diff --git a/2024/52xxx/CVE-2024-52322.json b/2024/52xxx/CVE-2024-52322.json index 6a9a43b1514..bf93f161ff7 100644 --- a/2024/52xxx/CVE-2024-52322.json +++ b/2024/52xxx/CVE-2024-52322.json @@ -1,18 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52322", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-request@security.metacpan.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.\n\nSpecifically WebService::Xero uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", + "cweId": "CWE-338" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LOCALSHOP", + "product": { + "product_data": [ + { + "product_name": "WebService::Xero", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "0.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://perldoc.perl.org/functions/rand", + "refsource": "MISC", + "name": "https://perldoc.perl.org/functions/rand" + }, + { + "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html", + "refsource": "MISC", + "name": "https://security.metacpan.org/docs/guides/random-data-for-security.html" + }, + { + "url": "https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537", + "refsource": "MISC", + "name": "https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537" + }, + { + "url": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent.pm#L17", + "refsource": "MISC", + "name": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent.pm#L17" + }, + { + "url": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent.pm#L178", + "refsource": "MISC", + "name": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent.pm#L178" + }, + { + "url": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent/PublicApplication.pm#L13", + "refsource": "MISC", + "name": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent/PublicApplication.pm#L13" + }, + { + "url": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent/PublicApplication.pm#L93", + "refsource": "MISC", + "name": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent/PublicApplication.pm#L93" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Robert Rothenberg (RRWO)" + } + ] } \ No newline at end of file diff --git a/2024/57xxx/CVE-2024-57835.json b/2024/57xxx/CVE-2024-57835.json index b7803bcc9ca..b0403cb38b6 100644 --- a/2024/57xxx/CVE-2024-57835.json +++ b/2024/57xxx/CVE-2024-57835.json @@ -1,18 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-57835", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-request@security.metacpan.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Amon2::Auth::Site::LINE uses the String::Random module\u00a0to generate nonce values.\u00a0\n\nString::Random\u00a0defaults to Perl's built-in predictable\u00a0random number generator,\u00a0the rand() function, which is not cryptographically secure" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", + "cweId": "CWE-338" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "TANIGUCHI", + "product": { + "product_data": [ + { + "product_name": "Amon2::Auth::Site::LINE", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "0.04" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://metacpan.org/release/SHLOMIF/String-Random-0.32/source/lib/String/Random.pm#L377", + "refsource": "MISC", + "name": "https://metacpan.org/release/SHLOMIF/String-Random-0.32/source/lib/String/Random.pm#L377" + }, + { + "url": "https://metacpan.org/release/TANIGUCHI/Amon2-Auth-Site-LINE-0.04/source/lib/Amon2/Auth/Site/LINE.pm#L235", + "refsource": "MISC", + "name": "https://metacpan.org/release/TANIGUCHI/Amon2-Auth-Site-LINE-0.04/source/lib/Amon2/Auth/Site/LINE.pm#L235" + }, + { + "url": "https://metacpan.org/release/TANIGUCHI/Amon2-Auth-Site-LINE-0.04/source/lib/Amon2/Auth/Site/LINE.pm#L255", + "refsource": "MISC", + "name": "https://metacpan.org/release/TANIGUCHI/Amon2-Auth-Site-LINE-0.04/source/lib/Amon2/Auth/Site/LINE.pm#L255" + }, + { + "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html", + "refsource": "MISC", + "name": "https://security.metacpan.org/docs/guides/random-data-for-security.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/58xxx/CVE-2024-58036.json b/2024/58xxx/CVE-2024-58036.json index ad8029a5bd0..baf41c7eef5 100644 --- a/2024/58xxx/CVE-2024-58036.json +++ b/2024/58xxx/CVE-2024-58036.json @@ -1,18 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-58036", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-request@security.metacpan.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.\n\nSpecifically Net::Dropbox::API uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", + "cweId": "CWE-338" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NORBU", + "product": { + "product_data": [ + { + "product_name": "Net::Dropbox::API", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://perldoc.perl.org/functions/rand", + "refsource": "MISC", + "name": "https://perldoc.perl.org/functions/rand" + }, + { + "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html", + "refsource": "MISC", + "name": "https://security.metacpan.org/docs/guides/random-data-for-security.html" + }, + { + "url": "https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537", + "refsource": "MISC", + "name": "https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537" + }, + { + "url": "https://metacpan.org/release/NORBU/Net-Dropbox-API-1.9/source/lib/Net/Dropbox/API.pm#L385", + "refsource": "MISC", + "name": "https://metacpan.org/release/NORBU/Net-Dropbox-API-1.9/source/lib/Net/Dropbox/API.pm#L385" + }, + { + "url": "https://metacpan.org/release/NORBU/Net-Dropbox-API-1.9/source/lib/Net/Dropbox/API.pm#L11", + "refsource": "MISC", + "name": "https://metacpan.org/release/NORBU/Net-Dropbox-API-1.9/source/lib/Net/Dropbox/API.pm#L11" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Robert Rothenberg (RRWO)" + } + ] } \ No newline at end of file