-
Notifications
You must be signed in to change notification settings - Fork 37
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* 9-5-24 cve updates * ci: auto-formatting prettier issues --------- Co-authored-by: frederickjoi <[email protected]> Co-authored-by: Karl Cardenas <[email protected]>
- Loading branch information
3 people
authored
Sep 5, 2024
1 parent
37efadc
commit 75533c6
Showing
10 changed files
with
417 additions
and
0 deletions.
There are no files selected for viewing
44 changes: 44 additions & 0 deletions
44
docs/docs-content/security-bulletins/reports/cve-2021-46848.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| --- | ||
| sidebar_label: "CVE-2021-46848" | ||
| title: "CVE-2021-46848" | ||
| description: "Lifecycle of CVE-2021-46848" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2021-46848](https://nvd.nist.gov/vuln/detail/CVE-2021-46848) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 9/5/24 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| This is a vulnerability reported in GNU Libtasn1 before version 4.19.0, a library used to manage the ASN.1 data | ||
| structure. This vulnerability is caused by an off-by-one array size check issue, leading to an out-of-bounds read. | ||
| Impacting systems using GNU Libtasn1 before 4.19.0. Waiting on an upstream fix. | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [9.1](https://nvd.nist.gov/vuln/detail/CVE-2021-46848) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.14 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 09/05/2024 Initial Publication | ||
| - 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products |
48 changes: 48 additions & 0 deletions
48
docs/docs-content/security-bulletins/reports/cve-2024-0760.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
| --- | ||
| sidebar_label: "CVE-2024-0760" | ||
| title: "CVE-2024-0760" | ||
| description: "Lifecycle of CVE-2024-0760" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2024-0760](https://nvd.nist.gov/vuln/detail/CVE-2024-0760) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 9/5/24 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the | ||
| attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This | ||
| issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1. | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the | ||
| attack is in progress. The server may recover after the attack ceases. In order to exploit this vulnerability, image in | ||
| which this cve is reported has to be compromised and hacker has to gain privileged access. There are sufficient controls | ||
| in place to consider the probability of occurrence as low. There is a fix available upstream and we are investigating | ||
| upgrading to the fixed version. | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-0760) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.14 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 09/05/2024 Initial Publication | ||
| - 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products |
51 changes: 51 additions & 0 deletions
51
docs/docs-content/security-bulletins/reports/cve-2024-1737.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| --- | ||
| sidebar_label: "CVE-2024-1737" | ||
| title: "CVE-2024-1737" | ||
| description: "Lifecycle of CVE-2024-1737" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2024-1737](https://nvd.nist.gov/vuln/detail/CVE-2024-1737) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 9/5/24 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any | ||
| RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries | ||
| for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through | ||
| 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through | ||
| 9.18.27-S1. | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| This vulnerability can be exploited if resolver caches and authoritative zone databases hold significant numbers of RRs | ||
| for the same hostname (of any RTYPE). Services will suffer from degraded performance as content is being added or | ||
| updated, and also when handling client queries for this name. In order to exploit this vulenerability, image in which | ||
| this cve is reported has to be compromised and hacker has to gain privileged access. There are sufficient controls in | ||
| place to consider the probability of occurence as low. There is a fix available upstream and we are investigating | ||
| upgrading to the fixed version. | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-1737) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.14 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 09/05/2024 Initial Publication | ||
| - 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products |
49 changes: 49 additions & 0 deletions
49
docs/docs-content/security-bulletins/reports/cve-2024-1975.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| --- | ||
| sidebar_label: "CVE-2024-1975" | ||
| title: "CVE-2024-1975" | ||
| description: "Lifecycle of CVE-2024-1975" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2024-1975](https://nvd.nist.gov/vuln/detail/CVE-2024-1975) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 9/5/24 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from | ||
| a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed | ||
| requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, | ||
| 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1. | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| This vulnerability can be exploited by a client only if a server hosts a zone containing a “KEY” Resource Record, or a | ||
| resolver DNSSEC-validates a “KEY” Resource Record from a DNSSEC-signed domain in cache. In order to exploit this | ||
| vulenerability, image in which this cve is reported has to be compromised and hacker has to gain privileged access. | ||
| There are sufficient controls in place to consider the probability of occurence as low. There is a fix available | ||
| upstream and we are investigating upgrading to the fixed version. | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-1975) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.14 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 09/05/2024 Initial Publication | ||
| - 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products |
42 changes: 42 additions & 0 deletions
42
docs/docs-content/security-bulletins/reports/cve-2024-45490.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| --- | ||
| sidebar_label: "CVE-2024-45490" | ||
| title: "CVE-2024-45490" | ||
| description: "Lifecycle of CVE-2024-45490" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2024-45490](https://nvd.nist.gov/vuln/detail/CVE-2024-45490) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 9/5/24 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| Our official summary coming soon. | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [9.8](https://nvd.nist.gov/vuln/detail/CVE-2024-45490) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.14 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 09/05/2024 Initial Publication | ||
| - 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products |
43 changes: 43 additions & 0 deletions
43
docs/docs-content/security-bulletins/reports/cve-2024-45491.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| --- | ||
| sidebar_label: "CVE-2024-45491" | ||
| title: "CVE-2024-45491" | ||
| description: "Lifecycle of CVE-2024-45491" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2024-45491](https://nvd.nist.gov/vuln/detail/CVE-2024-45491) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 9/5/24 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on | ||
| 32-bit platforms (where UINT_MAX equals SIZE_MAX). | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| Our official summary coming soon. | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [9.8](https://nvd.nist.gov/vuln/detail/CVE-2024-45491) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.14 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 09/05/2024 Initial Publication | ||
| - 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products |
43 changes: 43 additions & 0 deletions
43
docs/docs-content/security-bulletins/reports/cve-2024-45492.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| --- | ||
| sidebar_label: "CVE-2024-45492" | ||
| title: "CVE-2024-45492" | ||
| description: "Lifecycle of CVE-2024-45492" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2024-45492](https://nvd.nist.gov/vuln/detail/CVE-2024-45492) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 9/5/24 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for | ||
| m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| Our official summary coming soon. | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [9.8](https://nvd.nist.gov/vuln/detail/CVE-2024-45492) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.14 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 09/05/2024 Initial Publication | ||
| - 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products |
43 changes: 43 additions & 0 deletions
43
docs/docs-content/security-bulletins/reports/cve-2024-6232.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| --- | ||
| sidebar_label: "CVE-2024-6232" | ||
| title: "CVE-2024-6232" | ||
| description: "Lifecycle of CVE-2024-6232" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2024-6232](https://nvd.nist.gov/vuln/detail/CVE-2024-6232) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 9/5/24 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking | ||
| during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| Our official summary coming soon. | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-6232) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.14 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 09/05/2024 Initial Publication | ||
| - 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products |
Oops, something went wrong.