From 43f5468d528c8da1c9b1c90f4b3fae52e0ffeec9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 8 Feb 2020 16:01:06 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2011/3xxx/CVE-2011-3642.json | 93 +++++++++++++++++++++++++++++++++++- 2014/2xxx/CVE-2014-2225.json | 53 +++++++++++++++++++- 2 files changed, 142 insertions(+), 4 deletions(-) diff --git a/2011/3xxx/CVE-2011-3642.json b/2011/3xxx/CVE-2011-3642.json index fac2f447f40..ff72c2dadbd 100644 --- a/2011/3xxx/CVE-2011-3642.json +++ b/2011/3xxx/CVE-2011-3642.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-3642", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,96 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://web.appsec.ws/FlashExploitDatabase.php", + "url": "http://web.appsec.ws/FlashExploitDatabase.php" + }, + { + "refsource": "MISC", + "name": "http://appsec.ws/Presentations/FlashFlooding.pdf", + "url": "http://appsec.ws/Presentations/FlashFlooding.pdf" + }, + { + "refsource": "MISC", + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-009", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-009" + }, + { + "refsource": "MISC", + "name": "https://code.google.com/p/flowplayer-core/issues/detail?id=441", + "url": "https://code.google.com/p/flowplayer-core/issues/detail?id=441" + }, + { + "refsource": "MISC", + "name": "https://mahara.org/interaction/forum/topic.php?id=5237", + "url": "https://mahara.org/interaction/forum/topic.php?id=5237" + }, + { + "refsource": "MISC", + "name": "http://secunia.com/advisories/52074", + "url": "http://secunia.com/advisories/52074" + }, + { + "refsource": "MISC", + "name": "http://secunia.com/advisories/54206", + "url": "http://secunia.com/advisories/54206" + }, + { + "refsource": "MISC", + "name": "http://secunia.com/advisories/58854", + "url": "http://secunia.com/advisories/58854" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/48651", + "url": "https://www.securityfocus.com/bid/48651" + }, + { + "refsource": "MISC", + "name": "https://bugs.launchpad.net/mahara/+bug/1103748", + "url": "https://bugs.launchpad.net/mahara/+bug/1103748" } ] } diff --git a/2014/2xxx/CVE-2014-2225.json b/2014/2xxx/CVE-2014-2225.json index 5a03be01518..599a8147102 100644 --- a/2014/2xxx/CVE-2014-2225.json +++ b/2014/2xxx/CVE-2014-2225.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2225", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://sethsec.blogspot.com/2014/07/cve-2014-2225.html", + "url": "http://sethsec.blogspot.com/2014/07/cve-2014-2225.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Jul/126", + "url": "http://seclists.org/fulldisclosure/2014/Jul/126" } ] }