admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-09-25 05:00:34 +00:00
parent 08bac70ade
commit 8b692fb286
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
4 changed files with 116 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
2002/20xxx/CVE-2002-20001.json
View File

@ -1,9 +1,32 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-20001",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -27,29 +50,6 @@
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
@ -63,44 +63,49 @@
"name": "https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol"
},
{
"url": "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/",
"refsource": "MISC",
"name": "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/",
"url": "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/"
"name": "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/"
},
{
"url": "https://github.com/mozilla/ssl-config-generator/issues/162",
"refsource": "MISC",
"name": "https://github.com/mozilla/ssl-config-generator/issues/162",
"url": "https://github.com/mozilla/ssl-config-generator/issues/162"
"name": "https://github.com/mozilla/ssl-config-generator/issues/162"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"url": "https://www.suse.com/support/kb/doc/?id=000020510",
"refsource": "MISC",
"name": "https://www.suse.com/support/kb/doc/?id=000020510",
"url": "https://www.suse.com/support/kb/doc/?id=000020510"
"name": "https://www.suse.com/support/kb/doc/?id=000020510"
},
{
"url": "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/",
"refsource": "MISC",
"name": "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/",
"url": "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/"
"name": "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/"
},
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt",
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"
},
{
"url": "https://support.f5.com/csp/article/K83120834",
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K83120834",
"url": "https://support.f5.com/csp/article/K83120834"
"name": "https://support.f5.com/csp/article/K83120834"
},
{
"url": "https://dheatattack.com",
"refsource": "MISC",
"name": "https://dheatattack.com",
"url": "https://dheatattack.com"
"name": "https://dheatattack.com"
},
{
"url": "https://gitlab.com/dheatattack/dheater",
"refsource": "MISC",
"name": "https://gitlab.com/dheatattack/dheater"
}
]
}

7
2007/1xxx/CVE-2007-1923.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests."
"value": "(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0."
}
]
},
@ -81,6 +81,11 @@
"name": "20070406 ACLS ineffective in SQL-Ledger and LedgerSMB",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464880/100/0/threaded"
},
{
"refsource": "MISC",
"name": "https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog",
"url": "https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog"
}
]
}

48
2015/6xxx/CVE-2015-6964.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6964",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message authentication code (MAC)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://web.archive.org/web/20160506095434/https://multibit.org/blog/2015/07/25/bit-flipping-attack.html",
"url": "https://web.archive.org/web/20160506095434/https://multibit.org/blog/2015/07/25/bit-flipping-attack.html"
}
]
}

18
2023/43xxx/CVE-2023-43826.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43826",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}