diff --git a/2002/20xxx/CVE-2002-20001.json b/2002/20xxx/CVE-2002-20001.json index e548397d68f..4070e4d42f1 100644 --- a/2002/20xxx/CVE-2002-20001.json +++ b/2002/20xxx/CVE-2002-20001.json @@ -1,9 +1,32 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-20001", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -27,29 +50,6 @@ ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, "references": { "reference_data": [ { @@ -63,44 +63,49 @@ "name": "https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol" }, { + "url": "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/", "refsource": "MISC", - "name": "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/", - "url": "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/" + "name": "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/" }, { + "url": "https://github.com/mozilla/ssl-config-generator/issues/162", "refsource": "MISC", - "name": "https://github.com/mozilla/ssl-config-generator/issues/162", - "url": "https://github.com/mozilla/ssl-config-generator/issues/162" + "name": "https://github.com/mozilla/ssl-config-generator/issues/162" }, { - "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf" + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf" }, { + "url": "https://www.suse.com/support/kb/doc/?id=000020510", "refsource": "MISC", - "name": "https://www.suse.com/support/kb/doc/?id=000020510", - "url": "https://www.suse.com/support/kb/doc/?id=000020510" + "name": "https://www.suse.com/support/kb/doc/?id=000020510" }, { + "url": "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/", "refsource": "MISC", - "name": "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/", - "url": "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/" + "name": "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/" }, { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt", "refsource": "MISC", - "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt", - "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt" + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt" }, { + "url": "https://support.f5.com/csp/article/K83120834", "refsource": "MISC", - "name": "https://support.f5.com/csp/article/K83120834", - "url": "https://support.f5.com/csp/article/K83120834" + "name": "https://support.f5.com/csp/article/K83120834" }, { + "url": "https://dheatattack.com", "refsource": "MISC", - "name": "https://dheatattack.com", - "url": "https://dheatattack.com" + "name": "https://dheatattack.com" + }, + { + "url": "https://gitlab.com/dheatattack/dheater", + "refsource": "MISC", + "name": "https://gitlab.com/dheatattack/dheater" } ] } diff --git a/2007/1xxx/CVE-2007-1923.json b/2007/1xxx/CVE-2007-1923.json index 67daab926ab..4430e5c3bd2 100644 --- a/2007/1xxx/CVE-2007-1923.json +++ b/2007/1xxx/CVE-2007-1923.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests." + "value": "(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0." } ] }, @@ -81,6 +81,11 @@ "name": "20070406 ACLS ineffective in SQL-Ledger and LedgerSMB", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/464880/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog", + "url": "https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog" } ] } diff --git a/2015/6xxx/CVE-2015-6964.json b/2015/6xxx/CVE-2015-6964.json index 782596fc45f..97f16b4a7a7 100644 --- a/2015/6xxx/CVE-2015-6964.json +++ b/2015/6xxx/CVE-2015-6964.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-6964", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message authentication code (MAC)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://web.archive.org/web/20160506095434/https://multibit.org/blog/2015/07/25/bit-flipping-attack.html", + "url": "https://web.archive.org/web/20160506095434/https://multibit.org/blog/2015/07/25/bit-flipping-attack.html" } ] } diff --git a/2023/43xxx/CVE-2023-43826.json b/2023/43xxx/CVE-2023-43826.json new file mode 100644 index 00000000000..f1df1ab961b --- /dev/null +++ b/2023/43xxx/CVE-2023-43826.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-43826", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file