VDB

GCVE-110-MAGEIA-2014-349

GCVE-110-MAGEIA-2014-349
Advisory Published
Vulnetix · Advisory published August 25, 2014
Updated bugzilla packages fix security vulnerabilities: Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against Bugzilla's JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API (CVE-2014-1546).

Affected Products

VendorProductVersionsPlatforms
Mageiabugzilla0 (affected), 4.4.5-1.mga4 (unaffected)
Mageiabugzilla0 (affected), 4.4.5-1.mga3 (unaffected)

Browse GCVE Records

73,280 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›