Vulnerability Database
289,697
Total vulnerabilities in the database
CVE-2014-4671
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.
| Software | From | Fixed in |
|---|---|---|
| adobe / flash_player | - | 11.2.202.378.x |
| adobe / flash_player | 11.2.202.223 | 11.2.202.223.x |
| adobe / flash_player | 11.2.202.228 | 11.2.202.228.x |
| adobe / flash_player | 11.2.202.233 | 11.2.202.233.x |
| adobe / flash_player | 11.2.202.235 | 11.2.202.235.x |
| adobe / flash_player | 11.2.202.236 | 11.2.202.236.x |
| adobe / flash_player | 11.2.202.238 | 11.2.202.238.x |
| adobe / flash_player | 11.2.202.243 | 11.2.202.243.x |
| adobe / flash_player | 11.2.202.251 | 11.2.202.251.x |
| adobe / flash_player | 11.2.202.258 | 11.2.202.258.x |
| adobe / flash_player | 11.2.202.261 | 11.2.202.261.x |
| adobe / flash_player | 11.2.202.262 | 11.2.202.262.x |
| adobe / flash_player | 11.2.202.270 | 11.2.202.270.x |
| adobe / flash_player | 11.2.202.273 | 11.2.202.273.x |
| adobe / flash_player | 11.2.202.275 | 11.2.202.275.x |
| adobe / flash_player | 11.2.202.280 | 11.2.202.280.x |
| adobe / flash_player | 11.2.202.285 | 11.2.202.285.x |
| adobe / flash_player | 11.2.202.291 | 11.2.202.291.x |
| adobe / flash_player | 11.2.202.297 | 11.2.202.297.x |
| adobe / flash_player | 11.2.202.310 | 11.2.202.310.x |
| adobe / flash_player | 11.2.202.332 | 11.2.202.332.x |
| adobe / flash_player | 11.2.202.335 | 11.2.202.335.x |
| adobe / flash_player | 11.2.202.336 | 11.2.202.336.x |
| adobe / flash_player | 11.2.202.341 | 11.2.202.341.x |
| adobe / flash_player | 11.2.202.346 | 11.2.202.346.x |
| adobe / flash_player | 11.2.202.350 | 11.2.202.350.x |
| adobe / flash_player | 11.2.202.356 | 11.2.202.356.x |
| adobe / flash_player | 11.2.202.359 | 11.2.202.359.x |
| adobe / adobe_air | - | 14.0.0.110.x |
| adobe / adobe_air | 13.0.0.111 | 13.0.0.111.x |
| adobe / adobe_air | 13.0.0.83 | 13.0.0.83.x |
| adobe / adobe_air_sdk | 13.0.0.111 | 13.0.0.111.x |
| adobe / adobe_air_sdk | 13.0.0.83 | 13.0.0.83.x |
| adobe / adobe_air_sdk | - | 14.0.0.110.x |
| adobe / flash_player | - | 13.0.0.223.x |
| adobe / flash_player | 13.0.0.182 | 13.0.0.182.x |
| adobe / flash_player | 13.0.0.201 | 13.0.0.201.x |
| adobe / flash_player | 13.0.0.206 | 13.0.0.206.x |
| adobe / flash_player | 13.0.0.214 | 13.0.0.214.x |
| adobe / flash_player | 14.0.0.125 | 14.0.0.125.x |
@hapi / hapi
|
- | 6.1.0 |
- http://helpx.adobe.com/security/products/flash-player/apsb14-17.html
- http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
- http://rhn.redhat.com/errata/RHSA-2014-0860.html
- http://secunia.com/advisories/59774
- http://secunia.com/advisories/59837
- http://security.gentoo.org/glsa/glsa-201407-02.xml
- http://www.securityfocus.com/bid/68457
- http://www.securitytracker.com/id/1030533
- https://github.com/patrickkettner
- https://github.com/spumko/hapi/pull/1766
- https://www.npmjs.com/advisories/12