Auto-Update: 2023-09-25T06:00:25.149438+00:00

CVE-2002/CVE-2002-200xx/CVE-2002-20001.json

@@ -2,12 +2,12 @@
   "id": "CVE-2002-20001",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2021-11-11T19:15:07.380",
-  "lastModified": "2023-08-16T14:17:11.363",
+  "lastModified": "2023-09-25T05:15:09.530",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE."
+      "value": "The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE."
     },
     {
       "lang": "es",
@@ -77,7 +77,6 @@
   ],
   "configurations": [
     {
-      "operator": "AND",
       "nodes": [
         {
           "operator": "OR",
@@ -120,7 +119,6 @@
       ]
     },
     {
-      "operator": "AND",
       "nodes": [
         {
           "operator": "OR",
@@ -146,7 +144,6 @@
       ]
     },
     {
-      "operator": "AND",
       "nodes": [
         {
           "operator": "OR",
@@ -479,7 +476,6 @@
       ]
     },
     {
-      "operator": "AND",
       "nodes": [
         {
           "operator": "OR",
@@ -539,6 +535,10 @@
         "Issue Tracking"
       ]
     },
+    {
+      "url": "https://gitlab.com/dheatattack/dheater",
+      "source": "cve@mitre.org"
+    },
     {
       "url": "https://support.f5.com/csp/article/K83120834",
       "source": "cve@mitre.org",

CVE-2007/CVE-2007-19xx/CVE-2007-1923.json

@@ -2,12 +2,12 @@
   "id": "CVE-2007-1923",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2007-04-10T23:19:00.000",
-  "lastModified": "2018-10-16T16:41:27.757",
+  "lastModified": "2023-09-25T05:15:10.093",
   "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests."
+      "value": "(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0."
     },
     {
       "lang": "es",
@@ -76,6 +76,14 @@
     }
   ],
   "references": [
+    {
+      "url": "http://osvdb.org/38217",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "http://osvdb.org/38218",
+      "source": "cve@mitre.org"
+    },
     {
       "url": "http://securityreason.com/securityalert/2552",
       "source": "cve@mitre.org"
@@ -91,6 +99,10 @@
     {
       "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33494",
       "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog",
+      "source": "cve@mitre.org"
     }
   ]
 }

CVE-2015/CVE-2015-69xx/CVE-2015-6964.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2015-6964",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-25T05:15:10.243",
+  "lastModified": "2023-09-25T05:15:10.243",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message authentication code (MAC)."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://web.archive.org/web/20160506095434/https://multibit.org/blog/2015/07/25/bit-flipping-attack.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-09-25T04:00:24.307383+00:00
+2023-09-25T06:00:25.149438+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-09-25T03:15:09.743000+00:00
+2023-09-25T05:15:10.243000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,36 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-226091
+226092
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `6`
+Recently added CVEs: `1`
 
-* [CVE-2023-41872](CVE-2023/CVE-2023-418xx/CVE-2023-41872.json) (`2023-09-25T02:15:09.827`)
+* [CVE-2015-6964](CVE-2015/CVE-2015-69xx/CVE-2015-6964.json) (`2023-09-25T05:15:10.243`)
-* [CVE-2023-5150](CVE-2023/CVE-2023-51xx/CVE-2023-5150.json) (`2023-09-25T02:15:10.560`)
-* [CVE-2023-5151](CVE-2023/CVE-2023-51xx/CVE-2023-5151.json) (`2023-09-25T02:15:10.657`)
-* [CVE-2023-5152](CVE-2023/CVE-2023-51xx/CVE-2023-5152.json) (`2023-09-25T02:15:10.743`)
-* [CVE-2023-5153](CVE-2023/CVE-2023-51xx/CVE-2023-5153.json) (`2023-09-25T03:15:09.390`)
-* [CVE-2023-5154](CVE-2023/CVE-2023-51xx/CVE-2023-5154.json) (`2023-09-25T03:15:09.743`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `11`
+Recently modified CVEs: `2`
 
-* [CVE-2013-6371](CVE-2013/CVE-2013-63xx/CVE-2013-6371.json) (`2023-09-25T02:30:45.793`)
+* [CVE-2002-20001](CVE-2002/CVE-2002-200xx/CVE-2002-20001.json) (`2023-09-25T05:15:09.530`)
-* [CVE-2013-6370](CVE-2013/CVE-2013-63xx/CVE-2013-6370.json) (`2023-09-25T02:30:53.533`)
+* [CVE-2007-1923](CVE-2007/CVE-2007-19xx/CVE-2007-1923.json) (`2023-09-25T05:15:10.093`)
-* [CVE-2019-9017](CVE-2019/CVE-2019-90xx/CVE-2019-9017.json) (`2023-09-25T02:29:09.350`)
-* [CVE-2020-12762](CVE-2020/CVE-2020-127xx/CVE-2020-12762.json) (`2023-09-25T02:30:32.380`)
-* [CVE-2020-10627](CVE-2020/CVE-2020-106xx/CVE-2020-10627.json) (`2023-09-25T02:30:38.667`)
-* [CVE-2021-36767](CVE-2021/CVE-2021-367xx/CVE-2021-36767.json) (`2023-09-25T02:30:08.853`)
-* [CVE-2021-32292](CVE-2021/CVE-2021-322xx/CVE-2021-32292.json) (`2023-09-25T02:31:07.580`)
-* [CVE-2022-32190](CVE-2022/CVE-2022-321xx/CVE-2022-32190.json) (`2023-09-25T02:29:22.430`)
-* [CVE-2022-42965](CVE-2022/CVE-2022-429xx/CVE-2022-42965.json) (`2023-09-25T02:29:58.253`)
-* [CVE-2023-3028](CVE-2023/CVE-2023-30xx/CVE-2023-3028.json) (`2023-09-25T02:29:40.000`)
-* [CVE-2023-39018](CVE-2023/CVE-2023-390xx/CVE-2023-39018.json) (`2023-09-25T02:30:25.407`)
 
 
 ## Download and Usage