From ffedf61622c3de7731fc55024bbf2e5ba6994eba Mon Sep 17 00:00:00 2001 From: Weston Steimel Date: Tue, 28 May 2024 18:19:28 +0100 Subject: [PATCH] enrich several more github_m submissions Signed-off-by: Weston Steimel --- data/anchore/2024/CVE-2024-22201.json | 108 ++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-24751.json | 36 +++++++++ data/anchore/2024/CVE-2024-26135.json | 36 +++++++++ data/anchore/2024/CVE-2024-26139.json | 35 +++++++++ data/anchore/2024/CVE-2024-27081.json | 36 +++++++++ data/anchore/2024/CVE-2024-27285.json | 41 ++++++++++ data/anchore/2024/CVE-2024-27287.json | 36 +++++++++ data/anchore/2024/CVE-2024-28102.json | 36 +++++++++ data/anchore/2024/CVE-2024-29019.json | 36 +++++++++ data/anchore/2024/CVE-2024-29031.json | 37 +++++++++ data/anchore/2024/CVE-2024-29041.json | 47 +++++++++++ data/anchore/2024/CVE-2024-29190.json | 37 +++++++++ data/anchore/2024/CVE-2024-31212.json | 37 +++++++++ data/anchore/2024/CVE-2024-31213.json | 35 +++++++++ data/anchore/2024/CVE-2024-31215.json | 37 +++++++++ data/anchore/2024/CVE-2024-31225.json | 38 +++++++++ data/anchore/2024/CVE-2024-31461.json | 40 ++++++++++ data/anchore/2024/CVE-2024-31991.json | 38 +++++++++ data/anchore/2024/CVE-2024-31992.json | 38 +++++++++ data/anchore/2024/CVE-2024-31993.json | 38 +++++++++ data/anchore/2024/CVE-2024-31994.json | 38 +++++++++ data/anchore/2024/CVE-2024-32017.json | 39 ++++++++++ data/anchore/2024/CVE-2024-32018.json | 38 +++++++++ data/anchore/2024/CVE-2024-32888.json | 39 ++++++++++ data/anchore/2024/CVE-2024-35181.json | 40 ++++++++++ data/anchore/2024/CVE-2024-35182.json | 39 ++++++++++ 26 files changed, 1055 insertions(+) create mode 100644 data/anchore/2024/CVE-2024-22201.json create mode 100644 data/anchore/2024/CVE-2024-24751.json create mode 100644 data/anchore/2024/CVE-2024-26135.json create mode 100644 data/anchore/2024/CVE-2024-26139.json create mode 100644 data/anchore/2024/CVE-2024-27081.json create mode 100644 data/anchore/2024/CVE-2024-27285.json create mode 100644 data/anchore/2024/CVE-2024-27287.json create mode 100644 data/anchore/2024/CVE-2024-28102.json create mode 100644 data/anchore/2024/CVE-2024-29019.json create mode 100644 data/anchore/2024/CVE-2024-29031.json create mode 100644 data/anchore/2024/CVE-2024-29041.json create mode 100644 data/anchore/2024/CVE-2024-29190.json create mode 100644 data/anchore/2024/CVE-2024-31212.json create mode 100644 data/anchore/2024/CVE-2024-31213.json create mode 100644 data/anchore/2024/CVE-2024-31215.json create mode 100644 data/anchore/2024/CVE-2024-31225.json create mode 100644 data/anchore/2024/CVE-2024-31461.json create mode 100644 data/anchore/2024/CVE-2024-31991.json create mode 100644 data/anchore/2024/CVE-2024-31992.json create mode 100644 data/anchore/2024/CVE-2024-31993.json create mode 100644 data/anchore/2024/CVE-2024-31994.json create mode 100644 data/anchore/2024/CVE-2024-32017.json create mode 100644 data/anchore/2024/CVE-2024-32018.json create mode 100644 data/anchore/2024/CVE-2024-32888.json create mode 100644 data/anchore/2024/CVE-2024-35181.json create mode 100644 data/anchore/2024/CVE-2024-35182.json diff --git a/data/anchore/2024/CVE-2024-22201.json b/data/anchore/2024/CVE-2024-22201.json new file mode 100644 index 00000000..64bc3171 --- /dev/null +++ b/data/anchore/2024/CVE-2024-22201.json @@ -0,0 +1,108 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-22201", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/03/20/2", + "https://github.com/jetty/jetty.project/issues/11256", + "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html", + "https://security.netapp.com/advisory/ntap-20240329-0001/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org", + "cpes": [ + "cpe:2.3:a:org.eclipse.jetty.http2:http2-common:*:*:*:*:*:*:*:*" + ], + "packageName": "org.eclipse.jetty.http2:http2-common", + "product": "Jetty HTTP2 Common", + "vendor": "Eclipse", + "versions": [ + { + "lessThan": "9.4.54", + "status": "affected", + "version": "9.3.0", + "versionType": "maven" + }, + { + "lessThan": "10.0.20", + "status": "affected", + "version": "10", + "versionType": "maven" + }, + { + "lessThan": "11.0.20", + "status": "affected", + "version": "11", + "versionType": "maven" + } + ] + }, + { + "collectionURL": "https://repo.maven.apache.org", + "cpes": [ + "cpe:2.3:a:org.eclipse.jetty.http2:jetty-http2-common:*:*:*:*:*:*:*:*" + ], + "packageName": "org.eclipse.jetty.http2:jetty-http2-common", + "product": "Jetty HTTP2 Common", + "vendor": "Eclipse", + "versions": [ + { + "lessThan": "12.0.6", + "status": "affected", + "version": "12", + "versionType": "maven" + } + ] + }, + { + "collectionURL": "https://repo.maven.apache.org", + "cpes": [ + "cpe:2.3:a:org.eclipse.jetty.http3:http3-common:*:*:*:*:*:*:*:*" + ], + "packageName": "org.eclipse.jetty.http3:http3-common", + "product": "Jetty HTTP3 Common", + "vendor": "Eclipse", + "versions": [ + { + "lessThan": "10.0.20", + "status": "affected", + "version": "10", + "versionType": "maven" + }, + { + "lessThan": "11.0.20", + "status": "affected", + "version": "11", + "versionType": "maven" + } + ] + }, + { + "collectionURL": "https://repo.maven.apache.org", + "cpes": [ + "cpe:2.3:a:org.eclipse.jetty.http3:jetty-http3-common:*:*:*:*:*:*:*:*" + ], + "packageName": "org.eclipse.jetty.http3:jetty-http3-common", + "product": "Jetty HTTP3 Common", + "vendor": "Eclipse", + "versions": [ + { + "lessThan": "12.0.6", + "status": "affected", + "version": "12", + "versionType": "maven" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-24751.json b/data/anchore/2024/CVE-2024-24751.json new file mode 100644 index 00000000..873fa21a --- /dev/null +++ b/data/anchore/2024/CVE-2024-24751.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-24751", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/derhansen/sf_event_mgt/commit/a08c2cd48695c07e462d15eeb70434ddc0206e4c", + "https://github.com/derhansen/sf_event_mgt/security/advisories/GHSA-4576-pgh2-g34j" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:derhansen:event_management_and_registration:*:*:*:*:*:typo3:*:*" + ], + "packageName": "derhansen/sf_event_mgt", + "product": "sf_event_mgt", + "vendor": "derhansen", + "versions": [ + { + "lessThan": "7.4.0", + "status": "affected", + "version": "7.0.0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-26135.json b/data/anchore/2024/CVE-2024-26135.json new file mode 100644 index 00000000..07eb8e98 --- /dev/null +++ b/data/anchore/2024/CVE-2024-26135.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-26135", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/Ylianst/MeshCentral/commit/f2e43cc6da9f5447dbff0948e6c6024c8a315af3", + "https://github.com/Ylianst/MeshCentral/security/advisories/GHSA-cp68-qrhr-g9h8" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:meshcentral:meshcentral:*:*:*:*:*:*:*:*" + ], + "packageName": "ylianst/meshcentral", + "product": "MeshCentral", + "vendor": "Ylianst", + "versions": [ + { + "lessThan": "1.1.21", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-26139.json b/data/anchore/2024/CVE-2024-26139.json new file mode 100644 index 00000000..d00de87b --- /dev/null +++ b/data/anchore/2024/CVE-2024-26139.json @@ -0,0 +1,35 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-26139", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-qx4j-f4f2-vjw9" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:citeum:opencti:*:*:*:*:*:*:*:*" + ], + "packageName": "opencti-platform/opencti", + "product": "opencti", + "vendor": "OpenCTI-Platform", + "versions": [ + { + "lessThanOrEqual": "5.12.31", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27081.json b/data/anchore/2024/CVE-2024-27081.json new file mode 100644 index 00000000..7f64f320 --- /dev/null +++ b/data/anchore/2024/CVE-2024-27081.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-27081", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/esphome/esphome/commit/d814ed1d4adc71fde47c4df41215bee449884513", + "https://github.com/esphome/esphome/security/advisories/GHSA-8p25-3q46-8q2p" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:esphome:esphome:*:*:*:*:*:*:*:*" + ], + "packageName": "esphome/esphome", + "product": "esphome", + "vendor": "esphome", + "versions": [ + { + "lessThan": "2024.2.1", + "status": "affected", + "version": "2023.12.9", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27285.json b/data/anchore/2024/CVE-2024-27285.json new file mode 100644 index 00000000..125abb58 --- /dev/null +++ b/data/anchore/2024/CVE-2024-27285.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-27285", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/lsegal/yard/commit/1fcb2d8b316caf8779cfdcf910715e9ab583f0aa", + "https://github.com/lsegal/yard/commit/2069e2bf08293bda2fcc78f7d0698af6354054be", + "https://github.com/lsegal/yard/pull/1538", + "https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc", + "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/yard/CVE-2024-27285.yml", + "https://lists.debian.org/debian-lts-announce/2024/03/msg00006.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MR3Z2E2UIZZ7YOR7R645EVSBGWMB2RGA/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:yardoc:yard:*:*:*:*:*:*:*:*" + ], + "packageName": "lsegal/yard", + "product": "yard", + "vendor": "lsegal", + "versions": [ + { + "lessThan": "0.9.36", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27287.json b/data/anchore/2024/CVE-2024-27287.json new file mode 100644 index 00000000..0aa04b76 --- /dev/null +++ b/data/anchore/2024/CVE-2024-27287.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-27287", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/esphome/esphome/commit/37d2b3c7977a4ccbec59726ca7549cb776661455", + "https://github.com/esphome/esphome/security/advisories/GHSA-9p43-hj5j-96h5" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:esphome:esphome:*:*:*:*:*:*:*:*" + ], + "packageName": "esphome/esphome", + "product": "esphome", + "vendor": "esphome", + "versions": [ + { + "lessThan": "2024.2.2", + "status": "affected", + "version": "2023.12.9", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-28102.json b/data/anchore/2024/CVE-2024-28102.json new file mode 100644 index 00000000..b28f33f5 --- /dev/null +++ b/data/anchore/2024/CVE-2024-28102.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-28102", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/latchset/jwcrypto/commit/90477a3b6e73da69740e00b8161f53fea19b831f", + "https://github.com/latchset/jwcrypto/security/advisories/GHSA-j857-7rvv-vj97" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:jwcrypto_project:jwcrypto:*:*:*:*:*:*:*:*" + ], + "packageName": "latchset/jwcrypto", + "product": "jwcrypto", + "vendor": "latchset", + "versions": [ + { + "lessThan": "1.5.6", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-29019.json b/data/anchore/2024/CVE-2024-29019.json new file mode 100644 index 00000000..3de9371e --- /dev/null +++ b/data/anchore/2024/CVE-2024-29019.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-29019", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/advisories/GHSA-9p43-hj5j-96h5", + "https://github.com/esphome/esphome/security/advisories/GHSA-5925-88xh-6h99" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:esphome:esphome:*:*:*:*:*:*:*:*" + ], + "packageName": "esphome/esphome", + "product": "esphome", + "vendor": "esphome", + "versions": [ + { + "lessThan": "2024.3.0", + "status": "affected", + "version": "2023.12.9", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-29031.json b/data/anchore/2024/CVE-2024-29031.json new file mode 100644 index 00000000..4de95304 --- /dev/null +++ b/data/anchore/2024/CVE-2024-29031.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-29031", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/meshery/meshery/commit/8e995ce21af02d32ef61689c1e1748a745917f13", + "https://github.com/meshery/meshery/pull/10207", + "https://securitylab.github.com/advisories/GHSL-2023-249_Meshery/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:layer5:meshery:*:*:*:*:*:*:*:*" + ], + "packageName": "meshery/meshery", + "product": "meshery", + "vendor": "meshery", + "versions": [ + { + "lessThan": "0.7.17", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-29041.json b/data/anchore/2024/CVE-2024-29041.json new file mode 100644 index 00000000..b7b79de4 --- /dev/null +++ b/data/anchore/2024/CVE-2024-29041.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-29041", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://expressjs.com/en/4x/api.html#res.location", + "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", + "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", + "https://github.com/expressjs/express/pull/5539", + "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", + "https://github.com/koajs/koa/issues/1800" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:openjsf:express:*:*:*:*:*:node.js:*:*", + "cpe:2.3:a:expressjs:express:*:*:*:*:*:node.js:*:*" + ], + "packageName": "expressjs/express", + "product": "express", + "vendor": "expressjs", + "versions": [ + { + "lessThan": "4.19.0", + "status": "affected", + "version": "4.14.0", + "versionType": "custom" + }, + { + "lessThan": "5.0.0-beta.3", + "status": "affected", + "version": "5.0.0-alpha.1", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-29190.json b/data/anchore/2024/CVE-2024-29190.json new file mode 100644 index 00000000..55b19939 --- /dev/null +++ b/data/anchore/2024/CVE-2024-29190.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-29190", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://drive.google.com/file/d/1nbKMd2sKosbJef5Mh4DxjcHcQ8Hw0BNR/view?usp=share_link", + "https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/5a8eeee73c5f504a6c3abdf2a139a13804efdb77", + "https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-wfgj-wrgh-h3r3" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:opensecurity:mobile_security_framework:*:*:*:*:*:*:*:*" + ], + "packageName": "mobsf/mobile-security-framework-mobsf", + "product": "Mobile-Security-Framework-MobSF", + "vendor": "MobSF", + "versions": [ + { + "lessThanOrEqual": "3.9.5-beta", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-31212.json b/data/anchore/2024/CVE-2024-31212.json new file mode 100644 index 00000000..ab67d7af --- /dev/null +++ b/data/anchore/2024/CVE-2024-31212.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-31212", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/instantsoft/icms2/blob/4691a1524780e74107f6009b48d91e17a81b0fa1/system/controllers/admin/actions/index_chart_data.php#L190", + "https://github.com/instantsoft/icms2/blob/4691a1524780e74107f6009b48d91e17a81b0fa1/system/core/model.php#L744", + "https://github.com/instantsoft/icms2/security/advisories/GHSA-qx95-w566-73fw", + "https://user-images.githubusercontent.com/109034767/300806111-a33d9548-d99f-4034-bef3-fbd7fa62c37f.png" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:instantcms:instantcms:*:*:*:*:*:*:*:*" + ], + "packageName": "instantsoft/icms2", + "product": "icms2", + "vendor": "instantsoft", + "versions": [ + { + "status": "affected", + "version": "2.16.2", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-31213.json b/data/anchore/2024/CVE-2024-31213.json new file mode 100644 index 00000000..0c4d0c0f --- /dev/null +++ b/data/anchore/2024/CVE-2024-31213.json @@ -0,0 +1,35 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-31213", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/instantsoft/icms2/security/advisories/GHSA-6v3c-p92q-prfq" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:instantcms:instantcms:*:*:*:*:*:*:*:*" + ], + "packageName": "instantsoft/icms2", + "product": "icms2", + "vendor": "instantsoft", + "versions": [ + { + "lessThan": "2.16.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-31215.json b/data/anchore/2024/CVE-2024-31215.json new file mode 100644 index 00000000..8c0b1b71 --- /dev/null +++ b/data/anchore/2024/CVE-2024-31215.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-31215", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/43bb71d115d78c03faa82d75445dd908e9b32716", + "https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2373", + "https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-wpff-wm84-x5cx" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:opensecurity:mobile_security_framework:*:*:*:*:*:*:*:*" + ], + "packageName": "mobsf/mobile-security-framework-mobsf", + "product": "Mobile-Security-Framework-MobSF", + "vendor": "MobSF", + "versions": [ + { + "lessThan": "3.9.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-31225.json b/data/anchore/2024/CVE-2024-31225.json new file mode 100644 index 00000000..3d23d3f3 --- /dev/null +++ b/data/anchore/2024/CVE-2024-31225.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-31225", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/05/07/3", + "https://github.com/RIOT-OS/RIOT/blob/master/sys/net/application_layer/cord/lc/cord_lc.c#L218", + "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-2572-7q7c-3965" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:riot_project:riot:*:*:*:*:*:*:*:*", + "cpe:2.3:o:riot-os:riot:*:*:*:*:*:*:*:*" + ], + "packageName": "riot-os/riot", + "product": "RIOT", + "vendor": "RIOT-OS", + "versions": [ + { + "lessThanOrEqual": "2023.10", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-31461.json b/data/anchore/2024/CVE-2024-31461.json new file mode 100644 index 00000000..552ab633 --- /dev/null +++ b/data/anchore/2024/CVE-2024-31461.json @@ -0,0 +1,40 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-31461", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/makeplane/plane/commit/4b0ccea1461b7ca38761dfe0d0f07c2f94425005", + "https://github.com/makeplane/plane/commit/d887b780aea5efba3f3d28c47d7d83f8b3e1e21c", + "https://github.com/makeplane/plane/pull/3323", + "https://github.com/makeplane/plane/pull/3333", + "https://github.com/makeplane/plane/security/advisories/GHSA-j77v-w36v-63v6", + "https://securitylab.github.com/advisories/GHSL-2023-257_makeplane_plane" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:plane:plane:*:*:*:*:*:*:*:*" + ], + "packageName": "makeplane/plane", + "product": "plane", + "vendor": "makeplane", + "versions": [ + { + "lessThan": "0.17-dev", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-31991.json b/data/anchore/2024/CVE-2024-31991.json new file mode 100644 index 00000000..a85c3363 --- /dev/null +++ b/data/anchore/2024/CVE-2024-31991.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-31991", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/mealie-recipes/mealie/blob/mealie-next/mealie/services/scraper/scraper_strategies.py#L27-L70", + "https://github.com/mealie-recipes/mealie/commit/2a3463b7466bc297aede50046da9550d919ec56f", + "https://github.com/mealie-recipes/mealie/pull/3368", + "https://securitylab.github.com/advisories/GHSL-2023-225_GHSL-2023-226_Mealie/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:mealie_project:mealie:*:*:*:*:*:*:*:*" + ], + "packageName": "mealie-recipes/mealie", + "product": "mealie", + "vendor": "mealie-recipes", + "versions": [ + { + "lessThan": "1.4.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-31992.json b/data/anchore/2024/CVE-2024-31992.json new file mode 100644 index 00000000..43655355 --- /dev/null +++ b/data/anchore/2024/CVE-2024-31992.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-31992", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/mealie-recipes/mealie/blob/mealie-next/mealie/services/scraper/scraper_strategies.py#L27-L70", + "https://github.com/mealie-recipes/mealie/commit/2a3463b7466bc297aede50046da9550d919ec56f", + "https://github.com/mealie-recipes/mealie/pull/3368", + "https://securitylab.github.com/advisories/GHSL-2023-225_GHSL-2023-226_Mealie/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:mealie_project:mealie:*:*:*:*:*:*:*:*" + ], + "packageName": "mealie-recipes/mealie", + "product": "mealie", + "vendor": "mealie-recipes", + "versions": [ + { + "lessThan": "1.4.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-31993.json b/data/anchore/2024/CVE-2024-31993.json new file mode 100644 index 00000000..17e2cb4a --- /dev/null +++ b/data/anchore/2024/CVE-2024-31993.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-31993", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/mealie-recipes/mealie/blob/ee121a12f8db33ecb4db5f8582f7ea9788d019e4/mealie/services/recipe/recipe_data_service.py#L107", + "https://github.com/mealie-recipes/mealie/commit/2a3463b7466bc297aede50046da9550d919ec56f", + "https://github.com/mealie-recipes/mealie/pull/3368", + "https://securitylab.github.com/advisories/GHSL-2023-225_GHSL-2023-226_Mealie/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:mealie_project:mealie:*:*:*:*:*:*:*:*" + ], + "packageName": "mealie-recipes/mealie", + "product": "mealie", + "vendor": "mealie-recipes", + "versions": [ + { + "lessThan": "1.4.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-31994.json b/data/anchore/2024/CVE-2024-31994.json new file mode 100644 index 00000000..436c1325 --- /dev/null +++ b/data/anchore/2024/CVE-2024-31994.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-31994", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/mealie-recipes/mealie/blob/ee121a12f8db33ecb4db5f8582f7ea9788d019e4/mealie/services/recipe/recipe_data_service.py#L107", + "https://github.com/mealie-recipes/mealie/commit/2a3463b7466bc297aede50046da9550d919ec56f", + "https://github.com/mealie-recipes/mealie/pull/3368", + "https://securitylab.github.com/advisories/GHSL-2023-225_GHSL-2023-226_Mealie/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:mealie_project:mealie:*:*:*:*:*:*:*:*" + ], + "packageName": "mealie-recipes/mealie", + "product": "mealie", + "vendor": "mealie-recipes", + "versions": [ + { + "lessThan": "1.4.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-32017.json b/data/anchore/2024/CVE-2024-32017.json new file mode 100644 index 00000000..dc447d8a --- /dev/null +++ b/data/anchore/2024/CVE-2024-32017.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-32017", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/05/07/3", + "https://github.com/RIOT-OS/RIOT/blob/master/sys/net/application_layer/gcoap/dns.c#L319-L325", + "https://github.com/RIOT-OS/RIOT/blob/master/sys/net/application_layer/gcoap/forward_proxy.c#L352", + "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-v97j-w9m6-c4h3" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:riot_project:riot:*:*:*:*:*:*:*:*", + "cpe:2.3:o:riot-os:riot:*:*:*:*:*:*:*:*" + ], + "packageName": "riot-os/riot", + "product": "RIOT", + "vendor": "RIOT-OS", + "versions": [ + { + "lessThanOrEqual": "2023.10", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-32018.json b/data/anchore/2024/CVE-2024-32018.json new file mode 100644 index 00000000..9ec4208b --- /dev/null +++ b/data/anchore/2024/CVE-2024-32018.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-32018", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/05/07/3", + "https://github.com/RIOT-OS/RIOT/blob/master/pkg/nimble/scanlist/nimble_scanlist.c#L74-L87", + "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-899m-q6pp-hmp3" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:riot_project:riot:*:*:*:*:*:*:*:*", + "cpe:2.3:o:riot-os:riot:*:*:*:*:*:*:*:*" + ], + "packageName": "riot-os/riot", + "product": "RIOT", + "vendor": "RIOT-OS", + "versions": [ + { + "lessThanOrEqual": "2023.10", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-32888.json b/data/anchore/2024/CVE-2024-32888.json new file mode 100644 index 00000000..b38e2346 --- /dev/null +++ b/data/anchore/2024/CVE-2024-32888.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-32888", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/aws/amazon-redshift-jdbc-driver/commit/0d354a5f26ca23f7cac4e800e3b8734220230319", + "https://github.com/aws/amazon-redshift-jdbc-driver/commit/12a5e8ecfbb44c8154fc66041cca2e20ecd7b339", + "https://github.com/aws/amazon-redshift-jdbc-driver/commit/bc93694201a291493778ce5369a72befeca5ba7d", + "https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-x3wm-hffr-chwm", + "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:amazon:amazon_web_services_redshift_java_database_connectivity_driver:*:*:*:*:*:*:*:*" + ], + "packageName": "aws/amazon-redshift-jdbc-driver", + "product": "amazon-redshift-jdbc-driver", + "vendor": "aws", + "versions": [ + { + "lessThan": "2.1.0.28", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-35181.json b/data/anchore/2024/CVE-2024-35181.json new file mode 100644 index 00000000..a314c84d --- /dev/null +++ b/data/anchore/2024/CVE-2024-35181.json @@ -0,0 +1,40 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-35181", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/meshery/meshery/blob/b331f45c9083d7abf6b90105072b04cd22473de7/server/handlers/meshsync_handler.go#L187", + "https://github.com/meshery/meshery/commit/8e995ce21af02d32ef61689c1e1748a745917f13", + "https://github.com/meshery/meshery/commit/b55f6064d0c6a965aee38f30281f99da7dc4420c", + "https://github.com/meshery/meshery/pull/10207", + "https://github.com/meshery/meshery/pull/10280", + "https://securitylab.github.com/advisories/GHSL-2024-013_GHSL-2024-014_Meshery/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:layer5:meshery:*:*:*:*:*:*:*:*" + ], + "packageName": "meshery/meshery", + "product": "meshery", + "vendor": "meshery", + "versions": [ + { + "lessThan": "0.7.22", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-35182.json b/data/anchore/2024/CVE-2024-35182.json new file mode 100644 index 00000000..fbca3985 --- /dev/null +++ b/data/anchore/2024/CVE-2024-35182.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-35182", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/meshery/meshery/blob/b331f45c9083d7abf6b90105072b04cd22473de7/server/handlers/events_streamer.go#L52", + "https://github.com/meshery/meshery/blob/b331f45c9083d7abf6b90105072b04cd22473de7/server/models/events_persister.go#L47", + "https://github.com/meshery/meshery/commit/b55f6064d0c6a965aee38f30281f99da7dc4420c", + "https://github.com/meshery/meshery/pull/10280", + "https://securitylab.github.com/advisories/GHSL-2024-013_GHSL-2024-014_Meshery/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:layer5:meshery:*:*:*:*:*:*:*:*" + ], + "packageName": "meshery/meshery", + "product": "meshery", + "vendor": "meshery", + "versions": [ + { + "lessThan": "0.7.22", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file