diff --git a/data/anchore/2024/CVE-2024-10146.json b/data/anchore/2024/CVE-2024-10146.json
new file mode 100644
index 00000000..cc843e92
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-10146.json
@@ -0,0 +1,37 @@
+{
+ "additionalMetadata": {
+ "cna": "wpscan",
+ "cveId": "CVE-2024-10146",
+ "description": "The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against admins.",
+ "reason": "Added CPE configurations because not yet analyzed by NVD.",
+ "references": [
+ "https://wpscan.com/vulnerability/9ee74a0f-83ff-4c15-a114-f8f6baab8bf5/"
+ ]
+ },
+ "adp": {
+ "affected": [
+ {
+ "collectionURL": "https://wordpress.org/plugins",
+ "cpes": [
+ "cpe:2.3:a:simplefilelist:simple-file-list:*:*:*:*:*:wordpress:*:*",
+ "cpe:2.3:a:simplefilelist:simple_file_list:*:*:*:*:*:wordpress:*:*"
+ ],
+ "packageName": "simple-file-list",
+ "packageType": "wordpress-plugin",
+ "product": "Simple File List",
+ "versions": [
+ {
+ "lessThan": "6.1.13",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "00000000-0000-4000-8000-000000000000",
+ "shortName": "anchoreadp"
+ }
+ }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-10571.json b/data/anchore/2024/CVE-2024-10571.json
new file mode 100644
index 00000000..0748864a
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-10571.json
@@ -0,0 +1,39 @@
+{
+ "additionalMetadata": {
+ "cna": "wordfence",
+ "cveId": "CVE-2024-10571",
+ "description": "The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.",
+ "needsReview": true,
+ "reason": "Added CPE configurations because not yet analyzed by NVD.",
+ "references": [
+ "https://plugins.trac.wordpress.org/browser/chart-builder/tags/2.9.6/admin/partials/charts/actions/chart-builder-charts-actions-options.php?rev=3184238",
+ "https://www.wordfence.com/threat-intel/vulnerabilities/id/d4837258-c749-4194-926c-22b67e20c1fc?source=cve"
+ ]
+ },
+ "adp": {
+ "affected": [
+ {
+ "collectionURL": "https://wordpress.org/plugins",
+ "cpes": [
+ "cpe:2.3:a:ays-pro:chartify:*:*:*:*:*:wordpress:*:*"
+ ],
+ "packageName": "chart-builder",
+ "packageType": "wordpress-plugin",
+ "product": "Chartify – WordPress Chart Plugin",
+ "vendor": "ays-pro",
+ "versions": [
+ {
+ "lessThan": "2.9.6",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "00000000-0000-4000-8000-000000000000",
+ "shortName": "anchoreadp"
+ }
+ }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-10976.json b/data/anchore/2024/CVE-2024-10976.json
new file mode 100644
index 00000000..1aec8d8a
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-10976.json
@@ -0,0 +1,65 @@
+{
+ "additionalMetadata": {
+ "cna": "postgresql",
+ "cveId": "CVE-2024-10976",
+ "description": "Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.",
+ "reason": "Added CPE configurations because not yet analyzed by NVD.",
+ "references": [
+ "https://www.postgresql.org/support/security/CVE-2024-10976/"
+ ]
+ },
+ "adp": {
+ "affected": [
+ {
+ "cpes": [
+ "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*"
+ ],
+ "product": "PostgreSQL",
+ "repo": "https://git.postgresql.org/git/postgresql.git/",
+ "vendor": "PostgreSQL",
+ "versions": [
+ {
+ "lessThan": "17.1",
+ "status": "affected",
+ "version": "17",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "16.5",
+ "status": "affected",
+ "version": "16",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "15.9",
+ "status": "affected",
+ "version": "15",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "14.14",
+ "status": "affected",
+ "version": "14",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "13.17",
+ "status": "affected",
+ "version": "13",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "12.21",
+ "status": "affected",
+ "version": "0",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "00000000-0000-4000-8000-000000000000",
+ "shortName": "anchoreadp"
+ }
+ }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-10977.json b/data/anchore/2024/CVE-2024-10977.json
new file mode 100644
index 00000000..6f82d543
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-10977.json
@@ -0,0 +1,65 @@
+{
+ "additionalMetadata": {
+ "cna": "postgresql",
+ "cveId": "CVE-2024-10977",
+ "description": "Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.",
+ "reason": "Added CPE configurations because not yet analyzed by NVD.",
+ "references": [
+ "https://www.postgresql.org/support/security/CVE-2024-10977/"
+ ]
+ },
+ "adp": {
+ "affected": [
+ {
+ "cpes": [
+ "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*"
+ ],
+ "product": "PostgreSQL",
+ "repo": "https://git.postgresql.org/git/postgresql.git/",
+ "vendor": "PostgreSQL",
+ "versions": [
+ {
+ "lessThan": "17.1",
+ "status": "affected",
+ "version": "17",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "16.5",
+ "status": "affected",
+ "version": "16",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "15.9",
+ "status": "affected",
+ "version": "15",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "14.14",
+ "status": "affected",
+ "version": "14",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "13.17",
+ "status": "affected",
+ "version": "13",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "12.21",
+ "status": "affected",
+ "version": "0",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "00000000-0000-4000-8000-000000000000",
+ "shortName": "anchoreadp"
+ }
+ }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-10978.json b/data/anchore/2024/CVE-2024-10978.json
new file mode 100644
index 00000000..d4df007d
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-10978.json
@@ -0,0 +1,65 @@
+{
+ "additionalMetadata": {
+ "cna": "postgresql",
+ "cveId": "CVE-2024-10978",
+ "description": "Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.",
+ "reason": "Added CPE configurations because not yet analyzed by NVD.",
+ "references": [
+ "https://www.postgresql.org/support/security/CVE-2024-10978/"
+ ]
+ },
+ "adp": {
+ "affected": [
+ {
+ "cpes": [
+ "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*"
+ ],
+ "product": "PostgreSQL",
+ "repo": "https://git.postgresql.org/git/postgresql.git/",
+ "vendor": "PostgreSQL",
+ "versions": [
+ {
+ "lessThan": "17.1",
+ "status": "affected",
+ "version": "17",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "16.5",
+ "status": "affected",
+ "version": "16",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "15.9",
+ "status": "affected",
+ "version": "15",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "14.14",
+ "status": "affected",
+ "version": "14",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "13.17",
+ "status": "affected",
+ "version": "13",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "12.21",
+ "status": "affected",
+ "version": "0",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "00000000-0000-4000-8000-000000000000",
+ "shortName": "anchoreadp"
+ }
+ }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-10979.json b/data/anchore/2024/CVE-2024-10979.json
new file mode 100644
index 00000000..6a8aedcb
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-10979.json
@@ -0,0 +1,65 @@
+{
+ "additionalMetadata": {
+ "cna": "postgresql",
+ "cveId": "CVE-2024-10979",
+ "description": "Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.",
+ "reason": "Added CPE configurations because not yet analyzed by NVD.",
+ "references": [
+ "https://www.postgresql.org/support/security/CVE-2024-10979/"
+ ]
+ },
+ "adp": {
+ "affected": [
+ {
+ "cpes": [
+ "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*"
+ ],
+ "product": "PostgreSQL",
+ "repo": "https://git.postgresql.org/git/postgresql.git/",
+ "vendor": "PostgreSQL",
+ "versions": [
+ {
+ "lessThan": "17.1",
+ "status": "affected",
+ "version": "17",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "16.5",
+ "status": "affected",
+ "version": "16",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "15.9",
+ "status": "affected",
+ "version": "15",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "14.14",
+ "status": "affected",
+ "version": "14",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "13.17",
+ "status": "affected",
+ "version": "13",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "12.21",
+ "status": "affected",
+ "version": "0",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "00000000-0000-4000-8000-000000000000",
+ "shortName": "anchoreadp"
+ }
+ }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-37285.json b/data/anchore/2024/CVE-2024-37285.json
new file mode 100644
index 00000000..f52e6e56
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-37285.json
@@ -0,0 +1,35 @@
+{
+ "additionalMetadata": {
+ "cna": "elastic",
+ "cveId": "CVE-2024-37285",
+ "description": "A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html#roles-indices-priv and Kibana privileges https://www.elastic.co/guide/en/fleet/current/fleet-roles-and-privileges.html assigned to them.\n\n\n\nThe following Elasticsearch indices permissions are required\n\n * write privilege on the system indices .kibana_ingest*\n * The allow_restricted_indices flag is set to true\n\n\nAny of the following Kibana privileges are additionally required\n\n * Under Fleet the All privilege is granted\n * Under Integration the Read or All privilege is granted\n * Access to the fleet-setup privilege is gained through the Fleet Server’s service account token",
+ "reason": "Added CPE configurations because not yet analyzed by NVD.",
+ "references": [
+ "https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119"
+ ]
+ },
+ "adp": {
+ "affected": [
+ {
+ "cpes": [
+ "cpe:2.3:a:elastic:kibana:*:*:*:*:*:node.js:*:*",
+ "cpe:2.3:a:elasticsearch:kibana:*:*:*:*:*:node.js:*:*"
+ ],
+ "product": "Kibana",
+ "vendor": "Elastic",
+ "versions": [
+ {
+ "lessThan": "8.15.1",
+ "status": "affected",
+ "version": "8.10.0",
+ "versionType": "semver"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "00000000-0000-4000-8000-000000000000",
+ "shortName": "anchoreadp"
+ }
+ }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-38479.json b/data/anchore/2024/CVE-2024-38479.json
new file mode 100644
index 00000000..355f0367
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-38479.json
@@ -0,0 +1,35 @@
+{
+ "additionalMetadata": {
+ "cna": "apache",
+ "cveId": "CVE-2024-38479",
+ "description": "Improper Input Validation vulnerability in Apache Traffic Server.\n\nThis issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5.\n\nUsers are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.",
+ "reason": "Added CPE configurations because not yet analyzed by NVD.",
+ "references": [
+ "https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y"
+ ]
+ },
+ "adp": {
+ "affected": [
+ {
+ "cpes": [
+ "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*"
+ ],
+ "product": "Apache Traffic Server",
+ "repo": "https://github.com/apache/trafficserver",
+ "vendor": "Apache Software Foundation",
+ "versions": [
+ {
+ "lessThan": "9.2.6",
+ "status": "affected",
+ "version": "8.0.0",
+ "versionType": "semver"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "00000000-0000-4000-8000-000000000000",
+ "shortName": "anchoreadp"
+ }
+ }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-43256.json b/data/anchore/2024/CVE-2024-43256.json
index e9656baa..39e64694 100644
--- a/data/anchore/2024/CVE-2024-43256.json
+++ b/data/anchore/2024/CVE-2024-43256.json
@@ -20,7 +20,7 @@
"vendor": "nouthemes",
"versions": [
{
- "lessThanOrEqual": "2.0.36",
+ "lessThan": "3.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
diff --git a/data/anchore/2024/CVE-2024-49311.json b/data/anchore/2024/CVE-2024-49311.json
index cc9ff889..ce296b42 100644
--- a/data/anchore/2024/CVE-2024-49311.json
+++ b/data/anchore/2024/CVE-2024-49311.json
@@ -3,6 +3,7 @@
"cna": "patchstack",
"cveId": "CVE-2024-49311",
"description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge allows Stored XSS.This issue affects Edwiser Bridge: from n/a through 3.0.7.",
+ "needsReview": true,
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://patchstack.com/database/vulnerability/edwiser-bridge/wordpress-edwiser-bridge-plugin-3-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve"
@@ -22,7 +23,7 @@
"vendor": "WisdmLabs",
"versions": [
{
- "lessThanOrEqual": "3.0.7",
+ "lessThan": "3.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
diff --git a/data/anchore/2024/CVE-2024-49312.json b/data/anchore/2024/CVE-2024-49312.json
index 90aac887..bda96fc6 100644
--- a/data/anchore/2024/CVE-2024-49312.json
+++ b/data/anchore/2024/CVE-2024-49312.json
@@ -3,6 +3,7 @@
"cna": "patchstack",
"cveId": "CVE-2024-49312",
"description": "Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge.This issue affects Edwiser Bridge: from n/a through 3.0.7.",
+ "needsReview": true,
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://patchstack.com/database/vulnerability/edwiser-bridge/wordpress-edwiser-bridge-plugin-3-0-7-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
@@ -22,7 +23,7 @@
"vendor": "WisdmLabs",
"versions": [
{
- "lessThanOrEqual": "3.0.7",
+ "lessThan": "3.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
diff --git a/data/anchore/2024/CVE-2024-49362.json b/data/anchore/2024/CVE-2024-49362.json
new file mode 100644
index 00000000..b5d466f8
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-49362.json
@@ -0,0 +1,38 @@
+{
+ "additionalMetadata": {
+ "cna": "github_m",
+ "cveId": "CVE-2024-49362",
+ "description": "Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML content within the Electron window, which has full access to Node.js APIs, enabling arbitrary shell command execution.",
+ "reason": "Added CPE configurations because not yet analyzed by NVD.",
+ "references": [
+ "https://github.com/laurent22/joplin/security/advisories/GHSA-hff8-hjwv-j9q7"
+ ]
+ },
+ "adp": {
+ "affected": [
+ {
+ "collectionURL": "https://registry.npmjs.org",
+ "cpes": [
+ "cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:node.js:*:*"
+ ],
+ "packageName": "joplin",
+ "packageType": "npm",
+ "product": "joplin",
+ "repo": "https://github.com/laurent22/joplin",
+ "vendor": "laurent22",
+ "versions": [
+ {
+ "lessThan": "3.1",
+ "status": "affected",
+ "version": "0",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "00000000-0000-4000-8000-000000000000",
+ "shortName": "anchoreadp"
+ }
+ }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-49380.json b/data/anchore/2024/CVE-2024-49380.json
new file mode 100644
index 00000000..91ba2371
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-49380.json
@@ -0,0 +1,40 @@
+{
+ "additionalMetadata": {
+ "cna": "github_m",
+ "cveId": "CVE-2024-49380",
+ "description": "Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the vulnerability.",
+ "reason": "Added CPE configurations because not yet analyzed by NVD.",
+ "references": [
+ "https://github.com/plentico/plenti/blob/01825e0dcd3505fac57adc2edf29f772d585c008/cmd/serve.go#L205",
+ "https://github.com/plentico/plenti/releases/tag/v0.7.2",
+ "https://securitylab.github.com/advisories/GHSL-2024-297_GHSL-2024-298_plenti/"
+ ]
+ },
+ "adp": {
+ "affected": [
+ {
+ "collectionURL": "https://pkg.go.dev",
+ "cpes": [
+ "cpe:2.3:a:plenti:plenti:*:*:*:*:*:go:*:*"
+ ],
+ "packageName": "github.com/plentico/plenti",
+ "packageType": "go-module",
+ "product": "plenti",
+ "repo": "https://github.com/plentico/plenti",
+ "vendor": "plentico",
+ "versions": [
+ {
+ "lessThan": "0.7.2",
+ "status": "affected",
+ "version": "0",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "00000000-0000-4000-8000-000000000000",
+ "shortName": "anchoreadp"
+ }
+ }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-50305.json b/data/anchore/2024/CVE-2024-50305.json
new file mode 100644
index 00000000..55e2093d
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-50305.json
@@ -0,0 +1,35 @@
+{
+ "additionalMetadata": {
+ "cna": "apache",
+ "cveId": "CVE-2024-50305",
+ "description": "Valid Host header field can cause Apache Traffic Server to crash on some platforms.\n\nThis issue affects Apache Traffic Server: from 9.2.0 through 9.2.5.\n\nUsers are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.",
+ "reason": "Added CPE configurations because not yet analyzed by NVD.",
+ "references": [
+ "https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y"
+ ]
+ },
+ "adp": {
+ "affected": [
+ {
+ "cpes": [
+ "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*"
+ ],
+ "product": "Apache Traffic Server",
+ "repo": "https://github.com/apache/trafficserver",
+ "vendor": "Apache Software Foundation",
+ "versions": [
+ {
+ "lessThan": "9.2.6",
+ "status": "affected",
+ "version": "9.2.0",
+ "versionType": "semver"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "00000000-0000-4000-8000-000000000000",
+ "shortName": "anchoreadp"
+ }
+ }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-50306.json b/data/anchore/2024/CVE-2024-50306.json
new file mode 100644
index 00000000..06744db4
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-50306.json
@@ -0,0 +1,41 @@
+{
+ "additionalMetadata": {
+ "cna": "apache",
+ "cveId": "CVE-2024-50306",
+ "description": "Unchecked return value can allow Apache Traffic Server to retain privileges on startup.\n\nThis issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1.\n\nUsers are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.",
+ "reason": "Added CPE configurations because not yet analyzed by NVD.",
+ "references": [
+ "https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y"
+ ]
+ },
+ "adp": {
+ "affected": [
+ {
+ "cpes": [
+ "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*"
+ ],
+ "product": "Apache Traffic Server",
+ "repo": "https://github.com/apache/trafficserver",
+ "vendor": "Apache Software Foundation",
+ "versions": [
+ {
+ "lessThan": "9.2.6",
+ "status": "affected",
+ "version": "9.2.0",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "10.0.2",
+ "status": "affected",
+ "version": "10.0.0",
+ "versionType": "semver"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "00000000-0000-4000-8000-000000000000",
+ "shortName": "anchoreadp"
+ }
+ }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-52308.json b/data/anchore/2024/CVE-2024-52308.json
new file mode 100644
index 00000000..cce17eff
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-52308.json
@@ -0,0 +1,38 @@
+{
+ "additionalMetadata": {
+ "cna": "github_m",
+ "cveId": "CVE-2024-52308",
+ "description": "The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been patched in the cli v2.62.0.\n\nDevelopers connect to remote codespaces through an SSH server running within the devcontainer, which is generally provided through the [default devcontainer image]( https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-... https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers#using-the-default-dev-container-configuration) . GitHub CLI [retrieves SSH connection details]( https://github.com/cli/cli/blob/30066b0042d0c5928d959e288144300cb28196c9/internal/codespaces/rpc/inv... https://github.com/cli/cli/blob/30066b0042d0c5928d959e288144300cb28196c9/internal/codespaces/rpc/invoker.go#L230-L244 ), such as remote username, which is used in [executing `ssh` commands]( https://github.com/cli/cli/blob/e356c69a6f0125cfaac782c35acf77314f18908d/pkg/cmd/codespace/ssh.go#L2... https://github.com/cli/cli/blob/e356c69a6f0125cfaac782c35acf77314f18908d/pkg/cmd/codespace/ssh.go#L263 ) for `gh codespace ssh` or `gh codespace logs` commands.\n\nThis exploit occurs when a malicious third-party devcontainer contains a modified SSH server that injects `ssh` arguments within the SSH connection details. `gh codespace ssh` and `gh codespace logs` commands could execute arbitrary code on the user's workstation if the remote username contains something like `-oProxyCommand=\"echo hacked\" #`. The `-oProxyCommand` flag causes `ssh` to execute the provided command while `#` shell comment causes any other `ssh` arguments to be ignored.\n\nIn `2.62.0`, the remote username information is being validated before being used.",
+ "reason": "Added CPE configurations because not yet analyzed by NVD.",
+ "references": [
+ "https://github.com/cli/cli/security/advisories/GHSA-p2h2-3vg9-4p87"
+ ]
+ },
+ "adp": {
+ "affected": [
+ {
+ "collectionURL": "https://pkg.go.dev",
+ "cpes": [
+ "cpe:2.3:a:github:cli:*:*:*:*:*:go:*:*"
+ ],
+ "packageName": "github.com/cli/cli/v2",
+ "packageType": "go-module",
+ "product": "cli",
+ "repo": "https://github.com/cli/cli",
+ "vendor": "GitHub",
+ "versions": [
+ {
+ "lessThan": "2.62.0",
+ "status": "affected",
+ "version": "0",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "00000000-0000-4000-8000-000000000000",
+ "shortName": "anchoreadp"
+ }
+ }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-52355.json b/data/anchore/2024/CVE-2024-52355.json
index 62dac4e7..134cf67e 100644
--- a/data/anchore/2024/CVE-2024-52355.json
+++ b/data/anchore/2024/CVE-2024-52355.json
@@ -37,6 +37,11 @@
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
- }
+ },
+ "references": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5648fc33-3284-4f71-bc2b-6e72237b2ca1?source=cve"
+ }
+ ]
}
}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-52393.json b/data/anchore/2024/CVE-2024-52393.json
new file mode 100644
index 00000000..f412c910
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-52393.json
@@ -0,0 +1,41 @@
+{
+ "additionalMetadata": {
+ "cna": "patchstack",
+ "cveId": "CVE-2024-52393",
+ "description": "Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.15.",
+ "reason": "Added CPE configurations because not yet analyzed by NVD.",
+ "references": [
+ "https://patchstack.com/database/vulnerability/podlove-podcasting-plugin-for-wordpress/wordpress-podlove-podcast-publisher-plugin-4-1-15-admin-remote-code-execution-rce-vulnerability?_s_id=cve"
+ ],
+ "solutions": [
+ "Update to 4.1.17 or a higher version."
+ ]
+ },
+ "adp": {
+ "affected": [
+ {
+ "collectionURL": "https://wordpress.org/plugins",
+ "cpes": [
+ "cpe:2.3:a:podlove:podlove_podcast_publisher:*:*:*:*:*:wordpress:*:*"
+ ],
+ "packageName": "podlove-podcasting-plugin-for-wordpress",
+ "packageType": "wordpress-plugin",
+ "product": "Podlove Podcast Publisher",
+ "repo": "https://plugins.svn.wordpress.org/podlove-podcasting-plugin-for-wordpress",
+ "vendor": "Podlove",
+ "versions": [
+ {
+ "lessThan": "4.1.17",
+ "status": "affected",
+ "version": "0",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "00000000-0000-4000-8000-000000000000",
+ "shortName": "anchoreadp"
+ }
+ }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-52396.json b/data/anchore/2024/CVE-2024-52396.json
new file mode 100644
index 00000000..791302b5
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-52396.json
@@ -0,0 +1,41 @@
+{
+ "additionalMetadata": {
+ "cna": "patchstack",
+ "cveId": "CVE-2024-52396",
+ "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in realmag777 WOLF allows Path Traversal.This issue affects WOLF: from n/a through 1.0.8.3.",
+ "reason": "Added CPE configurations because not yet analyzed by NVD.",
+ "references": [
+ "https://patchstack.com/database/vulnerability/bulk-editor/wordpress-wolf-plugin-1-0-8-3-csv-limited-path-traversal-vulnerability?_s_id=cve"
+ ],
+ "solutions": [
+ "Update to 1.0.8.4 or a higher version."
+ ]
+ },
+ "adp": {
+ "affected": [
+ {
+ "collectionURL": "https://wordpress.org/plugins",
+ "cpes": [
+ "cpe:2.3:a:pluginus:wolf_-_wordpress_posts_bulk_editor_and_products_manager_professional:*:*:*:*:*:wordpress:*:*"
+ ],
+ "packageName": "bulk-editor",
+ "packageType": "wordpress-plugin",
+ "product": "WOLF",
+ "repo": "https://plugins.svn.wordpress.org/bulk-editor",
+ "vendor": "realmag777",
+ "versions": [
+ {
+ "lessThan": "1.0.8.4",
+ "status": "affected",
+ "version": "0",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "00000000-0000-4000-8000-000000000000",
+ "shortName": "anchoreadp"
+ }
+ }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-52505.json b/data/anchore/2024/CVE-2024-52505.json
new file mode 100644
index 00000000..adc47be8
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-52505.json
@@ -0,0 +1,39 @@
+{
+ "additionalMetadata": {
+ "cna": "github_m",
+ "cveId": "CVE-2024-52505",
+ "description": "matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in matrix-appservice-irc version 3.0.3.",
+ "reason": "Added CPE configurations because not yet analyzed by NVD.",
+ "references": [
+ "https://github.com/matrix-org/matrix-appservice-irc/commit/4a024eae1a992b1ea67e71a998e0b833b54221e2",
+ "https://github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-c3hj-hg7p-rrq5"
+ ]
+ },
+ "adp": {
+ "affected": [
+ {
+ "collectionURL": "https://registry.npmjs.org",
+ "cpes": [
+ "cpe:2.3:a:matrix:matrix_irc_bridge:*:*:*:*:*:node.js:*:*"
+ ],
+ "packageName": "matrix-appservice-irc",
+ "packageType": "npm",
+ "product": "matrix-appservice-irc",
+ "repo": "https://github.com/matrix-org/matrix-appservice-irc",
+ "vendor": "matrix-org",
+ "versions": [
+ {
+ "lessThan": "3.0.3",
+ "status": "affected",
+ "version": "0",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "00000000-0000-4000-8000-000000000000",
+ "shortName": "anchoreadp"
+ }
+ }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-7404.json b/data/anchore/2024/CVE-2024-7404.json
new file mode 100644
index 00000000..2b57ac92
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-7404.json
@@ -0,0 +1,190 @@
+{
+ "additionalMetadata": {
+ "cna": "gitlab",
+ "cveId": "CVE-2024-7404",
+ "description": "An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7, starting from 17.4 prior to 17.4.4 and starting from 17.5 prior to 17.5.2, which could have allowed an attacker gaining full API access as the victim via the Device OAuth flow.",
+ "reason": "Added CPE configurations because not yet analyzed by NVD.",
+ "references": [
+ "https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#device-oauth-flow-allows-for-cross-window-forgery",
+ "https://gitlab.com/gitlab-org/gitlab/-/issues/476670",
+ "https://hackerone.com/reports/2627925"
+ ],
+ "solutions": [
+ "Upgrade to versions 17.5.2, 17.4.4, 17.3.7 or above."
+ ]
+ },
+ "adp": {
+ "affected": [
+ {
+ "cpes": [
+ "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
+ ],
+ "product": "GitLab",
+ "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "17.2",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "semver"
+ }
+ ]
+ },
+ {
+ "cpes": [
+ "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
+ "cpe:2.3:a:gitlab:gitlab_enterprise:*:*:*:*:*:*:*:*"
+ ],
+ "product": "GitLab Enterprise",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "17.2",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "semver"
+ }
+ ]
+ },
+ {
+ "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee",
+ "packageName": "gitlab-ee",
+ "packageType": "deb",
+ "product": "GitLab Enterprise",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "17.2",
+ "versionType": "deb"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "deb"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "deb"
+ }
+ ]
+ },
+ {
+ "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee",
+ "packageName": "gitlab-ee",
+ "packageType": "rpm",
+ "product": "GitLab Enterprise",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "17.2",
+ "versionType": "rpm"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "rpm"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "rpm"
+ }
+ ]
+ },
+ {
+ "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce",
+ "packageName": "gitlab-ce",
+ "packageType": "deb",
+ "product": "GitLab",
+ "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "17.2",
+ "versionType": "deb"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "deb"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "deb"
+ }
+ ]
+ },
+ {
+ "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce",
+ "packageName": "gitlab-ce",
+ "packageType": "rpm",
+ "product": "GitLab",
+ "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "17.2",
+ "versionType": "rpm"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "rpm"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "rpm"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "00000000-0000-4000-8000-000000000000",
+ "shortName": "anchoreadp"
+ }
+ }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-8180.json b/data/anchore/2024/CVE-2024-8180.json
new file mode 100644
index 00000000..aa08e70e
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-8180.json
@@ -0,0 +1,190 @@
+{
+ "additionalMetadata": {
+ "cna": "gitlab",
+ "cveId": "CVE-2024-8180",
+ "description": "An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled.",
+ "reason": "Added CPE configurations because not yet analyzed by NVD.",
+ "references": [
+ "https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#html-injection-in-vulnerability-code-flow-could-lead-to-xss-on-self-hosted-instances",
+ "https://gitlab.com/gitlab-org/gitlab/-/issues/480720",
+ "https://hackerone.com/reports/2654010"
+ ],
+ "solutions": [
+ "Upgrade to versions 17.3.7, 17.4.4, 17.5.2 or above."
+ ]
+ },
+ "adp": {
+ "affected": [
+ {
+ "cpes": [
+ "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
+ ],
+ "product": "GitLab",
+ "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "17.3",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "semver"
+ }
+ ]
+ },
+ {
+ "cpes": [
+ "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
+ "cpe:2.3:a:gitlab:gitlab_enterprise:*:*:*:*:*:*:*:*"
+ ],
+ "product": "GitLab Enterprise",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "17.3",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "semver"
+ }
+ ]
+ },
+ {
+ "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee",
+ "packageName": "gitlab-ee",
+ "packageType": "deb",
+ "product": "GitLab Enterprise",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "17.3",
+ "versionType": "deb"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "deb"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "deb"
+ }
+ ]
+ },
+ {
+ "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee",
+ "packageName": "gitlab-ee",
+ "packageType": "rpm",
+ "product": "GitLab Enterprise",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "17.3",
+ "versionType": "rpm"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "rpm"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "rpm"
+ }
+ ]
+ },
+ {
+ "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce",
+ "packageName": "gitlab-ce",
+ "packageType": "deb",
+ "product": "GitLab",
+ "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "17.3",
+ "versionType": "deb"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "deb"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "deb"
+ }
+ ]
+ },
+ {
+ "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce",
+ "packageName": "gitlab-ce",
+ "packageType": "rpm",
+ "product": "GitLab",
+ "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "17.3",
+ "versionType": "rpm"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "rpm"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "rpm"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "00000000-0000-4000-8000-000000000000",
+ "shortName": "anchoreadp"
+ }
+ }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-8648.json b/data/anchore/2024/CVE-2024-8648.json
new file mode 100644
index 00000000..a311b16e
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-8648.json
@@ -0,0 +1,190 @@
+{
+ "additionalMetadata": {
+ "cna": "gitlab",
+ "cveId": "CVE-2024-8648",
+ "description": "An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious JavaScript code in Analytics Dashboards through a specially crafted URL.",
+ "reason": "Added CPE configurations because not yet analyzed by NVD.",
+ "references": [
+ "https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#stored-xss-through-javascript-url-in-analytics-dashboards",
+ "https://gitlab.com/gitlab-org/gitlab/-/issues/486220",
+ "https://hackerone.com/reports/2683863"
+ ],
+ "solutions": [
+ "Upgrade to version 17.5.2, 17.4.4, 17.3.7 or above"
+ ]
+ },
+ "adp": {
+ "affected": [
+ {
+ "cpes": [
+ "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
+ ],
+ "product": "GitLab",
+ "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "16",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "semver"
+ }
+ ]
+ },
+ {
+ "cpes": [
+ "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
+ "cpe:2.3:a:gitlab:gitlab_enterprise:*:*:*:*:*:*:*:*"
+ ],
+ "product": "GitLab Enterprise",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "16",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "semver"
+ }
+ ]
+ },
+ {
+ "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee",
+ "packageName": "gitlab-ee",
+ "packageType": "deb",
+ "product": "GitLab Enterprise",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "16",
+ "versionType": "deb"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "deb"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "deb"
+ }
+ ]
+ },
+ {
+ "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee",
+ "packageName": "gitlab-ee",
+ "packageType": "rpm",
+ "product": "GitLab Enterprise",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "16",
+ "versionType": "rpm"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "rpm"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "rpm"
+ }
+ ]
+ },
+ {
+ "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce",
+ "packageName": "gitlab-ce",
+ "packageType": "deb",
+ "product": "GitLab",
+ "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "16",
+ "versionType": "deb"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "deb"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "deb"
+ }
+ ]
+ },
+ {
+ "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce",
+ "packageName": "gitlab-ce",
+ "packageType": "rpm",
+ "product": "GitLab",
+ "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "16",
+ "versionType": "rpm"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "rpm"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "rpm"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "00000000-0000-4000-8000-000000000000",
+ "shortName": "anchoreadp"
+ }
+ }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-9186.json b/data/anchore/2024/CVE-2024-9186.json
new file mode 100644
index 00000000..5e91f2bb
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-9186.json
@@ -0,0 +1,36 @@
+{
+ "additionalMetadata": {
+ "cna": "wpscan",
+ "cveId": "CVE-2024-9186",
+ "description": "The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks",
+ "reason": "Added CPE configurations because not yet analyzed by NVD.",
+ "references": [
+ "https://wpscan.com/vulnerability/fab29b59-7e87-4289-88dd-ed5520260c26/"
+ ]
+ },
+ "adp": {
+ "affected": [
+ {
+ "collectionURL": "https://wordpress.org/plugins",
+ "cpes": [
+ "cpe:2.3:a:funnelkit:funnelkit_automations:*:*:*:*:*:wordpress:*:*"
+ ],
+ "packageName": "wp-marketing-automations",
+ "packageType": "wordpress-plugin",
+ "product": "Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit",
+ "versions": [
+ {
+ "lessThan": "3.3.0",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "00000000-0000-4000-8000-000000000000",
+ "shortName": "anchoreadp"
+ }
+ }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-9633.json b/data/anchore/2024/CVE-2024-9633.json
new file mode 100644
index 00000000..6b906d29
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-9633.json
@@ -0,0 +1,189 @@
+{
+ "additionalMetadata": {
+ "cna": "gitlab",
+ "cveId": "CVE-2024-9633",
+ "description": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks.",
+ "reason": "Added CPE configurations because not yet analyzed by NVD.",
+ "references": [
+ "https://gitlab.com/gitlab-org/gitlab/-/issues/498257",
+ "https://hackerone.com/reports/2759470"
+ ],
+ "solutions": [
+ "Upgrade to versions 17.5.2, 17.4.4, 17.3.7 or above."
+ ]
+ },
+ "adp": {
+ "affected": [
+ {
+ "cpes": [
+ "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
+ ],
+ "product": "GitLab",
+ "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "16.3",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "semver"
+ }
+ ]
+ },
+ {
+ "cpes": [
+ "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
+ "cpe:2.3:a:gitlab:gitlab_enterprise:*:*:*:*:*:*:*:*"
+ ],
+ "product": "GitLab Enterprise",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "16.3",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "semver"
+ }
+ ]
+ },
+ {
+ "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee",
+ "packageName": "gitlab-ee",
+ "packageType": "deb",
+ "product": "GitLab Enterprise",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "16.3",
+ "versionType": "deb"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "deb"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "deb"
+ }
+ ]
+ },
+ {
+ "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee",
+ "packageName": "gitlab-ee",
+ "packageType": "rpm",
+ "product": "GitLab Enterprise",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "16.3",
+ "versionType": "rpm"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "rpm"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "rpm"
+ }
+ ]
+ },
+ {
+ "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce",
+ "packageName": "gitlab-ce",
+ "packageType": "deb",
+ "product": "GitLab",
+ "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "16.3",
+ "versionType": "deb"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "deb"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "deb"
+ }
+ ]
+ },
+ {
+ "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce",
+ "packageName": "gitlab-ce",
+ "packageType": "rpm",
+ "product": "GitLab",
+ "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "16.3",
+ "versionType": "rpm"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4",
+ "versionType": "rpm"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5",
+ "versionType": "rpm"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "00000000-0000-4000-8000-000000000000",
+ "shortName": "anchoreadp"
+ }
+ }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-9693.json b/data/anchore/2024/CVE-2024-9693.json
new file mode 100644
index 00000000..9a459a82
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-9693.json
@@ -0,0 +1,188 @@
+{
+ "additionalMetadata": {
+ "cna": "gitlab",
+ "cveId": "CVE-2024-9693",
+ "description": "An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configurations.",
+ "reason": "Added CPE configurations because not yet analyzed by NVD.",
+ "references": [
+ "https://gitlab.com/gitlab-org/gitlab/-/issues/497449"
+ ],
+ "solutions": [
+ "Upgrade to versions 17.3.7, 17.4.4, 17.5.2 or above."
+ ]
+ },
+ "adp": {
+ "affected": [
+ {
+ "cpes": [
+ "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
+ ],
+ "product": "GitLab",
+ "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "16.0",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4.0",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5.0",
+ "versionType": "semver"
+ }
+ ]
+ },
+ {
+ "cpes": [
+ "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
+ "cpe:2.3:a:gitlab:gitlab_enterprise:*:*:*:*:*:*:*:*"
+ ],
+ "product": "GitLab Enterprise",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "16.0",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4.0",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5.0",
+ "versionType": "semver"
+ }
+ ]
+ },
+ {
+ "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee",
+ "packageName": "gitlab-ee",
+ "packageType": "deb",
+ "product": "GitLab Enterprise",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "16.0",
+ "versionType": "deb"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4.0",
+ "versionType": "deb"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5.0",
+ "versionType": "deb"
+ }
+ ]
+ },
+ {
+ "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee",
+ "packageName": "gitlab-ee",
+ "packageType": "rpm",
+ "product": "GitLab Enterprise",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "16.0",
+ "versionType": "rpm"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4.0",
+ "versionType": "rpm"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5.0",
+ "versionType": "rpm"
+ }
+ ]
+ },
+ {
+ "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce",
+ "packageName": "gitlab-ce",
+ "packageType": "deb",
+ "product": "GitLab",
+ "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "16.0",
+ "versionType": "deb"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4.0",
+ "versionType": "deb"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5.0",
+ "versionType": "deb"
+ }
+ ]
+ },
+ {
+ "collectionURL": "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce",
+ "packageName": "gitlab-ce",
+ "packageType": "rpm",
+ "product": "GitLab",
+ "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
+ "vendor": "GitLab",
+ "versions": [
+ {
+ "lessThan": "17.3.7",
+ "status": "affected",
+ "version": "16.0",
+ "versionType": "rpm"
+ },
+ {
+ "lessThan": "17.4.4",
+ "status": "affected",
+ "version": "17.4.0",
+ "versionType": "rpm"
+ },
+ {
+ "lessThan": "17.5.2",
+ "status": "affected",
+ "version": "17.5.0",
+ "versionType": "rpm"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "00000000-0000-4000-8000-000000000000",
+ "shortName": "anchoreadp"
+ }
+ }
+}
\ No newline at end of file