diff --git a/CVE-2024/CVE-2024-65xx/CVE-2024-6572.json b/CVE-2024/CVE-2024-65xx/CVE-2024-6572.json new file mode 100644 index 00000000000..c86dc08b0cc --- /dev/null +++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6572.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-6572", + "sourceIdentifier": "security@checkmk.com", + "published": "2024-09-09T10:15:01.863", + "lastModified": "2024-09-09T10:15:01.863", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security@checkmk.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + } + } + ] + }, + "weaknesses": [ + { + "source": "security@checkmk.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-322" + } + ] + } + ], + "references": [ + { + "url": "https://checkmk.com/werk/17148", + "source": "security@checkmk.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8601.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8601.json new file mode 100644 index 00000000000..ac91d70652a --- /dev/null +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8601.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-8601", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-09-09T10:15:03.027", + "lastModified": "2024-09-09T10:15:03.027", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to unauthorized access to sensitive information belonging to other users." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0285", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 62b915a164e..b5a54373e8c 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-09-09T10:00:38.429774+00:00 +2024-09-09T12:00:20.280431+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-09-09T09:15:02.513000+00:00 +2024-09-09T10:15:03.027000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -262202 +262204 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `2` -- [CVE-2024-37288](CVE-2024/CVE-2024-372xx/CVE-2024-37288.json) (`2024-09-09T09:15:02.183`) +- [CVE-2024-6572](CVE-2024/CVE-2024-65xx/CVE-2024-6572.json) (`2024-09-09T10:15:01.863`) +- [CVE-2024-8601](CVE-2024/CVE-2024-86xx/CVE-2024-8601.json) (`2024-09-09T10:15:03.027`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `0` -- [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2024-09-09T08:15:01.823`) -- [CVE-2024-6445](CVE-2024/CVE-2024-64xx/CVE-2024-6445.json) (`2024-09-09T09:15:02.513`) ## Download and Usage diff --git a/_state.csv b/_state.csv index e1327178042..b93174c32cc 100644 --- a/_state.csv +++ b/_state.csv @@ -229741,7 +229741,7 @@ CVE-2023-39413,0,0,07d7973617bd3d4043f20cbddfb921b148f38545b4aaa7b5b197db83e0f75 CVE-2023-39414,0,0,df3366c5cd098a0f58ec464993c3c9a90cc0b1e3be0c34d75d97071eae949fe6,2024-04-09T21:15:15.667000 CVE-2023-39415,0,0,27b9dd5456a592ff692af46b1f23533abbd434af7c0c962ebf0040a220d751b2,2023-08-23T16:48:55.417000 CVE-2023-39416,0,0,6807b062ba92b9cf862f68fd9ddeafbe506e4d8e4e3f7b2b9e67a4ddb023742a,2023-08-23T16:48:22.340000 -CVE-2023-39417,0,1,878757a17fb5484845fa16a22486747940d4a7a20731835c89d9701d12a28f86,2024-09-09T08:15:01.823000 +CVE-2023-39417,0,0,878757a17fb5484845fa16a22486747940d4a7a20731835c89d9701d12a28f86,2024-09-09T08:15:01.823000 CVE-2023-39418,0,0,4713e1794596973e7057eaf6281de09730655b18c050be46cb5081ae3e9274c4,2024-02-16T13:57:03.523000 CVE-2023-39419,0,0,ee267622741a44d152afc4fe62f01b921f09d42e74bafbc7a6ab718b4f39626f,2023-08-15T16:12:43.840000 CVE-2023-3942,0,0,73ae15f39ea20fcda0dae967d14f10440c888a7e04de1225762effbf472b33f6,2024-05-21T16:54:35.880000 @@ -255012,7 +255012,7 @@ CVE-2024-37282,0,0,9e75dd72782fd47fb8dcc1bf3ef22e08f7f64df6cb16c7858ce8e53d3eddf CVE-2024-37283,0,0,07a52ca714a9a80e3a78bead6f35fc6d30e576ab4ba6daa4bcb81e93f175a210,2024-08-12T13:41:36.517000 CVE-2024-37286,0,0,10f2f815d7a7cf1bd4d9a66e0df29331d0a360a2b816ffdb4c8479be46d14628,2024-08-05T12:41:45.957000 CVE-2024-37287,0,0,a9d3453fb1c9fe3cd5af0cb7ff0109d98a345ff76f4539de093f05db9c477ffa,2024-08-22T13:33:12.477000 -CVE-2024-37288,1,1,a9ec1f6b09b18ee131d22916ff67fd7b807176b39cbb7851205b3769ed107a61,2024-09-09T09:15:02.183000 +CVE-2024-37288,0,0,a9ec1f6b09b18ee131d22916ff67fd7b807176b39cbb7851205b3769ed107a61,2024-09-09T09:15:02.183000 CVE-2024-37289,0,0,2976747a57097020fbcd1f162347209565208622cbfbb8b77b0b7237b06e86b8,2024-07-03T02:04:12.080000 CVE-2024-3729,0,0,3415ccd7b93278c163a46fc8f742b8dd4fa5f770790b8aa49be2a2c1ba3b0c85,2024-05-02T18:00:37.360000 CVE-2024-37293,0,0,b38c9bef2ce8854b8f0a9c288c7acec55e60fa5af9100539279c24f2cbecf35c,2024-08-16T16:11:53.287000 @@ -260878,7 +260878,7 @@ CVE-2024-6438,0,0,dda5c3ef0b29175f6296e0b89d7c12c3e07fe51c2f0cc30ea59ffede8f2663 CVE-2024-6439,0,0,17c8c0dedf84f798cc0f5ae1eb12bcfee8d03a9530b75eee07a6ecb983f8a09a,2024-07-02T17:58:39.773000 CVE-2024-6440,0,0,2c5be04f311531a7679fd469afc24458b735968d4c5b698cdcf03804f39d3eef,2024-07-02T17:58:15.410000 CVE-2024-6441,0,0,15383e1684ea64dc1d374e71fe60467b8bfc18bde94b0e73415ebe68688c2118,2024-07-02T17:44:45.700000 -CVE-2024-6445,0,1,4e18706ab2589cd20aaa85711db9c589c570ed71d832abb3de9a8a627170f6bf,2024-09-09T09:15:02.513000 +CVE-2024-6445,0,0,4e18706ab2589cd20aaa85711db9c589c570ed71d832abb3de9a8a627170f6bf,2024-09-09T09:15:02.513000 CVE-2024-6447,0,0,45fe1e3b45bb9052a54143ac6931092e1b37ff897cd56aa11e3df59780bc06cb,2024-07-11T13:05:54.930000 CVE-2024-6448,0,0,29c9fba3b86c8e9eb615a2e1f73377ed9eea71e4eb21902a2662b1cd45074970,2024-08-28T12:57:27.610000 CVE-2024-6449,0,0,21995eacdcc0c8443a9e9f3d4edb41f9e9ea5b155f883c2dcc53c4e74b6c4d69,2024-09-06T13:15:06.110000 @@ -260975,6 +260975,7 @@ CVE-2024-6568,0,0,528ace20f0d467f7790e4e054591b302a80f9056e014bb27385a4ebe6c2274 CVE-2024-6569,0,0,ea17e16deeca6260fdba738f342a9d86e7275b877d87aa50f5264cd0a02b7a0c,2024-07-29T14:12:08.783000 CVE-2024-6570,0,0,1c2083317d49d5094b93c672429fe80fa3944fba8c36de7f1f2403e55beb6b46,2024-07-16T13:43:58.773000 CVE-2024-6571,0,0,78a981d5a6d937e0ba878714ecb6e9c0e22f79c4ebbc143a02b12bb91eae6bff,2024-08-14T19:24:59.063000 +CVE-2024-6572,1,1,616824c0ef8228cd67f7a3eb6f0675f91337c70cafdf063a8042926413b163f4,2024-09-09T10:15:01.863000 CVE-2024-6573,0,0,eec8b8537f493346698f7e9346611d53ae9a4a9981bcfb08980cc8315ebb4c8d,2024-07-29T14:12:08.783000 CVE-2024-6574,0,0,63009fc3946aa6aa37035c823fc25710c373929512d42b52b922f4cc721537b8,2024-07-15T13:00:34.853000 CVE-2024-6575,0,0,4848df412a345d61765a0751d1c076ccb43b0380f0141be1aeba8f87298a5114,2024-09-03T20:30:45.573000 @@ -262201,3 +262202,4 @@ CVE-2024-8583,0,0,3c96ee7ba92a4e815cead6d16b996fea7e7d08a332139bcb43d876b5cda8f2 CVE-2024-8584,0,0,a433270648b67cb4a6f64021dda0b51d46ea4d0cb77a74019fcbc53743ee16d0,2024-09-09T03:15:09.723000 CVE-2024-8585,0,0,85442c0ce682a6ffef38ff7c2259428e18dbe5a94026cd1bbbbb4c4a97eab2af,2024-09-09T03:15:10.013000 CVE-2024-8586,0,0,919e77d404085a33d8dc17cc7f8d4a1dd97fbb714df91bb07563e15a87272b63,2024-09-09T03:15:10.270000 +CVE-2024-8601,1,1,dc0a19f2ff81f88dcec73cdc424190c0b90da9d476aa8fad6157a8a36397ccfa,2024-09-09T10:15:03.027000