-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Weston Steimel <[email protected]>
- Loading branch information
1 parent
3ed1b8a
commit e62847b
Showing
16 changed files
with
391 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "patchstack", | ||
| "cveId": "CVE-2024-43945", | ||
| "description": "Cross-Site Request Forgery (CSRF) vulnerability in Latepoint LatePoint allows Cross Site Request Forgery.This issue affects LatePoint: from n/a through 4.9.91.", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://patchstack.com/database/vulnerability/latepoint/wordpress-latepoint-plugin-4-9-91-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "cpes": [ | ||
| "cpe:2.3:a:latepoint:latepoint:*:*:*:*:*:wordpress:*:*" | ||
| ], | ||
| "packageName": "latepoint", | ||
| "product": "LatePoint", | ||
| "vendor": "Latepoint", | ||
| "versions": [ | ||
| { | ||
| "lessThanOrEqual": "4.9.91", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| }, | ||
| "references": [ | ||
| { | ||
| "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bd240932-ad50-40b3-94c7-6e885f96c5df?source=cve" | ||
| } | ||
| ] | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "github_m", | ||
| "cveId": "CVE-2024-45309", | ||
| "description": "OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9.", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://github.com/theonedev/onedev/commit/4637aaac8c70d41aa789b7fce208b75c6a7b711f", | ||
| "https://github.com/theonedev/onedev/security/advisories/GHSA-7wg5-6864-v489" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "cpes": [ | ||
| "cpe:2.3:a:io.onedev:server-core:*:*:*:*:*:maven:*:*", | ||
| "cpe:2.3:a:onedev_project:onedev:*:*:*:*:*:maven:*:*" | ||
| ], | ||
| "packageName": "io.onedev:server-core", | ||
| "packageType": "maven", | ||
| "product": "onedev", | ||
| "repo": "https://github.com/theonedev/onedev", | ||
| "vendor": "theonedev", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "11.0.9", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "maven" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "patchstack", | ||
| "cveId": "CVE-2024-47328", | ||
| "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Automation By Autonami allows SQL Injection.This issue affects Automation By Autonami: from n/a through 3.1.2.", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://patchstack.com/database/vulnerability/wp-marketing-automations/wordpress-recover-woocommerce-cart-abandonment-newsletter-email-marketing-marketing-automation-by-funnelkit-plugin-3-1-2-sql-injection-vulnerability?_s_id=cve" | ||
| ], | ||
| "solutions": [ | ||
| "Update to 3.2.0 or a higher version." | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://wordpress.org/plugins", | ||
| "cpes": [ | ||
| "cpe:2.3:a:funnelkit:funnelkit_automations:*:*:*:*:*:wordpress:*:*" | ||
| ], | ||
| "packageName": "wp-marketing-automations", | ||
| "packageType": "wordpress-plugin", | ||
| "product": "Automation By Autonami", | ||
| "repo": "https://plugins.svn.wordpress.org/wp-marketing-automations", | ||
| "vendor": "FunnelKit", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "3.2.0", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| }, | ||
| "references": [ | ||
| { | ||
| "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/86dd9106-880d-49db-8021-4fac71ae865f?source=cve" | ||
| } | ||
| ] | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "github_m", | ||
| "cveId": "CVE-2024-47825", | ||
| "description": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.16 and 1.15.10, a policy rule denying a prefix that is broader than `/32` may be ignored if there is a policy rule referencing a more narrow prefix (`CIDRSet` or `toFQDN`) and this narrower policy rule specifies either `enableDefaultDeny: false` or `- toEntities: all`. Note that a rule specifying `toEntities: world` or `toEntities: 0.0.0.0/0` is insufficient, it must be to entity `all`.This issue has been patched in Cilium v1.14.16 and v1.15.10. As this issue only affects policies using `enableDefaultDeny: false` or that set `toEntities` to `all`, some workarounds are available. For users with policies using `enableDefaultDeny: false`, remove this configuration option and explicitly define any allow rules required. For users with egress policies that explicitly specify `toEntities: all`, use `toEntities: world`.", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://github.com/cilium/cilium/security/advisories/GHSA-3wwx-63fv-pfq6" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://pkg.go.dev", | ||
| "cpes": [ | ||
| "cpe:2.3:a:cilium:cilium:*:*:*:*:*:go:*:*" | ||
| ], | ||
| "packageName": "github.com/cilium/cilium", | ||
| "packageType": "go-module", | ||
| "product": "cilium", | ||
| "repo": "https://github.com/cilium/cilium", | ||
| "vendor": "cilium", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "1.15.10", | ||
| "status": "affected", | ||
| "version": "1.15.0", | ||
| "versionType": "custom" | ||
| }, | ||
| { | ||
| "lessThan": "1.14.16", | ||
| "status": "affected", | ||
| "version": "1.14.0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "patchstack", | ||
| "cveId": "CVE-2024-49273", | ||
| "description": "Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid.This issue affects ProfileGrid: from n/a through 5.9.3.", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-9-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" | ||
| ], | ||
| "solutions": [ | ||
| "Update to 5.9.3.1 or a higher version." | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://wordpress.org/plugins", | ||
| "cpes": [ | ||
| "cpe:2.3:a:metagauss:profilegrid:*:*:*:*:*:wordpress:*:*" | ||
| ], | ||
| "packageName": "profilegrid-user-profiles-groups-and-communities", | ||
| "packageType": "wordpress-plugin", | ||
| "product": "ProfileGrid", | ||
| "repo": "https://plugins.svn.wordpress.org/profilegrid-user-profiles-groups-and-communities", | ||
| "vendor": "ProfileGrid User Profiles", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "5.9.3.1", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| }, | ||
| "references": [ | ||
| { | ||
| "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dcfcb5e8-99e1-4dde-b62e-9f2bfc7db6ef?source=cve" | ||
| } | ||
| ] | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "patchstack", | ||
| "cveId": "CVE-2024-49293", | ||
| "description": "Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through 8.5.4.", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://patchstack.com/database/vulnerability/wpvr/wordpress-wp-vr-plugin-8-5-4-broken-access-control-vulnerability?_s_id=cve" | ||
| ], | ||
| "solutions": [ | ||
| "Update to 8.5.5 or a higher version." | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://wordpress.org/plugins", | ||
| "cpes": [ | ||
| "cpe:2.3:a:coderex:wp_vr:*:*:*:*:*:wordpress:*:*" | ||
| ], | ||
| "packageName": "wpvr", | ||
| "packageType": "wordpress-plugin", | ||
| "product": "WP VR", | ||
| "repo": "https://plugins.svn.wordpress.org/wpvr", | ||
| "vendor": "Rextheme", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "8.5.5", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| }, | ||
| "references": [ | ||
| { | ||
| "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9ecd4231-d1b7-420e-a8af-1508fed11d1f?source=cve" | ||
| } | ||
| ] | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "github_m", | ||
| "cveId": "CVE-2024-49366", | ||
| "description": "Nginx UI is a web user interface for the Nginx web server. Nginx UI v2.0.0-beta.35 and earlier gets the value from the json field without verification, and can construct a value value in the form of `../../`. Arbitrary files can be written to the server, which may result in loss of permissions. Version 2.0.0-beta.26 fixes the issue.", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://github.com/0xJacky/nginx-ui/releases/tag/v2.0.0-beta.36", | ||
| "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-prv4-rx44-f7jr" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://pkg.go.dev", | ||
| "cpes": [ | ||
| "cpe:2.3:a:nginxui:nginx_ui:*:*:*:*:*:go:*:*" | ||
| ], | ||
| "packageName": "github.com/0xJacky/Nginx-UI", | ||
| "packageType": "go-module", | ||
| "product": "nginx-ui", | ||
| "repo": "https://github.com/0xjacky/nginx-ui", | ||
| "vendor": "0xJacky", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "2.0.0-beta.36", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.