Auto-Update: 2024-09-09T12:00:20.280431+00:00

This commit is contained in:
cad-safe-bot 2024-09-09 12:03:19 +00:00
parent 3c6cb778a6
commit f055a106e6
4 changed files with 168 additions and 11 deletions

View File

@ -0,0 +1,78 @@
{
"id": "CVE-2024-6572",
"sourceIdentifier": "security@checkmk.com",
"published": "2024-09-09T10:15:01.863",
"lastModified": "2024-09-09T10:15:01.863",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@checkmk.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
}
}
]
},
"weaknesses": [
{
"source": "security@checkmk.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-322"
}
]
}
],
"references": [
{
"url": "https://checkmk.com/werk/17148",
"source": "security@checkmk.com"
}
]
}

View File

@ -0,0 +1,78 @@
{
"id": "CVE-2024-8601",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-09-09T10:15:03.027",
"lastModified": "2024-09-09T10:15:03.027",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to unauthorized access to sensitive information belonging to other users."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "vdisclose@cert-in.org.in",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
]
},
"weaknesses": [
{
"source": "vdisclose@cert-in.org.in",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0285",
"source": "vdisclose@cert-in.org.in"
}
]
}

View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-09-09T10:00:38.429774+00:00
2024-09-09T12:00:20.280431+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-09-09T09:15:02.513000+00:00
2024-09-09T10:15:03.027000+00:00
```
### Last Data Feed Release
@ -33,22 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
262202
262204
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `2`
- [CVE-2024-37288](CVE-2024/CVE-2024-372xx/CVE-2024-37288.json) (`2024-09-09T09:15:02.183`)
- [CVE-2024-6572](CVE-2024/CVE-2024-65xx/CVE-2024-6572.json) (`2024-09-09T10:15:01.863`)
- [CVE-2024-8601](CVE-2024/CVE-2024-86xx/CVE-2024-8601.json) (`2024-09-09T10:15:03.027`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `0`
- [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2024-09-09T08:15:01.823`)
- [CVE-2024-6445](CVE-2024/CVE-2024-64xx/CVE-2024-6445.json) (`2024-09-09T09:15:02.513`)
## Download and Usage

View File

@ -229741,7 +229741,7 @@ CVE-2023-39413,0,0,07d7973617bd3d4043f20cbddfb921b148f38545b4aaa7b5b197db83e0f75
CVE-2023-39414,0,0,df3366c5cd098a0f58ec464993c3c9a90cc0b1e3be0c34d75d97071eae949fe6,2024-04-09T21:15:15.667000
CVE-2023-39415,0,0,27b9dd5456a592ff692af46b1f23533abbd434af7c0c962ebf0040a220d751b2,2023-08-23T16:48:55.417000
CVE-2023-39416,0,0,6807b062ba92b9cf862f68fd9ddeafbe506e4d8e4e3f7b2b9e67a4ddb023742a,2023-08-23T16:48:22.340000
CVE-2023-39417,0,1,878757a17fb5484845fa16a22486747940d4a7a20731835c89d9701d12a28f86,2024-09-09T08:15:01.823000
CVE-2023-39417,0,0,878757a17fb5484845fa16a22486747940d4a7a20731835c89d9701d12a28f86,2024-09-09T08:15:01.823000
CVE-2023-39418,0,0,4713e1794596973e7057eaf6281de09730655b18c050be46cb5081ae3e9274c4,2024-02-16T13:57:03.523000
CVE-2023-39419,0,0,ee267622741a44d152afc4fe62f01b921f09d42e74bafbc7a6ab718b4f39626f,2023-08-15T16:12:43.840000
CVE-2023-3942,0,0,73ae15f39ea20fcda0dae967d14f10440c888a7e04de1225762effbf472b33f6,2024-05-21T16:54:35.880000
@ -255012,7 +255012,7 @@ CVE-2024-37282,0,0,9e75dd72782fd47fb8dcc1bf3ef22e08f7f64df6cb16c7858ce8e53d3eddf
CVE-2024-37283,0,0,07a52ca714a9a80e3a78bead6f35fc6d30e576ab4ba6daa4bcb81e93f175a210,2024-08-12T13:41:36.517000
CVE-2024-37286,0,0,10f2f815d7a7cf1bd4d9a66e0df29331d0a360a2b816ffdb4c8479be46d14628,2024-08-05T12:41:45.957000
CVE-2024-37287,0,0,a9d3453fb1c9fe3cd5af0cb7ff0109d98a345ff76f4539de093f05db9c477ffa,2024-08-22T13:33:12.477000
CVE-2024-37288,1,1,a9ec1f6b09b18ee131d22916ff67fd7b807176b39cbb7851205b3769ed107a61,2024-09-09T09:15:02.183000
CVE-2024-37288,0,0,a9ec1f6b09b18ee131d22916ff67fd7b807176b39cbb7851205b3769ed107a61,2024-09-09T09:15:02.183000
CVE-2024-37289,0,0,2976747a57097020fbcd1f162347209565208622cbfbb8b77b0b7237b06e86b8,2024-07-03T02:04:12.080000
CVE-2024-3729,0,0,3415ccd7b93278c163a46fc8f742b8dd4fa5f770790b8aa49be2a2c1ba3b0c85,2024-05-02T18:00:37.360000
CVE-2024-37293,0,0,b38c9bef2ce8854b8f0a9c288c7acec55e60fa5af9100539279c24f2cbecf35c,2024-08-16T16:11:53.287000
@ -260878,7 +260878,7 @@ CVE-2024-6438,0,0,dda5c3ef0b29175f6296e0b89d7c12c3e07fe51c2f0cc30ea59ffede8f2663
CVE-2024-6439,0,0,17c8c0dedf84f798cc0f5ae1eb12bcfee8d03a9530b75eee07a6ecb983f8a09a,2024-07-02T17:58:39.773000
CVE-2024-6440,0,0,2c5be04f311531a7679fd469afc24458b735968d4c5b698cdcf03804f39d3eef,2024-07-02T17:58:15.410000
CVE-2024-6441,0,0,15383e1684ea64dc1d374e71fe60467b8bfc18bde94b0e73415ebe68688c2118,2024-07-02T17:44:45.700000
CVE-2024-6445,0,1,4e18706ab2589cd20aaa85711db9c589c570ed71d832abb3de9a8a627170f6bf,2024-09-09T09:15:02.513000
CVE-2024-6445,0,0,4e18706ab2589cd20aaa85711db9c589c570ed71d832abb3de9a8a627170f6bf,2024-09-09T09:15:02.513000
CVE-2024-6447,0,0,45fe1e3b45bb9052a54143ac6931092e1b37ff897cd56aa11e3df59780bc06cb,2024-07-11T13:05:54.930000
CVE-2024-6448,0,0,29c9fba3b86c8e9eb615a2e1f73377ed9eea71e4eb21902a2662b1cd45074970,2024-08-28T12:57:27.610000
CVE-2024-6449,0,0,21995eacdcc0c8443a9e9f3d4edb41f9e9ea5b155f883c2dcc53c4e74b6c4d69,2024-09-06T13:15:06.110000
@ -260975,6 +260975,7 @@ CVE-2024-6568,0,0,528ace20f0d467f7790e4e054591b302a80f9056e014bb27385a4ebe6c2274
CVE-2024-6569,0,0,ea17e16deeca6260fdba738f342a9d86e7275b877d87aa50f5264cd0a02b7a0c,2024-07-29T14:12:08.783000
CVE-2024-6570,0,0,1c2083317d49d5094b93c672429fe80fa3944fba8c36de7f1f2403e55beb6b46,2024-07-16T13:43:58.773000
CVE-2024-6571,0,0,78a981d5a6d937e0ba878714ecb6e9c0e22f79c4ebbc143a02b12bb91eae6bff,2024-08-14T19:24:59.063000
CVE-2024-6572,1,1,616824c0ef8228cd67f7a3eb6f0675f91337c70cafdf063a8042926413b163f4,2024-09-09T10:15:01.863000
CVE-2024-6573,0,0,eec8b8537f493346698f7e9346611d53ae9a4a9981bcfb08980cc8315ebb4c8d,2024-07-29T14:12:08.783000
CVE-2024-6574,0,0,63009fc3946aa6aa37035c823fc25710c373929512d42b52b922f4cc721537b8,2024-07-15T13:00:34.853000
CVE-2024-6575,0,0,4848df412a345d61765a0751d1c076ccb43b0380f0141be1aeba8f87298a5114,2024-09-03T20:30:45.573000
@ -262201,3 +262202,4 @@ CVE-2024-8583,0,0,3c96ee7ba92a4e815cead6d16b996fea7e7d08a332139bcb43d876b5cda8f2
CVE-2024-8584,0,0,a433270648b67cb4a6f64021dda0b51d46ea4d0cb77a74019fcbc53743ee16d0,2024-09-09T03:15:09.723000
CVE-2024-8585,0,0,85442c0ce682a6ffef38ff7c2259428e18dbe5a94026cd1bbbbb4c4a97eab2af,2024-09-09T03:15:10.013000
CVE-2024-8586,0,0,919e77d404085a33d8dc17cc7f8d4a1dd97fbb714df91bb07563e15a87272b63,2024-09-09T03:15:10.270000
CVE-2024-8601,1,1,dc0a19f2ff81f88dcec73cdc424190c0b90da9d476aa8fad6157a8a36397ccfa,2024-09-09T10:15:03.027000

Can't render this file because it is too large.