From a1a83e1877e5093026772eb5f24662768e478067 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?NVD=20mirror=20update=20=F0=9F=A4=96?= Date: Thu, 2 Jan 2025 06:47:21 +0000 Subject: [PATCH] =?UTF-8?q?=F0=9F=A4=96=20NVD=20update=20at=202025-01-02T0?= =?UTF-8?q?6:47:21+0000?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- 2002/CVE-2002-20002.json | 64 ++++++++++++++++++++++++++++++++++++++++ 2024/CVE-2024-11184.json | 21 +++++++++++++ 2024/CVE-2024-11357.json | 21 +++++++++++++ 2024/CVE-2024-12595.json | 21 +++++++++++++ 2024/CVE-2024-56830.json | 60 +++++++++++++++++++++++++++++++++++++ 5 files changed, 187 insertions(+) create mode 100644 2002/CVE-2002-20002.json create mode 100644 2024/CVE-2024-11184.json create mode 100644 2024/CVE-2024-11357.json create mode 100644 2024/CVE-2024-12595.json create mode 100644 2024/CVE-2024-56830.json diff --git a/2002/CVE-2002-20002.json b/2002/CVE-2002-20002.json new file mode 100644 index 00000000000..620fe356c9d --- /dev/null +++ b/2002/CVE-2002-20002.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2002-20002", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-02T05:15:06.430", + "lastModified": "2025-01-02T05:15:06.430", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a strong random number generator, for cryptographic keys." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-338" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/briandfoy/cpan-security-advisory/issues/184", + "source": "cve@mitre.org" + }, + { + "url": "https://metacpan.org/release/MNAGUIB/EasyTCP-0.15/view/EasyTCP.pm", + "source": "cve@mitre.org" + }, + { + "url": "https://metacpan.org/release/MNAGUIB/EasyTCP-0.26/changes", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-11184.json b/2024/CVE-2024-11184.json new file mode 100644 index 00000000000..51ae6d7e275 --- /dev/null +++ b/2024/CVE-2024-11184.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-11184", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-01-02T06:15:06.697", + "lastModified": "2025-01-02T06:15:06.697", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The wp-enable-svg WordPress plugin through 0.7 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/fc982bcb-9974-481f-aef4-580ae9edc3c8/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-11357.json b/2024/CVE-2024-11357.json new file mode 100644 index 00000000000..4484262bf9d --- /dev/null +++ b/2024/CVE-2024-11357.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-11357", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-01-02T06:15:07.887", + "lastModified": "2025-01-02T06:15:07.887", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The goodlayers-core WordPress plugin before 2.0.10 does not sanitise and escape some of its settings, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/7e8c6816-9b7a-43e8-9508-789c8051dd9b/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-12595.json b/2024/CVE-2024-12595.json new file mode 100644 index 00000000000..2c55eeb107c --- /dev/null +++ b/2024/CVE-2024-12595.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-12595", + "sourceIdentifier": "contact@wpscan.com", + "published": "2025-01-02T06:15:07.983", + "lastModified": "2025-01-02T06:15:07.983", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The AHAthat Plugin WordPress plugin through 1.6 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/7a506438-3106-477f-816d-b9b116ec8555/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-56830.json b/2024/CVE-2024-56830.json new file mode 100644 index 00000000000..f6847ff8e46 --- /dev/null +++ b/2024/CVE-2024-56830.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-56830", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-02T05:15:07.967", + "lastModified": "2025-01-02T05:15:07.967", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong randomization module is present." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-338" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/briandfoy/cpan-security-advisory/issues/184", + "source": "cve@mitre.org" + }, + { + "url": "https://metacpan.org/release/MNAGUIB/EasyTCP-0.26/changes", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file