From b63a1330993af87809fe2a4da62269117d812051 Mon Sep 17 00:00:00 2001 From: Weston Steimel Date: Fri, 11 Oct 2024 11:40:32 +0100 Subject: [PATCH] updates 2024-10-11 Signed-off-by: Weston Steimel --- data/anchore/2023/CVE-2023-25581.json | 42 +++++++++ data/anchore/2024/CVE-2024-2189.json | 41 +++++++++ data/anchore/2024/CVE-2024-44002.json | 2 +- data/anchore/2024/CVE-2024-45124.json | 126 ++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-45125.json | 126 ++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-45127.json | 126 ++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-45128.json | 126 ++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-45129.json | 126 ++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-45130.json | 126 ++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-45131.json | 126 ++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-45132.json | 126 ++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-45133.json | 126 ++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-45134.json | 126 ++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-45135.json | 126 ++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-45148.json | 126 ++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-45149.json | 126 ++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-45454.json | 7 +- data/anchore/2024/CVE-2024-47084.json | 38 ++++++++ data/anchore/2024/CVE-2024-47164.json | 38 ++++++++ data/anchore/2024/CVE-2024-47165.json | 38 ++++++++ data/anchore/2024/CVE-2024-47166.json | 38 ++++++++ data/anchore/2024/CVE-2024-47167.json | 38 ++++++++ data/anchore/2024/CVE-2024-47168.json | 38 ++++++++ data/anchore/2024/CVE-2024-47348.json | 7 +- data/anchore/2024/CVE-2024-47349.json | 7 +- data/anchore/2024/CVE-2024-47357.json | 7 +- data/anchore/2024/CVE-2024-47363.json | 7 +- data/anchore/2024/CVE-2024-47364.json | 7 +- data/anchore/2024/CVE-2024-47366.json | 7 +- data/anchore/2024/CVE-2024-47367.json | 7 +- data/anchore/2024/CVE-2024-47368.json | 7 +- data/anchore/2024/CVE-2024-47369.json | 9 +- data/anchore/2024/CVE-2024-47370.json | 7 +- data/anchore/2024/CVE-2024-47373.json | 7 +- data/anchore/2024/CVE-2024-47376.json | 7 +- data/anchore/2024/CVE-2024-47377.json | 7 +- data/anchore/2024/CVE-2024-47378.json | 7 +- data/anchore/2024/CVE-2024-47379.json | 7 +- data/anchore/2024/CVE-2024-47380.json | 7 +- data/anchore/2024/CVE-2024-47381.json | 7 +- data/anchore/2024/CVE-2024-47382.json | 7 +- data/anchore/2024/CVE-2024-47385.json | 7 +- data/anchore/2024/CVE-2024-47386.json | 7 +- data/anchore/2024/CVE-2024-47389.json | 7 +- data/anchore/2024/CVE-2024-47390.json | 7 +- data/anchore/2024/CVE-2024-47391.json | 7 +- data/anchore/2024/CVE-2024-47392.json | 7 +- data/anchore/2024/CVE-2024-47394.json | 9 +- data/anchore/2024/CVE-2024-47621.json | 7 +- data/anchore/2024/CVE-2024-47624.json | 7 +- data/anchore/2024/CVE-2024-47625.json | 7 +- data/anchore/2024/CVE-2024-47628.json | 7 +- data/anchore/2024/CVE-2024-47629.json | 7 +- data/anchore/2024/CVE-2024-47632.json | 7 +- data/anchore/2024/CVE-2024-47633.json | 7 +- data/anchore/2024/CVE-2024-47636.json | 44 +++++++++ data/anchore/2024/CVE-2024-47638.json | 7 +- data/anchore/2024/CVE-2024-47642.json | 7 +- data/anchore/2024/CVE-2024-47647.json | 7 +- data/anchore/2024/CVE-2024-47648.json | 46 ++++++++++ data/anchore/2024/CVE-2024-47650.json | 9 +- data/anchore/2024/CVE-2024-47867.json | 38 ++++++++ data/anchore/2024/CVE-2024-47868.json | 38 ++++++++ data/anchore/2024/CVE-2024-47869.json | 38 ++++++++ data/anchore/2024/CVE-2024-47870.json | 38 ++++++++ data/anchore/2024/CVE-2024-47871.json | 38 ++++++++ data/anchore/2024/CVE-2024-47872.json | 38 ++++++++ data/anchore/2024/CVE-2024-47962.json | 37 ++++++++ data/anchore/2024/CVE-2024-47963.json | 37 ++++++++ data/anchore/2024/CVE-2024-47964.json | 37 ++++++++ data/anchore/2024/CVE-2024-47965.json | 37 ++++++++ data/anchore/2024/CVE-2024-47966.json | 37 ++++++++ data/anchore/2024/CVE-2024-48902.json | 34 +++++++ data/anchore/2024/CVE-2024-6530.json | 51 +++++++++++ data/anchore/2024/CVE-2024-8477.json | 38 ++++++++ data/anchore/2024/CVE-2024-8977.json | 50 ++++++++++ data/anchore/2024/CVE-2024-8987.json | 39 ++++++++ data/anchore/2024/CVE-2024-9065.json | 38 ++++++++ data/anchore/2024/CVE-2024-9067.json | 38 ++++++++ data/anchore/2024/CVE-2024-9156.json | 36 ++++++++ data/anchore/2024/CVE-2024-9180.json | 67 ++++++++++++++ data/anchore/2024/CVE-2024-9377.json | 40 ++++++++ data/anchore/2024/CVE-2024-9487.json | 56 ++++++++++++ data/anchore/2024/CVE-2024-9518.json | 38 ++++++++ data/anchore/2024/CVE-2024-9519.json | 38 ++++++++ data/anchore/2024/CVE-2024-9520.json | 40 ++++++++ data/anchore/2024/CVE-2024-9596.json | 49 ++++++++++ data/anchore/2024/CVE-2024-9623.json | 50 ++++++++++ data/anchore/2024/CVE-2024-9780.json | 38 ++++++++ data/anchore/2024/CVE-2024-9781.json | 44 +++++++++ data/anchore/2024/CVE-2024-9796.json | 38 ++++++++ 91 files changed, 3502 insertions(+), 39 deletions(-) create mode 100644 data/anchore/2023/CVE-2023-25581.json create mode 100644 data/anchore/2024/CVE-2024-2189.json create mode 100644 data/anchore/2024/CVE-2024-45124.json create mode 100644 data/anchore/2024/CVE-2024-45125.json create mode 100644 data/anchore/2024/CVE-2024-45127.json create mode 100644 data/anchore/2024/CVE-2024-45128.json create mode 100644 data/anchore/2024/CVE-2024-45129.json create mode 100644 data/anchore/2024/CVE-2024-45130.json create mode 100644 data/anchore/2024/CVE-2024-45131.json create mode 100644 data/anchore/2024/CVE-2024-45132.json create mode 100644 data/anchore/2024/CVE-2024-45133.json create mode 100644 data/anchore/2024/CVE-2024-45134.json create mode 100644 data/anchore/2024/CVE-2024-45135.json create mode 100644 data/anchore/2024/CVE-2024-45148.json create mode 100644 data/anchore/2024/CVE-2024-45149.json create mode 100644 data/anchore/2024/CVE-2024-47084.json create mode 100644 data/anchore/2024/CVE-2024-47164.json create mode 100644 data/anchore/2024/CVE-2024-47165.json create mode 100644 data/anchore/2024/CVE-2024-47166.json create mode 100644 data/anchore/2024/CVE-2024-47167.json create mode 100644 data/anchore/2024/CVE-2024-47168.json create mode 100644 data/anchore/2024/CVE-2024-47636.json create mode 100644 data/anchore/2024/CVE-2024-47648.json create mode 100644 data/anchore/2024/CVE-2024-47867.json create mode 100644 data/anchore/2024/CVE-2024-47868.json create mode 100644 data/anchore/2024/CVE-2024-47869.json create mode 100644 data/anchore/2024/CVE-2024-47870.json create mode 100644 data/anchore/2024/CVE-2024-47871.json create mode 100644 data/anchore/2024/CVE-2024-47872.json create mode 100644 data/anchore/2024/CVE-2024-47962.json create mode 100644 data/anchore/2024/CVE-2024-47963.json create mode 100644 data/anchore/2024/CVE-2024-47964.json create mode 100644 data/anchore/2024/CVE-2024-47965.json create mode 100644 data/anchore/2024/CVE-2024-47966.json create mode 100644 data/anchore/2024/CVE-2024-48902.json create mode 100644 data/anchore/2024/CVE-2024-6530.json create mode 100644 data/anchore/2024/CVE-2024-8477.json create mode 100644 data/anchore/2024/CVE-2024-8977.json create mode 100644 data/anchore/2024/CVE-2024-8987.json create mode 100644 data/anchore/2024/CVE-2024-9065.json create mode 100644 data/anchore/2024/CVE-2024-9067.json create mode 100644 data/anchore/2024/CVE-2024-9156.json create mode 100644 data/anchore/2024/CVE-2024-9180.json create mode 100644 data/anchore/2024/CVE-2024-9377.json create mode 100644 data/anchore/2024/CVE-2024-9487.json create mode 100644 data/anchore/2024/CVE-2024-9518.json create mode 100644 data/anchore/2024/CVE-2024-9519.json create mode 100644 data/anchore/2024/CVE-2024-9520.json create mode 100644 data/anchore/2024/CVE-2024-9596.json create mode 100644 data/anchore/2024/CVE-2024-9623.json create mode 100644 data/anchore/2024/CVE-2024-9780.json create mode 100644 data/anchore/2024/CVE-2024-9781.json create mode 100644 data/anchore/2024/CVE-2024-9796.json diff --git a/data/anchore/2023/CVE-2023-25581.json b/data/anchore/2023/CVE-2023-25581.json new file mode 100644 index 00000000..f6cf7d6f --- /dev/null +++ b/data/anchore/2023/CVE-2023-25581.json @@ -0,0 +1,42 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2023-25581", + "description": "pac4j is a security framework for Java. `pac4j-core` prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the `UserProfile` class from pac4j-core. It can be exploited by providing an attribute that contains a serialized Java object with a special prefix `{#sb64}` and Base64 encoding. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. pac4j versions 4.0.0 and greater are not affected by this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/frohoff/ysoserial", + "https://github.com/pac4j/pac4j/blob/5834aeb22ad3a4369dfa572be60d7b20f5784a8f/pac4j-core/src/main/java/org/pac4j/core/profile/InternalAttributeHandler.java#L95", + "https://portswigger.net/web-security/deserialization", + "https://securitylab.github.com/advisories/GHSL-2022-085_pac4j/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:org.pac4j:pac4j-core:*:*:*:*:*:maven:*:*", + "cpe:2.3:a:pac4j:pac4j:*:*:*:*:*:maven:*:*" + ], + "packageName": "org.pac4j:pac4j-core", + "packageType": "maven", + "product": "pac4j", + "repo": "https://github.com/pac4j/pac4j", + "vendor": "pac4j", + "versions": [ + { + "lessThan": "4.0.0", + "status": "affected", + "version": "0", + "versionType": "maven" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-2189.json b/data/anchore/2024/CVE-2024-2189.json new file mode 100644 index 00000000..e7c43526 --- /dev/null +++ b/data/anchore/2024/CVE-2024-2189.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "wpscan", + "cveId": "CVE-2024-2189", + "description": "The Social Icons Widget & Block by WPZOOM WordPress plugin before 4.2.18 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://wpscan.com/vulnerability/b8661fbe-78b9-4d29-90bf-5b68af468eb6/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpzoom:social_icons_widget:*:*:*:*:free:wordpress:*:*" + ], + "packageName": "social-icons-widget-by-wpzoom", + "packageType": "wordpress-plugin", + "product": "Social Icons Widget & Block by WPZOOM", + "versions": [ + { + "lessThan": "4.2.18", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2567ecc4-1346-4092-8c99-ffa5064e6a3f?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-44002.json b/data/anchore/2024/CVE-2024-44002.json index 36752a5b..b15a6625 100644 --- a/data/anchore/2024/CVE-2024-44002.json +++ b/data/anchore/2024/CVE-2024-44002.json @@ -22,7 +22,7 @@ "vendor": "PickPlugins", "versions": [ { - "lessThanOrEqual": "1.22.25", + "lessThan": "1.22.26", "status": "affected", "version": "0", "versionType": "custom" diff --git a/data/anchore/2024/CVE-2024-45124.json b/data/anchore/2024/CVE-2024-45124.json new file mode 100644 index 00000000..48066f52 --- /dev/null +++ b/data/anchore/2024/CVE-2024-45124.json @@ -0,0 +1,126 @@ +{ + "additionalMetadata": { + "cna": "adobe", + "cveId": "CVE-2024-45124", + "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://helpx.adobe.com/security/products/magento/apsb24-73.html" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*", + "cpe:2.3:a:adobe:magento:*:*:*:*:commerce:*:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*" + ], + "product": "Adobe Commerce", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*" + ], + "product": "Adobe Commerce B2B", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "1.4.2-p3", + "status": "affected", + "version": "1.4.2-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.5-p8", + "status": "affected", + "version": "1.3.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.4-p10", + "status": "affected", + "version": "1.3.4-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.3-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "collectionURL": "https://packagist.org", + "cpes": [ + "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:php:*:*", + "cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:php:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:open_source:php:*:*" + ], + "packageName": "magento/community-edition", + "packageType": "php-composer", + "product": "Magento Open Source", + "repo": "https://github.com/magento/magento2", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-45125.json b/data/anchore/2024/CVE-2024-45125.json new file mode 100644 index 00000000..bc12d5a2 --- /dev/null +++ b/data/anchore/2024/CVE-2024-45125.json @@ -0,0 +1,126 @@ +{ + "additionalMetadata": { + "cna": "adobe", + "cveId": "CVE-2024-45125", + "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this issue does not require user interaction.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://helpx.adobe.com/security/products/magento/apsb24-73.html" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*", + "cpe:2.3:a:adobe:magento:*:*:*:*:commerce:*:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*" + ], + "product": "Adobe Commerce", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*" + ], + "product": "Adobe Commerce B2B", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "1.4.2-p3", + "status": "affected", + "version": "1.4.2-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.5-p8", + "status": "affected", + "version": "1.3.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.4-p10", + "status": "affected", + "version": "1.3.4-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.3-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "collectionURL": "https://packagist.org", + "cpes": [ + "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:php:*:*", + "cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:php:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:open_source:php:*:*" + ], + "packageName": "magento/community-edition", + "packageType": "php-composer", + "product": "Magento Open Source", + "repo": "https://github.com/magento/magento2", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-45127.json b/data/anchore/2024/CVE-2024-45127.json new file mode 100644 index 00000000..c0eea59a --- /dev/null +++ b/data/anchore/2024/CVE-2024-45127.json @@ -0,0 +1,126 @@ +{ + "additionalMetadata": { + "cna": "adobe", + "cveId": "CVE-2024-45127", + "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://helpx.adobe.com/security/products/magento/apsb24-73.html" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*", + "cpe:2.3:a:adobe:magento:*:*:*:*:commerce:*:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*" + ], + "product": "Adobe Commerce", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*" + ], + "product": "Adobe Commerce B2B", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "1.4.2-p3", + "status": "affected", + "version": "1.4.2-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.5-p8", + "status": "affected", + "version": "1.3.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.4-p10", + "status": "affected", + "version": "1.3.4-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.3-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "collectionURL": "https://packagist.org", + "cpes": [ + "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:php:*:*", + "cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:php:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:open_source:php:*:*" + ], + "packageName": "magento/community-edition", + "packageType": "php-composer", + "product": "Magento Open Source", + "repo": "https://github.com/magento/magento2", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-45128.json b/data/anchore/2024/CVE-2024-45128.json new file mode 100644 index 00000000..c78a29ad --- /dev/null +++ b/data/anchore/2024/CVE-2024-45128.json @@ -0,0 +1,126 @@ +{ + "additionalMetadata": { + "cna": "adobe", + "cveId": "CVE-2024-45128", + "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity and availability. Exploitation of this issue does not require user interaction.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://helpx.adobe.com/security/products/magento/apsb24-73.html" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*", + "cpe:2.3:a:adobe:magento:*:*:*:*:commerce:*:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*" + ], + "product": "Adobe Commerce", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*" + ], + "product": "Adobe Commerce B2B", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "1.4.2-p3", + "status": "affected", + "version": "1.4.2-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.5-p8", + "status": "affected", + "version": "1.3.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.4-p10", + "status": "affected", + "version": "1.3.4-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.3-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "collectionURL": "https://packagist.org", + "cpes": [ + "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:php:*:*", + "cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:php:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:open_source:php:*:*" + ], + "packageName": "magento/community-edition", + "packageType": "php-composer", + "product": "Magento Open Source", + "repo": "https://github.com/magento/magento2", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-45129.json b/data/anchore/2024/CVE-2024-45129.json new file mode 100644 index 00000000..6ade1011 --- /dev/null +++ b/data/anchore/2024/CVE-2024-45129.json @@ -0,0 +1,126 @@ +{ + "additionalMetadata": { + "cna": "adobe", + "cveId": "CVE-2024-45129", + "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://helpx.adobe.com/security/products/magento/apsb24-73.html" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*", + "cpe:2.3:a:adobe:magento:*:*:*:*:commerce:*:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*" + ], + "product": "Adobe Commerce", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*" + ], + "product": "Adobe Commerce B2B", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "1.4.2-p3", + "status": "affected", + "version": "1.4.2-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.5-p8", + "status": "affected", + "version": "1.3.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.4-p10", + "status": "affected", + "version": "1.3.4-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.3-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "collectionURL": "https://packagist.org", + "cpes": [ + "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:php:*:*", + "cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:php:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:open_source:php:*:*" + ], + "packageName": "magento/community-edition", + "packageType": "php-composer", + "product": "Magento Open Source", + "repo": "https://github.com/magento/magento2", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-45130.json b/data/anchore/2024/CVE-2024-45130.json new file mode 100644 index 00000000..c274a6ef --- /dev/null +++ b/data/anchore/2024/CVE-2024-45130.json @@ -0,0 +1,126 @@ +{ + "additionalMetadata": { + "cna": "adobe", + "cveId": "CVE-2024-45130", + "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://helpx.adobe.com/security/products/magento/apsb24-73.html" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*", + "cpe:2.3:a:adobe:magento:*:*:*:*:commerce:*:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*" + ], + "product": "Adobe Commerce", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*" + ], + "product": "Adobe Commerce B2B", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "1.4.2-p3", + "status": "affected", + "version": "1.4.2-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.5-p8", + "status": "affected", + "version": "1.3.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.4-p10", + "status": "affected", + "version": "1.3.4-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.3-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "collectionURL": "https://packagist.org", + "cpes": [ + "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:php:*:*", + "cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:php:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:open_source:php:*:*" + ], + "packageName": "magento/community-edition", + "packageType": "php-composer", + "product": "Magento Open Source", + "repo": "https://github.com/magento/magento2", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-45131.json b/data/anchore/2024/CVE-2024-45131.json new file mode 100644 index 00000000..ee4e5071 --- /dev/null +++ b/data/anchore/2024/CVE-2024-45131.json @@ -0,0 +1,126 @@ +{ + "additionalMetadata": { + "cna": "adobe", + "cveId": "CVE-2024-45131", + "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality and integrity. Exploitation of this issue does not require user interaction.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://helpx.adobe.com/security/products/magento/apsb24-73.html" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*", + "cpe:2.3:a:adobe:magento:*:*:*:*:commerce:*:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*" + ], + "product": "Adobe Commerce", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*" + ], + "product": "Adobe Commerce B2B", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "1.4.2-p3", + "status": "affected", + "version": "1.4.2-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.5-p8", + "status": "affected", + "version": "1.3.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.4-p10", + "status": "affected", + "version": "1.3.4-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.3-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "collectionURL": "https://packagist.org", + "cpes": [ + "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:php:*:*", + "cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:php:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:open_source:php:*:*" + ], + "packageName": "magento/community-edition", + "packageType": "php-composer", + "product": "Magento Open Source", + "repo": "https://github.com/magento/magento2", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-45132.json b/data/anchore/2024/CVE-2024-45132.json new file mode 100644 index 00000000..b44f5e4b --- /dev/null +++ b/data/anchore/2024/CVE-2024-45132.json @@ -0,0 +1,126 @@ +{ + "additionalMetadata": { + "cna": "adobe", + "cveId": "CVE-2024-45132", + "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://helpx.adobe.com/security/products/magento/apsb24-73.html" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*", + "cpe:2.3:a:adobe:magento:*:*:*:*:commerce:*:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*" + ], + "product": "Adobe Commerce", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*" + ], + "product": "Adobe Commerce B2B", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "1.4.2-p3", + "status": "affected", + "version": "1.4.2-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.5-p8", + "status": "affected", + "version": "1.3.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.4-p10", + "status": "affected", + "version": "1.3.4-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.3-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "collectionURL": "https://packagist.org", + "cpes": [ + "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:php:*:*", + "cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:php:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:open_source:php:*:*" + ], + "packageName": "magento/community-edition", + "packageType": "php-composer", + "product": "Magento Open Source", + "repo": "https://github.com/magento/magento2", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-45133.json b/data/anchore/2024/CVE-2024-45133.json new file mode 100644 index 00000000..0ba01514 --- /dev/null +++ b/data/anchore/2024/CVE-2024-45133.json @@ -0,0 +1,126 @@ +{ + "additionalMetadata": { + "cna": "adobe", + "cveId": "CVE-2024-45133", + "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://helpx.adobe.com/security/products/magento/apsb24-73.html" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*", + "cpe:2.3:a:adobe:magento:*:*:*:*:commerce:*:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*" + ], + "product": "Adobe Commerce", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*" + ], + "product": "Adobe Commerce B2B", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "1.4.2-p3", + "status": "affected", + "version": "1.4.2-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.5-p8", + "status": "affected", + "version": "1.3.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.4-p10", + "status": "affected", + "version": "1.3.4-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.3-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "collectionURL": "https://packagist.org", + "cpes": [ + "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:php:*:*", + "cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:php:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:open_source:php:*:*" + ], + "packageName": "magento/community-edition", + "packageType": "php-composer", + "product": "Magento Open Source", + "repo": "https://github.com/magento/magento2", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-45134.json b/data/anchore/2024/CVE-2024-45134.json new file mode 100644 index 00000000..bc96d0ea --- /dev/null +++ b/data/anchore/2024/CVE-2024-45134.json @@ -0,0 +1,126 @@ +{ + "additionalMetadata": { + "cna": "adobe", + "cveId": "CVE-2024-45134", + "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://helpx.adobe.com/security/products/magento/apsb24-73.html" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*", + "cpe:2.3:a:adobe:magento:*:*:*:*:commerce:*:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*" + ], + "product": "Adobe Commerce", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*" + ], + "product": "Adobe Commerce B2B", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "1.4.2-p3", + "status": "affected", + "version": "1.4.2-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.5-p8", + "status": "affected", + "version": "1.3.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.4-p10", + "status": "affected", + "version": "1.3.4-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.3-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "collectionURL": "https://packagist.org", + "cpes": [ + "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:php:*:*", + "cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:php:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:open_source:php:*:*" + ], + "packageName": "magento/community-edition", + "packageType": "php-composer", + "product": "Magento Open Source", + "repo": "https://github.com/magento/magento2", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-45135.json b/data/anchore/2024/CVE-2024-45135.json new file mode 100644 index 00000000..019ecea9 --- /dev/null +++ b/data/anchore/2024/CVE-2024-45135.json @@ -0,0 +1,126 @@ +{ + "additionalMetadata": { + "cna": "adobe", + "cveId": "CVE-2024-45135", + "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://helpx.adobe.com/security/products/magento/apsb24-73.html" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*", + "cpe:2.3:a:adobe:magento:*:*:*:*:commerce:*:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*" + ], + "product": "Adobe Commerce", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*" + ], + "product": "Adobe Commerce B2B", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "1.4.2-p3", + "status": "affected", + "version": "1.4.2-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.5-p8", + "status": "affected", + "version": "1.3.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.4-p10", + "status": "affected", + "version": "1.3.4-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.3-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "collectionURL": "https://packagist.org", + "cpes": [ + "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:php:*:*", + "cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:php:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:open_source:php:*:*" + ], + "packageName": "magento/community-edition", + "packageType": "php-composer", + "product": "Magento Open Source", + "repo": "https://github.com/magento/magento2", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-45148.json b/data/anchore/2024/CVE-2024-45148.json new file mode 100644 index 00000000..c56d8ae7 --- /dev/null +++ b/data/anchore/2024/CVE-2024-45148.json @@ -0,0 +1,126 @@ +{ + "additionalMetadata": { + "cna": "adobe", + "cveId": "CVE-2024-45148", + "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://helpx.adobe.com/security/products/magento/apsb24-73.html" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*", + "cpe:2.3:a:adobe:magento:*:*:*:*:commerce:*:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*" + ], + "product": "Adobe Commerce", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*" + ], + "product": "Adobe Commerce B2B", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "1.4.2-p3", + "status": "affected", + "version": "1.4.2-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.5-p8", + "status": "affected", + "version": "1.3.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.4-p10", + "status": "affected", + "version": "1.3.4-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.3-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "collectionURL": "https://packagist.org", + "cpes": [ + "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:php:*:*", + "cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:php:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:open_source:php:*:*" + ], + "packageName": "magento/community-edition", + "packageType": "php-composer", + "product": "Magento Open Source", + "repo": "https://github.com/magento/magento2", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-45149.json b/data/anchore/2024/CVE-2024-45149.json new file mode 100644 index 00000000..803baa2f --- /dev/null +++ b/data/anchore/2024/CVE-2024-45149.json @@ -0,0 +1,126 @@ +{ + "additionalMetadata": { + "cna": "adobe", + "cveId": "CVE-2024-45149", + "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://helpx.adobe.com/security/products/magento/apsb24-73.html" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*", + "cpe:2.3:a:adobe:magento:*:*:*:*:commerce:*:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*" + ], + "product": "Adobe Commerce", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*" + ], + "product": "Adobe Commerce B2B", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "1.4.2-p3", + "status": "affected", + "version": "1.4.2-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.5-p8", + "status": "affected", + "version": "1.3.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.4-p10", + "status": "affected", + "version": "1.3.4-alpha0", + "versionType": "semver" + }, + { + "lessThan": "1.3.3-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + }, + { + "collectionURL": "https://packagist.org", + "cpes": [ + "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:php:*:*", + "cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:php:*:*", + "cpe:2.3:a:magento:magento:*:*:*:*:open_source:php:*:*" + ], + "packageName": "magento/community-edition", + "packageType": "php-composer", + "product": "Magento Open Source", + "repo": "https://github.com/magento/magento2", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "2.4.7-p3", + "status": "affected", + "version": "2.4.7-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.6-p8", + "status": "affected", + "version": "2.4.6-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.5-p10", + "status": "affected", + "version": "2.4.5-alpha0", + "versionType": "semver" + }, + { + "lessThan": "2.4.4-p11", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-45454.json b/data/anchore/2024/CVE-2024-45454.json index ab378503..203275f4 100644 --- a/data/anchore/2024/CVE-2024-45454.json +++ b/data/anchore/2024/CVE-2024-45454.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b49c1e95-7ef4-45d7-9fdf-dd5adffd2eb0?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47084.json b/data/anchore/2024/CVE-2024-47084.json new file mode 100644 index 00000000..2cda969c --- /dev/null +++ b/data/anchore/2024/CVE-2024-47084.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-47084", + "description": "Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to **CORS origin validation**, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker’s website to make unauthorized requests to a local Gradio server. Potentially, attackers can upload files, steal authentication tokens, and access user data if the victim visits a malicious website while logged into Gradio. This impacts users who have deployed Gradio locally and use basic authentication. Users are advised to upgrade to `gradio>4.44` to address this issue. As a workaround, users can manually enforce stricter CORS origin validation by modifying the `CustomCORSMiddleware` class in their local Gradio server code. Specifically, they can bypass the condition that skips CORS validation for requests containing cookies to prevent potential exploitation.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/gradio-app/gradio/security/advisories/GHSA-3c67-5hwx-f6wx" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*" + ], + "packageName": "gradio", + "packageType": "python", + "product": "gradio", + "repo": "https://github.com/gradio-app/gradio", + "vendor": "gradio-app", + "versions": [ + { + "lessThan": "4.44", + "status": "affected", + "version": "0", + "versionType": "python" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47164.json b/data/anchore/2024/CVE-2024-47164.json new file mode 100644 index 00000000..36189371 --- /dev/null +++ b/data/anchore/2024/CVE-2024-47164.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-47164", + "description": "Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the **bypass of directory traversal checks** within the `is_in_or_equal` function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that manipulate file paths using `..` (parent directory) sequences. Attackers could potentially access restricted files if they are able to exploit this flaw, although the difficulty is high. This primarily impacts users relying on Gradio’s blocklist or directory access validation, particularly when handling file uploads. Users are advised to upgrade to `gradio>=5.0` to address this issue. As a workaround, users can manually sanitize and normalize file paths in their Gradio deployment before passing them to the `is_in_or_equal` function. Ensuring that all file paths are properly resolved and absolute can help mitigate the bypass vulnerabilities caused by the improper handling of `..` sequences or malformed paths.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/gradio-app/gradio/security/advisories/GHSA-77xq-6g77-h274" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*" + ], + "packageName": "gradio", + "packageType": "python", + "product": "gradio", + "repo": "https://github.com/gradio-app/gradio", + "vendor": "gradio-app", + "versions": [ + { + "lessThan": "5.0", + "status": "affected", + "version": "0", + "versionType": "python" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47165.json b/data/anchore/2024/CVE-2024-47165.json new file mode 100644 index 00000000..f5860c8c --- /dev/null +++ b/data/anchore/2024/CVE-2024-47165.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-47165", + "description": "Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **CORS origin validation accepting a null origin**. When a Gradio server is deployed locally, the `localhost_aliases` variable includes \"null\" as a valid origin. This allows attackers to make unauthorized requests from sandboxed iframes or other sources with a null origin, potentially leading to data theft, such as user authentication tokens or uploaded files. This impacts users running Gradio locally, especially those using basic authentication. Users are advised to upgrade to `gradio>=5.0` to address this issue. As a workaround, users can manually modify the `localhost_aliases` list in their local Gradio deployment to exclude \"null\" as a valid origin. By removing this value, the Gradio server will no longer accept requests from sandboxed iframes or sources with a null origin, mitigating the potential for exploitation.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/gradio-app/gradio/security/advisories/GHSA-89v2-pqfv-c5r9" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*" + ], + "packageName": "gradio", + "packageType": "python", + "product": "gradio", + "repo": "https://github.com/gradio-app/gradio", + "vendor": "gradio-app", + "versions": [ + { + "lessThan": "5.0", + "status": "affected", + "version": "0", + "versionType": "python" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47166.json b/data/anchore/2024/CVE-2024-47166.json new file mode 100644 index 00000000..261ec85e --- /dev/null +++ b/data/anchore/2024/CVE-2024-47166.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-47166", + "description": "Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **one-level read path traversal** in the `/custom_component` endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the request. Although the traversal is limited to a single directory level, it could expose proprietary or sensitive code that developers intended to keep private. This impacts users who have developed custom Gradio components and are hosting them on publicly accessible servers. Users are advised to upgrade to `gradio>=4.44` to address this issue. As a workaround, developers can sanitize the file paths and ensure that components are not stored in publicly accessible directories.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/gradio-app/gradio/security/advisories/GHSA-37qc-qgx6-9xjv" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*" + ], + "packageName": "gradio", + "packageType": "python", + "product": "gradio", + "repo": "https://github.com/gradio-app/gradio", + "vendor": "gradio-app", + "versions": [ + { + "lessThan": "4.44", + "status": "affected", + "version": "0", + "versionType": "python" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47167.json b/data/anchore/2024/CVE-2024-47167.json new file mode 100644 index 00000000..bba73c3f --- /dev/null +++ b/data/anchore/2024/CVE-2024-47167.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-47167", + "description": "Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **Server-Side Request Forgery (SSRF)** in the `/queue/join` endpoint. Gradio’s `async_save_url_to_cache` function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This could enable attackers to target internal servers or services within a local network and possibly exfiltrate data or cause unwanted internal requests. Additionally, the content from these URLs is stored locally, making it easier for attackers to upload potentially malicious files to the server. This impacts users deploying Gradio servers that use components like the Video component which involve URL fetching. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can disable or heavily restrict URL-based inputs in their Gradio applications to trusted domains only. Additionally, implementing stricter URL validation (such as allowinglist-based validation) and ensuring that local or internal network addresses cannot be requested via the `/queue/join` endpoint can help mitigate the risk of SSRF attacks.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/gradio-app/gradio/security/advisories/GHSA-576c-3j53-r9jj" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*" + ], + "packageName": "gradio", + "packageType": "python", + "product": "gradio", + "repo": "https://github.com/gradio-app/gradio", + "vendor": "gradio-app", + "versions": [ + { + "lessThan": "5.0", + "status": "affected", + "version": "0", + "versionType": "python" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47168.json b/data/anchore/2024/CVE-2024-47168.json new file mode 100644 index 00000000..9d4b783d --- /dev/null +++ b/data/anchore/2024/CVE-2024-47168.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-47168", + "description": "Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves data exposure due to the enable_monitoring flag not properly disabling monitoring when set to False. Even when monitoring is supposedly disabled, an attacker or unauthorized user can still access the monitoring dashboard by directly requesting the /monitoring endpoint. This means that sensitive application analytics may still be exposed, particularly in environments where monitoring is expected to be disabled. Users who set enable_monitoring=False to prevent unauthorized access to monitoring data are impacted. Users are advised to upgrade to gradio>=4.44 to address this issue. There are no known workarounds for this vulnerability.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/gradio-app/gradio/security/advisories/GHSA-hm3c-93pg-4cxw" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*" + ], + "packageName": "gradio", + "packageType": "python", + "product": "gradio", + "repo": "https://github.com/gradio-app/gradio", + "vendor": "gradio-app", + "versions": [ + { + "lessThan": "4.44", + "status": "affected", + "version": "0", + "versionType": "python" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47348.json b/data/anchore/2024/CVE-2024-47348.json index 08cef7e5..f6ff26cd 100644 --- a/data/anchore/2024/CVE-2024-47348.json +++ b/data/anchore/2024/CVE-2024-47348.json @@ -37,6 +37,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f325945-8394-4ff5-8868-2b1c464cd91f?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47349.json b/data/anchore/2024/CVE-2024-47349.json index a18cf145..674221b6 100644 --- a/data/anchore/2024/CVE-2024-47349.json +++ b/data/anchore/2024/CVE-2024-47349.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1aea4732-9e7d-406f-b848-ff223104f176?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47357.json b/data/anchore/2024/CVE-2024-47357.json index ed9e2805..17134069 100644 --- a/data/anchore/2024/CVE-2024-47357.json +++ b/data/anchore/2024/CVE-2024-47357.json @@ -37,6 +37,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a63d6a64-aaba-4744-a372-89e1c0ce00df?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47363.json b/data/anchore/2024/CVE-2024-47363.json index f440b300..aa121525 100644 --- a/data/anchore/2024/CVE-2024-47363.json +++ b/data/anchore/2024/CVE-2024-47363.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b54fa719-0ac2-4017-b312-4b4a9bced16d?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47364.json b/data/anchore/2024/CVE-2024-47364.json index ab049917..dbd535f6 100644 --- a/data/anchore/2024/CVE-2024-47364.json +++ b/data/anchore/2024/CVE-2024-47364.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e3e3c9dc-985a-48fb-8300-add83046100a?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47366.json b/data/anchore/2024/CVE-2024-47366.json index d66dca5b..5a42a18e 100644 --- a/data/anchore/2024/CVE-2024-47366.json +++ b/data/anchore/2024/CVE-2024-47366.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ef847b12-a380-410a-9368-6b2751d1836e?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47367.json b/data/anchore/2024/CVE-2024-47367.json index bf783872..7af0a914 100644 --- a/data/anchore/2024/CVE-2024-47367.json +++ b/data/anchore/2024/CVE-2024-47367.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dd979c94-f6e7-4edd-b2c5-0880ed13e9b0?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47368.json b/data/anchore/2024/CVE-2024-47368.json index 4fa267c2..8bb62672 100644 --- a/data/anchore/2024/CVE-2024-47368.json +++ b/data/anchore/2024/CVE-2024-47368.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f2667b7c-b743-44d1-90d6-b1be6fcd7dca?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47369.json b/data/anchore/2024/CVE-2024-47369.json index 5d777485..9eadc9ce 100644 --- a/data/anchore/2024/CVE-2024-47369.json +++ b/data/anchore/2024/CVE-2024-47369.json @@ -17,6 +17,8 @@ "cpes": [ "cpe:2.3:a:wpwebinfotech:social_auto_poster:*:*:*:*:*:wordpress:*:*" ], + "packageName": "social-auto-poster", + "packageType": "wordpress-plugin", "product": "Social Auto Poster", "vendor": "WPWeb", "versions": [ @@ -32,6 +34,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/da5b700c-ec1f-4803-8165-581382cef482?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47370.json b/data/anchore/2024/CVE-2024-47370.json index 855fabd9..723db62a 100644 --- a/data/anchore/2024/CVE-2024-47370.json +++ b/data/anchore/2024/CVE-2024-47370.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b9aaafb-cb39-4a3b-85db-d0a8e9498d60?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47373.json b/data/anchore/2024/CVE-2024-47373.json index 0998db6f..d0c6d5b3 100644 --- a/data/anchore/2024/CVE-2024-47373.json +++ b/data/anchore/2024/CVE-2024-47373.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/329a140f-94e0-4e2e-8030-c091ad8ac65a?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47376.json b/data/anchore/2024/CVE-2024-47376.json index ee677c0c..742441a9 100644 --- a/data/anchore/2024/CVE-2024-47376.json +++ b/data/anchore/2024/CVE-2024-47376.json @@ -37,6 +37,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/76b4e3d1-170c-4fe0-8e84-246b973d48b1?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47377.json b/data/anchore/2024/CVE-2024-47377.json index c83376e5..d94165f6 100644 --- a/data/anchore/2024/CVE-2024-47377.json +++ b/data/anchore/2024/CVE-2024-47377.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ac8a06f5-4560-401c-b762-5422b624ba84?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47378.json b/data/anchore/2024/CVE-2024-47378.json index 4c0ce2f2..efcb4ada 100644 --- a/data/anchore/2024/CVE-2024-47378.json +++ b/data/anchore/2024/CVE-2024-47378.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7769f3d4-041d-445f-a5fc-d5bc9e45ed58?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47379.json b/data/anchore/2024/CVE-2024-47379.json index a6276fae..4597f87d 100644 --- a/data/anchore/2024/CVE-2024-47379.json +++ b/data/anchore/2024/CVE-2024-47379.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b7ea6312-2703-47d1-909e-8c5fd05d9929?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47380.json b/data/anchore/2024/CVE-2024-47380.json index dd95c7fc..387f45b2 100644 --- a/data/anchore/2024/CVE-2024-47380.json +++ b/data/anchore/2024/CVE-2024-47380.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/919f02ab-a336-46c9-9ce7-f94acac29145?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47381.json b/data/anchore/2024/CVE-2024-47381.json index a0c8660f..749ba2d7 100644 --- a/data/anchore/2024/CVE-2024-47381.json +++ b/data/anchore/2024/CVE-2024-47381.json @@ -37,6 +37,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/59e60d00-985e-4152-a3d8-d2ba8075fab8?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47382.json b/data/anchore/2024/CVE-2024-47382.json index fcb9bfd2..0b730458 100644 --- a/data/anchore/2024/CVE-2024-47382.json +++ b/data/anchore/2024/CVE-2024-47382.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b9d39796-ad51-4b52-af8a-f3334e6ca68d?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47385.json b/data/anchore/2024/CVE-2024-47385.json index be919599..574b766b 100644 --- a/data/anchore/2024/CVE-2024-47385.json +++ b/data/anchore/2024/CVE-2024-47385.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3111d016-e414-44df-925a-84010316c4ff?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47386.json b/data/anchore/2024/CVE-2024-47386.json index 4bb47324..77025f22 100644 --- a/data/anchore/2024/CVE-2024-47386.json +++ b/data/anchore/2024/CVE-2024-47386.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7809697d-367a-4051-9865-440ba8ce7ad5?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47389.json b/data/anchore/2024/CVE-2024-47389.json index 5eaf9b41..501720b3 100644 --- a/data/anchore/2024/CVE-2024-47389.json +++ b/data/anchore/2024/CVE-2024-47389.json @@ -37,6 +37,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/75f98731-f5a1-46aa-bf00-3b119a3b917e?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47390.json b/data/anchore/2024/CVE-2024-47390.json index c1a223aa..99d67c6c 100644 --- a/data/anchore/2024/CVE-2024-47390.json +++ b/data/anchore/2024/CVE-2024-47390.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5b624e9b-d21e-43d2-83ad-7760ed63a75c?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47391.json b/data/anchore/2024/CVE-2024-47391.json index 8db7fead..22da53e1 100644 --- a/data/anchore/2024/CVE-2024-47391.json +++ b/data/anchore/2024/CVE-2024-47391.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/60564e6b-9eea-4bba-b9b9-391a0f37cc95?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47392.json b/data/anchore/2024/CVE-2024-47392.json index af9c2626..fb1dd1b3 100644 --- a/data/anchore/2024/CVE-2024-47392.json +++ b/data/anchore/2024/CVE-2024-47392.json @@ -37,6 +37,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dde2edc7-74dd-4763-b83b-97cfeb2b764c?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47394.json b/data/anchore/2024/CVE-2024-47394.json index 6459dbdb..b3c87349 100644 --- a/data/anchore/2024/CVE-2024-47394.json +++ b/data/anchore/2024/CVE-2024-47394.json @@ -17,6 +17,8 @@ "cpes": [ "cpe:2.3:a:eyecix:jobsearch_wp_job_board:*:*:*:*:*:wordpress:*:*" ], + "packageName": "wp-jobsearch", + "packageType": "wordpress-plugin", "product": "JobSearch", "vendor": "eyecix", "versions": [ @@ -32,6 +34,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aae6058c-1a0c-48dd-9aca-9a44f06d27e5?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47621.json b/data/anchore/2024/CVE-2024-47621.json index 210dbfd9..69c511b3 100644 --- a/data/anchore/2024/CVE-2024-47621.json +++ b/data/anchore/2024/CVE-2024-47621.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/deac4e1d-edeb-4d66-a152-6dca84e60b68?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47624.json b/data/anchore/2024/CVE-2024-47624.json index becbd296..3b7de704 100644 --- a/data/anchore/2024/CVE-2024-47624.json +++ b/data/anchore/2024/CVE-2024-47624.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d4ce8ce-2630-4f8b-9438-38c6b7b0caa9?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47625.json b/data/anchore/2024/CVE-2024-47625.json index 6ac6411c..aaf07a90 100644 --- a/data/anchore/2024/CVE-2024-47625.json +++ b/data/anchore/2024/CVE-2024-47625.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a1cec715-d19b-48b4-a924-5fb3f9a269ee?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47628.json b/data/anchore/2024/CVE-2024-47628.json index b29a29b7..69860e9b 100644 --- a/data/anchore/2024/CVE-2024-47628.json +++ b/data/anchore/2024/CVE-2024-47628.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a7967b44-a3a1-48e5-a873-527348e2a88a?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47629.json b/data/anchore/2024/CVE-2024-47629.json index 898bad08..a837552c 100644 --- a/data/anchore/2024/CVE-2024-47629.json +++ b/data/anchore/2024/CVE-2024-47629.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7891b657-a6bc-40e8-bf43-02b4c05d63a9?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47632.json b/data/anchore/2024/CVE-2024-47632.json index 539775ce..3afd246b 100644 --- a/data/anchore/2024/CVE-2024-47632.json +++ b/data/anchore/2024/CVE-2024-47632.json @@ -37,6 +37,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f0294c2-40ac-48aa-8377-e724e9cfc6c9?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47633.json b/data/anchore/2024/CVE-2024-47633.json index f75131c2..f2532361 100644 --- a/data/anchore/2024/CVE-2024-47633.json +++ b/data/anchore/2024/CVE-2024-47633.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8603d4cd-5e01-4a68-b127-8c99609e0413?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47636.json b/data/anchore/2024/CVE-2024-47636.json new file mode 100644 index 00000000..cb6ef2fe --- /dev/null +++ b/data/anchore/2024/CVE-2024-47636.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-47636", + "description": "Deserialization of Untrusted Data vulnerability in Eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.9.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-wp-jobsearch-plugin-2-5-9-php-object-injection-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 2.6.1 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:eyecix:jobsearch_wp_job_board:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-jobsearch", + "packageType": "wordpress-plugin", + "product": "JobSearch", + "vendor": "Eyecix", + "versions": [ + { + "lessThan": "2.6.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b550a140-0bdc-4840-806a-3eaceee7e42f?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47638.json b/data/anchore/2024/CVE-2024-47638.json index db3517d7..1397b5ee 100644 --- a/data/anchore/2024/CVE-2024-47638.json +++ b/data/anchore/2024/CVE-2024-47638.json @@ -34,6 +34,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d8f7d1c3-50eb-44ef-a832-a0230ff1406f?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47642.json b/data/anchore/2024/CVE-2024-47642.json index af83b582..5fb67fab 100644 --- a/data/anchore/2024/CVE-2024-47642.json +++ b/data/anchore/2024/CVE-2024-47642.json @@ -33,6 +33,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a6cee2c1-cdfb-419a-8900-bc9d921d610e?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47647.json b/data/anchore/2024/CVE-2024-47647.json index 24f8ad20..137af0c8 100644 --- a/data/anchore/2024/CVE-2024-47647.json +++ b/data/anchore/2024/CVE-2024-47647.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/66293047-1d1d-434f-bde6-130197fa93ca?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47648.json b/data/anchore/2024/CVE-2024-47648.json new file mode 100644 index 00000000..9a3ac32e --- /dev/null +++ b/data/anchore/2024/CVE-2024-47648.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-47648", + "description": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in EventPrime Events EventPrime.This issue affects EventPrime: from n/a through 4.0.4.5.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-4-0-4-5-open-redirection-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 4.0.4.6 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:metagauss:eventprime:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "eventprime-event-calendar-management", + "packageType": "wordpress-plugin", + "product": "EventPrime", + "repo": "https://plugins.svn.wordpress.org/eventprime-event-calendar-management", + "vendor": "EventPrime Events", + "versions": [ + { + "lessThan": "4.0.4.6", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/35c7c089-6517-419e-8ba3-e6c2692fe1ae?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47650.json b/data/anchore/2024/CVE-2024-47650.json index f5a88101..3aea68cd 100644 --- a/data/anchore/2024/CVE-2024-47650.json +++ b/data/anchore/2024/CVE-2024-47650.json @@ -22,7 +22,7 @@ "vendor": "Axton", "versions": [ { - "lessThanOrEqual": "1.3.1", + "lessThan": "1.3.2", "status": "affected", "version": "0", "versionType": "custom" @@ -33,6 +33,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2bffed25-d7f0-40de-a55d-42653aff0673?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47867.json b/data/anchore/2024/CVE-2024-47867.json new file mode 100644 index 00000000..c8816678 --- /dev/null +++ b/data/anchore/2024/CVE-2024-47867.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-47867", + "description": "Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **lack of integrity check** on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is downloaded, they could modify the binary without detection, as the Gradio server does not verify the file's checksum or signature. Any users utilizing the Gradio server's sharing mechanism that downloads the FRP client could be affected by this vulnerability, especially those relying on the executable binary for secure data tunneling. There is no direct workaround for this issue without upgrading. However, users can manually validate the integrity of the downloaded FRP client by implementing checksum or signature verification in their own environment to ensure the binary hasn't been tampered with.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/gradio-app/gradio/security/advisories/GHSA-8c87-gvhj-xm8m" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*" + ], + "packageName": "gradio", + "packageType": "python", + "product": "gradio", + "repo": "https://github.com/gradio-app/gradio", + "vendor": "gradio-app", + "versions": [ + { + "lessThan": "5.0", + "status": "affected", + "version": "0", + "versionType": "python" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47868.json b/data/anchore/2024/CVE-2024-47868.json new file mode 100644 index 00000000..f39f3a00 --- /dev/null +++ b/data/anchore/2024/CVE-2024-47868.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-47868", + "description": "Gradio is an open-source Python package designed for quick prototyping. This is a **data validation vulnerability** affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected input constraints. This issue could lead to sensitive files being exposed to unauthorized users, especially when combined with other vulnerabilities, such as issue TOB-GRADIO-15. The components most at risk are those that return or handle file data. Vulnerable Components: 1. **String to FileData:** DownloadButton, Audio, ImageEditor, Video, Model3D, File, UploadButton. 2. **Complex data to FileData:** Chatbot, MultimodalTextbox. 3. **Direct file read in preprocess:** Code. 4. **Dictionary converted to FileData:** ParamViewer, Dataset. Exploit Scenarios: 1. A developer creates a Dropdown list that passes values to a DownloadButton. An attacker bypasses the allowed inputs, sends an arbitrary file path (like `/etc/passwd`), and downloads sensitive files. 2. An attacker crafts a malicious payload in a ParamViewer component, leaking sensitive files from a server through the arbitrary file leak. This issue has been resolved in `gradio>5.0`. Upgrading to the latest version will mitigate this vulnerability. There are no known workarounds for this vulnerability.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/gradio-app/gradio/security/advisories/GHSA-4q3c-cj7g-jcwf" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*" + ], + "packageName": "gradio", + "packageType": "python", + "product": "gradio", + "repo": "https://github.com/gradio-app/gradio", + "vendor": "gradio-app", + "versions": [ + { + "lessThan": "5.0", + "status": "affected", + "version": "0", + "versionType": "python" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47869.json b/data/anchore/2024/CVE-2024-47869.json new file mode 100644 index 00000000..9bef93d7 --- /dev/null +++ b/data/anchore/2024/CVE-2024-47869.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-47869", + "description": "Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **timing attack** in the way Gradio compares hashes for the `analytics_dashboard` function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response time of different requests to infer the correct hash byte-by-byte. This can lead to unauthorized access to the analytics dashboard, especially if the attacker can repeatedly query the system with different keys. Users are advised to upgrade to `gradio>4.44` to mitigate this issue. To mitigate the risk before applying the patch, developers can manually patch the `analytics_dashboard` dashboard to use a **constant-time comparison** function for comparing sensitive values, such as hashes. Alternatively, access to the analytics dashboard can be disabled.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/gradio-app/gradio/security/advisories/GHSA-j757-pf57-f8r4" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*" + ], + "packageName": "gradio", + "packageType": "python", + "product": "gradio", + "repo": "https://github.com/gradio-app/gradio", + "vendor": "gradio-app", + "versions": [ + { + "lessThan": "4.44", + "status": "affected", + "version": "0", + "versionType": "python" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47870.json b/data/anchore/2024/CVE-2024-47870.json new file mode 100644 index 00000000..6f1f266f --- /dev/null +++ b/data/anchore/2024/CVE-2024-47870.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-47870", + "description": "Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition** in the `update_root_in_config` function, allowing an attacker to modify the `root` URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker can redirect user traffic to a malicious server. This could lead to the interception of sensitive data such as authentication credentials or uploaded files. This impacts all users who connect to a Gradio server, especially those exposed to the internet, where malicious actors could exploit this race condition. Users are advised to upgrade to `gradio>=5` to address this issue. There are no known workarounds for this issue.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/gradio-app/gradio/security/advisories/GHSA-xh2x-3mrm-fwqm" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*" + ], + "packageName": "gradio", + "packageType": "python", + "product": "gradio", + "repo": "https://github.com/gradio-app/gradio", + "vendor": "gradio-app", + "versions": [ + { + "lessThan": "5.0.0", + "status": "affected", + "version": "0", + "versionType": "python" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47871.json b/data/anchore/2024/CVE-2024-47871.json new file mode 100644 index 00000000..5ffb132e --- /dev/null +++ b/data/anchore/2024/CVE-2024-47871.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-47871", + "description": "Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the FRP (Fast Reverse Proxy) client and server when Gradio's `share=True` option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and read files uploaded to the Gradio server, as well as modify responses or data sent between the client and server. This impacts users who are sharing Gradio demos publicly over the internet using `share=True` without proper encryption, exposing sensitive data to potential eavesdroppers. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can avoid using `share=True` in production environments and instead host their Gradio applications on servers with HTTPS enabled to ensure secure communication.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/gradio-app/gradio/security/advisories/GHSA-279j-x4gx-hfrh" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*" + ], + "packageName": "gradio", + "packageType": "python", + "product": "gradio", + "repo": "https://github.com/gradio-app/gradio", + "vendor": "gradio-app", + "versions": [ + { + "lessThan": "5.0.0", + "status": "affected", + "version": "0", + "versionType": "python" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47872.json b/data/anchore/2024/CVE-2024-47872.json new file mode 100644 index 00000000..63f14c0f --- /dev/null +++ b/data/anchore/2024/CVE-2024-47872.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-47872", + "description": "Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **Cross-Site Scripting (XSS)** on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users download or view these files, the scripts will execute in their browser, allowing attackers to perform unauthorized actions or steal sensitive information from their sessions. This impacts any Gradio server that allows file uploads, particularly those using components that process or display user-uploaded files. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can restrict the types of files that can be uploaded to the Gradio server by limiting uploads to non-executable file types such as images or text. Additionally, developers can implement server-side validation to sanitize uploaded files, ensuring that HTML, JavaScript, and SVG files are properly handled or rejected before being stored or displayed to users.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/gradio-app/gradio/security/advisories/GHSA-gvv6-33j7-884g" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*" + ], + "packageName": "gradio", + "packageType": "python", + "product": "gradio", + "repo": "https://github.com/gradio-app/gradio", + "vendor": "gradio-app", + "versions": [ + { + "lessThan": "5.0", + "status": "affected", + "version": "0", + "versionType": "python" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47962.json b/data/anchore/2024/CVE-2024-47962.json new file mode 100644 index 00000000..39b1455c --- /dev/null +++ b/data/anchore/2024/CVE-2024-47962.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "icscert", + "cveId": "CVE-2024-47962", + "description": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21" + ], + "solutions": [ + "Delta Electronics recommends users update to CNCSoft-G2 v2.1.0.16 https://downloadcenter.deltaww.com/en-US/DownloadCenter  or later." + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:deltaww:cncsoft-g2:*:*:*:*:*:*:*:*" + ], + "product": "CNCSoft-G2", + "vendor": "Delta Electronics", + "versions": [ + { + "lessThan": "2.1.0.16", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47963.json b/data/anchore/2024/CVE-2024-47963.json new file mode 100644 index 00000000..ce21d1e8 --- /dev/null +++ b/data/anchore/2024/CVE-2024-47963.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "icscert", + "cveId": "CVE-2024-47963", + "description": "Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21" + ], + "solutions": [ + "Delta Electronics recommends users update to CNCSoft-G2 v2.1.0.16 https://downloadcenter.deltaww.com/en-US/DownloadCenter  or later." + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:deltaww:cncsoft-g2:*:*:*:*:*:*:*:*" + ], + "product": "CNCSoft-G2", + "vendor": "Delta Electronics", + "versions": [ + { + "lessThan": "2.1.0.16", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47964.json b/data/anchore/2024/CVE-2024-47964.json new file mode 100644 index 00000000..f44c3686 --- /dev/null +++ b/data/anchore/2024/CVE-2024-47964.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "icscert", + "cveId": "CVE-2024-47964", + "description": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21" + ], + "solutions": [ + "Delta Electronics recommends users update to CNCSoft-G2 v2.1.0.16 https://downloadcenter.deltaww.com/en-US/DownloadCenter  or later." + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:deltaww:cncsoft-g2:*:*:*:*:*:*:*:*" + ], + "product": "CNCSoft-G2", + "vendor": "Delta Electronics", + "versions": [ + { + "lessThan": "2.1.0.16", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47965.json b/data/anchore/2024/CVE-2024-47965.json new file mode 100644 index 00000000..ac0d429e --- /dev/null +++ b/data/anchore/2024/CVE-2024-47965.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "icscert", + "cveId": "CVE-2024-47965", + "description": "Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21" + ], + "solutions": [ + "Delta Electronics recommends users update to CNCSoft-G2 v2.1.0.16 https://downloadcenter.deltaww.com/en-US/DownloadCenter  or later." + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:deltaww:cncsoft-g2:*:*:*:*:*:*:*:*" + ], + "product": "CNCSoft-G2", + "vendor": "Delta Electronics", + "versions": [ + { + "lessThan": "2.1.0.16", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47966.json b/data/anchore/2024/CVE-2024-47966.json new file mode 100644 index 00000000..3f307cf8 --- /dev/null +++ b/data/anchore/2024/CVE-2024-47966.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "icscert", + "cveId": "CVE-2024-47966", + "description": "Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21" + ], + "solutions": [ + "Delta Electronics recommends users update to CNCSoft-G2 v2.1.0.16 https://downloadcenter.deltaww.com/en-US/DownloadCenter  or later." + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:deltaww:cncsoft-g2:*:*:*:*:*:*:*:*" + ], + "product": "CNCSoft-G2", + "vendor": "Delta Electronics", + "versions": [ + { + "lessThan": "2.1.0.16", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-48902.json b/data/anchore/2024/CVE-2024-48902.json new file mode 100644 index 00000000..6f1bcefe --- /dev/null +++ b/data/anchore/2024/CVE-2024-48902.json @@ -0,0 +1,34 @@ +{ + "additionalMetadata": { + "cna": "jetbrains", + "cveId": "CVE-2024-48902", + "description": "In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://www.jetbrains.com/privacy-security/issues-fixed/" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*" + ], + "product": "YouTrack", + "vendor": "JetBrains", + "versions": [ + { + "lessThan": "2024.3.46677", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-6530.json b/data/anchore/2024/CVE-2024-6530.json new file mode 100644 index 00000000..9ed9a484 --- /dev/null +++ b/data/anchore/2024/CVE-2024-6530.json @@ -0,0 +1,51 @@ +{ + "additionalMetadata": { + "cna": "gitlab", + "cveId": "CVE-2024-6530", + "description": "A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 17.1 prior 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2. When adding a authorizing an application, it can be made to render as HTML under specific circumstances.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://gitlab.com/gitlab-org/gitlab/-/issues/471049", + "https://hackerone.com/reports/2567533" + ], + "solutions": [ + "Upgrade to versions 17.4.2, 17.3.5, 17.2.9 or above." + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" + ], + "product": "GitLab", + "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", + "vendor": "GitLab", + "versions": [ + { + "lessThan": "17.2.9", + "status": "affected", + "version": "17.1", + "versionType": "semver" + }, + { + "lessThan": "17.3.5", + "status": "affected", + "version": "17.3", + "versionType": "semver" + }, + { + "lessThan": "17.4.2", + "status": "affected", + "version": "17.4", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-8477.json b/data/anchore/2024/CVE-2024-8477.json new file mode 100644 index 00000000..fba6932c --- /dev/null +++ b/data/anchore/2024/CVE-2024-8477.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-8477", + "description": "The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.87. This is due to missing or incorrect nonce validation on the Init() function. This makes it possible for unauthenticated attackers to log out of a Brevo connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/changeset/3165451/mailin/tags/3.1.88/page/page-home.php", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/e070b422-9036-4362-832b-43fd4838f394?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:sendinblue:newsletter\\,_smtp\\,_email_marketing_and_subscribe:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "mailin", + "packageType": "wordpress-plugin", + "product": "Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)", + "vendor": "neeraj_slit", + "versions": [ + { + "lessThan": "3.1.88", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-8977.json b/data/anchore/2024/CVE-2024-8977.json new file mode 100644 index 00000000..20e7bdf3 --- /dev/null +++ b/data/anchore/2024/CVE-2024-8977.json @@ -0,0 +1,50 @@ +{ + "additionalMetadata": { + "cna": "gitlab", + "cveId": "CVE-2024-8977", + "description": "An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://gitlab.com/gitlab-org/gitlab/-/issues/491060", + "https://hackerone.com/reports/2697456" + ], + "solutions": [ + "Upgrade to versions 17.2.9, 17.3.5, 17.4.2 or above." + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" + ], + "product": "GitLab Enterprise", + "vendor": "GitLab", + "versions": [ + { + "lessThan": "17.2.9", + "status": "affected", + "version": "15.10", + "versionType": "semver" + }, + { + "lessThan": "17.3.5", + "status": "affected", + "version": "17.3", + "versionType": "semver" + }, + { + "lessThan": "17.4.2", + "status": "affected", + "version": "17.4", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-8987.json b/data/anchore/2024/CVE-2024-8987.json new file mode 100644 index 00000000..b8c6a6a5 --- /dev/null +++ b/data/anchore/2024/CVE-2024-8987.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-8987", + "description": "The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youzify_media shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/youzify/tags/1.3.0/includes/public/core/functions/general/youzify-profile-functions.php#L910", + "https://wordpress.org/plugins/youzify/#developers", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/19c463d1-41fa-4386-b755-a14d1e68c5bd?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:kainelabs:youzify:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "youzify", + "packageType": "wordpress-plugin", + "product": "Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress", + "vendor": "youzify", + "versions": [ + { + "lessThanOrEqual": "1.3.0", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9065.json b/data/anchore/2024/CVE-2024-9065.json new file mode 100644 index 00000000..9c85f0a7 --- /dev/null +++ b/data/anchore/2024/CVE-2024-9065.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-9065", + "description": "The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whp_smtp_send_mail_test' function in all versions up to, and including, 4.6.1. This makes it possible for unauthenticated attackers to send emails containing any content and originating from the vulnerable WordPress instance to any recipient.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/wp-helper-lite/trunk/functions/class.wps-frontend-setup-function.php#L55", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f3c6d98-6f30-4a98-91c9-e77c1f960527?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:matbao:wp_helper_premium:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-helper-lite", + "packageType": "wordpress-plugin", + "product": "WP Helper Premium", + "vendor": "matbao", + "versions": [ + { + "lessThanOrEqual": "4.6.1", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9067.json b/data/anchore/2024/CVE-2024-9067.json new file mode 100644 index 00000000..194921f9 --- /dev/null +++ b/data/anchore/2024/CVE-2024-9067.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-9067", + "description": "The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'delete_attachment' function in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary attachments.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/youzify/trunk/includes/public/core/class-youzify-attachments.php#L1183", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/e099d8e2-6305-43fc-8807-a37791deb2ff?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:kainelabs:youzify:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "youzify", + "packageType": "wordpress-plugin", + "product": "Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress", + "vendor": "youzify", + "versions": [ + { + "lessThanOrEqual": "1.3.0", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9156.json b/data/anchore/2024/CVE-2024-9156.json new file mode 100644 index 00000000..eaea250e --- /dev/null +++ b/data/anchore/2024/CVE-2024-9156.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "wpscan", + "cveId": "CVE-2024-9156", + "description": "The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://wpscan.com/vulnerability/e95974f9-1f68-4181-89b0-3559d61cfa93/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:templateinvaders:ti_woocommerce_wishlist:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "ti-woocommerce-wishlist", + "packageType": "wordpress-plugin", + "product": "TI WooCommerce Wishlist", + "versions": [ + { + "lessThanOrEqual": "2.8.2", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9180.json b/data/anchore/2024/CVE-2024-9180.json new file mode 100644 index 00000000..4dea51ab --- /dev/null +++ b/data/anchore/2024/CVE-2024-9180.json @@ -0,0 +1,67 @@ +{ + "additionalMetadata": { + "cna": "hashicorp", + "cveId": "CVE-2024-9180", + "description": "A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pkg.go.dev", + "cpes": [ + "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:go:*:*" + ], + "packageName": "github.com/hashicorp/vault", + "packageType": "go-module", + "product": "Vault", + "repo": "https://github.com/hashicorp/vault", + "vendor": "HashiCorp", + "versions": [ + { + "lessThan": "1.18.0", + "status": "affected", + "version": "1.7.7", + "versionType": "semver" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:go:*:*", + "cpe:2.3:a:hashicorp:vault_enterprise:*:*:*:*:*:go:*:*" + ], + "packageType": "go-module", + "product": "Vault Enterprise", + "vendor": "HashiCorp", + "versions": [ + { + "lessThan": "1.17.7", + "status": "affected", + "version": "1.17", + "versionType": "semver" + }, + { + "lessThan": "1.16.11", + "status": "affected", + "version": "1.16", + "versionType": "semver" + }, + { + "lessThan": "1.15.16", + "status": "affected", + "version": "1.7.7", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9377.json b/data/anchore/2024/CVE-2024-9377.json new file mode 100644 index 00000000..6eac685e --- /dev/null +++ b/data/anchore/2024/CVE-2024-9377.json @@ -0,0 +1,40 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-9377", + "description": "The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.15. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/export-woocommerce/tags/2.0.15/includes/class-alg-wc-export-core.php#L216", + "https://plugins.trac.wordpress.org/browser/export-woocommerce/tags/2.0.15/includes/class-alg-wc-export-core.php#L220", + "https://plugins.trac.wordpress.org/changeset/3164996/", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/67d2e1c7-dbd3-4195-8bdb-3b85b25bfa52?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpfactory:products\\,_order_\\&_customers_export_for_woocommerce:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "export-woocommerce", + "packageType": "wordpress-plugin", + "product": "Products, Order & Customers Export for WooCommerce", + "vendor": "omardabbas", + "versions": [ + { + "lessThan": "2.1.0", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9487.json b/data/anchore/2024/CVE-2024-9487.json new file mode 100644 index 00000000..68056896 --- /dev/null +++ b/data/anchore/2024/CVE-2024-9487.json @@ -0,0 +1,56 @@ +{ + "additionalMetadata": { + "cna": "github_p", + "cveId": "CVE-2024-9487", + "description": "An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be enabled, and the attacker would require direct network access as well as a signed SAML response or metadata document. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.15 and was fixed in versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2. This vulnerability was reported via the GitHub Bug Bounty program.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.16", + "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.10", + "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.5", + "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.2" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", + "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*" + ], + "product": "Enterprise Server", + "vendor": "GitHub", + "versions": [ + { + "lessThan": "3.11.16", + "status": "affected", + "version": "3.11.0", + "versionType": "semver" + }, + { + "lessThan": "3.12.10", + "status": "affected", + "version": "3.12.0", + "versionType": "semver" + }, + { + "lessThan": "3.13.5", + "status": "affected", + "version": "3.13.0", + "versionType": "semver" + }, + { + "lessThan": "3.14.2", + "status": "affected", + "version": "3.14.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9518.json b/data/anchore/2024/CVE-2024-9518.json new file mode 100644 index 00000000..bce81bf2 --- /dev/null +++ b/data/anchore/2024/CVE-2024-9518.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-9518", + "description": "The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/userplus/trunk/functions/user-functions.php?rev=1604604#L47", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/2489e649-27f7-4ca0-8655-0957016fa89a?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpuserplus:userplus:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "userplus", + "packageType": "wordpress-plugin", + "product": "User registration & user profile – UserPlus", + "vendor": "userplus", + "versions": [ + { + "lessThanOrEqual": "2.0", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9519.json b/data/anchore/2024/CVE-2024-9519.json new file mode 100644 index 00000000..30590925 --- /dev/null +++ b/data/anchore/2024/CVE-2024-9519.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-9519", + "description": "The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update the registration form role to administrator, which leads to privilege escalation.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/userplus/trunk/admin/admin-post-metaboxes.php?rev=1627771#L62", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/1148b18d-7af1-41c6-bd7f-1b2d53cb44e6?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpuserplus:userplus:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "userplus", + "packageType": "wordpress-plugin", + "product": "User registration & user profile – UserPlus", + "vendor": "userplus", + "versions": [ + { + "lessThanOrEqual": "2.0", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9520.json b/data/anchore/2024/CVE-2024-9520.json new file mode 100644 index 00000000..d0550ffe --- /dev/null +++ b/data/anchore/2024/CVE-2024-9520.json @@ -0,0 +1,40 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-9520", + "description": "The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. This makes it possible for authenticated attackers with subscriber-level permissions or above, to add, modify, or delete user meta and plugin options.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/userplus/trunk/admin/admin-ajax.php?rev=1627771#L186", + "https://plugins.trac.wordpress.org/browser/userplus/trunk/admin/admin-ajax.php?rev=1627771#L216", + "https://plugins.trac.wordpress.org/browser/userplus/trunk/admin/admin-ajax.php?rev=1627771#L225", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/e64e41a1-ea8e-41b4-911c-672caf0d2df1?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpuserplus:userplus:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "userplus", + "packageType": "wordpress-plugin", + "product": "User registration & user profile – UserPlus", + "vendor": "userplus", + "versions": [ + { + "lessThanOrEqual": "2.0", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9596.json b/data/anchore/2024/CVE-2024-9596.json new file mode 100644 index 00000000..5f2402f6 --- /dev/null +++ b/data/anchore/2024/CVE-2024-9596.json @@ -0,0 +1,49 @@ +{ + "additionalMetadata": { + "cna": "gitlab", + "cveId": "CVE-2024-9596", + "description": "An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. It was possible for an unauthenticated attacker to determine the GitLab version number for a GitLab instance.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://gitlab.com/gitlab-org/gitlab/-/issues/493355" + ], + "solutions": [ + "Upgrade to version 17.2.9, 17.3.5 or 17.4.2" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" + ], + "product": "GitLab Enterprise", + "vendor": "GitLab", + "versions": [ + { + "lessThan": "17.2.9", + "status": "affected", + "version": "16.6", + "versionType": "semver" + }, + { + "lessThan": "17.3.5", + "status": "affected", + "version": "17.3", + "versionType": "semver" + }, + { + "lessThan": "17.4.2", + "status": "affected", + "version": "17.4", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9623.json b/data/anchore/2024/CVE-2024-9623.json new file mode 100644 index 00000000..b6d14b5e --- /dev/null +++ b/data/anchore/2024/CVE-2024-9623.json @@ -0,0 +1,50 @@ +{ + "additionalMetadata": { + "cna": "gitlab", + "cveId": "CVE-2024-9623", + "description": "An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://gitlab.com/gitlab-org/gitlab/-/issues/459995" + ], + "solutions": [ + "Upgrade to versions 17.2.9, 17.3.5, 17.4.2 or above." + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" + ], + "product": "GitLab", + "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", + "vendor": "GitLab", + "versions": [ + { + "lessThan": "17.2.9", + "status": "affected", + "version": "8.16", + "versionType": "semver" + }, + { + "lessThan": "17.3.5", + "status": "affected", + "version": "17.3", + "versionType": "semver" + }, + { + "lessThan": "17.4.2", + "status": "affected", + "version": "17.4", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9780.json b/data/anchore/2024/CVE-2024-9780.json new file mode 100644 index 00000000..f74af240 --- /dev/null +++ b/data/anchore/2024/CVE-2024-9780.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "gitlab", + "cveId": "CVE-2024-9780", + "description": "ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://gitlab.com/wireshark/wireshark/-/issues/20026", + "https://www.wireshark.org/security/wnpa-sec-2024-12.html" + ], + "solutions": [ + "Upgrade to version 4.4.1 or above." + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*" + ], + "product": "Wireshark", + "vendor": "Wireshark Foundation", + "versions": [ + { + "lessThan": "4.4.1", + "status": "affected", + "version": "4.4.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9781.json b/data/anchore/2024/CVE-2024-9781.json new file mode 100644 index 00000000..44debbbd --- /dev/null +++ b/data/anchore/2024/CVE-2024-9781.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "gitlab", + "cveId": "CVE-2024-9781", + "description": "AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://gitlab.com/wireshark/wireshark/-/issues/20114", + "https://www.wireshark.org/security/wnpa-sec-2024-13.html" + ], + "solutions": [ + "Upgrade to version 4.4.1, 4.2.8 or above." + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*" + ], + "product": "Wireshark", + "vendor": "Wireshark Foundation", + "versions": [ + { + "lessThan": "4.4.1", + "status": "affected", + "version": "4.4.0", + "versionType": "semver" + }, + { + "lessThan": "4.2.8", + "status": "affected", + "version": "4.2.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9796.json b/data/anchore/2024/CVE-2024-9796.json new file mode 100644 index 00000000..74c041d9 --- /dev/null +++ b/data/anchore/2024/CVE-2024-9796.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "wpscan", + "cveId": "CVE-2024-9796", + "description": "The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://wpscan.com/vulnerability/2ddd6839-6bcb-4bb8-97e0-1516b8c2b99b/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wp-advanced-search_project:wp-advanced-search:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-advanced-search", + "packageType": "wordpress-plugin", + "product": "WP-Advanced-Search", + "repo": "https://plugins.svn.wordpress.org/wp-advanced-search", + "vendor": "Mathieu Chartier", + "versions": [ + { + "lessThan": "3.3.9.2", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file