-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Weston Steimel <[email protected]>
- Loading branch information
1 parent
706356a
commit 6c91c09
Showing
29 changed files
with
1,119 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "wpscan", | ||
| "cveId": "CVE-2024-0820", | ||
| "description": "The Jobs for WordPress plugin before 2.7.4 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://wpscan.com/vulnerability/fc091bbd-7338-4bd4-add5-e46502a9a949/" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://wordpress.org/plugins", | ||
| "cpes": [ | ||
| "cpe:2.3:a:blueglass:jobs_for_wordpress:*:*:*:*:*:wordpress:*:*" | ||
| ], | ||
| "packageName": "job-postings", | ||
| "packageType": "wordpress-plugin", | ||
| "product": "Jobs for WordPress", | ||
| "repo": "https://plugins.svn.wordpress.org/job-postings", | ||
| "vendor": "BlueGlass", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "2.7.4", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "semver" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| }, | ||
| "references": [ | ||
| { | ||
| "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/37c18340-d7aa-4410-be17-c61c286838ce?source=cve" | ||
| } | ||
| ] | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "oracle", | ||
| "cveId": "CVE-2024-21287", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://www.oracle.com/security-alerts/alert-cve-2024-21287.html" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "cpes": [ | ||
| "cpe:2.3:a:oracle:agile_plm_framework:*:*:*:*:*:*:*:*" | ||
| ], | ||
| "product": "Oracle Agile PLM Framework", | ||
| "vendor": "Oracle Corporation", | ||
| "versions": [ | ||
| { | ||
| "status": "affected", | ||
| "version": "9.3.6", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "github_m", | ||
| "cveId": "CVE-2024-30263", | ||
| "description": "macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the ``file`` parameter. Users with view rights can access restricted PDF attachments if they are shown on public pages where the PDF Viewer macro is called using the attachment URL instead of its reference. This vulnerability has been patched in version 2.5.1.", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://github.com/xwikisas/macro-pdfviewer/issues/49", | ||
| "https://github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-93qq-2h34-g29f" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://github.com", | ||
| "cpes": [ | ||
| "cpe:2.3:a:xwiki:pdf_viewer_macro:*:*:*:*:pro:*:*:*" | ||
| ], | ||
| "packageName": "xwikisas/macro-pdfviewer", | ||
| "product": "macro-pdfviewer", | ||
| "repo": "https://github.com/xwikisas/macro-pdfviewer", | ||
| "vendor": "xwikisas", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "2.5.1", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "github_m", | ||
| "cveId": "CVE-2024-37155", | ||
| "description": "OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version 6.1.9, the regex validation used to prevent Introspection queries can be bypassed by removing the extra whitespace, carriage return, and line feed characters from the query. GraphQL Queries in OpenCTI can be validated using the `secureIntrospectionPlugin`. The regex check in the plkugin can be bypassed by removing the carriage return and line feed characters (`\\r\\n`). Running a curl command against a local instance of OpenCTI will result in a limited error message. By running the same Introspection query without the `\\r\\n` characters, the unauthenticated user is able to successfully run a full Introspection query. Bypassing this restriction allows the attacker to gather a wealth of information about the GraphQL endpoint functionality that can be used to perform actions and/or read data without authorization. These queries can also be weaponized to conduct a Denial of Service (DoS) attack if sent repeatedly. Users should upgrade to version 6.1.9 to receive a patch for the issue.", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://github.com/OpenCTI-Platform/opencti/blob/6343b82b0b0a5d3ded3b30d08ce282328a556268/opencti-platform/opencti-graphql/src/graphql/graphql.js#L83-L94", | ||
| "https://github.com/OpenCTI-Platform/opencti/commit/f87d96918c63b0c3d3ebfbea6c789d48e2f56ad5", | ||
| "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-4mvw-j8r9-xcgc" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://github.com", | ||
| "cpes": [ | ||
| "cpe:2.3:a:citeum:opencti:*:*:*:*:*:*:*:*" | ||
| ], | ||
| "packageName": "opencti-platform/opencti", | ||
| "product": "opencti", | ||
| "repo": "https://github.com/opencti-platform/opencti", | ||
| "vendor": "OpenCTI-Platform", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "6.1.9", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "github_m", | ||
| "cveId": "CVE-2024-43416", | ||
| "description": "GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can use an application endpoint to check if an email address corresponds to a valid GLPI user. Version 10.0.17 fixes the issue.", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://github.com/glpi-project/glpi/commit/9be1466053f829680db318f7e7e5880d2d789c6d", | ||
| "https://github.com/glpi-project/glpi/security/advisories/GHSA-j8gc-xpgr-2ww7" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://github.com", | ||
| "cpes": [ | ||
| "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*" | ||
| ], | ||
| "packageName": "glpi-project/glpi", | ||
| "product": "glpi", | ||
| "repo": "https://github.com/glpi-project/glpi", | ||
| "vendor": "glpi-project", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "10.0.17", | ||
| "status": "affected", | ||
| "version": "0.80", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "apache", | ||
| "cveId": "CVE-2024-47208", | ||
| "description": "Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 18.12.17.\n\nUsers are recommended to upgrade to version 18.12.17, which fixes the issue.", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://issues.apache.org/jira/browse/OFBIZ-13158", | ||
| "https://lists.apache.org/thread/022r19skfofhv3lzql33vowlrvqndh11", | ||
| "https://ofbiz.apache.org/download.html", | ||
| "https://ofbiz.apache.org/security.html" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "cpes": [ | ||
| "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*" | ||
| ], | ||
| "product": "Apache OFBiz", | ||
| "vendor": "Apache Software Foundation", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "18.12.17", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "semver" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "github_m", | ||
| "cveId": "CVE-2024-47533", | ||
| "description": "Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://github.com/cobbler/cobbler/commit/32c5cada013dc8daa7320a8eda9932c2814742b0", | ||
| "https://github.com/cobbler/cobbler/commit/e19717623c10b29e7466ed4ab23515a94beb2dda", | ||
| "https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://pypi.org", | ||
| "cpes": [ | ||
| "cpe:2.3:a:cobbler_project:cobbler:*:*:*:*:*:python:*:*", | ||
| "cpe:2.3:a:cobblerd:cobbler:*:*:*:*:*:python:*:*" | ||
| ], | ||
| "packageName": "cobbler", | ||
| "packageType": "python", | ||
| "product": "cobbler", | ||
| "repo": "https://github.com/cobbler/cobbler", | ||
| "vendor": "cobbler", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "3.2.3", | ||
| "status": "affected", | ||
| "version": "3.0.0", | ||
| "versionType": "python" | ||
| }, | ||
| { | ||
| "lessThan": "3.3.7", | ||
| "status": "affected", | ||
| "version": "3.3.0", | ||
| "versionType": "python" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "github_m", | ||
| "cveId": "CVE-2024-47873", | ||
| "description": "PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the `scan` method and the findCharSet method can be bypassed by using UCS-4 and encoding guessing. An attacker can bypass the sanitizer and achieve an XML external entity attack. Versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0 fix the issue.", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://github.com/PHPOffice/PhpSpreadsheet/blob/39fc51309181e82593b06e2fa8e45ef8333a0335/src/PhpSpreadsheet/Reader/Security/XmlScanner.php", | ||
| "https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-jw4x-v69f-hh5w", | ||
| "https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing", | ||
| "https://www.w3.org/TR/xml/#sec-guessing-no-ext-info" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://packagist.org", | ||
| "cpes": [ | ||
| "cpe:2.3:a:phpspreadsheet_project:phpspreadsheet:*:*:*:*:*:php:*:*" | ||
| ], | ||
| "packageName": "phpoffice/phpspreadsheet", | ||
| "packageType": "php-composer", | ||
| "product": "PhpSpreadsheet", | ||
| "repo": "https://github.com/phpoffice/phpspreadsheet", | ||
| "vendor": "PHPOffice", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "1.29.4", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "custom" | ||
| }, | ||
| { | ||
| "lessThan": "2.1.3", | ||
| "status": "affected", | ||
| "version": "2.0.0", | ||
| "versionType": "custom" | ||
| }, | ||
| { | ||
| "lessThan": "2.3.2", | ||
| "status": "affected", | ||
| "version": "2.2.0", | ||
| "versionType": "custom" | ||
| }, | ||
| { | ||
| "lessThan": "3.4.0", | ||
| "status": "affected", | ||
| "version": "3.3.0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.