CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2014-0497

CVSS 9.8v3.1pub. 2014-02-05upd. 2026-04-21

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Adobe Flash Player

    APP
    Adobe
    < 11.2.202.336< 11.7.700.26111.8.800.94 – 12.0.0.44 (bez)
  • Apple macOS

    OS
    Apple
    wszystkie wersje
  • Apple Mac Os X

    OS
    Apple
    wszystkie wersje
  • Google Chrome

    APP
    Google
    < 32.0.1700.107
  • Google Chrome Os

    OS
    Google
    wszystkie wersje
  • Linux Kernel

    OS
    Linux
    wszystkie wersje
  • Microsoft Windows

    OS
    Microsoft
    wszystkie wersje
  • Opensuse

    OS
    Opensuse
    11.412.313.1
  • Red Hat Enterprise Linux Desktop

    OS
    Redhat
    5.06.0
  • Red Hat Enterprise Linux Eus

    OS
    Redhat
    6.5
  • Red Hat Enterprise Linux Server

    OS
    Redhat
    5.06.0
  • Red Hat Enterprise Linux Server Aus

    OS
    Redhat
    6.5
  • Red Hat Enterprise Linux Workstation

    OS
    Redhat
    5.06.0
  • SUSE Linux Enterprise Desktop

    OS
    Suse
    11

CISA KEV — detailsi

Vendori
Adobe
Producti
Flash Player
Added to KEVi
September 17, 2024
Remediation deadline (US Federal)i
October 8, 2024(overdue)
Required action (CISA)i

The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

CISA descriptioni

Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 8 października 2024
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP