Auto-Update: 2024-04-13T20:00:37.932842+00:00

2025-07-11 16:13:34 +00:00 · 2024-04-13 20:03:28 +00:00 · 2024-04-13 20:03:28 +00:00 · 963d702c0e
commit 963d702c0e
parent 5ed6c8a354
4 changed files with 193 additions and 6 deletions
--- a/CVE-2024/CVE-2024-37xx/CVE-2024-3738.json
+++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3738.json
@ -0,0 +1,92 @@
+{
+  "id": "CVE-2024-3738",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-04-13T18:15:07.390",
+  "lastModified": "2024-04-13T18:15:07.390",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260577 was assigned to this vulnerability."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "NONE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 7.5
+        },
+        "baseSeverity": "HIGH",
+        "exploitabilityScore": 10.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-295"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/cym1102/nginxWebUI/files/14818455/nginxwebui.rce.3.9.9.pdf",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://github.com/cym1102/nginxWebUI/issues/138",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.260577",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.260577",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-37xx/CVE-2024-3739.json
+++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3739.json
@ -0,0 +1,92 @@
+{
+  "id": "CVE-2024-3739",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-04-13T19:15:53.757",
+  "lastModified": "2024-04-13T19:15:53.757",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability classified as critical was found in cym1102 nginxWebUI up to 3.9.9. This vulnerability affects unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260578 is the identifier assigned to this vulnerability."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 6.5
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/cym1102/nginxWebUI/files/14818455/nginxwebui.rce.3.9.9.pdf",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://github.com/cym1102/nginxWebUI/issues/138",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.260578",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.260578",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-04-13T18:00:38.425216+00:00
+2024-04-13T20:00:37.932842+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-04-13T17:15:50.400000+00:00
+2024-04-13T19:15:53.757000+00:00
 ```

 ### Last Data Feed Release
@ -33,14 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-245413
+245415
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `2`

- [CVE-2024-3737](CVE-2024/CVE-2024-37xx/CVE-2024-3737.json) (`2024-04-13T17:15:50.400`)
+- [CVE-2024-3738](CVE-2024/CVE-2024-37xx/CVE-2024-3738.json) (`2024-04-13T18:15:07.390`)
+- [CVE-2024-3739](CVE-2024/CVE-2024-37xx/CVE-2024-3739.json) (`2024-04-13T19:15:53.757`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -245411,4 +245411,6 @@ CVE-2024-3720,0,0,dba75910906ed47d630b151ff160ba5a019881e51814ef725d73a0a7704a96
 CVE-2024-3721,0,0,f5d3d35f427dc34124966606b24ea155040ebf2d0b35e4bf3cb18f4df58428f2,2024-04-13T12:15:12.087000
 CVE-2024-3735,0,0,b2831ba3b6fcb767a758ece94000c144d7a6ec1aa7a38dd0f665375e75c00d80,2024-04-13T13:15:46.600000
 CVE-2024-3736,0,0,7e9c780d2e5209bba3dfbf4e2f44240946b4bc9083f1a1f1f4f9a42f3fc7d9df,2024-04-13T14:15:07.490000
-CVE-2024-3737,1,1,3ece3dc04e2a51c738908804fdc895437fedad772f68ffb6b51e1e486b0c00ab,2024-04-13T17:15:50.400000
+CVE-2024-3737,0,0,3ece3dc04e2a51c738908804fdc895437fedad772f68ffb6b51e1e486b0c00ab,2024-04-13T17:15:50.400000
+CVE-2024-3738,1,1,09bc2e3a802ac8f6c70c5517ac81e7b57f06695f5612a81cd6c91a0a61213828,2024-04-13T18:15:07.390000
+CVE-2024-3739,1,1,7ec4f828f90436048bb80fdf887bc8a60adc89dbf654d1396a79394bec55d21d,2024-04-13T19:15:53.757000