more updates 2024-11-12

Signed-off-by: Weston Steimel <[email protected]>

data/anchore/2024/CVE-2024-10917.json

@@ -0,0 +1,39 @@
+{
+  "additionalMetadata": {
+    "cna": "eclipse",
+    "cveId": "CVE-2024-10917",
+    "description": "In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://github.com/eclipse-openj9/openj9/pull/20362",
+      "https://github.com/eclipse-openj9/openj9/releases/tag/openj9-0.48.0",
+      "https://gitlab.eclipse.org/security/cve-assignement/-/issues/47"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://github.com",
+        "cpes": [
+          "cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*"
+        ],
+        "packageName": "eclipse-openj9/openj9",
+        "product": "Open J9",
+        "repo": "https://github.com/eclipse-openj9/openj9",
+        "vendor": "Eclipse Foundation",
+        "versions": [
+          {
+            "lessThan": "0.48.0",
+            "status": "affected",
+            "version": "0.8.0",
+            "versionType": "semver"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}

data/anchore/2024/CVE-2024-32928.json

@@ -19,8 +19,8 @@
         "versions": [
           {
             "lessThan": "3.73",
-            "version": "0",
             "status": "affected",
+            "version": "0",
             "versionType": "custom"
           }
         ]

data/anchore/2024/CVE-2024-38755.json

@@ -22,7 +22,7 @@
         "vendor": "Designinvento",
         "versions": [
           {
-            "lessThanOrEqual": "3.6.10",
+            "lessThan": "3.6.11",
             "status": "affected",
             "version": "0",
             "versionType": "custom"

data/anchore/2024/CVE-2024-39354.json

@@ -0,0 +1,38 @@
+{
+  "additionalMetadata": {
+    "cna": "icscert",
+    "cveId": "CVE-2024-39354",
+    "description": "If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://www.cisa.gov/news-events/ics-advisories/icsa-24-312-02",
+      "https://www.deltaww.com/en-US/Cybersecurity_Advisory"
+    ],
+    "solutions": [
+      "Delta Electronics has released  v1.5.0 of DIAScreen (login required) https://diastudio.deltaww.com/home/downloads  and recommends users install this update on all affected systems.\n\nFor more information, please see the  Delta product cybersecurity advisory for these issues. https://www.deltaww.com/en-US/Cybersecurity_Advisory"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:deltaww:diascreen:*:*:*:*:*:*:*:*"
+        ],
+        "product": "DIAScreen",
+        "vendor": "Delta Electronics",
+        "versions": [
+          {
+            "lessThan": "1.5.0",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}

data/anchore/2024/CVE-2024-39605.json

@@ -0,0 +1,38 @@
+{
+  "additionalMetadata": {
+    "cna": "icscert",
+    "cveId": "CVE-2024-39605",
+    "description": "If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://www.cisa.gov/news-events/ics-advisories/icsa-24-312-02",
+      "https://www.deltaww.com/en-US/Cybersecurity_Advisory"
+    ],
+    "solutions": [
+      "Delta Electronics has released  v1.5.0 of DIAScreen (login required) https://diastudio.deltaww.com/home/downloads  and recommends users install this update on all affected systems.\n\nFor more information, please see the  Delta product cybersecurity advisory for these issues. https://www.deltaww.com/en-US/Cybersecurity_Advisory"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:deltaww:diascreen:*:*:*:*:*:*:*:*"
+        ],
+        "product": "DIAScreen",
+        "vendor": "Delta Electronics",
+        "versions": [
+          {
+            "lessThan": "1.5.0",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}

data/anchore/2024/CVE-2024-47131.json

@@ -0,0 +1,38 @@
+{
+  "additionalMetadata": {
+    "cna": "icscert",
+    "cveId": "CVE-2024-47131",
+    "description": "If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetObjectInfo can be exploited, allowing the attacker to remotely execute arbitrary code.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://www.cisa.gov/news-events/ics-advisories/icsa-24-312-02",
+      "https://www.deltaww.com/en-US/Cybersecurity_Advisory"
+    ],
+    "solutions": [
+      "Delta Electronics has released  v1.5.0 of DIAScreen (login required) https://diastudio.deltaww.com/home/downloads  and recommends users install this update on all affected systems.\n\nFor more information, please see the  Delta product cybersecurity advisory for these issues. https://www.deltaww.com/en-US/Cybersecurity_Advisory"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:deltaww:diascreen:*:*:*:*:*:*:*:*"
+        ],
+        "product": "DIAScreen",
+        "vendor": "Delta Electronics",
+        "versions": [
+          {
+            "lessThan": "1.5.0",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}

data/anchore/2024/CVE-2024-49283.json

@@ -22,7 +22,7 @@
         "vendor": "VillaTheme",
         "versions": [
           {
-            "lessThanOrEqual": "2.2.3",
+            "lessThan": "2.2.4",
             "status": "affected",
             "version": "0",
             "versionType": "custom"

data/anchore/2024/CVE-2024-49297.json

@@ -23,7 +23,7 @@
         "vendor": "Zoho CRM",
         "versions": [
           {
-            "lessThanOrEqual": "1.7.9.0",
+            "lessThan": "1.7.9.8",
             "status": "affected",
             "version": "0",
             "versionType": "custom"

data/anchore/2024/CVE-2024-51484.json

@@ -0,0 +1,37 @@
+{
+  "additionalMetadata": {
+    "cna": "github_m",
+    "cveId": "CVE-2024-51484",
+    "description": "Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controllers. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://github.com/ampache/ampache/security/advisories/GHSA-h6vj-6rvc-3x29"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://github.com",
+        "cpes": [
+          "cpe:2.3:a:ampache:ampache:*:*:*:*:*:*:*:*"
+        ],
+        "packageName": "ampache/ampache",
+        "product": "ampache",
+        "repo": "https://github.com/ampache/ampache",
+        "vendor": "ampache",
+        "versions": [
+          {
+            "lessThan": "7.0.1",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}

data/anchore/2024/CVE-2024-51485.json

@@ -0,0 +1,37 @@
+{
+  "additionalMetadata": {
+    "cna": "github_m",
+    "cveId": "CVE-2024-51485",
+    "description": "Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://github.com/ampache/ampache/security/advisories/GHSA-xvfj-w962-hqcx"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://github.com",
+        "cpes": [
+          "cpe:2.3:a:ampache:ampache:*:*:*:*:*:*:*:*"
+        ],
+        "packageName": "ampache/ampache",
+        "product": "ampache",
+        "repo": "https://github.com/ampache/ampache",
+        "vendor": "ampache",
+        "versions": [
+          {
+            "lessThan": "7.0.1",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}

data/anchore/2024/CVE-2024-51486.json

@@ -0,0 +1,37 @@
+{
+  "additionalMetadata": {
+    "cna": "github_m",
+    "cveId": "CVE-2024-51486",
+    "description": "Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the \"Custom URL - Favicon\". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://github.com/ampache/ampache/security/advisories/GHSA-4xw5-f7xm-vpw5"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://github.com",
+        "cpes": [
+          "cpe:2.3:a:ampache:ampache:*:*:*:*:*:*:*:*"
+        ],
+        "packageName": "ampache/ampache",
+        "product": "ampache",
+        "repo": "https://github.com/ampache/ampache",
+        "vendor": "ampache",
+        "versions": [
+          {
+            "lessThan": "7.0.1",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}

data/anchore/2024/CVE-2024-51487.json

@@ -0,0 +1,37 @@
+{
+  "additionalMetadata": {
+    "cna": "github_m",
+    "cveId": "CVE-2024-51487",
+    "description": "Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://github.com/ampache/ampache/security/advisories/GHSA-5rmx-fjmc-mg6x"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://github.com",
+        "cpes": [
+          "cpe:2.3:a:ampache:ampache:*:*:*:*:*:*:*:*"
+        ],
+        "packageName": "ampache/ampache",
+        "product": "ampache",
+        "repo": "https://github.com/ampache/ampache",
+        "vendor": "ampache",
+        "versions": [
+          {
+            "lessThan": "7.0.1",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}

data/anchore/2024/CVE-2024-51488.json

@@ -0,0 +1,37 @@
+{
+  "additionalMetadata": {
+    "cna": "github_m",
+    "cveId": "CVE-2024-51488",
+    "description": "Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to delete messages to any user, including administrators, if they interact with a malicious request. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://github.com/ampache/ampache/security/advisories/GHSA-46m4-5pxj-66f2"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://github.com",
+        "cpes": [
+          "cpe:2.3:a:ampache:ampache:*:*:*:*:*:*:*:*"
+        ],
+        "packageName": "ampache/ampache",
+        "product": "ampache",
+        "repo": "https://github.com/ampache/ampache",
+        "vendor": "ampache",
+        "versions": [
+          {
+            "lessThan": "7.0.1",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}