[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 08 Sep 2024 13:12:53 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2a179b27 by security tracker role at 2024-09-08T20:12:32+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2024-8579 (A vulnerability classified as critical has been found in 
TOTOLINK AC12 ...)
+       TODO: check
+CVE-2024-8578 (A vulnerability was found in TOTOLINK AC1200 T8 
4.1.5cu.861_B20230220. ...)
+       TODO: check
+CVE-2024-8577 (A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 
4.1.5cu ...)
+       TODO: check
+CVE-2024-8576 (A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 
4.1.5cu ...)
+       TODO: check
+CVE-2024-8575 (A vulnerability was found in TOTOLINK AC1200 T8 
4.1.5cu.861_B20230220  ...)
+       TODO: check
+CVE-2024-8574 (A vulnerability has been found in TOTOLINK AC1200 T8 
4.1.5cu.861_B2023 ...)
+       TODO: check
+CVE-2024-8573 (A vulnerability, which was classified as critical, was found in 
TOTOLI ...)
+       TODO: check
+CVE-2024-42343 (Loway - CWE-204: Observable Response Discrepancy)
+       TODO: check
+CVE-2024-42342 (Loway -  CWE-444: Inconsistent Interpretation of HTTP Requests 
('HTTP  ...)
+       TODO: check
+CVE-2024-42341 (Loway - CWE-601: URL Redirection to Untrusted Site ('Open 
Redirect'))
+       TODO: check
 CVE-2024-8572 (A vulnerability was found in Gouniverse GoLang CMS 1.4.0. It 
has been  ...)
        NOT-FOR-US: Gouniverse GoLang CMS
 CVE-2024-8571 (A vulnerability was found in erjemin roll_cms up to 
1484fe2c4e0805946a ...)
@@ -996,7 +1016,7 @@ CVE-2024-8385 (A difference in the handling of 
StructFields and ArrayTypes in WA
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8385
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8385
 CVE-2024-8384 (The JavaScript garbage collector could mis-color 
cross-compartment obj ...)
-       {DSA-5765-1 DLA-3869-1}
+       {DSA-5767-1 DSA-5765-1 DLA-3869-1}
        - firefox 130.0-1
        - firefox-esr 115.15.0esr-1
        - thunderbird <unfixed>
@@ -1005,13 +1025,13 @@ CVE-2024-8384 (The JavaScript garbage collector could 
mis-color cross-compartmen
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8384
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-44/#CVE-2024-8384
 CVE-2024-8383 (Firefox normally asks for confirmation before asking the 
operating sys ...)
-       {DSA-5765-1 DLA-3869-1}
+       {DSA-5767-1 DSA-5765-1 DLA-3869-1}
        - firefox 130.0-1
        - firefox-esr 115.15.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8383
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/#CVE-2024-8383
 CVE-2024-8382 (Internal browser event interfaces were exposed to web content 
when pri ...)
-       {DSA-5765-1 DLA-3869-1}
+       {DSA-5767-1 DSA-5765-1 DLA-3869-1}
        - firefox 130.0-1
        - firefox-esr 115.15.0esr-1
        - thunderbird <unfixed>
@@ -1020,7 +1040,7 @@ CVE-2024-8382 (Internal browser event interfaces were 
exposed to web content whe
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8382
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-44/#CVE-2024-8382
 CVE-2024-8381 (A potentially exploitable type confusion could be triggered 
when looki ...)
-       {DSA-5765-1 DLA-3869-1}
+       {DSA-5767-1 DSA-5765-1 DLA-3869-1}
        - firefox 130.0-1
        - firefox-esr 115.15.0esr-1
        - thunderbird <unfixed>
@@ -3936,7 +3956,8 @@ CVE-2024-42336 (Servision - CWE-287: Improper 
Authentication)
        NOT-FOR-US: Servision
 CVE-2024-42335 (7Twenty - CWE-79: Improper Neutralization of Input During Web 
Page Gen ...)
        NOT-FOR-US: 7Twenty
-CVE-2024-42334 (Hargal - CWE-284: Improper Access Control)
+CVE-2024-42334
+       REJECTED
        NOT-FOR-US: Hargal
 CVE-2024-42006 (Keyfactor AWS Orchestrator through 2.0 allows Information 
Disclosure.)
        NOT-FOR-US: Keyfactor AWS Orchestrator



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a179b27885e7e91d8877f52e1f1e4cef46090e6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a179b27885e7e91d8877f52e1f1e4cef46090e6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to