data/reports: add 15 unreviewed reports

  - data/reports/GO-2024-2898.yaml
  - data/reports/GO-2024-2905.yaml
  - data/reports/GO-2024-2924.yaml
  - data/reports/GO-2024-2926.yaml
  - data/reports/GO-2024-2927.yaml
  - data/reports/GO-2024-2928.yaml
  - data/reports/GO-2024-2929.yaml
  - data/reports/GO-2024-2931.yaml
  - data/reports/GO-2024-2932.yaml
  - data/reports/GO-2024-2933.yaml
  - data/reports/GO-2024-2934.yaml
  - data/reports/GO-2024-2938.yaml
  - data/reports/GO-2024-2939.yaml
  - data/reports/GO-2024-2940.yaml
  - data/reports/GO-2024-2941.yaml

Fixes #2898
Fixes #2905
Fixes #2924
Fixes #2926
Fixes #2927
Fixes #2928
Fixes #2929
Fixes #2931
Fixes #2932
Fixes #2933
Fixes #2934
Fixes #2938
Fixes #2939
Fixes #2940
Fixes #2941

Change-Id: I235c85ba4f067ada8ca1ff0dc33bb4fb14f13f80
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/595636
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>

Author: tatianab

data/osv/GO-2024-2898.json

@@ -0,0 +1,81 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-2898",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2024-36106",
+    "GHSA-3cqf-953p-h5cp"
+  ],
+  "summary": "Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd",
+  "details": "Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/argoproj/argo-cd",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0.11.0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    },
+    {
+      "package": {
+        "name": "github.com/argoproj/argo-cd/v2",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.9.17"
+            },
+            {
+              "introduced": "2.10.0"
+            },
+            {
+              "fixed": "2.10.12"
+            },
+            {
+              "introduced": "2.11.0"
+            },
+            {
+              "fixed": "2.11.3"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-3cqf-953p-h5cp"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36106"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/argoproj/argo-cd/commit/c2647055c261a550e5da075793260f6524e65ad9"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-2898",
+    "review_status": "UNREVIEWED"
+  }
+}

data/osv/GO-2024-2905.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-2905",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2024-5037"
+  ],
+  "summary": "Openshift/telemeter: iss check during jwt authentication can be bypassed in github.com/openshift/telemeter",
+  "details": "Openshift/telemeter: iss check during jwt authentication can be bypassed in github.com/openshift/telemeter",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/openshift/telemeter",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5037"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/kubernetes/kubernetes/pull/123540"
+    },
+    {
+      "type": "REPORT",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272339"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2024-5037"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openshift/telemeter/blob/a9417a6062c3a31ed78c06ea3a0613a52f2029b2/pkg/authorize/jwt/client_authorizer.go#L78"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-2905",
+    "review_status": "UNREVIEWED"
+  }
+}

data/osv/GO-2024-2924.json

@@ -0,0 +1,49 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-2924",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2024-36586",
+    "GHSA-7jp9-vgmq-c8r5"
+  ],
+  "summary": "AdGuardHome privilege escalation vulnerability in github.com/AdguardTeam/AdGuardHome",
+  "details": "AdGuardHome privilege escalation vulnerability in github.com/AdguardTeam/AdGuardHome",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/AdguardTeam/AdGuardHome",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-7jp9-vgmq-c8r5"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36586"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36586.md"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-2924",
+    "review_status": "UNREVIEWED"
+  }
+}