diff --git a/data/anchore/2024/CVE-2024-22871.json b/data/anchore/2024/CVE-2024-22871.json new file mode 100644 index 00000000..17caf1a6 --- /dev/null +++ b/data/anchore/2024/CVE-2024-22871.json @@ -0,0 +1,54 @@ +{ + "additionalMetadata": { + "cna": "mitre", + "cveId": "CVE-2024-22871", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://hackmd.io/%40fe1w0/rymmJGida", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25FKUOYXQZGGJMFUM5HJABWMIX2TILRV/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWWK2SO2MH4SXPO6L444MM6LHVLVFULV/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YFPGUDXMW6OXKIDGCOZFEAXO74VQIB2T/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:clojure:clojure:*:*:*:*:*:*:*:*", + "cpe:2.3:a:org.clojure:clojure:*:*:*:*:*:maven:*:*" + ], + "packageName": "org.clojure:clojure", + "product": "clojure", + "repo": "https://github.com/clojure/clojure", + "vendor": "clojure", + "versions": [ + { + "lessThan": "1.11.2", + "status": "affected", + "version": "1.7.0", + "versionType": "maven" + }, + { + "lessThan": "1.12.0-alpha9", + "status": "affected", + "version": "1.12.0-alpha1", + "versionType": "maven" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://github.com/clojure/clojure/blob/c07c39cac49a91f6031fe05c2eb7a257aa089176/changes.md?plain=1#L7C33-L9" + }, + { + "url": "https://github.com/advisories/GHSA-vr64-r9qj-h27f" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27280.json b/data/anchore/2024/CVE-2024-27280.json new file mode 100644 index 00000000..6dad7661 --- /dev/null +++ b/data/anchore/2024/CVE-2024-27280.json @@ -0,0 +1,48 @@ +{ + "additionalMetadata": { + "cna": "mitre", + "cveId": "CVE-2024-27280", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://hackerone.com/reports/1399856", + "https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://rubygems.org", + "cpes": [ + "cpe:2.3:a:ruby-lang:stringio:*:*:*:*:*:*:*:*" + ], + "packageName": "stringio", + "product": "stringio", + "repo": "https://github.com/ruby/stringio", + "vendor": "ruby", + "versions": [ + { + "lessThan": "3.0.1.1", + "version": "0", + "status": "affected", + "versionType": "custom" + }, + { + "lessThan": "3.0.3", + "status": "affected", + "version": "3.0.2.pre1", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://github.com/advisories/GHSA-v5h6-c2hv-hv3r" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27281.json b/data/anchore/2024/CVE-2024-27281.json new file mode 100644 index 00000000..629aad19 --- /dev/null +++ b/data/anchore/2024/CVE-2024-27281.json @@ -0,0 +1,60 @@ +{ + "additionalMetadata": { + "cna": "mitre", + "cveId": "CVE-2024-27281", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://hackerone.com/reports/1187477", + "https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://rubygems.org", + "cpes": [ + "cpe:2.3:a:ruby-lang:rdoc:*:*:*:*:*:*:*:*" + ], + "packageName": "rdoc", + "product": "rdoc", + "repo": "https://github.com/ruby/rdoc", + "vendor": "ruby", + "versions": [ + { + "lessThan": "6.3.4.1", + "version": "0", + "status": "affected", + "versionType": "custom" + }, + { + "lessThan": "6.4.1.1", + "status": "affected", + "version": "6.4.0", + "versionType": "custom" + }, + { + "lessThan": "6.5.1.1", + "status": "affected", + "version": "6.5.0", + "versionType": "custom" + }, + { + "lessThan": "6.6.3.1", + "status": "affected", + "version": "6.6.0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://github.com/advisories/GHSA-592j-995h-p23j" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27282.json b/data/anchore/2024/CVE-2024-27282.json new file mode 100644 index 00000000..6b2ff4b5 --- /dev/null +++ b/data/anchore/2024/CVE-2024-27282.json @@ -0,0 +1,53 @@ +{ + "additionalMetadata": { + "cna": "mitre", + "cveId": "CVE-2024-27282", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://hackerone.com/reports/2122624", + "https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*" + ], + "product": "ruby", + "repo": "https://github.com/ruby/ruby", + "vendor": "ruby", + "versions": [ + { + "lessThan": "3.0.7", + "version": "0", + "status": "affected", + "versionType": "custom" + }, + { + "lessThan": "3.1.5", + "version": "3.1.0", + "status": "affected", + "versionType": "custom" + }, + { + "lessThan": "3.2.4", + "version": "3.2.0", + "status": "affected", + "versionType": "custom" + }, + { + "lessThan": "3.3.1", + "version": "3.3.0", + "status": "affected", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-28757.json b/data/anchore/2024/CVE-2024-28757.json new file mode 100644 index 00000000..d29deefb --- /dev/null +++ b/data/anchore/2024/CVE-2024-28757.json @@ -0,0 +1,40 @@ +{ + "additionalMetadata": { + "cna": "mitre", + "cveId": "CVE-2024-28757", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/03/15/1", + "https://github.com/libexpat/libexpat/issues/839", + "https://github.com/libexpat/libexpat/pull/842", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/", + "https://security.netapp.com/advisory/ntap-20240322-0001/" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*" + ], + "product": "libexpat", + "repo": "https://github.com/libexpat/libexpat", + "vendor": "libexpat", + "versions": [ + { + "lessThan": "2.6.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-34459.json b/data/anchore/2024/CVE-2024-34459.json new file mode 100644 index 00000000..6ee76216 --- /dev/null +++ b/data/anchore/2024/CVE-2024-34459.json @@ -0,0 +1,42 @@ +{ + "additionalMetadata": { + "cna": "mitre", + "cveId": "CVE-2024-34459", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*" + ], + "product": "libxml2", + "repo": "https://gitlab.gnome.org/GNOME/libxml2", + "vendor": "xmlsoft", + "versions": [ + { + "lessThan": "2.11.8", + "version": "0", + "status": "affected", + "versionType": "custom" + }, + { + "lessThan": "2.12.7", + "version": "2.12", + "status": "affected", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file