From ef84cdd0f1febbc8ce095036eadb1c331fac9152 Mon Sep 17 00:00:00 2001 From: Weston Steimel Date: Fri, 17 May 2024 16:21:51 +0100 Subject: [PATCH] migrate apache records Signed-off-by: Weston Steimel --- data/anchore/2021/CVE-2021-28656.json | 36 ++++++++++++++++ data/anchore/2022/CVE-2022-34321.json | 55 ++++++++++++++++++++++++ data/anchore/2022/CVE-2022-47894.json | 37 ++++++++++++++++ data/anchore/2023/CVE-2023-35701.json | 36 ++++++++++++++++ data/anchore/2023/CVE-2023-38709.json | 38 +++++++++++++++++ data/anchore/2023/CVE-2023-41313.json | 34 +++++++++++++++ data/anchore/2023/CVE-2023-49109.json | 39 +++++++++++++++++ data/anchore/2023/CVE-2023-49250.json | 37 ++++++++++++++++ data/anchore/2023/CVE-2023-50270.json | 38 +++++++++++++++++ data/anchore/2023/CVE-2023-50378.json | 36 ++++++++++++++++ data/anchore/2023/CVE-2023-50379.json | 36 ++++++++++++++++ data/anchore/2023/CVE-2023-50380.json | 36 ++++++++++++++++ data/anchore/2023/CVE-2023-50740.json | 36 ++++++++++++++++ data/anchore/2023/CVE-2023-51518.json | 42 ++++++++++++++++++ data/anchore/2023/CVE-2023-51747.json | 45 ++++++++++++++++++++ data/anchore/2023/CVE-2023-51770.json | 38 +++++++++++++++++ data/anchore/2024/CVE-2024-21742.json | 36 ++++++++++++++++ data/anchore/2024/CVE-2024-22369.json | 53 +++++++++++++++++++++++ data/anchore/2024/CVE-2024-22371.json | 54 ++++++++++++++++++++++++ data/anchore/2024/CVE-2024-22393.json | 36 ++++++++++++++++ data/anchore/2024/CVE-2024-23114.json | 53 +++++++++++++++++++++++ data/anchore/2024/CVE-2024-23320.json | 39 +++++++++++++++++ data/anchore/2024/CVE-2024-23349.json | 36 ++++++++++++++++ data/anchore/2024/CVE-2024-23537.json | 35 +++++++++++++++ data/anchore/2024/CVE-2024-23538.json | 35 +++++++++++++++ data/anchore/2024/CVE-2024-23539.json | 35 +++++++++++++++ data/anchore/2024/CVE-2024-23672.json | 55 ++++++++++++++++++++++++ data/anchore/2024/CVE-2024-23807.json | 34 +++++++++++++++ data/anchore/2024/CVE-2024-23944.json | 43 +++++++++++++++++++ data/anchore/2024/CVE-2024-23952.json | 43 +++++++++++++++++++ data/anchore/2024/CVE-2024-24549.json | 55 ++++++++++++++++++++++++ data/anchore/2024/CVE-2024-24683.json | 36 ++++++++++++++++ data/anchore/2024/CVE-2024-24772.json | 42 ++++++++++++++++++ data/anchore/2024/CVE-2024-24773.json | 42 ++++++++++++++++++ data/anchore/2024/CVE-2024-24779.json | 42 ++++++++++++++++++ data/anchore/2024/CVE-2024-24795.json | 38 +++++++++++++++++ data/anchore/2024/CVE-2024-25065.json | 38 +++++++++++++++++ data/anchore/2024/CVE-2024-26016.json | 42 ++++++++++++++++++ data/anchore/2024/CVE-2024-26280.json | 37 ++++++++++++++++ data/anchore/2024/CVE-2024-26307.json | 40 ++++++++++++++++++ data/anchore/2024/CVE-2024-26578.json | 36 ++++++++++++++++ data/anchore/2024/CVE-2024-26579.json | 36 ++++++++++++++++ data/anchore/2024/CVE-2024-26580.json | 36 ++++++++++++++++ data/anchore/2024/CVE-2024-27135.json | 61 +++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-27138.json | 33 +++++++++++++++ data/anchore/2024/CVE-2024-27139.json | 33 +++++++++++++++ data/anchore/2024/CVE-2024-27140.json | 33 +++++++++++++++ data/anchore/2024/CVE-2024-27309.json | 36 ++++++++++++++++ data/anchore/2024/CVE-2024-27315.json | 42 ++++++++++++++++++ data/anchore/2024/CVE-2024-27316.json | 39 +++++++++++++++++ data/anchore/2024/CVE-2024-27317.json | 61 +++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-27347.json | 36 ++++++++++++++++ data/anchore/2024/CVE-2024-27438.json | 34 +++++++++++++++ data/anchore/2024/CVE-2024-27439.json | 43 +++++++++++++++++++ data/anchore/2024/CVE-2024-27894.json | 61 +++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-27906.json | 38 +++++++++++++++++ data/anchore/2024/CVE-2024-28098.json | 61 +++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-28148.json | 35 +++++++++++++++ data/anchore/2024/CVE-2024-28746.json | 37 ++++++++++++++++ data/anchore/2024/CVE-2024-28752.json | 48 +++++++++++++++++++++ data/anchore/2024/CVE-2024-29006.json | 39 +++++++++++++++++ data/anchore/2024/CVE-2024-29007.json | 39 +++++++++++++++++ data/anchore/2024/CVE-2024-29008.json | 39 +++++++++++++++++ data/anchore/2024/CVE-2024-29131.json | 38 +++++++++++++++++ data/anchore/2024/CVE-2024-29133.json | 38 +++++++++++++++++ data/anchore/2024/CVE-2024-29217.json | 36 ++++++++++++++++ data/anchore/2024/CVE-2024-29735.json | 37 ++++++++++++++++ data/anchore/2024/CVE-2024-29834.json | 43 +++++++++++++++++++ data/anchore/2024/CVE-2024-31309.json | 46 ++++++++++++++++++++ data/anchore/2024/CVE-2024-31860.json | 37 ++++++++++++++++ data/anchore/2024/CVE-2024-31861.json | 37 ++++++++++++++++ data/anchore/2024/CVE-2024-31862.json | 37 ++++++++++++++++ data/anchore/2024/CVE-2024-31863.json | 36 ++++++++++++++++ data/anchore/2024/CVE-2024-31864.json | 38 +++++++++++++++++ data/anchore/2024/CVE-2024-31865.json | 37 ++++++++++++++++ data/anchore/2024/CVE-2024-31866.json | 37 ++++++++++++++++ data/anchore/2024/CVE-2024-31867.json | 37 ++++++++++++++++ data/anchore/2024/CVE-2024-31868.json | 37 ++++++++++++++++ data/anchore/2024/CVE-2024-31869.json | 37 ++++++++++++++++ data/anchore/2024/CVE-2024-32077.json | 36 ++++++++++++++++ data/anchore/2024/CVE-2024-32113.json | 36 ++++++++++++++++ data/anchore/2024/CVE-2024-32114.json | 36 ++++++++++++++++ data/anchore/2024/CVE-2024-32638.json | 35 +++++++++++++++ 83 files changed, 3325 insertions(+) create mode 100644 data/anchore/2021/CVE-2021-28656.json create mode 100644 data/anchore/2022/CVE-2022-34321.json create mode 100644 data/anchore/2022/CVE-2022-47894.json create mode 100644 data/anchore/2023/CVE-2023-35701.json create mode 100644 data/anchore/2023/CVE-2023-38709.json create mode 100644 data/anchore/2023/CVE-2023-41313.json create mode 100644 data/anchore/2023/CVE-2023-49109.json create mode 100644 data/anchore/2023/CVE-2023-49250.json create mode 100644 data/anchore/2023/CVE-2023-50270.json create mode 100644 data/anchore/2023/CVE-2023-50378.json create mode 100644 data/anchore/2023/CVE-2023-50379.json create mode 100644 data/anchore/2023/CVE-2023-50380.json create mode 100644 data/anchore/2023/CVE-2023-50740.json create mode 100644 data/anchore/2023/CVE-2023-51518.json create mode 100644 data/anchore/2023/CVE-2023-51747.json create mode 100644 data/anchore/2023/CVE-2023-51770.json create mode 100644 data/anchore/2024/CVE-2024-21742.json create mode 100644 data/anchore/2024/CVE-2024-22369.json create mode 100644 data/anchore/2024/CVE-2024-22371.json create mode 100644 data/anchore/2024/CVE-2024-22393.json create mode 100644 data/anchore/2024/CVE-2024-23114.json create mode 100644 data/anchore/2024/CVE-2024-23320.json create mode 100644 data/anchore/2024/CVE-2024-23349.json create mode 100644 data/anchore/2024/CVE-2024-23537.json create mode 100644 data/anchore/2024/CVE-2024-23538.json create mode 100644 data/anchore/2024/CVE-2024-23539.json create mode 100644 data/anchore/2024/CVE-2024-23672.json create mode 100644 data/anchore/2024/CVE-2024-23807.json create mode 100644 data/anchore/2024/CVE-2024-23944.json create mode 100644 data/anchore/2024/CVE-2024-23952.json create mode 100644 data/anchore/2024/CVE-2024-24549.json create mode 100644 data/anchore/2024/CVE-2024-24683.json create mode 100644 data/anchore/2024/CVE-2024-24772.json create mode 100644 data/anchore/2024/CVE-2024-24773.json create mode 100644 data/anchore/2024/CVE-2024-24779.json create mode 100644 data/anchore/2024/CVE-2024-24795.json create mode 100644 data/anchore/2024/CVE-2024-25065.json create mode 100644 data/anchore/2024/CVE-2024-26016.json create mode 100644 data/anchore/2024/CVE-2024-26280.json create mode 100644 data/anchore/2024/CVE-2024-26307.json create mode 100644 data/anchore/2024/CVE-2024-26578.json create mode 100644 data/anchore/2024/CVE-2024-26579.json create mode 100644 data/anchore/2024/CVE-2024-26580.json create mode 100644 data/anchore/2024/CVE-2024-27135.json create mode 100644 data/anchore/2024/CVE-2024-27138.json create mode 100644 data/anchore/2024/CVE-2024-27139.json create mode 100644 data/anchore/2024/CVE-2024-27140.json create mode 100644 data/anchore/2024/CVE-2024-27309.json create mode 100644 data/anchore/2024/CVE-2024-27315.json create mode 100644 data/anchore/2024/CVE-2024-27316.json create mode 100644 data/anchore/2024/CVE-2024-27317.json create mode 100644 data/anchore/2024/CVE-2024-27347.json create mode 100644 data/anchore/2024/CVE-2024-27438.json create mode 100644 data/anchore/2024/CVE-2024-27439.json create mode 100644 data/anchore/2024/CVE-2024-27894.json create mode 100644 data/anchore/2024/CVE-2024-27906.json create mode 100644 data/anchore/2024/CVE-2024-28098.json create mode 100644 data/anchore/2024/CVE-2024-28148.json create mode 100644 data/anchore/2024/CVE-2024-28746.json create mode 100644 data/anchore/2024/CVE-2024-28752.json create mode 100644 data/anchore/2024/CVE-2024-29006.json create mode 100644 data/anchore/2024/CVE-2024-29007.json create mode 100644 data/anchore/2024/CVE-2024-29008.json create mode 100644 data/anchore/2024/CVE-2024-29131.json create mode 100644 data/anchore/2024/CVE-2024-29133.json create mode 100644 data/anchore/2024/CVE-2024-29217.json create mode 100644 data/anchore/2024/CVE-2024-29735.json create mode 100644 data/anchore/2024/CVE-2024-29834.json create mode 100644 data/anchore/2024/CVE-2024-31309.json create mode 100644 data/anchore/2024/CVE-2024-31860.json create mode 100644 data/anchore/2024/CVE-2024-31861.json create mode 100644 data/anchore/2024/CVE-2024-31862.json create mode 100644 data/anchore/2024/CVE-2024-31863.json create mode 100644 data/anchore/2024/CVE-2024-31864.json create mode 100644 data/anchore/2024/CVE-2024-31865.json create mode 100644 data/anchore/2024/CVE-2024-31866.json create mode 100644 data/anchore/2024/CVE-2024-31867.json create mode 100644 data/anchore/2024/CVE-2024-31868.json create mode 100644 data/anchore/2024/CVE-2024-31869.json create mode 100644 data/anchore/2024/CVE-2024-32077.json create mode 100644 data/anchore/2024/CVE-2024-32113.json create mode 100644 data/anchore/2024/CVE-2024-32114.json create mode 100644 data/anchore/2024/CVE-2024-32638.json diff --git a/data/anchore/2021/CVE-2021-28656.json b/data/anchore/2021/CVE-2021-28656.json new file mode 100644 index 00000000..c61448d7 --- /dev/null +++ b/data/anchore/2021/CVE-2021-28656.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2021-28656", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/04/09/3", + "https://lists.apache.org/thread/dttzkkv4qyn1rq2fdv1r94otb1osxztc" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "packageName": "org.apache.zeppelin:zeppelin-web", + "cpes": [ + "cpe:2.3:a:org.apache.zeppelin:zeppelin-web:*:*:*:*:*:*:*:*" + ], + "product": "Apache Zeppelin", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThanOrEqual": "0.9.0", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2022/CVE-2022-34321.json b/data/anchore/2022/CVE-2022-34321.json new file mode 100644 index 00000000..816233e5 --- /dev/null +++ b/data/anchore/2022/CVE-2022-34321.json @@ -0,0 +1,55 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2022-34321", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://pulsar.apache.org/security/CVE-2022-34321/", + "http://www.openwall.com/lists/oss-security/2024/03/12/8", + "https://lists.apache.org/thread/ods5tq2hpl390hvjnvxv0bcg4rfpgjj8" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "packageName": "org.apache.pulsar:pulsar-proxy", + "cpes": [ + "cpe:2.3:a:org.apache.pulsar:pulsar-proxy:*:*:*:*:*:*:*:*" + ], + "product": "Apache Pulsar", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "2.10.6", + "status": "affected", + "version": "2.6.0", + "versionType": "semver" + }, + { + "lessThan": "2.11.3", + "status": "affected", + "version": "2.11.0", + "versionType": "semver" + }, + { + "lessThan": "3.0.2", + "status": "affected", + "version": "3.0.0", + "versionType": "semver" + }, + { + "lessThan": "3.1.1", + "status": "affected", + "version": "3.1.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2022/CVE-2022-47894.json b/data/anchore/2022/CVE-2022-47894.json new file mode 100644 index 00000000..ab2066ce --- /dev/null +++ b/data/anchore/2022/CVE-2022-47894.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2022-47894", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/apache/zeppelin/pull/4302", + "https://lists.apache.org/thread/csf4k73kkn3nx58pm0p2qrylbox4fvyy", + "http://www.openwall.com/lists/oss-security/2024/04/09/4" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:org.apache.zeppelin:sap:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.zeppelin:sap", + "product": "Apache Zeppelin SAP", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "0.11.0", + "status": "affected", + "version": "0.8.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-35701.json b/data/anchore/2023/CVE-2023-35701.json new file mode 100644 index 00000000..42f8bc34 --- /dev/null +++ b/data/anchore/2023/CVE-2023-35701.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2023-35701", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/05/03/3", + "https://lists.apache.org/thread/7zcv6l63spl4r66xwz5jv9rtrg2opx81" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:org.apache.hive:hive-jdbc:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.hive:hive-jdbc", + "product": "Apache Hive", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "4.0.0", + "status": "affected", + "version": "4.0.0-alpha-1", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-38709.json b/data/anchore/2023/CVE-2023-38709.json new file mode 100644 index 00000000..b951bf1f --- /dev/null +++ b/data/anchore/2023/CVE-2023-38709.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2023-38709", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/04/04/3", + "https://httpd.apache.org/security/vulnerabilities_24.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/", + "https://security.netapp.com/advisory/ntap-20240415-0013/" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" + ], + "product": "Apache HTTP Server", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "2.4.59", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-41313.json b/data/anchore/2023/CVE-2023-41313.json new file mode 100644 index 00000000..1b62e003 --- /dev/null +++ b/data/anchore/2023/CVE-2023-41313.json @@ -0,0 +1,34 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2023-41313", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/jqczy3vxzs6q6rz9o0626j5nks9fnv95", + "http://www.openwall.com/lists/oss-security/2024/03/10/2" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:doris:*:*:*:*:*:*:*:*" + ], + "product": "Apache Doris", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "1.2.8", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-49109.json b/data/anchore/2023/CVE-2023-49109.json new file mode 100644 index 00000000..df9aaf14 --- /dev/null +++ b/data/anchore/2023/CVE-2023-49109.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2023-49109", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/02/20/4", + "https://lists.apache.org/thread/6kgsl93vtqlbdk6otttl0d8wmlspk0m5", + "https://lists.apache.org/thread/5b6yq2gov0fsy9x5dkvo8ws4rr45vkn8", + "https://github.com/apache/dolphinscheduler/pull/14991" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "packageName": " org.apache.dolphinscheduler:dolphinscheduler", + "cpes": [ + "cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*", + "cpe:2.3:a:org.apache.dolphinscheduler:dolphinscheduler:*:*:*:*:*:*:*:*" + ], + "product": "Apache DolphinScheduler", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "3.2.1", + "status": "affected", + "version": "3.0.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-49250.json b/data/anchore/2023/CVE-2023-49250.json new file mode 100644 index 00000000..4120bd7c --- /dev/null +++ b/data/anchore/2023/CVE-2023-49250.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2023-49250", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/wgs2jvhbmq8xnd6rmg0ymz73nyj7b3qn", + "https://github.com/apache/dolphinscheduler/pull/15288", + "http://www.openwall.com/lists/oss-security/2024/02/20/1" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:org.apache.dolphinscheduler:dolphinscheduler-common:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.dolphinscheduler:dolphinscheduler-common", + "product": "Apache DolphinScheduler", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "3.2.1", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-50270.json b/data/anchore/2023/CVE-2023-50270.json new file mode 100644 index 00000000..3b78bbdd --- /dev/null +++ b/data/anchore/2023/CVE-2023-50270.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2023-50270", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/apache/dolphinscheduler/pull/15219", + "https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6", + "https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r", + "https://www.openwall.com/lists/oss-security/2024/02/20/3" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:org.apache.dolphinscheduler:dolphinscheduler-api:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.dolphinscheduler:dolphinscheduler-api", + "product": "Apache DolphinScheduler", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "3.2.1", + "status": "affected", + "version": "1.3.8", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-50378.json b/data/anchore/2023/CVE-2023-50378.json new file mode 100644 index 00000000..a82174f6 --- /dev/null +++ b/data/anchore/2023/CVE-2023-50378.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2023-50378", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/6hn0thq743vz9gh283s2d87wz8tqh37c", + "http://www.openwall.com/lists/oss-security/2024/03/01/5" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "packageName": "org.apache.ambari:ambari", + "cpes": [ + "cpe:2.3:a:org.apache.ambari:ambari:*:*:*:*:*:*:*:*" + ], + "product": "Apache Ambari", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "2.7.8", + "status": "affected", + "version": "2.7.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-50379.json b/data/anchore/2023/CVE-2023-50379.json new file mode 100644 index 00000000..b2143eb0 --- /dev/null +++ b/data/anchore/2023/CVE-2023-50379.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2023-50379", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/jglww6h6ngxpo1r6r5fx7ff7z29lnvv8", + "http://www.openwall.com/lists/oss-security/2024/02/27/1" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "packageName": "org.apache.ambari.contrib.views:ambari-contrib-views", + "cpes": [ + "cpe:2.3:a:org.apache.ambari.contrib.views:ambari-contrib-views:*:*:*:*:*:*:*:*" + ], + "product": "Apache Ambari", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "2.7.8", + "status": "affected", + "version": "2.7.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-50380.json b/data/anchore/2023/CVE-2023-50380.json new file mode 100644 index 00000000..ea9e006a --- /dev/null +++ b/data/anchore/2023/CVE-2023-50380.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2023-50380", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/02/27/6", + "https://lists.apache.org/thread/qrt7mq7v7zyrh1qsh1gkg1m7clysvy32" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "packageName": "org.apache.ambari.contrib.views:wfmanager", + "cpes": [ + "cpe:2.3:a:org.apache.ambari.contrib.views:wfmanager:*:*:*:*:*:*:*:*" + ], + "product": "Apache Ambari", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "2.7.8", + "status": "affected", + "version": "2.7.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-50740.json b/data/anchore/2023/CVE-2023-50740.json new file mode 100644 index 00000000..3fd5a264 --- /dev/null +++ b/data/anchore/2023/CVE-2023-50740.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2023-50740", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/5o342chnpyd6rps68ygzfkzycxl998yo", + "http://www.openwall.com/lists/oss-security/2024/03/06/2" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:org.apache.linkis:linkis-metadata-query-service-jdbc:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.linkis:linkis-metadata-query-service-jdbc", + "product": "Apache Linkis DataSource", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "1.5.0", + "status": "affected", + "version": "0", + "versionType": "maven" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-51518.json b/data/anchore/2023/CVE-2023-51518.json new file mode 100644 index 00000000..7298a02d --- /dev/null +++ b/data/anchore/2023/CVE-2023-51518.json @@ -0,0 +1,42 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2023-51518", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/wbdm61ch6l0kzjn6nnfmyqlng82qz0or" + ], + "toDos": [ + "Figure out which actual jar should be identified here. GitHub chooses `james-server` but that is just a pom (and has no version associated with it). At the top-level of the zip file is a pom.xml with `james-project` and the correct version number in it but all of the other james sub-dependencies have no version associated rendering them useless to scanners at the moment" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:james:*:*:*:*:*:*:*:*" + ], + "product": "Apache James server", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "3.7.5", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "lessThan": "3.8.1", + "status": "affected", + "version": "3.8", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-51747.json b/data/anchore/2023/CVE-2023-51747.json new file mode 100644 index 00000000..36b7c577 --- /dev/null +++ b/data/anchore/2023/CVE-2023-51747.json @@ -0,0 +1,45 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2023-51747", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/rxkwbkh9vgbl9rzx1fkllyk3krhgydko", + "http://www.openwall.com/lists/oss-security/2024/02/27/4", + "https://postfix.org/smtp-smuggling.html", + "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/" + ], + "toDos": [ + "Figure out which actual jar should be identified here. GitHub chooses `james-server` but that is just a pom (and has no version associated with it). At the top-level of the zip file is a pom.xml with `james-project` and the correct version number in it but all of the other james sub-dependencies have no version associated rendering them useless to scanners at the moment" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:james:*:*:*:*:*:*:*:*" + ], + "product": "Apache James server", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "3.7.5", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "lessThan": "3.8.1", + "status": "affected", + "version": "3.8", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-51770.json b/data/anchore/2023/CVE-2023-51770.json new file mode 100644 index 00000000..1c425851 --- /dev/null +++ b/data/anchore/2023/CVE-2023-51770.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2023-51770", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/gpks573kn00ofxn7n9gkg6o47d03p5rw", + "https://github.com/apache/dolphinscheduler/pull/15433", + "http://www.openwall.com/lists/oss-security/2024/02/20/2", + "https://lists.apache.org/thread/4t8bdjqnfhldh73gy9p0whlgvnnbtn7g" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:org.apache.dolphinscheduler:dolphinscheduler-datasource-mysql:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.dolphinscheduler:dolphinscheduler-datasource-mysql", + "product": "Apache DolphinScheduler", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "3.2.1", + "status": "affected", + "version": "1.2.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-21742.json b/data/anchore/2024/CVE-2024-21742.json new file mode 100644 index 00000000..a4e03156 --- /dev/null +++ b/data/anchore/2024/CVE-2024-21742.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-21742", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/nrqzg93219wdj056pqfszsd33dc54kfy", + "http://www.openwall.com/lists/oss-security/2024/02/27/5" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:org.apache.james:apache-mime4j-dom:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.james:apache-mime4j-dom", + "product": "Apache James Mime4J", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "0.8.10", + "status": "affected", + "version": "0", + "versionType": "maven" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-22369.json b/data/anchore/2024/CVE-2024-22369.json new file mode 100644 index 00000000..8889ea8c --- /dev/null +++ b/data/anchore/2024/CVE-2024-22369.json @@ -0,0 +1,53 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-22369", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:org.apache.camel:camel-sql:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.camel:camel-sql", + "product": "Apache Camel", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "3.21.4", + "status": "affected", + "version": "3.0.0", + "versionType": "semver" + }, + { + "lessThan": "3.22.1", + "status": "affected", + "version": "3.22.0", + "versionType": "semver" + }, + { + "lessThan": "4.0.4", + "status": "affected", + "version": "4.0.0", + "versionType": "semver" + }, + { + "lessThan": "4.4.0", + "status": "affected", + "version": "4.1.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-22371.json b/data/anchore/2024/CVE-2024-22371.json new file mode 100644 index 00000000..4d6a65a3 --- /dev/null +++ b/data/anchore/2024/CVE-2024-22371.json @@ -0,0 +1,54 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-22371", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://camel.apache.org/security/CVE-2024-22371.html" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "packageName": "org.apache.camel:camel-core", + "cpes": [ + "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*", + "cpe:2.3:a:org.apache.camel:camel-core:*:*:*:*:*:*:*:*" + ], + "product": "Apache Camel", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "3.21.4", + "status": "affected", + "version": "3", + "versionType": "semver" + }, + { + "lessThan": "3.22.1", + "status": "affected", + "version": "3.22", + "versionType": "semver" + }, + { + "lessThan": "4.0.4", + "status": "affected", + "version": "4.0", + "versionType": "semver" + }, + { + "lessThan": "4.4.0", + "status": "affected", + "version": "4.1", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-22393.json b/data/anchore/2024/CVE-2024-22393.json new file mode 100644 index 00000000..9bce0f19 --- /dev/null +++ b/data/anchore/2024/CVE-2024-22393.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-22393", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn44vw12cv", + "http://www.openwall.com/lists/oss-security/2024/02/22/1" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pkg.go.dev", + "packageName": "github.com/apache/incubator-answer", + "cpes": [ + "cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:*" + ], + "product": "Apache Answer", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "1.2.5", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-23114.json b/data/anchore/2024/CVE-2024-23114.json new file mode 100644 index 00000000..d6133342 --- /dev/null +++ b/data/anchore/2024/CVE-2024-23114.json @@ -0,0 +1,53 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-23114", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://camel.apache.org/security/CVE-2024-23114.html" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "packageName": "org.apache.camel:camel-cassandraql", + "cpes": [ + "cpe:2.3:a:org.apache.camel:camel-cassandraql:*:*:*:*:*:*:*:*" + ], + "product": "Apache Camel", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "3.21.4", + "status": "affected", + "version": "3.0.0", + "versionType": "semver" + }, + { + "lessThan": "3.22.1", + "status": "affected", + "version": "3.22.0", + "versionType": "semver" + }, + { + "lessThan": "4.0.4", + "status": "affected", + "version": "4.0.0", + "versionType": "semver" + }, + { + "lessThan": "4.4.0", + "status": "affected", + "version": "4.1.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-23320.json b/data/anchore/2024/CVE-2024-23320.json new file mode 100644 index 00000000..adc06d1a --- /dev/null +++ b/data/anchore/2024/CVE-2024-23320.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-23320", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm", + "https://lists.apache.org/thread/25qhfvlksozzp6j9y8ozznvjdjp3lxqq", + "http://www.openwall.com/lists/oss-security/2024/02/23/3", + "https://lists.apache.org/thread/p7rwzdgrztdfps8x1bwx646f1mn0x6cp", + "https://github.com/apache/dolphinscheduler/pull/15487" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:org.apache.dolphinscheduler:dolphinscheduler-master:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.dolphinscheduler:dolphinscheduler-master", + "product": "Apache DolphinScheduler", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "3.2.1", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-23349.json b/data/anchore/2024/CVE-2024-23349.json new file mode 100644 index 00000000..6d6a9f6c --- /dev/null +++ b/data/anchore/2024/CVE-2024-23349.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-23349", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/02/22/2", + "https://lists.apache.org/thread/y5902t09vfgy7892z3vzr1zq900sgyqg" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pkg.go.dev", + "packageName": "github.com/apache/incubator-answer", + "cpes": [ + "cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:*" + ], + "product": "Apache Answer", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "1.2.5", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-23537.json b/data/anchore/2024/CVE-2024-23537.json new file mode 100644 index 00000000..fd8d8f6d --- /dev/null +++ b/data/anchore/2024/CVE-2024-23537.json @@ -0,0 +1,35 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-23537", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/fq1ns4nprw2vqpkwwj9sw45jkwxmt9f1", + "http://www.openwall.com/lists/oss-security/2024/03/29/1", + "https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:fineract:*:*:*:*:*:*:*:*" + ], + "product": "Apache Fineract", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "1.9.0", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-23538.json b/data/anchore/2024/CVE-2024-23538.json new file mode 100644 index 00000000..cfb49d26 --- /dev/null +++ b/data/anchore/2024/CVE-2024-23538.json @@ -0,0 +1,35 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-23538", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/by32w2dylzgbqm5940x3wj7519wolqxs", + "http://www.openwall.com/lists/oss-security/2024/03/29/2", + "https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:fineract:*:*:*:*:*:*:*:*" + ], + "product": "Apache Fineract", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "1.8.5", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-23539.json b/data/anchore/2024/CVE-2024-23539.json new file mode 100644 index 00000000..6ec91863 --- /dev/null +++ b/data/anchore/2024/CVE-2024-23539.json @@ -0,0 +1,35 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-23539", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/g8sv1gnjv716lx2h89jbvjdgtrrjmy7h", + "https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report", + "http://www.openwall.com/lists/oss-security/2024/03/29/3" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:fineract:*:*:*:*:*:*:*:*" + ], + "product": "Apache Fineract", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "1.8.5", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-23672.json b/data/anchore/2024/CVE-2024-23672.json new file mode 100644 index 00000000..66702de0 --- /dev/null +++ b/data/anchore/2024/CVE-2024-23672.json @@ -0,0 +1,55 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-23672", + "needsReview": true, + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f", + "https://security.netapp.com/advisory/ntap-20240402-0002/", + "http://www.openwall.com/lists/oss-security/2024/03/13/4", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*" + ], + "product": "Apache Tomcat", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThanOrEqual": "11.0.0-m16", + "status": "affected", + "version": "11.0.0-m1", + "versionType": "semver" + }, + { + "lessThanOrEqual": "10.1.18", + "status": "affected", + "version": "10.1.0-m1", + "versionType": "semver" + }, + { + "lessThanOrEqual": "9.0.85", + "status": "affected", + "version": "9.0.0-m1", + "versionType": "semver" + }, + { + "lessThanOrEqual": "8.5.98", + "status": "affected", + "version": "8.5.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-23807.json b/data/anchore/2024/CVE-2024-23807.json new file mode 100644 index 00000000..13a8a2f6 --- /dev/null +++ b/data/anchore/2024/CVE-2024-23807.json @@ -0,0 +1,34 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-23807", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/apache/xerces-c/pull/54", + "https://lists.apache.org/thread/c497tgn864tsbm8w0bo3f0d81s07zk9r" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:xerces-c\\+\\+:*:*:*:*:*:*:*:*" + ], + "product": "Apache Xerces C++", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "3.2.5", + "status": "affected", + "version": "3.0.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-23944.json b/data/anchore/2024/CVE-2024-23944.json new file mode 100644 index 00000000..3a7a475b --- /dev/null +++ b/data/anchore/2024/CVE-2024-23944.json @@ -0,0 +1,43 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-23944", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/96s5nqssj03rznz9hv58txdb2k1lr79k", + "http://www.openwall.com/lists/oss-security/2024/03/14/2" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*", + "cpe:2.3:a:org.apache.zookeeper:zookeeper:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.zookeeper:zookeeper", + "product": "Apache ZooKeeper", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "3.9.2", + "status": "affected", + "version": "3.9.0", + "versionType": "maven" + }, + { + "lessThan": "3.8.4", + "status": "affected", + "version": "3.6.0", + "versionType": "maven" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-23952.json b/data/anchore/2024/CVE-2024-23952.json new file mode 100644 index 00000000..f768c8ef --- /dev/null +++ b/data/anchore/2024/CVE-2024-23952.json @@ -0,0 +1,43 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-23952", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/zc58zvm4414molqn2m4d4vkrbrsxdksx", + "http://www.openwall.com/lists/oss-security/2024/02/14/2", + "http://www.openwall.com/lists/oss-security/2024/02/14/3" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "packageName": "apache-superset", + "cpes": [ + "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*" + ], + "product": "Apache Superset", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "2.1.3", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "lessThan": "3.0.2", + "status": "affected", + "version": "3.0.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-24549.json b/data/anchore/2024/CVE-2024-24549.json new file mode 100644 index 00000000..148d08ce --- /dev/null +++ b/data/anchore/2024/CVE-2024-24549.json @@ -0,0 +1,55 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-24549", + "needsReview": true, + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://security.netapp.com/advisory/ntap-20240402-0002/", + "https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg", + "http://www.openwall.com/lists/oss-security/2024/03/13/3", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*" + ], + "product": "Apache Tomcat", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThanOrEqual": "11.0.0-m16", + "status": "affected", + "version": "11.0.0-m1", + "versionType": "semver" + }, + { + "lessThanOrEqual": "10.1.18", + "status": "affected", + "version": "10.1.0-m1", + "versionType": "semver" + }, + { + "lessThanOrEqual": "9.0.85", + "status": "affected", + "version": "9.0.0-m1", + "versionType": "semver" + }, + { + "lessThanOrEqual": "8.5.98", + "status": "affected", + "version": "8.5.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-24683.json b/data/anchore/2024/CVE-2024-24683.json new file mode 100644 index 00000000..43b0a465 --- /dev/null +++ b/data/anchore/2024/CVE-2024-24683.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-24683", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/03/18/1", + "https://lists.apache.org/thread/ts203zssv1n9qth1wdlhk2bhos3vcq6t" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:org.apache.hop:hop-engine:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.hop:hop-engine", + "product": "Apache Hop Engine", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "2.8.0", + "status": "affected", + "version": "0", + "versionType": "maven" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-24772.json b/data/anchore/2024/CVE-2024-24772.json new file mode 100644 index 00000000..ed5e4509 --- /dev/null +++ b/data/anchore/2024/CVE-2024-24772.json @@ -0,0 +1,42 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-24772", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/gfl3ckwy6y9tpz9jmpv62orh2q346sn5", + "http://www.openwall.com/lists/oss-security/2024/02/28/5" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "packageName": "apache-superset", + "cpes": [ + "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*" + ], + "product": "Apache Superset", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "3.0.4", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "lessThan": "3.1.1", + "status": "affected", + "version": "3.1.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-24773.json b/data/anchore/2024/CVE-2024-24773.json new file mode 100644 index 00000000..d4bf546d --- /dev/null +++ b/data/anchore/2024/CVE-2024-24773.json @@ -0,0 +1,42 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-24773", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/h66fy6nj41cfx07zh7l552w6dmtjh501", + "http://www.openwall.com/lists/oss-security/2024/02/28/4" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "packageName": "apache-superset", + "cpes": [ + "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*" + ], + "product": "Apache Superset", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "3.0.4", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "lessThan": "3.1.1", + "status": "affected", + "version": "3.1.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-24779.json b/data/anchore/2024/CVE-2024-24779.json new file mode 100644 index 00000000..e1969c84 --- /dev/null +++ b/data/anchore/2024/CVE-2024-24779.json @@ -0,0 +1,42 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-24779", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/02/28/6", + "https://lists.apache.org/thread/xzhz1m5bb9zxhyqgoy4q2d689b3zp4pq" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "packageName": "apache-superset", + "cpes": [ + "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*" + ], + "product": "Apache Superset", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "3.0.4", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "lessThan": "3.1.1", + "status": "affected", + "version": "3.1.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-24795.json b/data/anchore/2024/CVE-2024-24795.json new file mode 100644 index 00000000..66ae6f97 --- /dev/null +++ b/data/anchore/2024/CVE-2024-24795.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-24795", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://httpd.apache.org/security/vulnerabilities_24.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/", + "https://security.netapp.com/advisory/ntap-20240415-0013/", + "http://www.openwall.com/lists/oss-security/2024/04/04/5" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" + ], + "product": "Apache HTTP Server", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "2.4.59", + "status": "affected", + "version": "2.4.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-25065.json b/data/anchore/2024/CVE-2024-25065.json new file mode 100644 index 00000000..524a620e --- /dev/null +++ b/data/anchore/2024/CVE-2024-25065.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-25065", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/rplfjp7ppn9ro49oo7jsrpj99m113lfc", + "https://ofbiz.apache.org/download.html", + "http://www.openwall.com/lists/oss-security/2024/02/28/10", + "https://issues.apache.org/jira/browse/OFBIZ-12887", + "https://ofbiz.apache.org/release-notes-18.12.12.html", + "https://ofbiz.apache.org/security.html" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*" + ], + "product": "Apache OFBiz", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "18.12.12", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-26016.json b/data/anchore/2024/CVE-2024-26016.json new file mode 100644 index 00000000..d398df59 --- /dev/null +++ b/data/anchore/2024/CVE-2024-26016.json @@ -0,0 +1,42 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-26016", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/02/28/7", + "https://lists.apache.org/thread/76v1jjcylgk4p3m0258qr359ook3vl8s" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "packageName": "apache-superset", + "cpes": [ + "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*" + ], + "product": "Apache Superset", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "3.0.4", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "lessThan": "3.1.1", + "status": "affected", + "version": "3.1.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-26280.json b/data/anchore/2024/CVE-2024-26280.json new file mode 100644 index 00000000..a18ad774 --- /dev/null +++ b/data/anchore/2024/CVE-2024-26280.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-26280", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/apache/airflow/pull/37501", + "http://www.openwall.com/lists/oss-security/2024/03/01/1", + "https://lists.apache.org/thread/knskxxxml95091rsnpxkpo1jjp8rj0fh" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*" + ], + "packageName": "apache-airflow", + "product": "Apache Airflow", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "2.8.2", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-26307.json b/data/anchore/2024/CVE-2024-26307.json new file mode 100644 index 00000000..385b0f3d --- /dev/null +++ b/data/anchore/2024/CVE-2024-26307.json @@ -0,0 +1,40 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-26307", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/03/21/2", + "https://lists.apache.org/thread/5shhw8x8m271hd2wfwzqzwgf36pmc4pl" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:doris:*:*:*:*:*:*:*:*" + ], + "product": "Apache Doris", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "1.2.8", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "lessThan": "2.0.4", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-26578.json b/data/anchore/2024/CVE-2024-26578.json new file mode 100644 index 00000000..0fff74ff --- /dev/null +++ b/data/anchore/2024/CVE-2024-26578.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-26578", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/ko0ksnznt2484lxt0zts2ygr82ldkhcb", + "http://www.openwall.com/lists/oss-security/2024/02/22/3" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pkg.go.dev", + "packageName": "github.com/apache/incubator-answer", + "cpes": [ + "cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:*" + ], + "product": "Apache Answer", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "1.2.5", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-26579.json b/data/anchore/2024/CVE-2024-26579.json new file mode 100644 index 00000000..fb22a398 --- /dev/null +++ b/data/anchore/2024/CVE-2024-26579.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-26579", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/d2hndtvh6bll4pkl91o2oqxyynhr54k3", + "https://github.com/advisories/GHSA-fgh3-pwmp-3qw3" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "packageName": "org.apache.inlong:manager-pojo", + "cpes": [ + "cpe:2.3:a:org.apache.inlong:manager-pojo:*:*:*:*:*:*:*:*" + ], + "product": "Apache InLong", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "1.12.0", + "status": "affected", + "version": "1.7.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-26580.json b/data/anchore/2024/CVE-2024-26580.json new file mode 100644 index 00000000..1c4ba761 --- /dev/null +++ b/data/anchore/2024/CVE-2024-26580.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-26580", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/03/06/1", + "https://lists.apache.org/thread/xvomf66l58x4dmoyzojflvx52gkzcdmk" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "packageName": "org.apache.inlong:manager-common", + "cpes": [ + "cpe:2.3:a:org.apache.inlong:manager-common:*:*:*:*:*:*:*:*" + ], + "product": "Apache InLong", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "1.11.0", + "status": "affected", + "version": "1.4.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27135.json b/data/anchore/2024/CVE-2024-27135.json new file mode 100644 index 00000000..8441a8f1 --- /dev/null +++ b/data/anchore/2024/CVE-2024-27135.json @@ -0,0 +1,61 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-27135", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/03/12/9", + "https://pulsar.apache.org/security/CVE-2024-27135/", + "https://lists.apache.org/thread/dh8nj2vmb2br6thjltq74lk9jxkz62wn" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "packageName": "org.apache.pulsar:pulsar-functions-worker", + "cpes": [ + "cpe:2.3:a:org.apache.pulsar:pulsar-functions-worker:*:*:*:*:*:*:*:*" + ], + "product": "Apache Pulsar", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "2.10.6", + "status": "affected", + "version": "2.4.0", + "versionType": "semver" + }, + { + "lessThan": "2.11.4", + "status": "affected", + "version": "2.11.0", + "versionType": "semver" + }, + { + "lessThan": "3.0.3", + "status": "affected", + "version": "3.0.0", + "versionType": "semver" + }, + { + "lessThan": "3.1.3", + "status": "affected", + "version": "3.1.0", + "versionType": "semver" + }, + { + "lessThan": "3.2.1", + "status": "affected", + "version": "3.2.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27138.json b/data/anchore/2024/CVE-2024-27138.json new file mode 100644 index 00000000..1fe304f1 --- /dev/null +++ b/data/anchore/2024/CVE-2024-27138.json @@ -0,0 +1,33 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-27138", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/03/01/4", + "https://lists.apache.org/thread/070qcpclcb3sqk1hn8j5lvzohp30k1m2" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:*" + ], + "product": "Apache Archiva", + "vendor": "Apache Software Foundation", + "versions": [ + { + "status": "affected", + "version": "2.0.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27139.json b/data/anchore/2024/CVE-2024-27139.json new file mode 100644 index 00000000..eec47b45 --- /dev/null +++ b/data/anchore/2024/CVE-2024-27139.json @@ -0,0 +1,33 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-27139", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/03/01/3", + "https://lists.apache.org/thread/qr8b7r86p1hkn0dc0q827s981kf1bgd8" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:*" + ], + "product": "Apache Archiva", + "vendor": "Apache Software Foundation", + "versions": [ + { + "status": "affected", + "version": "2.0.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27140.json b/data/anchore/2024/CVE-2024-27140.json new file mode 100644 index 00000000..c1b00abf --- /dev/null +++ b/data/anchore/2024/CVE-2024-27140.json @@ -0,0 +1,33 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-27140", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/xrn6nt904ozh3jym60c3f5hj2fb75pjy", + "http://www.openwall.com/lists/oss-security/2024/03/01/2" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:*" + ], + "product": "Apache Archiva", + "vendor": "Apache Software Foundation", + "versions": [ + { + "status": "affected", + "version": "2.0.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27309.json b/data/anchore/2024/CVE-2024-27309.json new file mode 100644 index 00000000..27d5d526 --- /dev/null +++ b/data/anchore/2024/CVE-2024-27309.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-27309", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/6536rmzyg076lzzdw2xdktvnz163mjpy", + "http://www.openwall.com/lists/oss-security/2024/04/12/3" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "packageName": "org.apache.kafka:kafka-metadata", + "cpes": [ + "cpe:2.3:a:org.apache.kafka:kafka-metadata:*:*:*:*:*:*:*:*" + ], + "product": "Apache Kafka", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "3.6.2", + "status": "affected", + "version": "3.5.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27315.json b/data/anchore/2024/CVE-2024-27315.json new file mode 100644 index 00000000..2c532495 --- /dev/null +++ b/data/anchore/2024/CVE-2024-27315.json @@ -0,0 +1,42 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-27315", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/qcwbx7q2s3ynsd405895bx3wcwq32j7z", + "http://www.openwall.com/lists/oss-security/2024/02/28/3" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "packageName": "apache-superset", + "cpes": [ + "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*" + ], + "product": "Apache Superset", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "3.0.4", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "lessThan": "3.1.1", + "status": "affected", + "version": "3.1.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27316.json b/data/anchore/2024/CVE-2024-27316.json new file mode 100644 index 00000000..a649036f --- /dev/null +++ b/data/anchore/2024/CVE-2024-27316.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-27316", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/04/03/16", + "http://www.openwall.com/lists/oss-security/2024/04/04/4", + "https://httpd.apache.org/security/vulnerabilities_24.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QKKDVFWBKIHCC3WXNH3W75WWY4NW42OB/", + "https://security.netapp.com/advisory/ntap-20240415-0013/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIUBKSCJGPJ6M2U63V6BKFDF725ODLG7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FO73U3SLBYFGIW2YKXOK7RI4D6DJSZ2B/" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" + ], + "product": "Apache HTTP Server", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "2.4.59", + "status": "affected", + "version": "2.4.17", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27317.json b/data/anchore/2024/CVE-2024-27317.json new file mode 100644 index 00000000..90de3b12 --- /dev/null +++ b/data/anchore/2024/CVE-2024-27317.json @@ -0,0 +1,61 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-27317", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://pulsar.apache.org/security/CVE-2024-27317/", + "http://www.openwall.com/lists/oss-security/2024/03/12/10", + "https://lists.apache.org/thread/ct9xmvlf7lompc1pxvlsb60qstfsm9po" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "packageName": "org.apache.pulsar:pulsar-functions-worker", + "cpes": [ + "cpe:2.3:a:org.apache.pulsar:pulsar-functions-worker:*:*:*:*:*:*:*:*" + ], + "product": "Apache Pulsar", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "2.10.6", + "status": "affected", + "version": "2.4.0", + "versionType": "semver" + }, + { + "lessThan": "2.11.4", + "status": "affected", + "version": "2.11.0", + "versionType": "semver" + }, + { + "lessThan": "3.0.3", + "status": "affected", + "version": "3.0.0", + "versionType": "semver" + }, + { + "lessThan": "3.1.3", + "status": "affected", + "version": "3.1.0", + "versionType": "semver" + }, + { + "lessThan": "3.2.1", + "status": "affected", + "version": "3.2.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27347.json b/data/anchore/2024/CVE-2024-27347.json new file mode 100644 index 00000000..a29467eb --- /dev/null +++ b/data/anchore/2024/CVE-2024-27347.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-27347", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/04/22/2", + "https://lists.apache.org/thread/z0v71148slfkw60hsp35pl7ddjyvg01l" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:org.apache.hugegraph:hubble-be:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.hugegraph:hubble-be", + "product": "Apache HugeGraph-Hubble", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "1.3.0", + "status": "affected", + "version": "1.0.0", + "versionType": "maven" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27438.json b/data/anchore/2024/CVE-2024-27438.json new file mode 100644 index 00000000..55e7c4dd --- /dev/null +++ b/data/anchore/2024/CVE-2024-27438.json @@ -0,0 +1,34 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-27438", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/03/21/1", + "https://lists.apache.org/thread/h95h82b0svlnwcg6c2xq4b08j6gwgczh" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:doris:*:*:*:*:*:*:*:*" + ], + "product": "Apache Doris", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "2.0.5", + "status": "affected", + "version": "1.2.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27439.json b/data/anchore/2024/CVE-2024-27439.json new file mode 100644 index 00000000..68ac08c8 --- /dev/null +++ b/data/anchore/2024/CVE-2024-27439.json @@ -0,0 +1,43 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-27439", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/o825rvjjtmz3qv21ps5k7m2w9193g1lo", + "http://www.openwall.com/lists/oss-security/2024/03/19/2" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "packageName": "org.apache.wicket:wicket", + "cpes": [ + "cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*", + "cpe:2.3:a:org.apache.wicket:wicket:*:*:*:*:*:*:*:*" + ], + "product": "Apache Wicket", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "9.17.0", + "status": "affected", + "version": "9.1.0", + "versionType": "semver" + }, + { + "lessThan": "10.0.0", + "status": "affected", + "version": "10.0.0-m1", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27894.json b/data/anchore/2024/CVE-2024-27894.json new file mode 100644 index 00000000..402738d1 --- /dev/null +++ b/data/anchore/2024/CVE-2024-27894.json @@ -0,0 +1,61 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-27894", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://pulsar.apache.org/security/CVE-2024-27894/", + "https://lists.apache.org/thread/45cqhgqg8d19ongjw18ypcss8vwh206p", + "http://www.openwall.com/lists/oss-security/2024/03/12/11" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "packageName": "org.apache.pulsar:pulsar-functions-worker", + "cpes": [ + "cpe:2.3:a:org.apache.pulsar:pulsar-functions-worker:*:*:*:*:*:*:*:*" + ], + "product": "Apache Pulsar", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "2.10.6", + "status": "affected", + "version": "2.4.0", + "versionType": "semver" + }, + { + "lessThan": "2.11.4", + "status": "affected", + "version": "2.11.0", + "versionType": "semver" + }, + { + "lessThan": "3.0.3", + "status": "affected", + "version": "3.0.0", + "versionType": "semver" + }, + { + "lessThan": "3.1.3", + "status": "affected", + "version": "3.1.0", + "versionType": "semver" + }, + { + "lessThan": "3.2.1", + "status": "affected", + "version": "3.2.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-27906.json b/data/anchore/2024/CVE-2024-27906.json new file mode 100644 index 00000000..14be96d9 --- /dev/null +++ b/data/anchore/2024/CVE-2024-27906.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-27906", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/02/29/1", + "https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5", + "https://github.com/apache/airflow/pull/37290", + "https://github.com/apache/airflow/pull/37468" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*" + ], + "packageName": "apache-airflow", + "product": "Apache Airflow", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "2.8.2", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-28098.json b/data/anchore/2024/CVE-2024-28098.json new file mode 100644 index 00000000..f940b882 --- /dev/null +++ b/data/anchore/2024/CVE-2024-28098.json @@ -0,0 +1,61 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-28098", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/3m6923y3wxpdcs9346sjvt8ql9swqc2z", + "https://pulsar.apache.org/security/CVE-2024-28098/", + "http://www.openwall.com/lists/oss-security/2024/03/12/12" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "packageName": "org.apache.pulsar:pulsar-broker", + "cpes": [ + "cpe:2.3:a:org.apache.pulsar:pulsar-broker:*:*:*:*:*:*:*:*" + ], + "product": "Apache Pulsar", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "2.10.6", + "status": "affected", + "version": "2.7.1", + "versionType": "semver" + }, + { + "lessThan": "2.11.4", + "status": "affected", + "version": "2.11.0", + "versionType": "semver" + }, + { + "lessThan": "3.0.3", + "status": "affected", + "version": "3.0.0", + "versionType": "semver" + }, + { + "lessThan": "3.1.3", + "status": "affected", + "version": "3.1.0", + "versionType": "semver" + }, + { + "lessThan": "3.2.1", + "status": "affected", + "version": "3.2.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-28148.json b/data/anchore/2024/CVE-2024-28148.json new file mode 100644 index 00000000..d853ce65 --- /dev/null +++ b/data/anchore/2024/CVE-2024-28148.json @@ -0,0 +1,35 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-28148", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgo" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "packageName": "apache-superset", + "cpes": [ + "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*" + ], + "product": "Apache Superset", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "3.1.2", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-28746.json b/data/anchore/2024/CVE-2024-28746.json new file mode 100644 index 00000000..7399bfe0 --- /dev/null +++ b/data/anchore/2024/CVE-2024-28746.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-28746", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7", + "https://github.com/apache/airflow/pull/37881", + "http://www.openwall.com/lists/oss-security/2024/03/13/5" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*" + ], + "packageName": "apache-airflow", + "product": "Apache Airflow", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "2.8.3", + "status": "affected", + "version": "2.8.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-28752.json b/data/anchore/2024/CVE-2024-28752.json new file mode 100644 index 00000000..27fa1c83 --- /dev/null +++ b/data/anchore/2024/CVE-2024-28752.json @@ -0,0 +1,48 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-28752", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/03/14/3", + "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:org.apache.cxf:cxf-rt-databinding-aegis:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.cxf:cxf-rt-databinding-aegis", + "product": "Apache CXF", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "3.5.8", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "lessThan": "3.6.3", + "status": "affected", + "version": "3.6", + "versionType": "semver" + }, + { + "lessThan": "4.0.4", + "status": "affected", + "version": "4", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-29006.json b/data/anchore/2024/CVE-2024-29006.json new file mode 100644 index 00000000..01123337 --- /dev/null +++ b/data/anchore/2024/CVE-2024-29006.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-29006", + "needsReview": true, + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*" + ], + "product": "Apache CloudStack", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThanOrEqual": "4.18.1.0", + "status": "affected", + "version": "4.11.0.0", + "versionType": "semver" + }, + { + "status": "affected", + "version": "4.19.0.0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-29007.json b/data/anchore/2024/CVE-2024-29007.json new file mode 100644 index 00000000..de95aadc --- /dev/null +++ b/data/anchore/2024/CVE-2024-29007.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-29007", + "needsReview": true, + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*" + ], + "product": "Apache CloudStack", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThanOrEqual": "4.18.1.0", + "status": "affected", + "version": "4.9.1.0", + "versionType": "semver" + }, + { + "status": "affected", + "version": "4.19.0.0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-29008.json b/data/anchore/2024/CVE-2024-29008.json new file mode 100644 index 00000000..9a9e9d50 --- /dev/null +++ b/data/anchore/2024/CVE-2024-29008.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-29008", + "needsReview": true, + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*" + ], + "product": "Apache CloudStack", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThanOrEqual": "4.18.1.0", + "status": "affected", + "version": "4.14.0.0", + "versionType": "semver" + }, + { + "status": "affected", + "version": "4.19.0.0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-29131.json b/data/anchore/2024/CVE-2024-29131.json new file mode 100644 index 00000000..73a3634f --- /dev/null +++ b/data/anchore/2024/CVE-2024-29131.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-29131", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7/", + "http://www.openwall.com/lists/oss-security/2024/03/20/4", + "https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:org.apache.commons:commons-configuration2:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.commons:commons-configuration2", + "product": "Apache Commons Configuration", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "2.10.1", + "status": "affected", + "version": "2.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-29133.json b/data/anchore/2024/CVE-2024-29133.json new file mode 100644 index 00000000..4277273c --- /dev/null +++ b/data/anchore/2024/CVE-2024-29133.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-29133", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7/", + "http://www.openwall.com/lists/oss-security/2024/03/20/3", + "https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:org.apache.commons:commons-configuration2:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.commons:commons-configuration2", + "product": "Apache Commons Configuration", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "2.10.1", + "status": "affected", + "version": "2.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-29217.json b/data/anchore/2024/CVE-2024-29217.json new file mode 100644 index 00000000..c3c90107 --- /dev/null +++ b/data/anchore/2024/CVE-2024-29217.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-29217", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/nc0g1borr0d3wx25jm39pn7nyf268n0x", + "http://www.openwall.com/lists/oss-security/2024/04/19/1" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pkg.go.dev", + "packageName": "github.com/apache/incubator-answer", + "cpes": [ + "cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:*" + ], + "product": "Apache Answer", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "1.3.0", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-29735.json b/data/anchore/2024/CVE-2024-29735.json new file mode 100644 index 00000000..d2ca4e27 --- /dev/null +++ b/data/anchore/2024/CVE-2024-29735.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-29735", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/apache/airflow/pull/37310", + "http://www.openwall.com/lists/oss-security/2024/03/26/2", + "https://lists.apache.org/thread/8khb1rtbznh100o325fb8xw5wjvtv536" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*" + ], + "packageName": "apache-airflow", + "product": "Apache Airflow", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "2.8.4", + "status": "affected", + "version": "2.8.2", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-29834.json b/data/anchore/2024/CVE-2024-29834.json new file mode 100644 index 00000000..248303d6 --- /dev/null +++ b/data/anchore/2024/CVE-2024-29834.json @@ -0,0 +1,43 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-29834", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://pulsar.apache.org/security/CVE-2024-29834/", + "http://www.openwall.com/lists/oss-security/2024/04/02/2", + "https://lists.apache.org/thread/v0ltl94k9lg28qfr1f54hpkvvsjc5bj5" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "packageName": "org.apache.pulsar:pulsar-broker", + "cpes": [ + "cpe:2.3:a:org.apache.pulsar:pulsar-broker:*:*:*:*:*:*:*:*" + ], + "product": "Apache Pulsar", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "3.0.4", + "status": "affected", + "version": "2.7.1", + "versionType": "semver" + }, + { + "lessThan": "3.2.2", + "status": "affected", + "version": "3.1.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-31309.json b/data/anchore/2024/CVE-2024-31309.json new file mode 100644 index 00000000..6b5facdd --- /dev/null +++ b/data/anchore/2024/CVE-2024-31309.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-31309", + "needsReview": true, + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/04/03/16", + "http://www.openwall.com/lists/oss-security/2024/04/10/7", + "https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV77HYM7ARSTL3B6U3IFG7PHDU65WL4I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBKLPQ6ECG4PGEPRCYI3Y3OITNDEFCCV/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3XON6RM5ZKCZ6K6NB7BOTAWMJQKXJDO/", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*" + ], + "product": "Apache Traffic Server", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThanOrEqual": "8.1.9", + "status": "affected", + "version": "8.0.0", + "versionType": "semver" + }, + { + "lessThanOrEqual": "9.2.3", + "status": "affected", + "version": "9.0.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-31860.json b/data/anchore/2024/CVE-2024-31860.json new file mode 100644 index 00000000..86640758 --- /dev/null +++ b/data/anchore/2024/CVE-2024-31860.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-31860", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/c0zfjnow3oc3dzc8w5rbkzj8lqj5jm5x", + "http://www.openwall.com/lists/oss-security/2024/04/09/2", + "https://github.com/apache/zeppelin/pull/4632" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:org.apache.zeppelin:zeppelin-server:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.zeppelin:zeppelin-server", + "product": "Apache Zeppelin", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "0.11.0", + "status": "affected", + "version": "0.9.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-31861.json b/data/anchore/2024/CVE-2024-31861.json new file mode 100644 index 00000000..7b6f4673 --- /dev/null +++ b/data/anchore/2024/CVE-2024-31861.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-31861", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/99clvqrht5l5r6kzjzwg2kj94boc9sfh", + "http://www.openwall.com/lists/oss-security/2024/04/10/8", + "https://github.com/apache/zeppelin/pull/4708" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:org.apache.zeppelin:zeppelin-shell:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.zeppelin:zeppelin-shell", + "product": "Apache Zeppelin", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "0.11.1", + "status": "affected", + "version": "0.10.1", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-31862.json b/data/anchore/2024/CVE-2024-31862.json new file mode 100644 index 00000000..ad39e491 --- /dev/null +++ b/data/anchore/2024/CVE-2024-31862.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-31862", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/04/09/5", + "https://github.com/apache/zeppelin/pull/4632", + "https://lists.apache.org/thread/73xdjx43yg4yz8bd4p3o8vzyybkysmn0" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:org.apache.zeppelin:zeppelin-server:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.zeppelin:zeppelin-server", + "product": "Apache Zeppelin", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "0.11.0", + "status": "affected", + "version": "0.10.1", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-31863.json b/data/anchore/2024/CVE-2024-31863.json new file mode 100644 index 00000000..533ac069 --- /dev/null +++ b/data/anchore/2024/CVE-2024-31863.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-31863", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/3od2gfpwllmtc9c5ggw04ohn8s7w3ct9", + "http://www.openwall.com/lists/oss-security/2024/04/09/6" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:org.apache.zeppelin:zeppelin-server:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.zeppelin:zeppelin-server", + "product": "Apache Zeppelin", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "0.11.0", + "status": "affected", + "version": "0.10.1", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-31864.json b/data/anchore/2024/CVE-2024-31864.json new file mode 100644 index 00000000..9097c197 --- /dev/null +++ b/data/anchore/2024/CVE-2024-31864.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-31864", + "needsReview": true, + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/04/09/8", + "https://github.com/apache/zeppelin/pull/4709", + "https://lists.apache.org/thread/752qdk0rnkd9nqtornz734zwb7xdwcdb", + "https://www.cve.org/CVERecord?id=CVE-2020-11974" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*" + ], + "product": "Apache Zeppelin", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "0.11.1", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-31865.json b/data/anchore/2024/CVE-2024-31865.json new file mode 100644 index 00000000..9f8637bf --- /dev/null +++ b/data/anchore/2024/CVE-2024-31865.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-31865", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/04/09/9", + "https://lists.apache.org/thread/slm1sf0slwc11f4m4r0nd6ot2rf7w81l", + "https://github.com/apache/zeppelin/pull/4631" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:org.apache.zeppelin:zeppelin-server:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.zeppelin:zeppelin-server", + "product": "Apache Zeppelin", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "0.11.1", + "status": "affected", + "version": "0.8.2", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-31866.json b/data/anchore/2024/CVE-2024-31866.json new file mode 100644 index 00000000..c1e896c4 --- /dev/null +++ b/data/anchore/2024/CVE-2024-31866.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-31866", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/04/09/10", + "https://lists.apache.org/thread/jpkbq3oktopt34x2n5wnhzc2r1410ddd", + "https://github.com/apache/zeppelin/pull/4715" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:org.apache.zeppelin:zeppelin-interpreter:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.zeppelin:zeppelin-interpreter", + "product": "Apache Zeppelin", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "0.11.1", + "status": "affected", + "version": "0.8.2", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-31867.json b/data/anchore/2024/CVE-2024-31867.json new file mode 100644 index 00000000..3ec9e36a --- /dev/null +++ b/data/anchore/2024/CVE-2024-31867.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-31867", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/04/09/12", + "https://lists.apache.org/thread/s4scw8bxdhrjs0kg0lhb68xqd8y9lrtf", + "https://github.com/apache/zeppelin/pull/4714" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:org.apache.zeppelin:zeppelin-server:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.zeppelin:zeppelin-server", + "product": "Apache Zeppelin", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "0.11.1", + "status": "affected", + "version": "0.8.2", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-31868.json b/data/anchore/2024/CVE-2024-31868.json new file mode 100644 index 00000000..17dc59a9 --- /dev/null +++ b/data/anchore/2024/CVE-2024-31868.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-31868", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/04/09/11", + "https://github.com/apache/zeppelin/pull/4728", + "https://lists.apache.org/thread/55mqs673plsxmgnq7fdf2flftpllyf11" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://repo.maven.apache.org/maven2", + "cpes": [ + "cpe:2.3:a:org.apache.zeppelin:zeppelin-interpreter:*:*:*:*:*:*:*:*" + ], + "packageName": "org.apache.zeppelin:zeppelin-interpreter", + "product": "Apache Zeppelin", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "0.11.1", + "status": "affected", + "version": "0.8.2", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-31869.json b/data/anchore/2024/CVE-2024-31869.json new file mode 100644 index 00000000..29c1455b --- /dev/null +++ b/data/anchore/2024/CVE-2024-31869.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-31869", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/04/17/10", + "https://lists.apache.org/thread/pz6vg7wcjk901rmsgt86h76g6kfcgtk3", + "https://github.com/apache/airflow/pull/38795" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*" + ], + "packageName": "apache-airflow", + "product": "Apache Airflow", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "2.9.0", + "status": "affected", + "version": "2.7.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-32077.json b/data/anchore/2024/CVE-2024-32077.json new file mode 100644 index 00000000..70a68d0e --- /dev/null +++ b/data/anchore/2024/CVE-2024-32077.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-32077", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/gsjmnrqb3m5fzp0vgpty1jxcywo91v77", + "https://github.com/apache/airflow/pull/38882" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pypi.org", + "cpes": [ + "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*" + ], + "packageName": "apache-airflow", + "product": "Apache Airflow", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "2.9.1", + "status": "affected", + "version": "2.9.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-32113.json b/data/anchore/2024/CVE-2024-32113.json new file mode 100644 index 00000000..29ede0b2 --- /dev/null +++ b/data/anchore/2024/CVE-2024-32113.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-32113", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrd", + "https://ofbiz.apache.org/download.html", + "https://issues.apache.org/jira/browse/OFBIZ-13006", + "https://ofbiz.apache.org/security.html" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*" + ], + "product": "Apache OFBiz", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThan": "18.12.13", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-32114.json b/data/anchore/2024/CVE-2024-32114.json new file mode 100644 index 00000000..80ced592 --- /dev/null +++ b/data/anchore/2024/CVE-2024-32114.json @@ -0,0 +1,36 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-32114", + "needsReview": true, + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://activemq.apache.org/security-advisories.data/CVE-2024-32114-announcement.txt" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*", + "cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:*", + "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*" + ], + "product": "Apache ActiveMQ", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThanOrEqual": "6.1.1", + "status": "affected", + "version": "6.0.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-32638.json b/data/anchore/2024/CVE-2024-32638.json new file mode 100644 index 00000000..933b6803 --- /dev/null +++ b/data/anchore/2024/CVE-2024-32638.json @@ -0,0 +1,35 @@ +{ + "additionalMetadata": { + "cna": "apache", + "cveId": "CVE-2024-32638", + "needsReview": true, + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "http://www.openwall.com/lists/oss-security/2024/05/02/2", + "https://lists.apache.org/thread/ngvgxllw4zn4hgngkqw2o225kf9wotov" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*" + ], + "product": "Apache APISIX", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThanOrEqual": "3.9.0", + "status": "affected", + "version": "3.8.0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file