label latest github submitted vulns

Signed-off-by: Weston Steimel <[email protected]>
anchore · May 28, 2024 · ddf10df · ddf10df
1 parent 72541a2
commit ddf10df
Show file tree

Hide file tree

Showing 18 changed files with 739 additions and 0 deletions.
diff --git a/data/anchore/2024/CVE-2024-31216.json b/data/anchore/2024/CVE-2024-31216.json
@@ -0,0 +1,35 @@
+{
+  "additionalMetadata": {
+    "cna": "github_m",
+    "cveId": "CVE-2024-31216",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://github.com/fluxcd/source-controller/commit/915d1a072a4f37dd460ba33079dc094aa6e72fa9",
+      "https://github.com/fluxcd/source-controller/pull/1430",
+      "https://github.com/fluxcd/source-controller/security/advisories/GHSA-v554-xwgw-hc3w"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:fluxcd:source-controller:*:*:*:*:*:*:*:*"
+        ],
+        "product": "source-controller",
+        "vendor": "fluxcd",
+        "versions": [
+          {
+            "lessThan": "1.2.5",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-31989.json b/data/anchore/2024/CVE-2024-31989.json
@@ -0,0 +1,66 @@
+{
+  "additionalMetadata": {
+    "cna": "github_m",
+    "cveId": "CVE-2024-31989",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://github.com/argoproj/argo-cd/commit/2de0ceade243039c120c28374016c04ff9590d1d",
+      "https://github.com/argoproj/argo-cd/commit/35a7d6c7fa1534aceba763d6a68697f36c12e678",
+      "https://github.com/argoproj/argo-cd/commit/4e2fe302c3352a0012ecbe7f03476b0e07f7fc6c",
+      "https://github.com/argoproj/argo-cd/commit/53570cbd143bced49d4376d6e31bd9c7bd2659ff",
+      "https://github.com/argoproj/argo-cd/commit/6ef7b62a0f67e74b4aac2aee31c98ae49dd95d12",
+      "https://github.com/argoproj/argo-cd/commit/9552034a80070a93a161bfa330359585f3b85f07",
+      "https://github.com/argoproj/argo-cd/commit/bdd889d43969ba738ddd15e1f674d27964048994",
+      "https://github.com/argoproj/argo-cd/commit/f1a449e83ee73f8f14d441563b6a31b504f8d8b0",
+      "https://github.com/argoproj/argo-cd/security/advisories/GHSA-9766-5277-j5hr"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:linuxfoundation:argo-cd:*:*:*:*:*:*:*:*",
+          "cpe:2.3:a:linuxfoundation:argo_continuous_delivery:*:*:*:*:*:kubernetes:*:*"
+        ],
+        "product": "argo-cd",
+        "vendor": "argoproj",
+        "versions": [
+          {
+            "lessThan": "2.8.19",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "2.9.15",
+            "status": "affected",
+            "version": "2.9.0-rc1",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "2.10.10",
+            "status": "affected",
+            "version": "2.10.0-rc1",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "2.11.1",
+            "status": "affected",
+            "version": "2.11.0-rc1",
+            "versionType": "custom"
+          },
+          {
+            "lessThanOrEqual": "1.8.7",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-32969.json b/data/anchore/2024/CVE-2024-32969.json
@@ -0,0 +1,34 @@
+{
+  "additionalMetadata": {
+    "cna": "github_m",
+    "cveId": "CVE-2024-32969",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://github.com/vantage6/vantage6/commit/27f4ee3fade5f4cbcf3e60899c9a2a91145e0b56",
+      "https://github.com/vantage6/vantage6/security/advisories/GHSA-99r4-cjp4-3hmx"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:*"
+        ],
+        "product": "vantage6",
+        "vendor": "vantage6",
+        "versions": [
+          {
+            "lessThan": "4.5.0rc3",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-32978.json b/data/anchore/2024/CVE-2024-32978.json
@@ -0,0 +1,33 @@
+{
+  "additionalMetadata": {
+    "cna": "github_m",
+    "cveId": "CVE-2024-32978",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://github.com/kaminari/kaminari/security/advisories/GHSA-7r3j-qmr4-jfpj"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:kaminari_project:kaminari:*:*:*:*:*:*:*:*"
+        ],
+        "product": "kaminari",
+        "vendor": "kaminari",
+        "versions": [
+          {
+            "lessThan": "0.16.2",
+            "status": "affected",
+            "version": "0.15.0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-34071.json b/data/anchore/2024/CVE-2024-34071.json
@@ -0,0 +1,55 @@
+{
+  "additionalMetadata": {
+    "cna": "github_m",
+    "cveId": "CVE-2024-34071",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://github.com/umbraco/Umbraco-CMS/commit/5f24de308584b9771240a6db1a34630a5114c450",
+      "https://github.com/umbraco/Umbraco-CMS/commit/c17d4e1a600098ec524e4126f4395255476bc33f",
+      "https://github.com/umbraco/Umbraco-CMS/commit/c8f71af646171074c13e5c34f74312def4512031",
+      "https://github.com/umbraco/Umbraco-CMS/commit/d8df405db4ea884bb4b96f088d10d9a2070cf024",
+      "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-j74q-mv2c-rxmp"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*"
+        ],
+        "product": "Umbraco-CMS",
+        "vendor": "umbraco",
+        "versions": [
+          {
+            "lessThan": "8.18.14",
+            "status": "affected",
+            "version": "8.18.5",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "10.8.6",
+            "status": "affected",
+            "version": "10.5.0",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "12.3.10",
+            "status": "affected",
+            "version": "12.0.0",
+            "versionType": "custom"
+          },
+          {
+            "lessThan": "13.3.1",
+            "status": "affected",
+            "version": "13.0.0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-34082.json b/data/anchore/2024/CVE-2024-34082.json
@@ -0,0 +1,34 @@
+{
+  "additionalMetadata": {
+    "cna": "github_m",
+    "cveId": "CVE-2024-34082",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://github.com/getgrav/grav/commit/b6bba9eb99bf8cb55b8fa8d23f18873ca594e348",
+      "https://github.com/getgrav/grav/security/advisories/GHSA-f8v5-jmfh-pr69"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*"
+        ],
+        "product": "grav",
+        "vendor": "getgrav",
+        "versions": [
+          {
+            "lessThan": "1.7.46",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-34710.json b/data/anchore/2024/CVE-2024-34710.json
@@ -0,0 +1,34 @@
+{
+  "additionalMetadata": {
+    "cna": "github_m",
+    "cveId": "CVE-2024-34710",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://github.com/requarks/wiki/commit/1238d614e1599fefadd4614ee4b5797a087f50ac",
+      "https://github.com/requarks/wiki/security/advisories/GHSA-xjcj-p2qv-q3rf"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:requarks:wiki.js:*:*:*:*:*:*:*:*"
+        ],
+        "product": "wiki",
+        "vendor": "requarks",
+        "versions": [
+          {
+            "lessThan": "2.5.303",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-35176.json b/data/anchore/2024/CVE-2024-35176.json
@@ -0,0 +1,35 @@
+{
+  "additionalMetadata": {
+    "cna": "github_m",
+    "cveId": "CVE-2024-35176",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://github.com/ruby/rexml/commit/4325835f92f3f142ebd91a3fdba4e1f1ab7f1cfb",
+      "https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh",
+      "https://www.ruby-lang.org/en/news/2024/05/16/dos-rexml-cve-2024-35176"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:ruby-lang:rexml:*:*:*:*:*:ruby:*:*"
+        ],
+        "product": "rexml",
+        "vendor": "ruby",
+        "versions": [
+          {
+            "lessThan": "3.2.7",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-35180.json b/data/anchore/2024/CVE-2024-35180.json
@@ -0,0 +1,37 @@
+{
+  "additionalMetadata": {
+    "cna": "github_m",
+    "cveId": "CVE-2024-35180",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://github.com/ome/omero-web/commit/d41207cbb82afc56ea79e84db532608aa24ab4aa",
+      "https://github.com/ome/omero-web/security/advisories/GHSA-vr85-5pwx-c6gq"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://pypi.org",
+        "packageName": "omero-web",
+        "cpes": [
+          "cpe:2.3:a:openmicroscopy:omero-web:*:*:*:*:*:*:*:*",
+          "cpe:2.3:a:openmicroscopy:omero.web:*:*:*:*:*:*:*:*"
+        ],
+        "product": "omero-web",
+        "vendor": "ome",
+        "versions": [
+          {
+            "lessThan": "5.26.0",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}