Skip to content

Commit

Permalink
updates 2024-10-11
Browse files Browse the repository at this point in the history 
Signed-off-by: Weston Steimel <[email protected]>
  • Loading branch information
@westonsteimel
westonsteimel committed Oct 11, 2024
1 parent e509012 commit b63a133
Show file tree
Hide file tree
Showing 91 changed files with 3,502 additions and 39 deletions.
42 changes: 42 additions & 0 deletions data/anchore/2023/CVE-2023-25581.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
{
"additionalMetadata": {
"cna": "github_m",
"cveId": "CVE-2023-25581",
"description": "pac4j is a security framework for Java. `pac4j-core` prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the `UserProfile` class from pac4j-core. It can be exploited by providing an attribute that contains a serialized Java object with a special prefix `{#sb64}` and Base64 encoding. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. pac4j versions 4.0.0 and greater are not affected by this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://github.com/frohoff/ysoserial",
"https://github.com/pac4j/pac4j/blob/5834aeb22ad3a4369dfa572be60d7b20f5784a8f/pac4j-core/src/main/java/org/pac4j/core/profile/InternalAttributeHandler.java#L95",
"https://portswigger.net/web-security/deserialization",
"https://securitylab.github.com/advisories/GHSL-2022-085_pac4j/"
]
},
"adp": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"cpes": [
"cpe:2.3:a:org.pac4j:pac4j-core:*:*:*:*:*:maven:*:*",
"cpe:2.3:a:pac4j:pac4j:*:*:*:*:*:maven:*:*"
],
"packageName": "org.pac4j:pac4j-core",
"packageType": "maven",
"product": "pac4j",
"repo": "https://github.com/pac4j/pac4j",
"vendor": "pac4j",
"versions": [
{
"lessThan": "4.0.0",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
}
}
41 changes: 41 additions & 0 deletions data/anchore/2024/CVE-2024-2189.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
{
"additionalMetadata": {
"cna": "wpscan",
"cveId": "CVE-2024-2189",
"description": "The Social Icons Widget & Block by WPZOOM WordPress plugin before 4.2.18 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://wpscan.com/vulnerability/b8661fbe-78b9-4d29-90bf-5b68af468eb6/"
]
},
"adp": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"cpes": [
"cpe:2.3:a:wpzoom:social_icons_widget:*:*:*:*:free:wordpress:*:*"
],
"packageName": "social-icons-widget-by-wpzoom",
"packageType": "wordpress-plugin",
"product": "Social Icons Widget & Block by WPZOOM",
"versions": [
{
"lessThan": "4.2.18",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2567ecc4-1346-4092-8c99-ffa5064e6a3f?source=cve"
}
]
}
}
2 changes: 1 addition & 1 deletion data/anchore/2024/CVE-2024-44002.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
"vendor": "PickPlugins",
"versions": [
{
"lessThanOrEqual": "1.22.25",
"lessThan": "1.22.26",
"status": "affected",
"version": "0",
"versionType": "custom"
Expand Down
126 changes: 126 additions & 0 deletions data/anchore/2024/CVE-2024-45124.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
{
"additionalMetadata": {
"cna": "adobe",
"cveId": "CVE-2024-45124",
"description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://helpx.adobe.com/security/products/magento/apsb24-73.html"
]
},
"adp": {
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
"cpe:2.3:a:adobe:magento:*:*:*:*:commerce:*:*:*",
"cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*"
],
"product": "Adobe Commerce",
"vendor": "Adobe",
"versions": [
{
"lessThan": "2.4.7-p3",
"status": "affected",
"version": "2.4.7-alpha0",
"versionType": "semver"
},
{
"lessThan": "2.4.6-p8",
"status": "affected",
"version": "2.4.6-alpha0",
"versionType": "semver"
},
{
"lessThan": "2.4.5-p10",
"status": "affected",
"version": "2.4.5-alpha0",
"versionType": "semver"
},
{
"lessThan": "2.4.4-p11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*"
],
"product": "Adobe Commerce B2B",
"vendor": "Adobe",
"versions": [
{
"lessThan": "1.4.2-p3",
"status": "affected",
"version": "1.4.2-alpha0",
"versionType": "semver"
},
{
"lessThan": "1.3.5-p8",
"status": "affected",
"version": "1.3.5-alpha0",
"versionType": "semver"
},
{
"lessThan": "1.3.4-p10",
"status": "affected",
"version": "1.3.4-alpha0",
"versionType": "semver"
},
{
"lessThan": "1.3.3-p11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://packagist.org",
"cpes": [
"cpe:2.3:a:adobe:magento:*:*:*:*:open_source:php:*:*",
"cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:php:*:*",
"cpe:2.3:a:magento:magento:*:*:*:*:open_source:php:*:*"
],
"packageName": "magento/community-edition",
"packageType": "php-composer",
"product": "Magento Open Source",
"repo": "https://github.com/magento/magento2",
"vendor": "Adobe",
"versions": [
{
"lessThan": "2.4.7-p3",
"status": "affected",
"version": "2.4.7-alpha0",
"versionType": "semver"
},
{
"lessThan": "2.4.6-p8",
"status": "affected",
"version": "2.4.6-alpha0",
"versionType": "semver"
},
{
"lessThan": "2.4.5-p10",
"status": "affected",
"version": "2.4.5-alpha0",
"versionType": "semver"
},
{
"lessThan": "2.4.4-p11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
}
}
126 changes: 126 additions & 0 deletions data/anchore/2024/CVE-2024-45125.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
{
"additionalMetadata": {
"cna": "adobe",
"cveId": "CVE-2024-45125",
"description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this issue does not require user interaction.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://helpx.adobe.com/security/products/magento/apsb24-73.html"
]
},
"adp": {
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
"cpe:2.3:a:adobe:magento:*:*:*:*:commerce:*:*:*",
"cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*"
],
"product": "Adobe Commerce",
"vendor": "Adobe",
"versions": [
{
"lessThan": "2.4.7-p3",
"status": "affected",
"version": "2.4.7-alpha0",
"versionType": "semver"
},
{
"lessThan": "2.4.6-p8",
"status": "affected",
"version": "2.4.6-alpha0",
"versionType": "semver"
},
{
"lessThan": "2.4.5-p10",
"status": "affected",
"version": "2.4.5-alpha0",
"versionType": "semver"
},
{
"lessThan": "2.4.4-p11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*"
],
"product": "Adobe Commerce B2B",
"vendor": "Adobe",
"versions": [
{
"lessThan": "1.4.2-p3",
"status": "affected",
"version": "1.4.2-alpha0",
"versionType": "semver"
},
{
"lessThan": "1.3.5-p8",
"status": "affected",
"version": "1.3.5-alpha0",
"versionType": "semver"
},
{
"lessThan": "1.3.4-p10",
"status": "affected",
"version": "1.3.4-alpha0",
"versionType": "semver"
},
{
"lessThan": "1.3.3-p11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://packagist.org",
"cpes": [
"cpe:2.3:a:adobe:magento:*:*:*:*:open_source:php:*:*",
"cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:php:*:*",
"cpe:2.3:a:magento:magento:*:*:*:*:open_source:php:*:*"
],
"packageName": "magento/community-edition",
"packageType": "php-composer",
"product": "Magento Open Source",
"repo": "https://github.com/magento/magento2",
"vendor": "Adobe",
"versions": [
{
"lessThan": "2.4.7-p3",
"status": "affected",
"version": "2.4.7-alpha0",
"versionType": "semver"
},
{
"lessThan": "2.4.6-p8",
"status": "affected",
"version": "2.4.6-alpha0",
"versionType": "semver"
},
{
"lessThan": "2.4.5-p10",
"status": "affected",
"version": "2.4.5-alpha0",
"versionType": "semver"
},
{
"lessThan": "2.4.4-p11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
}
}
Loading

0 comments on commit b63a133

Please sign in to comment.