-
Notifications
You must be signed in to change notification settings - Fork 37
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
4b22b8f
commit 6ba9c6e
Showing
10 changed files
with
395 additions
and
1 deletion.
There are no files selected for viewing
42 changes: 42 additions & 0 deletions
42
docs/docs-content/security-bulletins/reports/cve-2021-46848.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| --- | ||
| sidebar_label: "CVE-2021-46848" | ||
| title: "CVE-2021-46848" | ||
| description: "Lifecycle of CVE-2021-46848" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2021-46848](https://nvd.nist.gov/vuln/detail/CVE-2021-46848) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 9/5/24 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| This is a vulnerability reported in GNU Libtasn1 before version 4.19.0, a library used to manage the ASN.1 data structure. This vulnerability is caused by an off-by-one array size check issue, leading to an out-of-bounds read. Impacting systems using GNU Libtasn1 before 4.19.0. Waiting on an upstream fix. | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [9.1](https://nvd.nist.gov/vuln/detail/CVE-2021-46848) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.14 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 09/05/2024 Initial Publication | ||
| - 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products |
44 changes: 44 additions & 0 deletions
44
docs/docs-content/security-bulletins/reports/cve-2024-0760.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| --- | ||
| sidebar_label: "CVE-2024-0760" | ||
| title: "CVE-2024-0760" | ||
| description: "Lifecycle of CVE-2024-0760" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2024-0760](https://nvd.nist.gov/vuln/detail/CVE-2024-0760) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 9/5/24 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1. | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after | ||
| the attack ceases. In order to exploit this vulnerability, image in which this cve is reported has to be compromised and hacker has to gain privileged access. There | ||
| are sufficient controls in place to consider the probability of occurrence as low. There is a fix available upstream and we are investigating upgrading to the fixed version. | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-0760) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.14 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 09/05/2024 Initial Publication | ||
| - 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products |
45 changes: 45 additions & 0 deletions
45
docs/docs-content/security-bulletins/reports/cve-2024-1737.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| --- | ||
| sidebar_label: "CVE-2024-1737" | ||
| title: "CVE-2024-1737" | ||
| description: "Lifecycle of CVE-2024-1737" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2024-1737](https://nvd.nist.gov/vuln/detail/CVE-2024-1737) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 9/5/24 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1. | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| This vulnerability can be exploited if resolver caches and authoritative zone databases hold significant numbers of RRs for the same hostname (of any RTYPE). Services will | ||
| suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. In order to exploit this vulenerability, image in | ||
| which this cve is reported has to be compromised and hacker has to gain privileged access. There are sufficient controls in place to consider the probability of occurence as | ||
| low. There is a fix available upstream and we are investigating upgrading to the fixed version. | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-1737) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.14 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 09/05/2024 Initial Publication | ||
| - 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products |
44 changes: 44 additions & 0 deletions
44
docs/docs-content/security-bulletins/reports/cve-2024-1975.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| --- | ||
| sidebar_label: "CVE-2024-1975" | ||
| title: "CVE-2024-1975" | ||
| description: "Lifecycle of CVE-2024-1975" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2024-1975](https://nvd.nist.gov/vuln/detail/CVE-2024-1975) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 9/5/24 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1. | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| This vulnerability can be exploited by a client only if a server hosts a zone containing a “KEY” Resource Record, or a resolver DNSSEC-validates a “KEY” Resource | ||
| Record from a DNSSEC-signed domain in cache. In order to exploit this vulenerability, image in which this cve is reported has to be compromised and hacker has to | ||
| gain privileged access. There are sufficient controls in place to consider the probability of occurence as low. There is a fix available upstream and we are investigating upgrading to the fixed version. | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-1975) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.14 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 09/05/2024 Initial Publication | ||
| - 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products |
42 changes: 42 additions & 0 deletions
42
docs/docs-content/security-bulletins/reports/cve-2024-45490.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| --- | ||
| sidebar_label: "CVE-2024-45490" | ||
| title: "CVE-2024-45490" | ||
| description: "Lifecycle of CVE-2024-45490" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2024-45490](https://nvd.nist.gov/vuln/detail/CVE-2024-45490) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 9/5/24 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| Our official summary coming soon. | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [9.8](https://nvd.nist.gov/vuln/detail/CVE-2024-45490) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.14 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 09/05/2024 Initial Publication | ||
| - 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products |
42 changes: 42 additions & 0 deletions
42
docs/docs-content/security-bulletins/reports/cve-2024-45491.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| --- | ||
| sidebar_label: "CVE-2024-45491" | ||
| title: "CVE-2024-45491" | ||
| description: "Lifecycle of CVE-2024-45491" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2024-45491](https://nvd.nist.gov/vuln/detail/CVE-2024-45491) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 9/5/24 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| Our official summary coming soon. | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [9.8](https://nvd.nist.gov/vuln/detail/CVE-2024-45491) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.14 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 09/05/2024 Initial Publication | ||
| - 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products |
42 changes: 42 additions & 0 deletions
42
docs/docs-content/security-bulletins/reports/cve-2024-45492.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| --- | ||
| sidebar_label: "CVE-2024-45492" | ||
| title: "CVE-2024-45492" | ||
| description: "Lifecycle of CVE-2024-45492" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2024-45492](https://nvd.nist.gov/vuln/detail/CVE-2024-45492) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 9/5/24 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| Our official summary coming soon. | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [9.8](https://nvd.nist.gov/vuln/detail/CVE-2024-45492) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.14 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 09/05/2024 Initial Publication | ||
| - 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products |
42 changes: 42 additions & 0 deletions
42
docs/docs-content/security-bulletins/reports/cve-2024-6232.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| --- | ||
| sidebar_label: "CVE-2024-6232" | ||
| title: "CVE-2024-6232" | ||
| description: "Lifecycle of CVE-2024-6232" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2024-6232](https://nvd.nist.gov/vuln/detail/CVE-2024-6232) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 9/5/24 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| Our official summary coming soon. | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-6232) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.14 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 09/05/2024 Initial Publication | ||
| - 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products |
Oops, something went wrong.