CVE-2024-3737
published 2024-04-13CVE-2024-3737: A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been rated as critical. Affected by this issue is the function findCountByQuery of the file…
PriorityP356critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.90%
55.1th percentile
A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been rated as critical. Affected by this issue is the function findCountByQuery of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260576.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cym1102 | nginxwebui | < 4.2.4 | 4.2.4 |
| cym1102 | nginxwebui | — | — |
| cym1102 | nginxwebui | — | — |
| cym1102 | nginxwebui | — | — |
| cym1102 | nginxwebui | — | — |
| cym1102 | nginxwebui | — | — |
| cym1102 | nginxwebui | — | — |
| cym1102 | nginxwebui | — | — |
| cym1102 | nginxwebui | — | — |
| cym1102 | nginxwebui | — | — |
| cym1102 | nginxwebui | — | — |
| vyperlang | vyper | >= 0.3.0 < 0.4.0 | 0.4.0 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vv7j-vvrr-xfwr: A vulnerability was found in cym1102 nginxWebUI up to 3
ghsa_unreviewed·2024-04-13
CVE-2024-3737 [MEDIUM] CWE-22 GHSA-vv7j-vvrr-xfwr: A vulnerability was found in cym1102 nginxWebUI up to 3
A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been rated as critical. Affected by this issue is the function findCountByQuery of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260576.
GHSA
concat built-in can corrupt memory in vyper
ghsa·2024-01-19
CVE-2024-22419 [HIGH] CWE-120 concat built-in can corrupt memory in vyper
concat built-in can corrupt memory in vyper
### Summary
`concat` built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the `build_IR` for `concat` doesn't properly adhere to the API of copy functions (for `>=0.3.2` the `copy_bytes` function).
A contract search was performed and no vulnerable contracts were found in production.
Tracked in issue https://github.com/vyperlang/vyper/issues/3737
### Details
The `build_IR` allocates a new internal variable for the concatenation: https://github.com/vyperlang/vyper/blob/3b310d5292c4d1448e673d7b3adb223f9353260e/vyper/builtins/functions.py#L534-L550
Notice that the buffer is allocated for the `maxlen` + 1 word to actually hold the length of the array.
Lat
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/cym1102/nginxWebUI/files/14818455/nginxwebui.rce.3.9.9.pdfhttps://github.com/cym1102/nginxWebUI/issues/138https://vuldb.com/?ctiid.260576https://vuldb.com/?id.260576https://github.com/cym1102/nginxWebUI/files/14818455/nginxwebui.rce.3.9.9.pdfhttps://github.com/cym1102/nginxWebUI/issues/138https://vuldb.com/?ctiid.260576https://vuldb.com/?id.260576
2024-04-13
Published