[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Sep 8 21:12:38 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2a179b27 by security tracker role at 2024-09-08T20:12:32+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2024-8579 (A vulnerability classified as critical has been found in TOTOLINK AC12 ...)
+	TODO: check
+CVE-2024-8578 (A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. ...)
+	TODO: check
+CVE-2024-8577 (A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu ...)
+	TODO: check
+CVE-2024-8576 (A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu ...)
+	TODO: check
+CVE-2024-8575 (A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220  ...)
+	TODO: check
+CVE-2024-8574 (A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B2023 ...)
+	TODO: check
+CVE-2024-8573 (A vulnerability, which was classified as critical, was found in TOTOLI ...)
+	TODO: check
+CVE-2024-42343 (Loway - CWE-204: Observable Response Discrepancy)
+	TODO: check
+CVE-2024-42342 (Loway -  CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP  ...)
+	TODO: check
+CVE-2024-42341 (Loway - CWE-601: URL Redirection to Untrusted Site ('Open Redirect'))
+	TODO: check
 CVE-2024-8572 (A vulnerability was found in Gouniverse GoLang CMS 1.4.0. It has been  ...)
 	NOT-FOR-US: Gouniverse GoLang CMS
 CVE-2024-8571 (A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a ...)
@@ -996,7 +1016,7 @@ CVE-2024-8385 (A difference in the handling of StructFields and ArrayTypes in WA
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8385
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8385
 CVE-2024-8384 (The JavaScript garbage collector could mis-color cross-compartment obj ...)
-	{DSA-5765-1 DLA-3869-1}
+	{DSA-5767-1 DSA-5765-1 DLA-3869-1}
 	- firefox 130.0-1
 	- firefox-esr 115.15.0esr-1
 	- thunderbird <unfixed>
@@ -1005,13 +1025,13 @@ CVE-2024-8384 (The JavaScript garbage collector could mis-color cross-compartmen
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8384
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-44/#CVE-2024-8384
 CVE-2024-8383 (Firefox normally asks for confirmation before asking the operating sys ...)
-	{DSA-5765-1 DLA-3869-1}
+	{DSA-5767-1 DSA-5765-1 DLA-3869-1}
 	- firefox 130.0-1
 	- firefox-esr 115.15.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8383
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/#CVE-2024-8383
 CVE-2024-8382 (Internal browser event interfaces were exposed to web content when pri ...)
-	{DSA-5765-1 DLA-3869-1}
+	{DSA-5767-1 DSA-5765-1 DLA-3869-1}
 	- firefox 130.0-1
 	- firefox-esr 115.15.0esr-1
 	- thunderbird <unfixed>
@@ -1020,7 +1040,7 @@ CVE-2024-8382 (Internal browser event interfaces were exposed to web content whe
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8382
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-44/#CVE-2024-8382
 CVE-2024-8381 (A potentially exploitable type confusion could be triggered when looki ...)
-	{DSA-5765-1 DLA-3869-1}
+	{DSA-5767-1 DSA-5765-1 DLA-3869-1}
 	- firefox 130.0-1
 	- firefox-esr 115.15.0esr-1
 	- thunderbird <unfixed>
@@ -3936,7 +3956,8 @@ CVE-2024-42336 (Servision - CWE-287: Improper Authentication)
 	NOT-FOR-US: Servision
 CVE-2024-42335 (7Twenty - CWE-79: Improper Neutralization of Input During Web Page Gen ...)
 	NOT-FOR-US: 7Twenty
-CVE-2024-42334 (Hargal - CWE-284: Improper Access Control)
+CVE-2024-42334
+	REJECTED
 	NOT-FOR-US: Hargal
 CVE-2024-42006 (Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure.)
 	NOT-FOR-US: Keyfactor AWS Orchestrator



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a179b27885e7e91d8877f52e1f1e4cef46090e6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a179b27885e7e91d8877f52e1f1e4cef46090e6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240908/d6b6ad92/attachment.htm>

More information about the debian-security-tracker-commits mailing list