-2014-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0502 [ 4 ] CVE-2014-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0503 [ 5 ] CVE-2014-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0504 [ 6 ] CVE-2014-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0506 [ 7 ] CVE-2014-0507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0507 [ 8 ] CVE-2014-0508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0508 [ 9 ] CVE-2014-0509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0509 [ 10 ] CVE-2014-0515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0515 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201405-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:0196-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0196.html Issue date: 2014-02-21 CVE Names: CVE-2014-0498 CVE-2014-0499 CVE-2014-0502 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security bulletin APSB14-07, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.341-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.341-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.341-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.341-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.341-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.341-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.341-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.341-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.341-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.341-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0498.html https://www.redhat.com/security/data/cve/CVE-2014-0499.html https://www.redhat.com/security/data/cve/CVE-2014-0502.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-07.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTByEnXlSAg2UNWIIRAi1rAKCBxwErUI32sTpMx0NosGcAjO+YSQCfZzHe MX7b/r4AbJFfCjm9BexmJdw= =X9yY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.25

sources: NVD: CVE-2014-0502 // JVNDB: JVNDB-2014-001442 // BID: 65702 // VULHUB: VHN-67995 // VULMON: CVE-2014-0502 // PACKETSTORM: 126479 // PACKETSTORM: 125342

AFFECTED PRODUCTS

vendor:	opensuse	model:	opensuse	scope:	eq	version:	12.3	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	11.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	5.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	6.5	Trust: 1.0
vendor:	adobe	model:	air	scope:	lt	version:	4.0.0.1628	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lt	version:	12.0.0.70	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	5.0	Trust: 1.0
vendor:	adobe	model:	air sdk	scope:	lt	version:	4.0.0.1628	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lt	version:	11.2.202.341	Trust: 1.0
vendor:	suse	model:	linux enterprise desktop	scope:	eq	version:	11	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	5.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lt	version:	11.7.700.269	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	gte	version:	11.8.800.94	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.5	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	lt	version:	)	Trust: 0.8
vendor:	adobe	model:	air	scope:	eq	version:	4.0.0.1628	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	11.7.700.269	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.341	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	eq	version:	4.0.0.1628	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	machintosh version linux edition chrome)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	11.8.x from 12.0.x (windows macintosh)	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	lt	version:	)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	11.8.x from 12.0.x (windows edition	Trust: 0.8
vendor:	adobe	model:	air	scope:	lt	version:	(android)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	11.8.x from 12.0.x (windows 8.1 edition internet explorer 11)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	11.8.x from 12.0.x (windows 8.0 edition internet explorer 10)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	12.0.0.70	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	eq	version:	& compiler 4.0.0.1628	Trust: 0.8
vendor:	google	model:	chrome	scope:	eq	version:	(windows/macintosh/linux : adobe flash player 12.0.0.70	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(linux)	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	11 (windows 8.1/windows server 2012 r2/windows rt 8.1 : adobe flash player 12.0.0.70	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(windows macintosh)	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	lt	version:	(windows macintosh)	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	10 (windows 8/windows server 2012/windows rt : adobe flash player 12.0.0.70	Trust: 0.8
vendor:	adobe	model:	air	scope:	eq	version:	3.9.0.1030	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.327	Trust: 0.6
vendor:	adobe	model:	air	scope:	eq	version:	3.9.0.1380	Trust: 0.6
vendor:	adobe	model:	air	scope:	eq	version:	3.7.0.2090	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.335	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.332	Trust: 0.6
vendor:	adobe	model:	air	scope:	eq	version:	3.9.0.1210	Trust: 0.6
vendor:	adobe	model:	air	scope:	eq	version:	4.0.0.1390	Trust: 0.6
vendor:	adobe	model:	air	scope:	eq	version:	3.9.0.1060	Trust: 0.6
vendor:	adobe	model:	air	scope:	eq	version:	3.8.0.910	Trust: 0.6
vendor:	suse	model:	opensuse	scope:	eq	version:	11.4	Trust: 0.3
vendor:	red	model:	hat enterprise linux workstation supplementary	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux supplementary server	scope:	eq	version:	5	Trust: 0.3
vendor:	red	model:	hat enterprise linux server supplementary	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop supplementary	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop supplementary client	scope:	eq	version:	5	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.235	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.233	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.229	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.228	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.223	Trust: 0.3

sources: BID: 65702 // JVNDB: JVNDB-2014-001442 // CNNVD: CNNVD-201402-304 // NVD: CVE-2014-0502

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0502
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2014-0502
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0502
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201402-304
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-67995
value:	HIGH
Trust: 0.1
VULMON:	CVE-2014-0502
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0502
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-67995
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2014-0502
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-67995 // VULMON: CVE-2014-0502 // JVNDB: JVNDB-2014-001442 // CNNVD: CNNVD-201402-304 // NVD: CVE-2014-0502 // NVD: CVE-2014-0502

PROBLEMTYPE DATA

problemtype:	CWE-415	Trust: 1.0
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-67995 // JVNDB: JVNDB-2014-001442 // NVD: CVE-2014-0502

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-304

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201402-304

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001442

PATCH

title:	APSB14-07	url:	http://helpx.adobe.com/security/products/flash-player/apsb14-07.html	Trust: 0.8
title:	APSB14-07	url:	http://helpx.adobe.com/jp/security/products/flash-player/apsb14-07.html	Trust: 0.8
title:	Google Chrome	url:	http://www.google.co.jp/chrome/intl/ja/landing_ff_yt.html?hl=ja&hl=ja	Trust: 0.8
title:	Chrome Releases	url:	http://googlechromereleases.blogspot.jp/	Trust: 0.8
title:	Google Chrome を更新する	url:	https://support.google.com/chrome/answer/95414?hl=ja	Trust: 0.8
title:	Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)	url:	http://technet.microsoft.com/en-us/security/advisory/2755801	Trust: 0.8
title:	RHSA-2014:0196	url:	http://rhn.redhat.com/errata/RHSA-2014-0196.html	Trust: 0.8
title:	Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム (2755801)	url:	http://technet.microsoft.com/ja-jp/security/advisory/2755801	Trust: 0.8
title:	The Register	url:	https://www.theregister.co.uk/2014/02/20/flash_adobe_posts_emergency_fix/	Trust: 0.2
title:	Red Hat: CVE-2014-0502	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2014-0502	Trust: 0.1
title:	shellcode-resources	url:	https://github.com/alphaSeclab/shellcode-resources	Trust: 0.1
title:	-	url:	https://github.com/fei9747/shellcode-resources	Trust: 0.1
title:	welivesecurity	url:	https://www.welivesecurity.com/2014/10/31/two-recently-patched-adobe-flash-vulnerabilities-now-used-exploit-kits/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/emergency-adobe-flash-update-handles-zero-day-under-attack/104387/	Trust: 0.1

sources: VULMON: CVE-2014-0502 // JVNDB: JVNDB-2014-001442

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0502	Trust: 3.1
db:	JVNDB	id:	JVNDB-2014-001442	Trust: 0.8
db:	CNNVD	id:	CNNVD-201402-304	Trust: 0.6
db:	BID	id:	65702	Trust: 0.5
db:	SEEBUG	id:	SSVID-61524	Trust: 0.1
db:	VULHUB	id:	VHN-67995	Trust: 0.1
db:	VULMON	id:	CVE-2014-0502	Trust: 0.1
db:	PACKETSTORM	id:	126479	Trust: 0.1
db:	PACKETSTORM	id:	125342	Trust: 0.1

sources: VULHUB: VHN-67995 // VULMON: CVE-2014-0502 // BID: 65702 // JVNDB: JVNDB-2014-001442 // PACKETSTORM: 126479 // PACKETSTORM: 125342 // CNNVD: CNNVD-201402-304 // NVD: CVE-2014-0502

REFERENCES

url:	http://helpx.adobe.com/security/products/flash-player/apsb14-07.html	Trust: 2.2
url:	http://security.gentoo.org/glsa/glsa-201405-04.xml	Trust: 1.3
url:	http://rhn.redhat.com/errata/rhsa-2014-0196.html	Trust: 1.3
url:	http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/	Trust: 1.2
url:	https://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0502	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20140221-adobeflashplayer.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2014/at140010.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0502	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=13084	Trust: 0.8
url:	http://support.microsoft.com/kb/2934802	Trust: 0.3
url:	http://www.adobe.com/products/air/	Trust: 0.3
url:	http://www.adobe.com/products/flash/	Trust: 0.3
url:	http://technet.microsoft.com/en-us/security/advisory/2755801	Trust: 0.3
url:	http://www.compatdb.org/forums/topic/99411-security-announce-opensuse-su-20140277-1-critical-flash-player-update-to-112202341-security-release/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0502	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0499	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0498	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/399.html	Trust: 0.1
url:	https://www.securityfocus.com/bid/65702	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.theregister.co.uk/2014/02/20/flash_adobe_posts_emergency_fix/	Trust: 0.1
url:	https://threatpost.com/emergency-adobe-flash-update-handles-zero-day-under-attack/104387/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-0502	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32953	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0515	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0508	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0506	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0503	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0502	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0507	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0504	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0499	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0508	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0515	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0498	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0504	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0503	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0507	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0509	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0506	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0509	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-0499.html	Trust: 0.1
url:	https://access.redhat.com/security/team/key/#package	Trust: 0.1
url:	https://access.redhat.com/site/articles/11258	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-0502.html	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-0498.html	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1

CREDITS

The Google Security Team and FireEye

Trust: 0.3

sources: BID: 65702

SOURCES

db:	VULHUB	id:	VHN-67995
db:	VULMON	id:	CVE-2014-0502
db:	BID	id:	65702
db:	JVNDB	id:	JVNDB-2014-001442
db:	PACKETSTORM	id:	126479
db:	PACKETSTORM	id:	125342
db:	CNNVD	id:	CNNVD-201402-304
db:	NVD	id:	CVE-2014-0502

LAST UPDATE DATE

2024-12-20T20:38:37.703000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-67995	date:	2018-12-13T00:00:00
db:	VULMON	id:	CVE-2014-0502	date:	2018-12-13T00:00:00
db:	BID	id:	65702	date:	2015-03-19T08:30:00
db:	JVNDB	id:	JVNDB-2014-001442	date:	2014-03-13T00:00:00
db:	CNNVD	id:	CNNVD-201402-304	date:	2014-02-25T00:00:00
db:	NVD	id:	CVE-2014-0502	date:	2024-12-20T14:22:23.487

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-67995	date:	2014-02-21T00:00:00
db:	VULMON	id:	CVE-2014-0502	date:	2014-02-21T00:00:00
db:	BID	id:	65702	date:	2014-02-20T00:00:00
db:	JVNDB	id:	JVNDB-2014-001442	date:	2014-02-24T00:00:00
db:	PACKETSTORM	id:	126479	date:	2014-05-05T17:15:13
db:	PACKETSTORM	id:	125342	date:	2014-02-22T03:40:21
db:	CNNVD	id:	CNNVD-201402-304	date:	2014-02-25T00:00:00
db:	NVD	id:	CVE-2014-0502	date:	2014-02-21T05:07:00.017