From aa3d5ae0159856de1e12cc49d4ac5f7e2d1e5ad3 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 13 Apr 2024 22:03:30 +0000 Subject: [PATCH] Auto-Update: 2024-04-13T22:00:38.882579+00:00 --- CVE-2024/CVE-2024-37xx/CVE-2024-3740.json | 96 +++++++++++++++++++++++ README.md | 11 ++- _state.csv | 5 +- 3 files changed, 104 insertions(+), 8 deletions(-) create mode 100644 CVE-2024/CVE-2024-37xx/CVE-2024-3740.json diff --git a/CVE-2024/CVE-2024-37xx/CVE-2024-3740.json b/CVE-2024/CVE-2024-37xx/CVE-2024-3740.json new file mode 100644 index 00000000000..bda8db1475b --- /dev/null +++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3740.json @@ -0,0 +1,96 @@ +{ + "id": "CVE-2024-3740", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-04-13T21:15:48.353", + "lastModified": "2024-04-13T21:15:48.353", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. This issue affects the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260579." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/cym1102/nginxWebUI/files/14818455/nginxwebui.rce.3.9.9.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/cym1102/nginxWebUI/issues/138", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.260579", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.260579", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.311216", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index be8805a88eb..7b664c39db4 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-04-13T20:00:37.932842+00:00 +2024-04-13T22:00:38.882579+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-04-13T19:15:53.757000+00:00 +2024-04-13T21:15:48.353000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -245415 +245416 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `1` -- [CVE-2024-3738](CVE-2024/CVE-2024-37xx/CVE-2024-3738.json) (`2024-04-13T18:15:07.390`) -- [CVE-2024-3739](CVE-2024/CVE-2024-37xx/CVE-2024-3739.json) (`2024-04-13T19:15:53.757`) +- [CVE-2024-3740](CVE-2024/CVE-2024-37xx/CVE-2024-3740.json) (`2024-04-13T21:15:48.353`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 42ee4fe7d15..e71206e4641 100644 --- a/_state.csv +++ b/_state.csv @@ -245412,5 +245412,6 @@ CVE-2024-3721,0,0,f5d3d35f427dc34124966606b24ea155040ebf2d0b35e4bf3cb18f4df58428 CVE-2024-3735,0,0,b2831ba3b6fcb767a758ece94000c144d7a6ec1aa7a38dd0f665375e75c00d80,2024-04-13T13:15:46.600000 CVE-2024-3736,0,0,7e9c780d2e5209bba3dfbf4e2f44240946b4bc9083f1a1f1f4f9a42f3fc7d9df,2024-04-13T14:15:07.490000 CVE-2024-3737,0,0,3ece3dc04e2a51c738908804fdc895437fedad772f68ffb6b51e1e486b0c00ab,2024-04-13T17:15:50.400000 -CVE-2024-3738,1,1,09bc2e3a802ac8f6c70c5517ac81e7b57f06695f5612a81cd6c91a0a61213828,2024-04-13T18:15:07.390000 -CVE-2024-3739,1,1,7ec4f828f90436048bb80fdf887bc8a60adc89dbf654d1396a79394bec55d21d,2024-04-13T19:15:53.757000 +CVE-2024-3738,0,0,09bc2e3a802ac8f6c70c5517ac81e7b57f06695f5612a81cd6c91a0a61213828,2024-04-13T18:15:07.390000 +CVE-2024-3739,0,0,7ec4f828f90436048bb80fdf887bc8a60adc89dbf654d1396a79394bec55d21d,2024-04-13T19:15:53.757000 +CVE-2024-3740,1,1,cad4660a05c482b6800e402dcb0a2b908ba4751bb8506078e808ef0aee3e4761,2024-04-13T21:15:48.353000