From f95b6ac521040c4ab73461687be59dd410d839ef Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 5 Jun 2023 08:00:31 +0000 Subject: [PATCH] Auto-Update: 2023-06-05T08:00:28.532201+00:00 --- CVE-2023/CVE-2023-30xx/CVE-2023-3096.json | 88 +++++++++++++++++++++++ CVE-2023/CVE-2023-30xx/CVE-2023-3097.json | 88 +++++++++++++++++++++++ CVE-2023/CVE-2023-30xx/CVE-2023-3098.json | 88 +++++++++++++++++++++++ CVE-2023/CVE-2023-30xx/CVE-2023-3099.json | 88 +++++++++++++++++++++++ README.md | 19 +++-- 5 files changed, 360 insertions(+), 11 deletions(-) create mode 100644 CVE-2023/CVE-2023-30xx/CVE-2023-3096.json create mode 100644 CVE-2023/CVE-2023-30xx/CVE-2023-3097.json create mode 100644 CVE-2023/CVE-2023-30xx/CVE-2023-3098.json create mode 100644 CVE-2023/CVE-2023-30xx/CVE-2023-3099.json diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3096.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3096.json new file mode 100644 index 00000000000..154d9b0b181 --- /dev/null +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3096.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-3096", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-06-05T06:15:09.227", + "lastModified": "2023-06-05T06:15:09.227", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been declared as critical. This vulnerability affects the function changedSource. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.1-130 is able to address this issue. It is recommended to upgrade the affected component. VDB-230686 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 4.3 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/i900008/vulndb/blob/main/kylinos_vul1.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.230686", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.230686", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3097.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3097.json new file mode 100644 index 00000000000..8acb8ac206f --- /dev/null +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3097.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-3097", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-06-05T06:15:09.463", + "lastModified": "2023-06-05T06:15:09.463", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been rated as critical. This issue affects the function setMainSource. The manipulation leads to os command injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.1-130 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230687. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 4.3 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/i900008/vulndb/blob/main/kylinos_vul2.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.230687", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.230687", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3098.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3098.json new file mode 100644 index 00000000000..aee6037ed23 --- /dev/null +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3098.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-3098", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-06-05T07:15:09.420", + "lastModified": "2023-06-05T07:15:09.420", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in KylinSoft youker-assistant on KylinOS. Affected is the function restore_all_sound_file. The manipulation leads to path traversal: '../filedir'. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.2-0kylin6k70-23 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230688. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 2.5 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:P", + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 3.2 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 3.1, + "impactScore": 4.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-24" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/i900008/vulndb/blob/main/kylinos_vul3.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.230688", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.230688", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3099.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3099.json new file mode 100644 index 00000000000..446dee2683d --- /dev/null +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3099.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-3099", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-06-05T07:15:11.143", + "lastModified": "2023-06-05T07:15:11.143", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function delete_file in the library dbus.SystemBus of the component Arbitrary File Handler. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.2-0kylin6k70-23 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-230689 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 2.5 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:P", + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 3.2 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 3.1, + "impactScore": 4.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/i900008/vulndb/blob/main/kylinos_vul4.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.230689", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.230689", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 302fe662776..9f363c8400f 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-05T06:00:25.484512+00:00 +2023-06-05T08:00:28.532201+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-05T05:15:09.987000+00:00 +2023-06-05T07:15:11.143000+00:00 ``` ### Last Data Feed Release @@ -29,26 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -216835 +216839 ``` ### CVEs added in the last Commit Recently added CVEs: `4` -* [CVE-2023-0635](CVE-2023/CVE-2023-06xx/CVE-2023-0635.json) (`2023-06-05T04:15:09.493`) -* [CVE-2023-0636](CVE-2023/CVE-2023-06xx/CVE-2023-0636.json) (`2023-06-05T04:15:10.587`) -* [CVE-2023-32217](CVE-2023/CVE-2023-322xx/CVE-2023-32217.json) (`2023-06-05T04:15:10.927`) -* [CVE-2023-34411](CVE-2023/CVE-2023-344xx/CVE-2023-34411.json) (`2023-06-05T04:15:11.153`) +* [CVE-2023-3096](CVE-2023/CVE-2023-30xx/CVE-2023-3096.json) (`2023-06-05T06:15:09.227`) +* [CVE-2023-3097](CVE-2023/CVE-2023-30xx/CVE-2023-3097.json) (`2023-06-05T06:15:09.463`) +* [CVE-2023-3098](CVE-2023/CVE-2023-30xx/CVE-2023-3098.json) (`2023-06-05T07:15:09.420`) +* [CVE-2023-3099](CVE-2023/CVE-2023-30xx/CVE-2023-3099.json) (`2023-06-05T07:15:11.143`) ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `0` -* [CVE-2023-2124](CVE-2023/CVE-2023-21xx/CVE-2023-2124.json) (`2023-06-05T05:15:09.130`) -* [CVE-2023-34255](CVE-2023/CVE-2023-342xx/CVE-2023-34255.json) (`2023-06-05T05:15:09.927`) -* [CVE-2023-34362](CVE-2023/CVE-2023-343xx/CVE-2023-34362.json) (`2023-06-05T05:15:09.987`) ## Download and Usage