diff --git a/2011/3xxx/CVE-2011-3642.json b/2011/3xxx/CVE-2011-3642.json index fac2f447f40..ff72c2dadbd 100644 --- a/2011/3xxx/CVE-2011-3642.json +++ b/2011/3xxx/CVE-2011-3642.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-3642", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,96 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://web.appsec.ws/FlashExploitDatabase.php", + "url": "http://web.appsec.ws/FlashExploitDatabase.php" + }, + { + "refsource": "MISC", + "name": "http://appsec.ws/Presentations/FlashFlooding.pdf", + "url": "http://appsec.ws/Presentations/FlashFlooding.pdf" + }, + { + "refsource": "MISC", + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-009", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-009" + }, + { + "refsource": "MISC", + "name": "https://code.google.com/p/flowplayer-core/issues/detail?id=441", + "url": "https://code.google.com/p/flowplayer-core/issues/detail?id=441" + }, + { + "refsource": "MISC", + "name": "https://mahara.org/interaction/forum/topic.php?id=5237", + "url": "https://mahara.org/interaction/forum/topic.php?id=5237" + }, + { + "refsource": "MISC", + "name": "http://secunia.com/advisories/52074", + "url": "http://secunia.com/advisories/52074" + }, + { + "refsource": "MISC", + "name": "http://secunia.com/advisories/54206", + "url": "http://secunia.com/advisories/54206" + }, + { + "refsource": "MISC", + "name": "http://secunia.com/advisories/58854", + "url": "http://secunia.com/advisories/58854" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/48651", + "url": "https://www.securityfocus.com/bid/48651" + }, + { + "refsource": "MISC", + "name": "https://bugs.launchpad.net/mahara/+bug/1103748", + "url": "https://bugs.launchpad.net/mahara/+bug/1103748" } ] } diff --git a/2014/2xxx/CVE-2014-2225.json b/2014/2xxx/CVE-2014-2225.json index 5a03be01518..599a8147102 100644 --- a/2014/2xxx/CVE-2014-2225.json +++ b/2014/2xxx/CVE-2014-2225.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2225", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://sethsec.blogspot.com/2014/07/cve-2014-2225.html", + "url": "http://sethsec.blogspot.com/2014/07/cve-2014-2225.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Jul/126", + "url": "http://seclists.org/fulldisclosure/2014/Jul/126" } ] }