Auto-Update: 2025-04-05T18:00:27.490971+00:00

2025-05-09 03:57:14 +00:00 · 2025-04-05 18:04:07 +00:00 · 2025-04-05 18:04:07 +00:00 · 033b4502f5
commit 033b4502f5
parent d37765e950
6 changed files with 213 additions and 6 deletions
--- a/CVE-2024/CVE-2024-523xx/CVE-2024-52322.json
+++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52322.json
@ -0,0 +1,57 @@
+{
+  "id": "CVE-2024-52322",
+  "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
+  "published": "2025-04-05T17:15:39.513",
+  "lastModified": "2025-04-05T17:15:39.513",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.\n\nSpecifically WebService::Xero uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-338"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    },
+    {
+      "url": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent.pm#L17",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    },
+    {
+      "url": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent.pm#L178",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    },
+    {
+      "url": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent/PublicApplication.pm#L13",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    },
+    {
+      "url": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent/PublicApplication.pm#L93",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    },
+    {
+      "url": "https://perldoc.perl.org/functions/rand",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    },
+    {
+      "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-578xx/CVE-2024-57835.json
+++ b/CVE-2024/CVE-2024-578xx/CVE-2024-57835.json
@ -0,0 +1,45 @@
+{
+  "id": "CVE-2024-57835",
+  "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
+  "published": "2025-04-05T16:15:32.143",
+  "lastModified": "2025-04-05T16:15:32.143",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Amon2::Auth::Site::LINE uses the String::Random module\u00a0to generate nonce values.\u00a0\n\nString::Random\u00a0defaults to Perl's built-in predictable\u00a0random number generator,\u00a0the rand() function, which is not cryptographically secure"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-338"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://metacpan.org/release/SHLOMIF/String-Random-0.32/source/lib/String/Random.pm#L377",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    },
+    {
+      "url": "https://metacpan.org/release/TANIGUCHI/Amon2-Auth-Site-LINE-0.04/source/lib/Amon2/Auth/Site/LINE.pm#L235",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    },
+    {
+      "url": "https://metacpan.org/release/TANIGUCHI/Amon2-Auth-Site-LINE-0.04/source/lib/Amon2/Auth/Site/LINE.pm#L255",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    },
+    {
+      "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-578xx/CVE-2024-57868.json
+++ b/CVE-2024/CVE-2024-578xx/CVE-2024-57868.json
@ -0,0 +1,49 @@
+{
+  "id": "CVE-2024-57868",
+  "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
+  "published": "2025-04-05T16:15:33.180",
+  "lastModified": "2025-04-05T16:15:33.180",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.\n\nSpecifically Web::API uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-338"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://metacpan.org/dist/Web-API/source/lib/Web/API.pm#L20",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    },
+    {
+      "url": "https://metacpan.org/dist/Web-API/source/lib/Web/API.pm#L348",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    },
+    {
+      "url": "https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    },
+    {
+      "url": "https://perldoc.perl.org/functions/rand",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    },
+    {
+      "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-580xx/CVE-2024-58036.json
+++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58036.json
@ -0,0 +1,49 @@
+{
+  "id": "CVE-2024-58036",
+  "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
+  "published": "2025-04-05T16:15:33.317",
+  "lastModified": "2025-04-05T16:15:33.317",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.\n\nSpecifically Net::Dropbox::API uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-338"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    },
+    {
+      "url": "https://metacpan.org/release/NORBU/Net-Dropbox-API-1.9/source/lib/Net/Dropbox/API.pm#L11",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    },
+    {
+      "url": "https://metacpan.org/release/NORBU/Net-Dropbox-API-1.9/source/lib/Net/Dropbox/API.pm#L385",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    },
+    {
+      "url": "https://perldoc.perl.org/functions/rand",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    },
+    {
+      "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-04-05T14:00:20.454007+00:00
+2025-04-05T18:00:27.490971+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-04-05T12:15:14.540000+00:00
+2025-04-05T17:15:39.513000+00:00
 ```

 ### Last Data Feed Release
@ -33,14 +33,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-288689
+288693
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `4`

- [CVE-2025-30401](CVE-2025/CVE-2025-304xx/CVE-2025-30401.json) (`2025-04-05T12:15:14.540`)
+- [CVE-2024-52322](CVE-2024/CVE-2024-523xx/CVE-2024-52322.json) (`2025-04-05T17:15:39.513`)
+- [CVE-2024-57835](CVE-2024/CVE-2024-578xx/CVE-2024-57835.json) (`2025-04-05T16:15:32.143`)
+- [CVE-2024-57868](CVE-2024/CVE-2024-578xx/CVE-2024-57868.json) (`2025-04-05T16:15:33.180`)
+- [CVE-2024-58036](CVE-2024/CVE-2024-580xx/CVE-2024-58036.json) (`2025-04-05T16:15:33.317`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -273586,6 +273586,7 @@ CVE-2024-52319,0,0,559a60ef1f4b0e5c15ebbccd65dd87f2daaedff91c3db37c5f132858a727f
 CVE-2024-5232,0,0,6580cfce2bf7937bf2e338f015142328dd8fea40573a9b1237f47e9300b63b6c,2025-02-27T01:52:40.523000
 CVE-2024-52320,0,0,f8a5d2ef9e68d6b37c8a12dadca478113fd3053e52a9fa6a6439e69a7888b241,2024-12-06T18:15:25.737000
 CVE-2024-52321,0,0,58349402fe5df3092273b7344f7d995ad64537d59a580bb31bc25ef4220d89e0,2024-12-23T01:15:07.700000
+CVE-2024-52322,1,1,f405405dc0a9b1cd38ca8a87594fb19cc064179d977cdc71d3be74d090f63686,2025-04-05T17:15:39.513000
 CVE-2024-52323,0,0,57617b6f1b94228bad139ee211c36bd4ec7e4706388ebf89e10500861eceb01c,2024-11-27T15:15:26.377000
 CVE-2024-52324,0,0,3a1cea33b3baafbca08ae859d9f7f10a5f7330d70c851e6785d556daaa2603ec,2024-12-10T19:42:56.737000
 CVE-2024-52325,0,0,58f68bfd6a093dd69494a9b20c52884c402232b5f310e4ccf33e24b05f5eec8f,2025-01-23T16:15:35.943000
@ -277023,6 +277024,7 @@ CVE-2024-57822,0,0,43973cb11c0d7745a76972fd2125c40dd56918f079243999a6a248fd7bb74
 CVE-2024-57823,0,0,5ca581226a27965f69cc1b47d8d6ed60ad65266a2e4a0de113585f678075fc75,2025-01-10T14:15:29.583000
 CVE-2024-5783,0,0,457a67b18c53addb8fb271e75294a5e3a7e25c57923089dcfbdfc7dbab590f38,2024-06-12T08:15:51.480000
 CVE-2024-57834,0,0,5a87b39773bde7ec95e0cc89e1090b2151e71493eb99b3d3e2c7fa1942b6bb7b,2025-03-13T13:15:42.243000
+CVE-2024-57835,1,1,ac5073c21d592b738b0e74fef7a02fccbe9b8566a6c8a6beb1cab0e3211b92a5,2025-04-05T16:15:32.143000
 CVE-2024-57838,0,0,7205305ae1088ef41361b6511691e021bab207c0c324bab7b09b17a8c1a06218,2025-01-11T14:15:25.940000
 CVE-2024-57839,0,0,5656e2417e5685f2e1ff410b1767104ed6341a8132fd402fbef4fd6f8615e85a,2025-01-11T15:15:07.050000
 CVE-2024-5784,0,0,f27ecf8abffd9e6c282a3d3ca16cce2ce0cb1c19ecd7f5c543f166278a4d8c33,2024-09-03T14:48:19.570000
@ -277035,6 +277037,7 @@ CVE-2024-57850,0,0,5165b1b067bdd241748c5aa93fa04dde8ee44e559a2cfe9e466e04f6d642a
 CVE-2024-57852,0,0,f19b9256fed1d0413199f2e2d33e34b963c2188b7176ee982e4664000d9cf117,2025-02-27T03:15:10.977000
 CVE-2024-57857,0,0,cf138cc0e0261ec5dcc7660d88841b6035dc2c547d16329422febda9654f9c14,2025-03-24T17:30:34.487000
 CVE-2024-5786,0,0,8f234ab6daf42312db402cec6a9780e6a0a03ed9070824749daf6f62affc4884,2024-11-21T09:48:19.897000
+CVE-2024-57868,1,1,0cd3a07b9327ffa1f62562676bedb1830c7f6bdfb8b8f2680a41e9399bf6fe30,2025-04-05T16:15:33.180000
 CVE-2024-5787,0,0,1d58b2484cfc2497ce3be8bc315153e4937b24852bc87d95aee088e2aedc7438,2024-11-21T09:48:20.010000
 CVE-2024-57872,0,0,c3ffa0e155e2ac44fac8a82673746753e090198753fbd02da0ed8386c1ecfa6e,2025-01-16T15:19:51.637000
 CVE-2024-57874,0,0,ccedb437ba56ade4509587c360aa295e43ac6f245768ab4ce06e5c2a50c611e4,2025-02-03T14:55:54.650000
@ -277201,6 +277204,7 @@ CVE-2024-58021,0,0,9fcd37a62e048a7adc025ac2478c5d8995734badf43657fe854aa6334c38e
 CVE-2024-58022,0,0,9167abbdc89cc3d0f3a754a66b9a4302417364f4431ff1ac59b116865608bbad,2025-03-05T14:57:29.473000
 CVE-2024-5803,0,0,9f82593b4c57457c96daef99978d68eaca19c8db6ce80dfb437501b3b95974d3,2024-10-04T13:50:43.727000
 CVE-2024-58034,0,0,caa07d6689090a7aad2d3a35b0a554d38a0271801636901e4b47dcf07f26f2c2,2025-03-21T18:31:13.540000
+CVE-2024-58036,1,1,2e1abe2cd2a6dc36220512c15ced5ba3de7a3d682675393f6744123f53afab83,2025-04-05T16:15:33.317000
 CVE-2024-5804,0,0,2f00fd3e9947e9e26596c3d44370745abf63c8732a08c44c5ab0acfd9a8ea957,2024-11-21T09:48:21.677000
 CVE-2024-58042,0,0,6046ecd911da87251e1a69d7019bf86f8d3890f32138388a40753ddbad8db745,2025-03-05T14:57:22.013000
 CVE-2024-58043,0,0,2a2b5c147e8b5dbe0aae45b137efcf98e8486df096d1323cad14ac53eb7e554b,2025-03-04T18:38:11.320000
@ -287585,7 +287589,7 @@ CVE-2025-30372,0,0,e366784170fd69403c95573e66e81140f6ab7eebcee57a3b740e41f187b2c
 CVE-2025-3038,0,0,22534a6e99d8435c0e3640274e43279290c0824de864795a486909ffa65e03da,2025-04-01T20:26:11.547000
 CVE-2025-3039,0,0,8412b53044798e7429c2f1e43b2eaff144fc88ee266808028d00fb7035e9ff90,2025-04-01T20:26:11.547000
 CVE-2025-3040,0,0,274892af91b4ed207c6fb8d845fb283c63d995b076d284b90cfd8062dbb59a9e,2025-04-01T20:26:11.547000
-CVE-2025-30401,1,1,f25a771fa21204449b7a774ac3670c9d2ca90a5c0259e011caafd471e950289a,2025-04-05T12:15:14.540000
+CVE-2025-30401,0,0,f25a771fa21204449b7a774ac3670c9d2ca90a5c0259e011caafd471e950289a,2025-04-05T12:15:14.540000
 CVE-2025-30406,0,0,5a48163112e03d0f2934ffc4ab32df898c45bdaae108cd7b2a52fde7e5d585c4,2025-04-04T02:15:18.300000
 CVE-2025-30407,0,0,5398c42f506ff0cf746668f38c343a54dfb5c3e8151c8cfb451ea4e82909416d,2025-03-27T16:45:27.850000
 CVE-2025-3041,0,0,d9fe1e53f2cdd91c8975c5476eceec361ea81e0c3d05a42ad90016292a4f1e02,2025-04-01T20:26:11.547000