Auto-Update: 2024-09-09T12:00:20.280431+00:00

CVE-2024/CVE-2024-65xx/CVE-2024-6572.json

@@ -0,0 +1,78 @@
+{
+  "id": "CVE-2024-6572",
+  "sourceIdentifier": "security@checkmk.com",
+  "published": "2024-09-09T10:15:01.863",
+  "lastModified": "2024-09-09T10:15:01.863",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "security@checkmk.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "PRESENT",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "LOW",
+          "vulnerableSystemIntegrity": "NONE",
+          "vulnerableSystemAvailability": "NONE",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "LOW",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        }
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@checkmk.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-322"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://checkmk.com/werk/17148",
+      "source": "security@checkmk.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-86xx/CVE-2024-8601.json

@@ -0,0 +1,78 @@
+{
+  "id": "CVE-2024-8601",
+  "sourceIdentifier": "vdisclose@cert-in.org.in",
+  "published": "2024-09-09T10:15:03.027",
+  "lastModified": "2024-09-09T10:15:03.027",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to unauthorized access to sensitive information belonging to other users."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "vdisclose@cert-in.org.in",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "HIGH",
+          "vulnerableSystemIntegrity": "NONE",
+          "vulnerableSystemAvailability": "NONE",
+          "subsequentSystemConfidentiality": "LOW",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED",
+          "baseScore": 8.7,
+          "baseSeverity": "HIGH"
+        }
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vdisclose@cert-in.org.in",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-639"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0285",
+      "source": "vdisclose@cert-in.org.in"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-09-09T10:00:38.429774+00:00
+2024-09-09T12:00:20.280431+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-09-09T09:15:02.513000+00:00
+2024-09-09T10:15:03.027000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,22 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-262202
+262204
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `1`
+Recently added CVEs: `2`
 
-- [CVE-2024-37288](CVE-2024/CVE-2024-372xx/CVE-2024-37288.json) (`2024-09-09T09:15:02.183`)
+- [CVE-2024-6572](CVE-2024/CVE-2024-65xx/CVE-2024-6572.json) (`2024-09-09T10:15:01.863`)
+- [CVE-2024-8601](CVE-2024/CVE-2024-86xx/CVE-2024-8601.json) (`2024-09-09T10:15:03.027`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `2`
+Recently modified CVEs: `0`
 
-- [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2024-09-09T08:15:01.823`)
-- [CVE-2024-6445](CVE-2024/CVE-2024-64xx/CVE-2024-6445.json) (`2024-09-09T09:15:02.513`)
 
 
 ## Download and Usage

_state.csv

@@ -229741,7 +229741,7 @@ CVE-2023-39413,0,0,07d7973617bd3d4043f20cbddfb921b148f38545b4aaa7b5b197db83e0f75
 CVE-2023-39414,0,0,df3366c5cd098a0f58ec464993c3c9a90cc0b1e3be0c34d75d97071eae949fe6,2024-04-09T21:15:15.667000
 CVE-2023-39415,0,0,27b9dd5456a592ff692af46b1f23533abbd434af7c0c962ebf0040a220d751b2,2023-08-23T16:48:55.417000
 CVE-2023-39416,0,0,6807b062ba92b9cf862f68fd9ddeafbe506e4d8e4e3f7b2b9e67a4ddb023742a,2023-08-23T16:48:22.340000
-CVE-2023-39417,0,1,878757a17fb5484845fa16a22486747940d4a7a20731835c89d9701d12a28f86,2024-09-09T08:15:01.823000
+CVE-2023-39417,0,0,878757a17fb5484845fa16a22486747940d4a7a20731835c89d9701d12a28f86,2024-09-09T08:15:01.823000
 CVE-2023-39418,0,0,4713e1794596973e7057eaf6281de09730655b18c050be46cb5081ae3e9274c4,2024-02-16T13:57:03.523000
 CVE-2023-39419,0,0,ee267622741a44d152afc4fe62f01b921f09d42e74bafbc7a6ab718b4f39626f,2023-08-15T16:12:43.840000
 CVE-2023-3942,0,0,73ae15f39ea20fcda0dae967d14f10440c888a7e04de1225762effbf472b33f6,2024-05-21T16:54:35.880000
@@ -255012,7 +255012,7 @@ CVE-2024-37282,0,0,9e75dd72782fd47fb8dcc1bf3ef22e08f7f64df6cb16c7858ce8e53d3eddf
 CVE-2024-37283,0,0,07a52ca714a9a80e3a78bead6f35fc6d30e576ab4ba6daa4bcb81e93f175a210,2024-08-12T13:41:36.517000
 CVE-2024-37286,0,0,10f2f815d7a7cf1bd4d9a66e0df29331d0a360a2b816ffdb4c8479be46d14628,2024-08-05T12:41:45.957000
 CVE-2024-37287,0,0,a9d3453fb1c9fe3cd5af0cb7ff0109d98a345ff76f4539de093f05db9c477ffa,2024-08-22T13:33:12.477000
-CVE-2024-37288,1,1,a9ec1f6b09b18ee131d22916ff67fd7b807176b39cbb7851205b3769ed107a61,2024-09-09T09:15:02.183000
+CVE-2024-37288,0,0,a9ec1f6b09b18ee131d22916ff67fd7b807176b39cbb7851205b3769ed107a61,2024-09-09T09:15:02.183000
 CVE-2024-37289,0,0,2976747a57097020fbcd1f162347209565208622cbfbb8b77b0b7237b06e86b8,2024-07-03T02:04:12.080000
 CVE-2024-3729,0,0,3415ccd7b93278c163a46fc8f742b8dd4fa5f770790b8aa49be2a2c1ba3b0c85,2024-05-02T18:00:37.360000
 CVE-2024-37293,0,0,b38c9bef2ce8854b8f0a9c288c7acec55e60fa5af9100539279c24f2cbecf35c,2024-08-16T16:11:53.287000
@@ -260878,7 +260878,7 @@ CVE-2024-6438,0,0,dda5c3ef0b29175f6296e0b89d7c12c3e07fe51c2f0cc30ea59ffede8f2663
 CVE-2024-6439,0,0,17c8c0dedf84f798cc0f5ae1eb12bcfee8d03a9530b75eee07a6ecb983f8a09a,2024-07-02T17:58:39.773000
 CVE-2024-6440,0,0,2c5be04f311531a7679fd469afc24458b735968d4c5b698cdcf03804f39d3eef,2024-07-02T17:58:15.410000
 CVE-2024-6441,0,0,15383e1684ea64dc1d374e71fe60467b8bfc18bde94b0e73415ebe68688c2118,2024-07-02T17:44:45.700000
-CVE-2024-6445,0,1,4e18706ab2589cd20aaa85711db9c589c570ed71d832abb3de9a8a627170f6bf,2024-09-09T09:15:02.513000
+CVE-2024-6445,0,0,4e18706ab2589cd20aaa85711db9c589c570ed71d832abb3de9a8a627170f6bf,2024-09-09T09:15:02.513000
 CVE-2024-6447,0,0,45fe1e3b45bb9052a54143ac6931092e1b37ff897cd56aa11e3df59780bc06cb,2024-07-11T13:05:54.930000
 CVE-2024-6448,0,0,29c9fba3b86c8e9eb615a2e1f73377ed9eea71e4eb21902a2662b1cd45074970,2024-08-28T12:57:27.610000
 CVE-2024-6449,0,0,21995eacdcc0c8443a9e9f3d4edb41f9e9ea5b155f883c2dcc53c4e74b6c4d69,2024-09-06T13:15:06.110000
@@ -260975,6 +260975,7 @@ CVE-2024-6568,0,0,528ace20f0d467f7790e4e054591b302a80f9056e014bb27385a4ebe6c2274
 CVE-2024-6569,0,0,ea17e16deeca6260fdba738f342a9d86e7275b877d87aa50f5264cd0a02b7a0c,2024-07-29T14:12:08.783000
 CVE-2024-6570,0,0,1c2083317d49d5094b93c672429fe80fa3944fba8c36de7f1f2403e55beb6b46,2024-07-16T13:43:58.773000
 CVE-2024-6571,0,0,78a981d5a6d937e0ba878714ecb6e9c0e22f79c4ebbc143a02b12bb91eae6bff,2024-08-14T19:24:59.063000
+CVE-2024-6572,1,1,616824c0ef8228cd67f7a3eb6f0675f91337c70cafdf063a8042926413b163f4,2024-09-09T10:15:01.863000
 CVE-2024-6573,0,0,eec8b8537f493346698f7e9346611d53ae9a4a9981bcfb08980cc8315ebb4c8d,2024-07-29T14:12:08.783000
 CVE-2024-6574,0,0,63009fc3946aa6aa37035c823fc25710c373929512d42b52b922f4cc721537b8,2024-07-15T13:00:34.853000
 CVE-2024-6575,0,0,4848df412a345d61765a0751d1c076ccb43b0380f0141be1aeba8f87298a5114,2024-09-03T20:30:45.573000
@@ -262201,3 +262202,4 @@ CVE-2024-8583,0,0,3c96ee7ba92a4e815cead6d16b996fea7e7d08a332139bcb43d876b5cda8f2
 CVE-2024-8584,0,0,a433270648b67cb4a6f64021dda0b51d46ea4d0cb77a74019fcbc53743ee16d0,2024-09-09T03:15:09.723000
 CVE-2024-8585,0,0,85442c0ce682a6ffef38ff7c2259428e18dbe5a94026cd1bbbbb4c4a97eab2af,2024-09-09T03:15:10.013000
 CVE-2024-8586,0,0,919e77d404085a33d8dc17cc7f8d4a1dd97fbb714df91bb07563e15a87272b63,2024-09-09T03:15:10.270000
+CVE-2024-8601,1,1,dc0a19f2ff81f88dcec73cdc424190c0b90da9d476aa8fad6157a8a36397ccfa,2024-09-09T10:15:03.027000