Auto-Update: 2024-04-13T18:00:38.425216+00:00

2025-07-11 16:13:34 +00:00 · 2024-04-13 18:03:27 +00:00 · 2024-04-13 18:03:27 +00:00 · 5ed6c8a354
commit 5ed6c8a354
parent 2675d91b14
3 changed files with 100 additions and 8 deletions
--- a/CVE-2024/CVE-2024-37xx/CVE-2024-3737.json
+++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3737.json
@ -0,0 +1,92 @@
+{
+  "id": "CVE-2024-3737",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-04-13T17:15:50.400",
+  "lastModified": "2024-04-13T17:15:50.400",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been rated as critical. Affected by this issue is the function findCountByQuery of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260576."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 6.5
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/cym1102/nginxWebUI/files/14818455/nginxwebui.rce.3.9.9.pdf",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://github.com/cym1102/nginxWebUI/issues/138",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.260576",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.260576",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-04-13T16:00:38.341854+00:00
+2024-04-13T18:00:38.425216+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-04-13T15:15:52.683000+00:00
+2024-04-13T17:15:50.400000+00:00
 ```

 ### Last Data Feed Release
@ -33,15 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-245412
+245413
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `2`
+Recently added CVEs: `1`

- [CVE-2024-32487](CVE-2024/CVE-2024-324xx/CVE-2024-32487.json) (`2024-04-13T15:15:52.683`)
- [CVE-2024-3736](CVE-2024/CVE-2024-37xx/CVE-2024-3736.json) (`2024-04-13T14:15:07.490`)
+- [CVE-2024-3737](CVE-2024/CVE-2024-37xx/CVE-2024-3737.json) (`2024-04-13T17:15:50.400`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -245241,7 +245241,7 @@ CVE-2024-3244,0,0,8bd3aebf3f3b39e91d3378f57b5b70ce4244e67662a5a483100098ac5739fc
 CVE-2024-3245,0,0,c103d82cc0c3a682d91f3a5e67c8e3d1b463ab0ae17fd9f39360a42d0fbee434,2024-04-08T18:49:25.863000
 CVE-2024-3247,0,0,095afc187e8f976bc1a2eaa79a4c0328aa3c3e2487a10203585d8616775f8a4d,2024-04-03T12:38:04.840000
 CVE-2024-3248,0,0,65f6d4ddfc43ae235edf2e59fc9daa1f1d020439a4fa197a41a6ddd58e106004,2024-04-03T12:38:04.840000
-CVE-2024-32487,1,1,a9de3a87bd204d93ea616e4c36f4328c3646ce9577738ada49ee1b8d9f8d574a,2024-04-13T15:15:52.683000
+CVE-2024-32487,0,0,a9de3a87bd204d93ea616e4c36f4328c3646ce9577738ada49ee1b8d9f8d574a,2024-04-13T15:15:52.683000
 CVE-2024-3250,0,0,42d0527e4e3750c8dcbea25ddc3c02af060082636d586aa4581df30dc613d6b8,2024-04-04T22:15:09.350000
 CVE-2024-3251,0,0,09df5d7cbe60f1cede783bc5c413edf21d6888276ecd34dcab497855ad924889,2024-04-11T01:25:56.973000
 CVE-2024-3252,0,0,7630116ae9073f2e5d7cd4b93bdf2c972c8300b99dc958745f8e88d891890088,2024-04-11T01:25:57.050000
@ -245410,4 +245410,5 @@ CVE-2024-3719,0,0,e03d656995dfe66b93bd173c249fb6db0bdcf8d2feacbd437303d338aebacf
 CVE-2024-3720,0,0,dba75910906ed47d630b151ff160ba5a019881e51814ef725d73a0a7704a96f7,2024-04-13T12:15:11.843000
 CVE-2024-3721,0,0,f5d3d35f427dc34124966606b24ea155040ebf2d0b35e4bf3cb18f4df58428f2,2024-04-13T12:15:12.087000
 CVE-2024-3735,0,0,b2831ba3b6fcb767a758ece94000c144d7a6ec1aa7a38dd0f665375e75c00d80,2024-04-13T13:15:46.600000
-CVE-2024-3736,1,1,7e9c780d2e5209bba3dfbf4e2f44240946b4bc9083f1a1f1f4f9a42f3fc7d9df,2024-04-13T14:15:07.490000
+CVE-2024-3736,0,0,7e9c780d2e5209bba3dfbf4e2f44240946b4bc9083f1a1f1f4f9a42f3fc7d9df,2024-04-13T14:15:07.490000
+CVE-2024-3737,1,1,3ece3dc04e2a51c738908804fdc895437fedad772f68ffb6b51e1e486b0c00ab,2024-04-13T17:15:50.400000