diff --git a/data/anchore/2023/CVE-2023-6349.json b/data/anchore/2023/CVE-2023-6349.json new file mode 100644 index 00000000..0851c12b --- /dev/null +++ b/data/anchore/2023/CVE-2023-6349.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "google", + "cveId": "CVE-2023-6349", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://crbug.com/webm/1642" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://chromium.googlesource.com", + "cpes": [ + "cpe:2.3:a:webmproject:libvpx:*:*:*:*:*:*:*:*" + ], + "packageName": "libvpx", + "product": "libvpx", + "repo": "https://chromium.googlesource.com/webm/libvpx", + "vendor": "Chromium", + "versions": [ + { + "lessThan": "1.13.1", + "status": "affected", + "version": "1.5.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27093.json b/data/anchore/2024/CVE-2024-27093.json new file mode 100644 index 00000000..ddacf746 --- /dev/null +++ b/data/anchore/2024/CVE-2024-27093.json @@ -0,0 +1,34 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-27093", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/stacklok/minder/commit/53868a878e93f29c43437f96dbc990b548e48d1d", + "https://github.com/stacklok/minder/security/advisories/GHSA-q6h8-4j2v-pjg4" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:stacklok:minder:*:*:*:*:*:*:*:*" + ], + "product": "minder", + "vendor": "stacklok", + "versions": [ + { + "lessThan": "0.20240226.1425+ref.53868a8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27308.json b/data/anchore/2024/CVE-2024-27308.json new file mode 100644 index 00000000..ea0a069a --- /dev/null +++ b/data/anchore/2024/CVE-2024-27308.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-27308", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/tokio-rs/mio/commit/90d4fe00df870acd3d38f3dc4face9aacab8fbb9", + "https://github.com/tokio-rs/mio/pull/1760", + "https://github.com/tokio-rs/mio/security/advisories/GHSA-r8w9-5wcg-vfj7", + "https://github.com/tokio-rs/tokio/issues/6369" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:mio_project:mio:*:*:*:*:*:rust:*:*" + ], + "product": "mio", + "vendor": "tokio-rs", + "versions": [ + { + "lessThan": "0.8.11", + "status": "affected", + "version": "0.7.2", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27916.json b/data/anchore/2024/CVE-2024-27916.json new file mode 100644 index 00000000..615ba204 --- /dev/null +++ b/data/anchore/2024/CVE-2024-27916.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-27916", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/stacklok/minder/blob/a115c8524fbd582b2b277eaadce024bebbded508/internal/controlplane/handlers_repositories.go#L277-L278", + "https://github.com/stacklok/minder/blob/main/internal/controlplane/handlers_repositories.go#L257-L299", + "https://github.com/stacklok/minder/commit/45750b4e9fb2de33365758366e06c19e999bd2eb", + "https://github.com/stacklok/minder/security/advisories/GHSA-v627-69v2-xx37" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:stacklok:minder:*:*:*:*:*:*:*:*" + ], + "product": "minder", + "vendor": "stacklok", + "versions": [ + { + "lessThan": "0.0.33", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-31455.json b/data/anchore/2024/CVE-2024-31455.json new file mode 100644 index 00000000..1b89bb9f --- /dev/null +++ b/data/anchore/2024/CVE-2024-31455.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-31455", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/stacklok/minder/commit/11b6573ad62cfdd783a8bb52f3fce461466037f4", + "https://github.com/stacklok/minder/commit/5c381cfbf3e4b7ce040ed8511a1fae1a78a0014b", + "https://github.com/stacklok/minder/pull/2941", + "https://github.com/stacklok/minder/security/advisories/GHSA-ggp5-28x4-xcj9" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:stacklok:minder:*:*:*:*:*:*:*:*" + ], + "product": "minder", + "vendor": "stacklok", + "versions": [ + { + "lessThan": "0.0.40", + "status": "affected", + "version": "0.0.39", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-34084.json b/data/anchore/2024/CVE-2024-34084.json new file mode 100644 index 00000000..47fa6c79 --- /dev/null +++ b/data/anchore/2024/CVE-2024-34084.json @@ -0,0 +1,34 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-34084", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/stacklok/minder/commit/3e5a527d2f1b535159206161d1d519602c75bd0d", + "https://github.com/stacklok/minder/security/advisories/GHSA-9c5w-9q3f-3hv7" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:stacklok:minder:*:*:*:*:*:*:*:*" + ], + "product": "minder", + "vendor": "stacklok", + "versions": [ + { + "lessThan": "0.0.48", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-35179.json b/data/anchore/2024/CVE-2024-35179.json new file mode 100644 index 00000000..e45c7b54 --- /dev/null +++ b/data/anchore/2024/CVE-2024-35179.json @@ -0,0 +1,33 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-35179", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/stalwartlabs/mail-server/security/advisories/GHSA-5pfx-j27j-4c6h" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:stalwartlabs:mail-server:*:*:*:*:*:*:*:*" + ], + "product": "mail-server", + "vendor": "stalwartlabs", + "versions": [ + { + "lessThan": "0.8.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-35183.json b/data/anchore/2024/CVE-2024-35183.json new file mode 100644 index 00000000..b35a6d51 --- /dev/null +++ b/data/anchore/2024/CVE-2024-35183.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-35183", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/wolfi-dev/wolfictl/blob/488b53823350caa706de3f01ec0eded9350c7da7/pkg/update/update.go#L143", + "https://github.com/wolfi-dev/wolfictl/blob/4dd6c95abb4bc0f9306350a8601057bd7a92bded/pkg/update/deps/cleanup.go#L49", + "https://github.com/wolfi-dev/wolfictl/blob/6d99909f7b1aa23f732d84dad054b02a61f530e6/pkg/git/git.go#L22", + "https://github.com/wolfi-dev/wolfictl/commit/0d06e1578300327c212dda26a5ab31d09352b9d0", + "https://github.com/wolfi-dev/wolfictl/commit/403e93569f46766b4e26e06cf9cd0cae5ee0c2a2", + "https://github.com/wolfi-dev/wolfictl/security/advisories/GHSA-8fg7-hp93-qhvr" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:wolfi-dev:wolfictl:*:*:*:*:*:*:*:*" + ], + "product": "wolfictl", + "vendor": "wolfi-dev", + "versions": [ + { + "lessThan": "0.16.10", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-35185.json b/data/anchore/2024/CVE-2024-35185.json new file mode 100644 index 00000000..c96c4cf4 --- /dev/null +++ b/data/anchore/2024/CVE-2024-35185.json @@ -0,0 +1,34 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-35185", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/stacklok/minder/commit/065049336aac0621ee00a0bb2211f8051d47c14b", + "https://github.com/stacklok/minder/security/advisories/GHSA-fjw8-3gp8-4cvx" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:stacklok:minder:*:*:*:*:*:*:*:*" + ], + "product": "minder", + "vendor": "stacklok", + "versions": [ + { + "lessThan": "0.0.49", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-35187.json b/data/anchore/2024/CVE-2024-35187.json new file mode 100644 index 00000000..ce44c853 --- /dev/null +++ b/data/anchore/2024/CVE-2024-35187.json @@ -0,0 +1,33 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-35187", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/stalwartlabs/mail-server/security/advisories/GHSA-rwp5-f854-ppg6" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:stalwartlabs:mail-server:*:*:*:*:*:*:*:*" + ], + "product": "mail-server", + "vendor": "stalwartlabs", + "versions": [ + { + "lessThan": "0.8.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-35192.json b/data/anchore/2024/CVE-2024-35192.json new file mode 100644 index 00000000..c4044e02 --- /dev/null +++ b/data/anchore/2024/CVE-2024-35192.json @@ -0,0 +1,34 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-35192", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/aquasecurity/trivy/commit/e7f14f729de259551203f313e57d2d9d3aa2ff87", + "https://github.com/aquasecurity/trivy/security/advisories/GHSA-xcq4-m2r3-cmrj" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:aquasecurity:trivy:*:*:*:*:*:*:*:*" + ], + "product": "trivy", + "vendor": "aquasecurity", + "versions": [ + { + "lessThan": "0.51.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-35194.json b/data/anchore/2024/CVE-2024-35194.json new file mode 100644 index 00000000..22da77d8 --- /dev/null +++ b/data/anchore/2024/CVE-2024-35194.json @@ -0,0 +1,34 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-35194", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/stacklok/minder/commit/fe321d345b4f738de6a06b13207addc72b59f892", + "https://github.com/stacklok/minder/security/advisories/GHSA-crgc-2583-rw27" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:stacklok:minder:*:*:*:*:*:*:*:*" + ], + "product": "minder", + "vendor": "stacklok", + "versions": [ + { + "lessThan": "0.0.50", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-35238.json b/data/anchore/2024/CVE-2024-35238.json new file mode 100644 index 00000000..303a800c --- /dev/null +++ b/data/anchore/2024/CVE-2024-35238.json @@ -0,0 +1,35 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-35238", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/stacklok/minder/blob/daccbc12e364e2d407d56b87a13f7bb24cbdb074/internal/verifier/sigstore/container/container.go#L271-L300", + "https://github.com/stacklok/minder/commit/fe321d345b4f738de6a06b13207addc72b59f892", + "https://github.com/stacklok/minder/security/advisories/GHSA-8fmj-33gw-g7pw" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:stacklok:minder:*:*:*:*:*:*:*:*" + ], + "product": "minder", + "vendor": "stacklok", + "versions": [ + { + "lessThan": "0.0.51", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file