From 5ed6c8a35447b4fdb058d843bd8021f26e9d4d16 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 13 Apr 2024 18:03:27 +0000 Subject: [PATCH] Auto-Update: 2024-04-13T18:00:38.425216+00:00 --- CVE-2024/CVE-2024-37xx/CVE-2024-3737.json | 92 +++++++++++++++++++++++ README.md | 11 ++- _state.csv | 5 +- 3 files changed, 100 insertions(+), 8 deletions(-) create mode 100644 CVE-2024/CVE-2024-37xx/CVE-2024-3737.json diff --git a/CVE-2024/CVE-2024-37xx/CVE-2024-3737.json b/CVE-2024/CVE-2024-37xx/CVE-2024-3737.json new file mode 100644 index 00000000000..2d2d42cf9a1 --- /dev/null +++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3737.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-3737", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-04-13T17:15:50.400", + "lastModified": "2024-04-13T17:15:50.400", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been rated as critical. Affected by this issue is the function findCountByQuery of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260576." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/cym1102/nginxWebUI/files/14818455/nginxwebui.rce.3.9.9.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/cym1102/nginxWebUI/issues/138", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.260576", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.260576", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 185108d99c6..9d7f7dc8799 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-04-13T16:00:38.341854+00:00 +2024-04-13T18:00:38.425216+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-04-13T15:15:52.683000+00:00 +2024-04-13T17:15:50.400000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -245412 +245413 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `1` -- [CVE-2024-32487](CVE-2024/CVE-2024-324xx/CVE-2024-32487.json) (`2024-04-13T15:15:52.683`) -- [CVE-2024-3736](CVE-2024/CVE-2024-37xx/CVE-2024-3736.json) (`2024-04-13T14:15:07.490`) +- [CVE-2024-3737](CVE-2024/CVE-2024-37xx/CVE-2024-3737.json) (`2024-04-13T17:15:50.400`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 131ab7e6a11..836b4bb7f75 100644 --- a/_state.csv +++ b/_state.csv @@ -245241,7 +245241,7 @@ CVE-2024-3244,0,0,8bd3aebf3f3b39e91d3378f57b5b70ce4244e67662a5a483100098ac5739fc CVE-2024-3245,0,0,c103d82cc0c3a682d91f3a5e67c8e3d1b463ab0ae17fd9f39360a42d0fbee434,2024-04-08T18:49:25.863000 CVE-2024-3247,0,0,095afc187e8f976bc1a2eaa79a4c0328aa3c3e2487a10203585d8616775f8a4d,2024-04-03T12:38:04.840000 CVE-2024-3248,0,0,65f6d4ddfc43ae235edf2e59fc9daa1f1d020439a4fa197a41a6ddd58e106004,2024-04-03T12:38:04.840000 -CVE-2024-32487,1,1,a9de3a87bd204d93ea616e4c36f4328c3646ce9577738ada49ee1b8d9f8d574a,2024-04-13T15:15:52.683000 +CVE-2024-32487,0,0,a9de3a87bd204d93ea616e4c36f4328c3646ce9577738ada49ee1b8d9f8d574a,2024-04-13T15:15:52.683000 CVE-2024-3250,0,0,42d0527e4e3750c8dcbea25ddc3c02af060082636d586aa4581df30dc613d6b8,2024-04-04T22:15:09.350000 CVE-2024-3251,0,0,09df5d7cbe60f1cede783bc5c413edf21d6888276ecd34dcab497855ad924889,2024-04-11T01:25:56.973000 CVE-2024-3252,0,0,7630116ae9073f2e5d7cd4b93bdf2c972c8300b99dc958745f8e88d891890088,2024-04-11T01:25:57.050000 @@ -245410,4 +245410,5 @@ CVE-2024-3719,0,0,e03d656995dfe66b93bd173c249fb6db0bdcf8d2feacbd437303d338aebacf CVE-2024-3720,0,0,dba75910906ed47d630b151ff160ba5a019881e51814ef725d73a0a7704a96f7,2024-04-13T12:15:11.843000 CVE-2024-3721,0,0,f5d3d35f427dc34124966606b24ea155040ebf2d0b35e4bf3cb18f4df58428f2,2024-04-13T12:15:12.087000 CVE-2024-3735,0,0,b2831ba3b6fcb767a758ece94000c144d7a6ec1aa7a38dd0f665375e75c00d80,2024-04-13T13:15:46.600000 -CVE-2024-3736,1,1,7e9c780d2e5209bba3dfbf4e2f44240946b4bc9083f1a1f1f4f9a42f3fc7d9df,2024-04-13T14:15:07.490000 +CVE-2024-3736,0,0,7e9c780d2e5209bba3dfbf4e2f44240946b4bc9083f1a1f1f4f9a42f3fc7d9df,2024-04-13T14:15:07.490000 +CVE-2024-3737,1,1,3ece3dc04e2a51c738908804fdc895437fedad772f68ffb6b51e1e486b0c00ab,2024-04-13T17:15:50.400000