diff --git a/data/anchore/2023/CVE-2023-45288.json b/data/anchore/2023/CVE-2023-45288.json new file mode 100644 index 00000000..60d1363a --- /dev/null +++ b/data/anchore/2023/CVE-2023-45288.json @@ -0,0 +1,65 @@ +{ + "additionalMetadata": { + "cna": "go", + "cveId": "CVE-2023-45288", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/04/05/4", + "https://security.netapp.com/advisory/ntap-20240419-0009/", + "https://go.dev/cl/576155", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/", + "https://go.dev/issue/65051", + "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", + "https://pkg.go.dev/vuln/GO-2024-2687", + "http://www.openwall.com/lists/oss-security/2024/04/03/16" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pkg.go.dev", + "cpes": [ + "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*" + ], + "packageName": "net/http", + "product": "net/http", + "vendor": "Go standard library", + "versions": [ + { + "lessThan": "1.21.9", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "lessThan": "1.22.2", + "status": "affected", + "version": "1.22.0-0", + "versionType": "semver" + } + ] + }, + { + "collectionURL": "https://pkg.go.dev", + "cpes": [ + "cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*" + ], + "packageName": "golang.org/x/net/http2", + "product": "golang.org/x/net/http2", + "vendor": "golang.org/x/net", + "versions": [ + { + "lessThan": "0.23.0", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-45289.json b/data/anchore/2023/CVE-2023-45289.json new file mode 100644 index 00000000..f0e42784 --- /dev/null +++ b/data/anchore/2023/CVE-2023-45289.json @@ -0,0 +1,69 @@ +{ + "additionalMetadata": { + "cna": "go", + "cveId": "CVE-2023-45289", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://pkg.go.dev/vuln/GO-2024-2600", + "https://go.dev/cl/569340", + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://go.dev/issue/65065", + "https://security.netapp.com/advisory/ntap-20240329-0006/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pkg.go.dev", + "cpes": [ + "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*" + ], + "packageName": "net/http", + "product": "net/http", + "vendor": "Go standard library", + "versions": [ + { + "lessThan": "1.21.8", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "lessThan": "1.22.1", + "status": "affected", + "version": "1.22.0-0", + "versionType": "semver" + } + ] + }, + { + "collectionURL": "https://pkg.go.dev", + "cpes": [ + "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*" + ], + "packageName": "net/http/cookiejar", + "product": "net/http/cookiejar", + "vendor": "Go standard library", + "versions": [ + { + "lessThan": "1.21.8", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "lessThan": "1.22.1", + "status": "affected", + "version": "1.22.0-0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-45290.json b/data/anchore/2023/CVE-2023-45290.json new file mode 100644 index 00000000..d8f67d8a --- /dev/null +++ b/data/anchore/2023/CVE-2023-45290.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "go", + "cveId": "CVE-2023-45290", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://go.dev/issue/65383", + "https://security.netapp.com/advisory/ntap-20240329-0004/", + "https://pkg.go.dev/vuln/GO-2024-2599", + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://go.dev/cl/569341" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pkg.go.dev", + "cpes": [ + "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*" + ], + "packageName": "net/textproto", + "product": "net/textproto", + "vendor": "Go standard library", + "versions": [ + { + "lessThan": "1.21.8", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "lessThan": "1.22.1", + "status": "affected", + "version": "1.22.0-0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-24783.json b/data/anchore/2024/CVE-2024-24783.json new file mode 100644 index 00000000..e2cac38d --- /dev/null +++ b/data/anchore/2024/CVE-2024-24783.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "go", + "cveId": "CVE-2024-24783", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://go.dev/issue/65390", + "https://go.dev/cl/569339", + "https://pkg.go.dev/vuln/GO-2024-2598", + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://security.netapp.com/advisory/ntap-20240329-0005/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pkg.go.dev", + "cpes": [ + "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*" + ], + "packageName": "crypto/x509", + "product": "crypto/x509", + "vendor": "Go standard library", + "versions": [ + { + "lessThan": "1.21.8", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "lessThan": "1.22.1", + "status": "affected", + "version": "1.22.0-0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-24784.json b/data/anchore/2024/CVE-2024-24784.json new file mode 100644 index 00000000..6041cdbf --- /dev/null +++ b/data/anchore/2024/CVE-2024-24784.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "go", + "cveId": "CVE-2024-24784", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://go.dev/issue/65083", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://pkg.go.dev/vuln/GO-2024-2609", + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://security.netapp.com/advisory/ntap-20240329-0007/", + "https://go.dev/cl/555596" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pkg.go.dev", + "cpes": [ + "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*" + ], + "packageName": "net/mail", + "product": "net/mail", + "vendor": "Go standard library", + "versions": [ + { + "lessThan": "1.21.8", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "lessThan": "1.22.1", + "status": "affected", + "version": "1.22.0-0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-24785.json b/data/anchore/2024/CVE-2024-24785.json new file mode 100644 index 00000000..bb6ad0a0 --- /dev/null +++ b/data/anchore/2024/CVE-2024-24785.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "go", + "cveId": "CVE-2024-24785", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://pkg.go.dev/vuln/GO-2024-2610", + "https://go.dev/cl/564196", + "https://go.dev/issue/65697", + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://security.netapp.com/advisory/ntap-20240329-0008/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pkg.go.dev", + "cpes": [ + "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*" + ], + "packageName": "html/template", + "product": "html/template", + "vendor": "Go standard library", + "versions": [ + { + "lessThan": "1.21.8", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "lessThan": "1.22.1", + "status": "affected", + "version": "1.22.0-0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-24786.json b/data/anchore/2024/CVE-2024-24786.json new file mode 100644 index 00000000..22d5c202 --- /dev/null +++ b/data/anchore/2024/CVE-2024-24786.json @@ -0,0 +1,55 @@ +{ + "additionalMetadata": { + "cna": "go", + "cveId": "CVE-2024-24786", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://pkg.go.dev/vuln/GO-2024-2611", + "https://go.dev/cl/569356", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pkg.go.dev", + "cpes": [ + "cpe:2.3:a:protobuf:protobuf:*:*:*:*:*:go:*:*" + ], + "packageName": "google.golang.org/protobuf/encoding/protojson", + "product": "google.golang.org/protobuf/encoding/protojson", + "vendor": "google.golang.org/protobuf", + "versions": [ + { + "lessThan": "1.33.0", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "collectionURL": "https://pkg.go.dev", + "cpes": [ + "cpe:2.3:a:protobuf:protobuf:*:*:*:*:*:go:*:*" + ], + "packageName": "google.golang.org/protobuf/internal/encoding/json", + "product": "google.golang.org/protobuf/internal/encoding/json", + "vendor": "google.golang.org/protobuf", + "versions": [ + { + "lessThan": "1.33.0", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-24787.json b/data/anchore/2024/CVE-2024-24787.json new file mode 100644 index 00000000..250c25e6 --- /dev/null +++ b/data/anchore/2024/CVE-2024-24787.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "go", + "cveId": "CVE-2024-24787", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0", + "https://go.dev/cl/583815", + "https://pkg.go.dev/vuln/GO-2024-2825", + "https://go.dev/issue/67119" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pkg.go.dev", + "cpes": [ + "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*" + ], + "packageName": "cmd/go", + "product": "cmd/go", + "vendor": "Go toolchain", + "versions": [ + { + "lessThan": "1.21.10", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "lessThan": "1.22.3", + "status": "affected", + "version": "1.22.0-0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-24788.json b/data/anchore/2024/CVE-2024-24788.json new file mode 100644 index 00000000..d1cc1368 --- /dev/null +++ b/data/anchore/2024/CVE-2024-24788.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "go", + "cveId": "CVE-2024-24788", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://go.dev/cl/578375", + "https://pkg.go.dev/vuln/GO-2024-2824", + "https://go.dev/issue/66754", + "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pkg.go.dev", + "cpes": [ + "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*" + ], + "packageName": "net", + "product": "net", + "vendor": "Go standard library", + "versions": [ + { + "lessThan": "1.22.3", + "status": "affected", + "version": "1.22.0-0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file