From da67d2900bc4c6d04a2086565c6ebbe22755c959 Mon Sep 17 00:00:00 2001 From: "vault-token-factory-spectrocloud[bot]" <133815545+vault-token-factory-spectrocloud[bot]@users.noreply.github.com> Date: Wed, 16 Oct 2024 00:20:40 +0000 Subject: [PATCH] docs: 10-14-24 cve updates (#4280) (#4291) * 10-14-24 cve updates * ci: auto-formatting prettier issues * chore: fix redirect --------- Co-authored-by: frederickjoi Co-authored-by: Karl Cardenas (cherry picked from commit 36ebec52f8a5a838e665aab737f6f4b16fb7324b) Co-authored-by: frederickjoi <153292280+frederickjoi@users.noreply.github.com> --- .../reports/cve-2005-2541.md | 9 +- .../reports/cve-2011-4116.md | 43 +++++ .../reports/cve-2012-2663.md | 13 +- .../reports/cve-2015-20107.md | 6 +- .../reports/cve-2015-8855.md | 5 +- .../reports/cve-2016-1585.md | 6 +- .../reports/cve-2016-20013.md | 13 +- .../reports/cve-2017-11164.md | 13 +- .../reports/cve-2018-20225.md | 6 +- .../reports/cve-2018-20657.md | 13 +- .../reports/cve-2018-20796.md | 13 +- .../reports/cve-2018-20839.md | 13 +- .../reports/cve-2018-6829.md | 46 +++++ .../reports/cve-2019-1010022.md | 13 +- .../reports/cve-2019-12900.md | 13 +- .../reports/cve-2019-17543.md | 7 +- .../reports/cve-2019-19244.md | 5 +- .../reports/cve-2019-19882.md | 50 +++++ .../reports/cve-2019-9192.md | 13 +- .../reports/cve-2019-9674.md | 6 +- .../reports/cve-2019-9923.md | 6 +- .../reports/cve-2019-9936.md | 9 +- .../reports/cve-2019-9937.md | 9 +- .../reports/cve-2020-35512.md | 6 +- .../reports/cve-2020-36325.md | 13 +- .../reports/cve-2021-3737.md | 6 +- .../reports/cve-2021-39537.md | 13 +- .../reports/cve-2021-42694.md | 13 +- .../reports/cve-2021-46848.md | 13 +- .../reports/cve-2022-0391.md | 8 +- .../reports/cve-2022-23990.md | 6 +- .../reports/cve-2022-25883.md | 6 +- .../reports/cve-2022-27664.md | 44 +++++ .../reports/cve-2022-28357.md | 6 +- .../reports/cve-2022-28948.md | 8 +- .../reports/cve-2022-32190.md | 45 +++++ .../reports/cve-2022-3996.md | 48 +++++ .../reports/cve-2022-41409.md | 13 +- .../reports/cve-2022-41715.md | 47 +++++ .../reports/cve-2022-41723.md | 13 +- .../reports/cve-2022-41724.md | 9 +- .../reports/cve-2022-41725.md | 9 +- .../reports/cve-2022-4450.md | 55 ++++++ .../reports/cve-2022-45061.md | 4 +- .../reports/cve-2022-48560.md | 6 +- .../reports/cve-2022-48565.md | 6 +- .../reports/cve-2022-4899.md | 13 +- .../reports/cve-2023-0215.md | 55 ++++++ .../reports/cve-2023-0216.md | 46 +++++ .../reports/cve-2023-0217.md | 47 +++++ .../reports/cve-2023-0286.md | 52 ++++++ .../reports/cve-2023-0401.md | 50 +++++ .../reports/cve-2023-0464.md | 13 +- .../reports/cve-2023-24329.md | 6 +- .../reports/cve-2023-24534.md | 9 +- .../reports/cve-2023-24536.md | 9 +- .../reports/cve-2023-24537.md | 6 +- .../reports/cve-2023-24538.md | 6 +- .../reports/cve-2023-24539.md | 6 +- .../reports/cve-2023-24540.md | 6 +- .../reports/cve-2023-26604.md | 12 +- .../reports/cve-2023-27534.md | 7 +- .../reports/cve-2023-29400.md | 6 +- .../reports/cve-2023-29403.md | 9 +- .../reports/cve-2023-29499.md | 7 +- .../reports/cve-2023-31484.md | 43 +++++ .../reports/cve-2023-31486.md | 44 +++++ .../reports/cve-2023-32636.md | 7 +- .../reports/cve-2023-36632.md | 49 +++++ .../reports/cve-2023-37920.md | 13 +- .../reports/cve-2023-39325.md | 13 +- .../reports/cve-2023-4156.md | 7 +- .../reports/cve-2023-44487.md | 5 +- .../reports/cve-2023-45142.md | 10 +- .../reports/cve-2023-45287.md | 9 +- .../reports/cve-2023-45853.md | 46 +++++ .../reports/cve-2023-47108.md | 13 +- .../reports/cve-2023-4807.md | 62 +++++++ .../reports/cve-2023-4911.md | 45 +++++ .../reports/cve-2023-49569.md | 4 +- .../reports/cve-2023-52356.md | 8 +- .../reports/cve-2023-5363.md | 61 ++++++ .../reports/cve-2023-6246.md | 46 +++++ .../reports/cve-2023-6779.md | 46 +++++ .../reports/cve-2024-0743.md | 8 +- .../reports/cve-2024-0760.md | 12 +- .../reports/cve-2024-1737.md | 12 +- .../reports/cve-2024-1975.md | 12 +- .../reports/cve-2024-21626.md | 13 +- .../reports/cve-2024-24790.md | 9 +- .../reports/cve-2024-32002.md | 6 +- .../reports/cve-2024-35325.md | 4 +- .../reports/cve-2024-3651.md | 8 +- .../reports/cve-2024-37370.md | 13 +- .../reports/cve-2024-37371.md | 13 +- .../reports/cve-2024-38428.md | 10 +- .../reports/cve-2024-45490.md | 13 +- .../reports/cve-2024-45491.md | 13 +- .../reports/cve-2024-45492.md | 13 +- .../reports/cve-2024-6197.md | 8 +- .../reports/cve-2024-6232.md | 15 +- .../reports/cve-2024-7006.md | 45 +++++ .../reports/cve-2024-7592.md | 15 +- .../reports/ghsa-74fp-r6jw-h4mp.md | 15 +- .../reports/ghsa-m425-mq94-257g.md | 14 +- .../security-bulletins/reports/reports.md | 174 +++++++++++++++++- redirects.js | 3 - 107 files changed, 1749 insertions(+), 322 deletions(-) create mode 100644 docs/docs-content/security-bulletins/reports/cve-2011-4116.md create mode 100644 docs/docs-content/security-bulletins/reports/cve-2018-6829.md create mode 100644 docs/docs-content/security-bulletins/reports/cve-2019-19882.md create mode 100644 docs/docs-content/security-bulletins/reports/cve-2022-27664.md create mode 100644 docs/docs-content/security-bulletins/reports/cve-2022-32190.md create mode 100644 docs/docs-content/security-bulletins/reports/cve-2022-3996.md create mode 100644 docs/docs-content/security-bulletins/reports/cve-2022-41715.md create mode 100644 docs/docs-content/security-bulletins/reports/cve-2022-4450.md create mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-0215.md create mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-0216.md create mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-0217.md create mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-0286.md create mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-0401.md create mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-31484.md create mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-31486.md create mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-36632.md create mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-45853.md create mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-4807.md create mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-4911.md create mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-5363.md create mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-6246.md create mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-6779.md create mode 100644 docs/docs-content/security-bulletins/reports/cve-2024-7006.md diff --git a/docs/docs-content/security-bulletins/reports/cve-2005-2541.md b/docs/docs-content/security-bulletins/reports/cve-2005-2541.md index 751e3aa96f..150b5be20c 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2005-2541.md +++ b/docs/docs-content/security-bulletins/reports/cve-2005-2541.md @@ -35,10 +35,13 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14 +- Palette VerteX airgap 4.4.14 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/25/2024 CVE remediated in Palette VerteX 4.4.18 +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/25/2024 CVE remediated in Palette VerteX airgap 4.4.18 +- 4.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2011-4116.md b/docs/docs-content/security-bulletins/reports/cve-2011-4116.md new file mode 100644 index 0000000000..40f595ba4b --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2011-4116.md @@ -0,0 +1,43 @@ +--- +sidebar_label: "CVE-2011-4116" +title: "CVE-2011-4116" +description: "Lifecycle of CVE-2011-4116" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2011-4116](https://nvd.nist.gov/vuln/detail/CVE-2011-4116) + +## Last Update + +10/14/24 + +## NIST CVE Summary + +\_is_safe in the File::Temp module for Perl does not properly handle symlinks. + +## Our Official Summary + +Investigation is ongoing to determine how this vulnerability affects our products. + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2011-4116) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 + +## Revision History + +- 1.0 10/14/24 Initial Publication +- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2012-2663.md b/docs/docs-content/security-bulletins/reports/cve-2012-2663.md index c71ba3aeac..69d362cdef 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2012-2663.md +++ b/docs/docs-content/security-bulletins/reports/cve-2012-2663.md @@ -37,12 +37,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2015-20107.md b/docs/docs-content/security-bulletins/reports/cve-2015-20107.md index bc4e43d9e8..966c10a0d7 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2015-20107.md +++ b/docs/docs-content/security-bulletins/reports/cve-2015-20107.md @@ -37,10 +37,10 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14 +- Palette VerteX airgap 4.4.14 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products -- 3.0 09/25/2024 CVE remediated in Palette VerteX 4.4.18 +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/25/2024 CVE remediated in Palette VerteX airgap 4.4.18 diff --git a/docs/docs-content/security-bulletins/reports/cve-2015-8855.md b/docs/docs-content/security-bulletins/reports/cve-2015-8855.md index d48172d413..82ecbed751 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2015-8855.md +++ b/docs/docs-content/security-bulletins/reports/cve-2015-8855.md @@ -36,9 +36,10 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.11 +- Palette VerteX airgap 4.4.11 ## Revision History - 1.0 07/31/2024 Initial Publication -- 2.0 08/17/2024 Remediated in Palette VerteX 4.4.14 -- 3.0 09/25/2024 Remediated in Palette VerteX 4.4.18 +- 2.0 08/17/2024 Remediated in Palette VerteX airgap 4.4.14 +- 3.0 09/25/2024 Remediated in Palette VerteX airgap 4.4.18 diff --git a/docs/docs-content/security-bulletins/reports/cve-2016-1585.md b/docs/docs-content/security-bulletins/reports/cve-2016-1585.md index 574082736a..b7e526bd04 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2016-1585.md +++ b/docs/docs-content/security-bulletins/reports/cve-2016-1585.md @@ -34,10 +34,10 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14 +- Palette VerteX airgap 4.4.14 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/25/2024 CVE remediated in Palette VerteX 4.4.18 +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/25/2024 CVE remediated in Palette VerteX airgap 4.4.18 diff --git a/docs/docs-content/security-bulletins/reports/cve-2016-20013.md b/docs/docs-content/security-bulletins/reports/cve-2016-20013.md index c070aa4613..f225e82545 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2016-20013.md +++ b/docs/docs-content/security-bulletins/reports/cve-2016-20013.md @@ -35,12 +35,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2017-11164.md b/docs/docs-content/security-bulletins/reports/cve-2017-11164.md index 94eae50c0f..8268269c85 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2017-11164.md +++ b/docs/docs-content/security-bulletins/reports/cve-2017-11164.md @@ -35,12 +35,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2018-20225.md b/docs/docs-content/security-bulletins/reports/cve-2018-20225.md index b19d1ce9c5..92443dab4e 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2018-20225.md +++ b/docs/docs-content/security-bulletins/reports/cve-2018-20225.md @@ -38,10 +38,10 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14 +- Palette VerteX airgap 4.4.14 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/25/2024 CVE remediated in Palette VerteX 4.4.18 +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/25/2024 CVE remediated in Palette VerteX airgap 4.4.18 diff --git a/docs/docs-content/security-bulletins/reports/cve-2018-20657.md b/docs/docs-content/security-bulletins/reports/cve-2018-20657.md index d30c94ec94..1a919e165c 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2018-20657.md +++ b/docs/docs-content/security-bulletins/reports/cve-2018-20657.md @@ -36,12 +36,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2018-20796.md b/docs/docs-content/security-bulletins/reports/cve-2018-20796.md index c228398506..070a0d52da 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2018-20796.md +++ b/docs/docs-content/security-bulletins/reports/cve-2018-20796.md @@ -38,12 +38,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2018-20839.md b/docs/docs-content/security-bulletins/reports/cve-2018-20839.md index 1d32248fea..cd0b281a9b 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2018-20839.md +++ b/docs/docs-content/security-bulletins/reports/cve-2018-20839.md @@ -36,12 +36,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2018-6829.md b/docs/docs-content/security-bulletins/reports/cve-2018-6829.md new file mode 100644 index 0000000000..d499777425 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2018-6829.md @@ -0,0 +1,46 @@ +--- +sidebar_label: "CVE-2018-6829" +title: "CVE-2018-6829" +description: "Lifecycle of CVE-2018-6829" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2018-6829](https://nvd.nist.gov/vuln/detail/CVE-2018-6829) + +## Last Update + +10/14/24 + +## NIST CVE Summary + +Cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, +which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic +security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for +Libgcrypt's ElGamal implementation. + +## Our Official Summary + +Investigation is ongoing to determine how this vulnerability affects our products. + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2018-6829) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 + +## Revision History + +- 1.0 10/14/24 Initial Publication +- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-1010022.md b/docs/docs-content/security-bulletins/reports/cve-2019-1010022.md index 6fbc1904c5..3ca5382f77 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2019-1010022.md +++ b/docs/docs-content/security-bulletins/reports/cve-2019-1010022.md @@ -36,12 +36,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-12900.md b/docs/docs-content/security-bulletins/reports/cve-2019-12900.md index 727b47ddbf..3b637e636b 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2019-12900.md +++ b/docs/docs-content/security-bulletins/reports/cve-2019-12900.md @@ -34,12 +34,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-17543.md b/docs/docs-content/security-bulletins/reports/cve-2019-17543.md index d602a858c1..28c24d7683 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2019-17543.md +++ b/docs/docs-content/security-bulletins/reports/cve-2019-17543.md @@ -36,9 +36,12 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14 +- Palette VerteX airgap 4.4.14 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 10/14/2024 Added Palette VerteX & Palette Enterptise 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-19244.md b/docs/docs-content/security-bulletins/reports/cve-2019-19244.md index bf8ec7c891..7e0aae5d1f 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2019-19244.md +++ b/docs/docs-content/security-bulletins/reports/cve-2019-19244.md @@ -35,10 +35,13 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14 +- Palette VerteX airgap 4.4.14 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication - 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products - 3.0 09/25/2024 CVE remediated in Palette VerteX 4.4.18 +- 4.0 10/14/2024 Added Palette VerteX & Palette Enterptise 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-19882.md b/docs/docs-content/security-bulletins/reports/cve-2019-19882.md new file mode 100644 index 0000000000..c972cfb59b --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2019-19882.md @@ -0,0 +1,50 @@ +--- +sidebar_label: "CVE-2019-19882" +title: "CVE-2019-19882" +description: "Lifecycle of CVE-2019-19882" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2019-19882](https://nvd.nist.gov/vuln/detail/CVE-2019-19882) + +## Last Update + +10/14/24 + +## NIST CVE Summary + +Shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain +root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using +--with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable +for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, +groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root +in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed +(i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version +4.8). + +## Our Official Summary + +Investigation is ongoing to determine how this vulnerability affects our products. + +## CVE Severity + +[7.8](https://nvd.nist.gov/vuln/detail/CVE-2019-19882) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 + +## Revision History + +- 1.0 10/14/24 Initial Publication +- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-9192.md b/docs/docs-content/security-bulletins/reports/cve-2019-9192.md index 3a6eaf64f8..21d874d9d8 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2019-9192.md +++ b/docs/docs-content/security-bulletins/reports/cve-2019-9192.md @@ -39,12 +39,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-9674.md b/docs/docs-content/security-bulletins/reports/cve-2019-9674.md index 8a3317bed5..391a87a7db 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2019-9674.md +++ b/docs/docs-content/security-bulletins/reports/cve-2019-9674.md @@ -35,10 +35,10 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14 +- Palette VerteX airgap 4.4.14 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products -- 3.0 09/25/2024 CVE remediated in Palette VerteX 4.4.18 +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/25/2024 CVE remediated in Palette VerteX airgap 4.4.18 diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-9923.md b/docs/docs-content/security-bulletins/reports/cve-2019-9923.md index 8f5cb2de4c..680637566c 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2019-9923.md +++ b/docs/docs-content/security-bulletins/reports/cve-2019-9923.md @@ -35,10 +35,10 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14 +- Palette VerteX airgap 4.4.14 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/25/2024 CVE remediated in Palette VerteX 4.4.18 +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/25/2024 CVE remediated in Palette VerteX airgap 4.4.18 diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-9936.md b/docs/docs-content/security-bulletins/reports/cve-2019-9936.md index 029d5dbf77..3f0b57419a 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2019-9936.md +++ b/docs/docs-content/security-bulletins/reports/cve-2019-9936.md @@ -35,10 +35,13 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14 +- Palette VerteX airgap 4.4.14 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/25/2024 CVE remediated in Palette VerteX 4.4.18 +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/25/2024 CVE remediated in Palette VerteX airgap 4.4.18 +- 4.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-9937.md b/docs/docs-content/security-bulletins/reports/cve-2019-9937.md index dd7fb669fe..b55ab236fa 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2019-9937.md +++ b/docs/docs-content/security-bulletins/reports/cve-2019-9937.md @@ -35,10 +35,13 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14 +- Palette VerteX airgap 4.4.14 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/25/2024 CVE remediated in Palette VerteX 4.4.18 +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/25/2024 CVE remediated in Palette VerteX airgap 4.4.18 +- 4.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2020-35512.md b/docs/docs-content/security-bulletins/reports/cve-2020-35512.md index 19d22fcc36..bb7a7681d8 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2020-35512.md +++ b/docs/docs-content/security-bulletins/reports/cve-2020-35512.md @@ -37,10 +37,10 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14 +- Palette VerteX airgap 4.4.14 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 9/25/2024 CVE remediated in Palette VerteX 4.4.18 +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 9/25/2024 CVE remediated in Palette VerteX airgap 4.4.18 diff --git a/docs/docs-content/security-bulletins/reports/cve-2020-36325.md b/docs/docs-content/security-bulletins/reports/cve-2020-36325.md index 553d630bb2..833f4f5181 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2020-36325.md +++ b/docs/docs-content/security-bulletins/reports/cve-2020-36325.md @@ -35,12 +35,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2021-3737.md b/docs/docs-content/security-bulletins/reports/cve-2021-3737.md index b03b560f17..063f65e0cc 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2021-3737.md +++ b/docs/docs-content/security-bulletins/reports/cve-2021-3737.md @@ -36,10 +36,10 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14 +- Palette VerteX airgap 4.4.14 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products -- 3.0 09/25/2024 CVE remediated in Palette VerteX 4.4.18 +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/25/2024 CVE remediated in Palette VerteX airgap 4.4.18 diff --git a/docs/docs-content/security-bulletins/reports/cve-2021-39537.md b/docs/docs-content/security-bulletins/reports/cve-2021-39537.md index 16bdd860f3..e0eb011733 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2021-39537.md +++ b/docs/docs-content/security-bulletins/reports/cve-2021-39537.md @@ -34,12 +34,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2021-42694.md b/docs/docs-content/security-bulletins/reports/cve-2021-42694.md index fbf6a3f4cc..3b9e2569ca 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2021-42694.md +++ b/docs/docs-content/security-bulletins/reports/cve-2021-42694.md @@ -45,12 +45,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2021-46848.md b/docs/docs-content/security-bulletins/reports/cve-2021-46848.md index 51a0826a6c..5e4f312453 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2021-46848.md +++ b/docs/docs-content/security-bulletins/reports/cve-2021-46848.md @@ -36,12 +36,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-0391.md b/docs/docs-content/security-bulletins/reports/cve-2022-0391.md index fe754b4aef..247035161a 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2022-0391.md +++ b/docs/docs-content/security-bulletins/reports/cve-2022-0391.md @@ -37,11 +37,11 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18 +- Palette VerteX airgap 4.4.14, 4.4.18 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 to Affected Products -- 4.0 10/10/2024 CVE remediated in Palette VerteX 4.5.3 +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 CVE remediated in Palette VerteX airgap 4.5.3 diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-23990.md b/docs/docs-content/security-bulletins/reports/cve-2022-23990.md index 304897cd36..2f7f68ecb3 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2022-23990.md +++ b/docs/docs-content/security-bulletins/reports/cve-2022-23990.md @@ -34,10 +34,10 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14 +- Palette VerteX airgap 4.4.14 ## Revision History - 1.0 08/16/2024 Initial Publications -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/25/2024 CVE remediated in Palette VerteX 4.4.18 +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/25/2024 CVE remediated in Palette VerteX airgap 4.4.18 diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-25883.md b/docs/docs-content/security-bulletins/reports/cve-2022-25883.md index 8d8ee6c10b..27516a8320 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2022-25883.md +++ b/docs/docs-content/security-bulletins/reports/cve-2022-25883.md @@ -35,10 +35,10 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.11 +- Palette VerteX airgap 4.4.11 ## Revision History - 1.0 07/16/2024 Initial Publication -- 2.0 08/17/2024 Remediated in Palette VerteX 4.4.14 -- 3.0 09/25/2024 Remediated in Palette VerteX 4.4.18 +- 2.0 08/17/2024 Remediated in Palette VerteX airgap 4.4.14 +- 3.0 09/25/2024 Remediated in Palette VerteX airgap 4.4.18 diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-27664.md b/docs/docs-content/security-bulletins/reports/cve-2022-27664.md new file mode 100644 index 0000000000..e24f30c56a --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2022-27664.md @@ -0,0 +1,44 @@ +--- +sidebar_label: "CVE-2022-27664" +title: "CVE-2022-27664" +description: "Lifecycle of CVE-2022-27664" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2022-27664](https://nvd.nist.gov/vuln/detail/CVE-2022-27664) + +## Last Update + +10/14/24 + +## NIST CVE Summary + +In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 +connection can hang during closing if shutdown were preempted by a fatal error. + +## Our Official Summary + +Investigation is ongoing to determine how this vulnerability affects our products. + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-27664) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 + +## Revision History + +- 1.0 10/14/24 Initial Publication +- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-28357.md b/docs/docs-content/security-bulletins/reports/cve-2022-28357.md index 04bfdb6ffc..0217f6b506 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2022-28357.md +++ b/docs/docs-content/security-bulletins/reports/cve-2022-28357.md @@ -38,10 +38,10 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.18 +- Palette VerteX airgap 4.4.18 ## Revision History - 1.0 09/15/2024 Initial Publication -- 2.0 09/15/2024 Added palette VerteX 4.4.18 to Affected Products -- 3.0 10/10/2024 CVE remediated in Palette VerteX 4.5.3 +- 2.0 09/15/2024 Added palette VerteX airgap 4.4.18 to Affected Products +- 3.0 10/10/2024 CVE remediated in Palette VerteX airgap 4.5.3 diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-28948.md b/docs/docs-content/security-bulletins/reports/cve-2022-28948.md index 5f5ad3b12d..5e3ac4a16e 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2022-28948.md +++ b/docs/docs-content/security-bulletins/reports/cve-2022-28948.md @@ -37,10 +37,12 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.18, 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 09/15/2024 Initial Publication -- 2.0 09/15/2024 Added palette VerteX 4.4.18 to Affected Products -- 3.0 10/10/2024 Added palette VerteX 4.5.3 to Affected Products +- 2.0 09/15/2024 Added Palette VerteX airgap 4.4.18 to Affected Products +- 3.0 10/10/2024 Added Palette VerteX airgap 4.5.3 to Affected Products +- 4.0 10/14/2024 Added Palette Enterprise 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-32190.md b/docs/docs-content/security-bulletins/reports/cve-2022-32190.md new file mode 100644 index 0000000000..49feb3c548 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2022-32190.md @@ -0,0 +1,45 @@ +--- +sidebar_label: "CVE-2022-32190" +title: "CVE-2022-32190" +description: "Lifecycle of CVE-2022-32190" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2022-32190](https://nvd.nist.gov/vuln/detail/CVE-2022-32190) + +## Last Update + +10/14/24 + +## NIST CVE Summary + +JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, +JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating +that ../ path elements are removed from the result. + +## Our Official Summary + +Investigation is ongoing to determine how this vulnerability affects our products. + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-32190) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 + +## Revision History + +- 1.0 10/14/24 Initial Publication +- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-3996.md b/docs/docs-content/security-bulletins/reports/cve-2022-3996.md new file mode 100644 index 0000000000..8162cb9233 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2022-3996.md @@ -0,0 +1,48 @@ +--- +sidebar_label: "CVE-2022-3996" +title: "CVE-2022-3996" +description: "Lifecycle of CVE-2022-3996" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2022-3996](https://nvd.nist.gov/vuln/detail/CVE-2022-3996) + +## Last Update + +10/14/24 + +## NIST CVE Summary + +If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will +be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when +the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common +setup. Policy processing is enabled by passing the +`-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Update +(31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466. + +## Our Official Summary + +Investigation is ongoing to determine how this vulnerability affects our products. + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-3996) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 + +## Revision History + +- 1.0 10/14/24 Initial Publication +- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-41409.md b/docs/docs-content/security-bulletins/reports/cve-2022-41409.md index 75c839cee4..3da2721d83 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2022-41409.md +++ b/docs/docs-content/security-bulletins/reports/cve-2022-41409.md @@ -35,12 +35,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-41715.md b/docs/docs-content/security-bulletins/reports/cve-2022-41715.md new file mode 100644 index 0000000000..7512afad2f --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2022-41715.md @@ -0,0 +1,47 @@ +--- +sidebar_label: "CVE-2022-41715" +title: "CVE-2022-41715" +description: "Lifecycle of CVE-2022-41715" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2022-41715](https://nvd.nist.gov/vuln/detail/CVE-2022-41715) + +## Last Update + +10/14/24 + +## NIST CVE Summary + +Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of +service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can +be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp +being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than +that are rejected. Normal use of regular expressions is unaffected. + +## Our Official Summary + +Investigation is ongoing to determine how this vulnerability affects our products. + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41715) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 + +## Revision History + +- 1.0 10/14/24 Initial Publication +- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-41723.md b/docs/docs-content/security-bulletins/reports/cve-2022-41723.md index 3f55c630ac..490869718c 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2022-41723.md +++ b/docs/docs-content/security-bulletins/reports/cve-2022-41723.md @@ -36,12 +36,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18 -- Palette Enterprise 4.4.18 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 CVE remediated in Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-41724.md b/docs/docs-content/security-bulletins/reports/cve-2022-41724.md index 00554ee5f8..8ac3142ff3 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2022-41724.md +++ b/docs/docs-content/security-bulletins/reports/cve-2022-41724.md @@ -40,10 +40,13 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.18 +- Palette VerteX airgap 4.4.18 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 09/15/2024 Initial Publication -- 2.0 09/15/2024 Added palette VerteX 4.4.18 to Affected Products -- 3.0 10/10/2024 CVE remediated in Palette VerteX 4.5.3 +- 2.0 09/15/2024 Added palette VerteX airgap 4.4.18 to Affected Products +- 3.0 10/10/2024 CVE remediated in Palette VerteX airgap 4.5.3 +- 4.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-41725.md b/docs/docs-content/security-bulletins/reports/cve-2022-41725.md index 20aae89317..472a0c2240 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2022-41725.md +++ b/docs/docs-content/security-bulletins/reports/cve-2022-41725.md @@ -54,10 +54,13 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.18 +- Palette VerteX airgap 4.4.18 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 09/15/2024 Initial Publication -- 2.0 09/15/2024 Added palette VerteX 4.4.18 to Affected Products -- 3.0 10/10/2024 CVE remediated in Palette VerteX 4.5.3 +- 2.0 09/15/2024 Added palette VerteX airgap 4.4.18 to Affected Products +- 3.0 10/10/2024 CVE remediated in Palette VerteX airgap 4.5.3 +- 4.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-4450.md b/docs/docs-content/security-bulletins/reports/cve-2022-4450.md new file mode 100644 index 0000000000..ef38939c44 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2022-4450.md @@ -0,0 +1,55 @@ +--- +sidebar_label: "CVE-2022-4450" +title: "CVE-2022-4450" +description: "Lifecycle of CVE-2022-4450" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450) + +## Last Update + +10/14/24 + +## NIST CVE Summary + +The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any +header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are +populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those +buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() +will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. +If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be +exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service +attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these +functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions +including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal +uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() +returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in +OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue. + +## Our Official Summary + +Investigation is ongoing to determine how this vulnerability affects our products. + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 + +## Revision History + +- 1.0 10/14/24 Initial Publication +- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-45061.md b/docs/docs-content/security-bulletins/reports/cve-2022-45061.md index 40f96cac04..dac8f548dd 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2022-45061.md +++ b/docs/docs-content/security-bulletins/reports/cve-2022-45061.md @@ -44,10 +44,10 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.18 +- Palette VerteX airgap 4.4.18 ## Revision History - 1.0 9/13/2024 Initial Publication -- 2.0 9/13/2024 Added Palette VerteX 4.4.18 to Affected Products +- 2.0 9/13/2024 Added Palette VerteX airgap 4.4.18 to Affected Products - 3.0 10/10/2024 CVE remediated in Palette VerteX 4.5.3 diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-48560.md b/docs/docs-content/security-bulletins/reports/cve-2022-48560.md index 7ace278789..88c46a41c0 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2022-48560.md +++ b/docs/docs-content/security-bulletins/reports/cve-2022-48560.md @@ -37,10 +37,10 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.18 +- Palette VerteX airgap 4.4.18 ## Revision History - 1.0 9/13/2024 Initial Publication -- 2.0 9/13/2024 Added Palette VerteX 4.4.18 to Affected Products -- 3.0 10/10/2024 CVE remediated in Palette VerteX 4.5.3 +- 2.0 9/13/2024 Added Palette VerteX airgap 4.4.18 to Affected Products +- 3.0 10/10/2024 CVE remediated in Palette VerteX airgap 4.5.3 diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-48565.md b/docs/docs-content/security-bulletins/reports/cve-2022-48565.md index 8bf5c4eb36..4535dbe007 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2022-48565.md +++ b/docs/docs-content/security-bulletins/reports/cve-2022-48565.md @@ -39,10 +39,10 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.18 +- Palette VerteX airgap 4.4.18 ## Revision History - 1.0 9/13/2024 Initial Publication -- 2.0 9/13/2024 Added Palette VerteX 4.4.18 to Affected Products -- 3.0 10/10/2024 CVE remediated in Palette VerteX 4.5.3 +- 2.0 9/13/2024 Added Palette VerteX airgap 4.4.18 to Affected Products +- 3.0 10/10/2024 CVE remediated in Palette VerteX airgap 4.5.3 diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-4899.md b/docs/docs-content/security-bulletins/reports/cve-2022-4899.md index d5b7a99305..b0a74448f4 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2022-4899.md +++ b/docs/docs-content/security-bulletins/reports/cve-2022-4899.md @@ -35,12 +35,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-0215.md b/docs/docs-content/security-bulletins/reports/cve-2023-0215.md new file mode 100644 index 0000000000..a2b2a10332 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2023-0215.md @@ -0,0 +1,55 @@ +--- +sidebar_label: "CVE-2023-0215" +title: "CVE-2023-0215" +description: "Lifecycle of CVE-2023-0215" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2023-0215](https://nvd.nist.gov/vuln/detail/CVE-2023-0215) + +## Last Update + +10/14/24 + +## NIST CVE Summary + +The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used +internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end +user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of +it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for +example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result +indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller +still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the +BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the +internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on +the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, +PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other +public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, +i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected. + +## Our Official Summary + +Investigation is ongoing to determine how this vulnerability affects our products. + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0215) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 + +## Revision History + +- 1.0 10/14/24 Initial Publication +- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-0216.md b/docs/docs-content/security-bulletins/reports/cve-2023-0216.md new file mode 100644 index 0000000000..6524bb92df --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2023-0216.md @@ -0,0 +1,46 @@ +--- +sidebar_label: "CVE-2023-0216" +title: "CVE-2023-0216" +description: "Lifecycle of CVE-2023-0216" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2023-0216](https://nvd.nist.gov/vuln/detail/CVE-2023-0216) + +## Last Update + +10/14/24 + +## NIST CVE Summary + +An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the +d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which +could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third +party applications might call these functions on untrusted data. + +## Our Official Summary + +Investigation is ongoing to determine how this vulnerability affects our products. + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0216) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 + +## Revision History + +- 1.0 10/14/24 Initial Publication +- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-0217.md b/docs/docs-content/security-bulletins/reports/cve-2023-0217.md new file mode 100644 index 0000000000..c539edb93f --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2023-0217.md @@ -0,0 +1,47 @@ +--- +sidebar_label: "CVE-2023-0217" +title: "CVE-2023-0217" +description: "Lifecycle of CVE-2023-0217" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2023-0217](https://nvd.nist.gov/vuln/detail/CVE-2023-0217) + +## Last Update + +10/14/24 + +## NIST CVE Summary + +An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by +the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on +public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS +implementation in OpenSSL does not call this function but applications might call the function if there are additional +security requirements imposed by standards such as FIPS 140-3. + +## Our Official Summary + +Investigation is ongoing to determine how this vulnerability affects our products. + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0217) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 + +## Revision History + +- 1.0 10/14/24 Initial Publication +- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-0286.md b/docs/docs-content/security-bulletins/reports/cve-2023-0286.md new file mode 100644 index 0000000000..bb8830039d --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2023-0286.md @@ -0,0 +1,52 @@ +--- +sidebar_label: "CVE-2023-0286" +title: "CVE-2023-0286" +description: "Lifecycle of CVE-2023-0286" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2023-0286](https://nvd.nist.gov/vuln/detail/CVE-2023-0286) + +## Last Update + +10/14/24 + +## NIST CVE Summary + +There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 +addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the +type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function +GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the +X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, +enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to +provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only +controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which +is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own +functionality for retrieving CRLs over a network. + +## Our Official Summary + +Investigation is ongoing to determine how this vulnerability affects our products. + +## CVE Severity + +[7.4](https://nvd.nist.gov/vuln/detail/CVE-2023-0286) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 + +## Revision History + +- 1.0 10/14/24 Initial Publication +- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-0401.md b/docs/docs-content/security-bulletins/reports/cve-2023-0401.md new file mode 100644 index 0000000000..faa0522a61 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2023-0401.md @@ -0,0 +1,50 @@ +--- +sidebar_label: "CVE-2023-0401" +title: "CVE-2023-0401" +description: "Lifecycle of CVE-2023-0401" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2023-0401](https://nvd.nist.gov/vuln/detail/CVE-2023-0401) + +## Last Update + +10/14/24 + +## NIST CVE Summary + +A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In +case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash +algorithm is not available the digest initialization will fail. There is a missing check for the return value from the +initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The +unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not +loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library +calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be +affected if they call these functions to verify signatures on untrusted data. + +## Our Official Summary + +Investigation is ongoing to determine how this vulnerability affects our products. + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0401) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 + +## Revision History + +- 1.0 10/14/24 Initial Publication +- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-0464.md b/docs/docs-content/security-bulletins/reports/cve-2023-0464.md index 6f6ab4026e..92bbe232b8 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-0464.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-0464.md @@ -37,12 +37,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-24329.md b/docs/docs-content/security-bulletins/reports/cve-2023-24329.md index 54784bd917..b77a393a08 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-24329.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-24329.md @@ -38,10 +38,10 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.18 +- Palette VerteX airgap 4.4.18 ## Revision History - 1.0 9/13/2024 Initial Publication -- 2.0 9/13/2024 Added Palette VerteX 4.4.18 to Affected Products -- 3.0 10/10/2024 CVE remediated in Palette VerteX 4.5.3 +- 2.0 9/13/2024 Added Palette VerteX airgap 4.4.18 to Affected Products +- 3.0 10/10/2024 CVE remediated in Palette VerteX airgap 4.5.3 diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-24534.md b/docs/docs-content/security-bulletins/reports/cve-2023-24534.md index dc3ba0cb53..cdac2a3224 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-24534.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-24534.md @@ -44,10 +44,13 @@ Ongoing ## Affected Products & Versions -- Palette Enterprise 4.4.18 +- Palette VerteX airgap 4.4.18 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 09/15/2024 Initial Publication -- 2.0 09/15/2024 Added Palette Enterprise 4.4.18 to Affected Products -- 3.0 10/10/2024 CVE remediated in Palette Enterprise 4.5.3 +- 2.0 09/15/2024 Added palette VerteX airgap 4.4.18 to Affected Products +- 3.0 10/10/2024 CVE remediated in Palette VerteX airgap 4.5.3 +- 4.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-24536.md b/docs/docs-content/security-bulletins/reports/cve-2023-24536.md index b25e87b0f7..fd783d3cde 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-24536.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-24536.md @@ -51,10 +51,13 @@ Ongoing ## Affected Products & Versions -- Palette Enterprise 4.4.18 +- Palette VerteX airgap 4.4.18 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 09/15/2024 Initial Publication -- 2.0 09/15/2024 Added Palette Enterprise 4.4.18 to Affected Products -- 3.0 10/10/2024 CVE remediated in Palette Enterprise 4.5.3 +- 2.0 09/15/2024 Added palette VerteX airgap 4.4.18 to Affected Products +- 3.0 10/10/2024 CVE remediated in Palette VerteX airgap 4.5.3 +- 4.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-24537.md b/docs/docs-content/security-bulletins/reports/cve-2023-24537.md index ddff848dc1..d3834f20ae 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-24537.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-24537.md @@ -37,10 +37,10 @@ Ongoing ## Affected Products & Versions -- Palette Enterprise 4.4.18 +- Palette Enterprise airgap 4.4.18 ## Revision History - 1.0 09/15/2024 Initial Publication -- 2.0 09/15/2024 Added Palette Enterprise 4.4.18 to Affected Products -- 3.0 10/10/2024 CVE remediated in Palette Enterprise 4.5.3 +- 2.0 09/15/2024 Added Palette Enterprise airgap 4.4.18 to Affected Products +- 3.0 10/10/2024 CVE remediated in Palette Enterprise airgap 4.5.3 diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-24538.md b/docs/docs-content/security-bulletins/reports/cve-2023-24538.md index 677ef55227..eb9aab0a3a 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-24538.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-24538.md @@ -46,10 +46,10 @@ Ongoing ## Affected Products & Versions -- Palette Enterprise 4.4.18 +- Palette Enterprise airgap 4.4.18 ## Revision History - 1.0 09/15/2024 Initial Publication -- 2.0 09/15/2024 Added Palette Enterprise 4.4.18 to Affected Products -- 3.0 10/10/2024 CVE remediated in Palette Enterprise 4.5.3 +- 2.0 09/15/2024 Added Palette Enterprise airgap 4.4.18 to Affected Products +- 3.0 10/10/2024 CVE remediated in Palette Enterprise airgap 4.5.3 diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-24539.md b/docs/docs-content/security-bulletins/reports/cve-2023-24539.md index 75d8935f86..cf567a0ff3 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-24539.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-24539.md @@ -39,10 +39,10 @@ Ongoing ## Affected Products & Versions -- Palette Enterprise 4.4.18 +- Palette Enterprise airgap 4.4.18 ## Revision History - 1.0 09/15/2024 Initial Publication -- 2.0 09/15/2024 Added Palette Enterprise 4.4.18 to Affected Products -- 3.0 10/10/2024 CVE remediated in Palette Enterprise 4.5.3 +- 2.0 09/15/2024 Added Palette Enterprise airgap 4.4.18 to Affected Products +- 3.0 10/10/2024 CVE remediated in Palette Enterprise airgap 4.5.3 diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-24540.md b/docs/docs-content/security-bulletins/reports/cve-2023-24540.md index 4babc8675b..bdaec63f33 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-24540.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-24540.md @@ -41,10 +41,10 @@ Ongoing ## Affected Products & Versions -- Palette Enterprise 4.4.18 +- Palette Enterprise airgap 4.4.18 ## Revision History - 1.0 09/15/2024 Initial Publication -- 2.0 09/15/2024 Added Palette Enterprise 4.4.18 to Affected Products -- 3.0 10/10/2024 CVE remediated in Palette Enterprise 4.5.3 +- 2.0 09/15/2024 Added Palette Enterprise airgap 4.4.18 to Affected Products +- 3.0 10/10/2024 CVE remediated in Palette Enterprise airgap 4.5.3 diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-26604.md b/docs/docs-content/security-bulletins/reports/cve-2023-26604.md index a7cabe84df..bfb6fa37d3 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-26604.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-26604.md @@ -37,12 +37,14 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18 +- Palette VerteX 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 CVE remediated in Palette Enterprise 4.5.3 +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 CVE remediated in Palette Enterprise airgap 4.5.3 +- 5.0 10/14/2024 Added Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-27534.md b/docs/docs-content/security-bulletins/reports/cve-2023-27534.md index da927b5d70..e48452bde1 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-27534.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-27534.md @@ -37,9 +37,12 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14 +- Palette VerteX airgap 4.4.14 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 10/14/2024 Added Palette VerteX and Palette Enterprise 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-29400.md b/docs/docs-content/security-bulletins/reports/cve-2023-29400.md index b7c3cd0139..c6981df893 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-29400.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-29400.md @@ -41,10 +41,10 @@ Ongoing ## Affected Products & Versions -- Palette Enterprise 4.4.18 +- Palette Enterprise airgap 4.4.18 ## Revision History - 1.0 09/15/2024 Initial Publication -- 2.0 09/15/2024 Added Palette Enterprise 4.4.18 to Affected Products -- 3.0 10/10/2024 CVE remediated in Palette Enterprise 4.5.3 +- 2.0 09/15/2024 Added Palette Enterprise airgap 4.4.18 to Affected Products +- 3.0 10/10/2024 CVE remediated in Palette Enterprise airgap 4.5.3 diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-29403.md b/docs/docs-content/security-bulletins/reports/cve-2023-29403.md index c4582400be..eda37718ff 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-29403.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-29403.md @@ -40,10 +40,13 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 09/15/2024 Initial Publication -- 2.0 09/15/2024 Added Palette VerteX 4.4.18 to Affected Products -- 3.0 10/10/2024 Added Palette VerteX 4.5.3 to Affected Products +- 2.0 09/15/2024 Added Palette VerteX airgap 4.4.18 to Affected Products +- 3.0 10/10/2024 Added Palette VerteX airgap 4.5.3 to Affected Products +- 4.0 10/14/2024 Added Palette VerteX and Palette Enterprise 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-29499.md b/docs/docs-content/security-bulletins/reports/cve-2023-29499.md index 40953c2d72..497a63575d 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-29499.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-29499.md @@ -35,9 +35,12 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14 +- Palette VerteX airgap 4.4.14 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 10/14/2024 Added Palette VerteX and Palette Enterprise 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-31484.md b/docs/docs-content/security-bulletins/reports/cve-2023-31484.md new file mode 100644 index 0000000000..033b96cc12 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2023-31484.md @@ -0,0 +1,43 @@ +--- +sidebar_label: "CVE-2023-31484" +title: "CVE-2023-31484" +description: "Lifecycle of CVE-2023-31484" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) + +## Last Update + +10/14/24 + +## NIST CVE Summary + +CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. + +## Our Official Summary + +Investigation is ongoing to determine how this vulnerability affects our products. + +## CVE Severity + +[8.1](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 + +## Revision History + +- 1.0 10/14/24 Initial Publication +- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-31486.md b/docs/docs-content/security-bulletins/reports/cve-2023-31486.md new file mode 100644 index 0000000000..c193709d42 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2023-31486.md @@ -0,0 +1,44 @@ +--- +sidebar_label: "CVE-2023-31486" +title: "CVE-2023-31486" +description: "Lifecycle of CVE-2023-31486" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2023-31486](https://nvd.nist.gov/vuln/detail/CVE-2023-31486) + +## Last Update + +10/14/24 + +## NIST CVE Summary + +HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS +configuration where users must opt in to verify certificates. + +## Our Official Summary + +Investigation is ongoing to determine how this vulnerability affects our products. + +## CVE Severity + +[8.1](https://nvd.nist.gov/vuln/detail/CVE-2023-31486) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 + +## Revision History + +- 1.0 10/14/24 Initial Publication +- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-32636.md b/docs/docs-content/security-bulletins/reports/cve-2023-32636.md index 04df8e43ff..d237e3f163 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-32636.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-32636.md @@ -37,9 +37,12 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14 +- Palette VerteX airgap 4.4.14 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 10/14/2024 Added Palette VerteX and Palette Enterprise 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-36632.md b/docs/docs-content/security-bulletins/reports/cve-2023-36632.md new file mode 100644 index 0000000000..327fe1931d --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2023-36632.md @@ -0,0 +1,49 @@ +--- +sidebar_label: "CVE-2023-36632" +title: "CVE-2023-36632" +description: "Lifecycle of CVE-2023-36632" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2023-36632](https://nvd.nist.gov/vuln/detail/CVE-2023-36632) + +## Last Update + +10/14/24 + +## NIST CVE Summary + +The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum +recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted +value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: +email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications +should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that +this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception +when limits are exceeded; they were exceeded by the example demonstration code. + +## Our Official Summary + +Investigation is ongoing to determine how this vulnerability affects our products. + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-36632) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 + +## Revision History + +- 1.0 10/14/24 Initial Publication +- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-37920.md b/docs/docs-content/security-bulletins/reports/cve-2023-37920.md index aca618b0d3..5c51148993 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-37920.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-37920.md @@ -37,12 +37,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-39325.md b/docs/docs-content/security-bulletins/reports/cve-2023-39325.md index 5a65e47c36..8f07283e1f 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-39325.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-39325.md @@ -37,12 +37,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-4156.md b/docs/docs-content/security-bulletins/reports/cve-2023-4156.md index 0a162950ef..3b59e97bf9 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-4156.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-4156.md @@ -35,9 +35,12 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14 +- Palette VerteX airgap 4.4.14 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 10/14/2024 Added Palette VerteX and Palette Enterprise 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-44487.md b/docs/docs-content/security-bulletins/reports/cve-2023-44487.md index c93b44e507..2c9b84cffc 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-44487.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-44487.md @@ -35,10 +35,9 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.11 -- Palette VerteX 4.4.14 +- Palette VerteX airgap 4.4.11, 4.4.14 ## Revision History - 1.0 07/16/2024 Initial Publication -- 2.0 08/16/2024 Added palette VerteX 4.4.14 to Affected Products +- 2.0 08/16/2024 Added Palette VerteX airgap 4.4.14 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-45142.md b/docs/docs-content/security-bulletins/reports/cve-2023-45142.md index df8404abf0..bfd53a5087 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-45142.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-45142.md @@ -37,12 +37,12 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18 -- Palette Enterprise 4.4.18 +- Palette VerteX airgap 4.4.14, 4.4.18 +- Palette Enterprise airgap 4.4.18 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 CVE remediated in Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 CVE remediated in Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-45287.md b/docs/docs-content/security-bulletins/reports/cve-2023-45287.md index a3d382c109..ec84e31056 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-45287.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-45287.md @@ -41,10 +41,13 @@ Ongoing ## Affected Products & Versions -- Palette Enterprise 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 ## Revision History - 1.0 09/15/2024 Initial Publication -- 2.0 09/15/2024 Added Palette Enterprise 4.4.18 to Affected Products -- 3.0 10/10/2024 Added Palette Enterprise 4.5.3 to Affected Products +- 2.0 09/15/2024 Added Palette Enterprise airgap 4.4.18 to Affected Products +- 3.0 10/10/2024 Added Palette Enterprise airgap 4.5.3 to Affected Products +- 4.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-45853.md b/docs/docs-content/security-bulletins/reports/cve-2023-45853.md new file mode 100644 index 0000000000..2e2598ea9a --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2023-45853.md @@ -0,0 +1,46 @@ +--- +sidebar_label: "CVE-2023-45853" +title: "CVE-2023-45853" +description: "Lifecycle of CVE-2023-45853" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853) + +## Last Update + +10/14/24 + +## NIST CVE Summary + +MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 +via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip +through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code +through its compress API. + +## Our Official Summary + +Investigation is ongoing to determine how this vulnerability affects our products. + +## CVE Severity + +[9.8](https://nvd.nist.gov/vuln/detail/CVE-2023-45853) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 + +## Revision History + +- 1.0 10/14/24 Initial Publication +- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-47108.md b/docs/docs-content/security-bulletins/reports/cve-2023-47108.md index 74293060b0..a0831825bf 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-47108.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-47108.md @@ -37,12 +37,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-4807.md b/docs/docs-content/security-bulletins/reports/cve-2023-4807.md new file mode 100644 index 0000000000..f0ce91a6cd --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2023-4807.md @@ -0,0 +1,62 @@ +--- +sidebar_label: "CVE-2023-4807" +title: "CVE-2023-4807" +description: "Lifecycle of CVE-2023-4807" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) + +## Last Update + +10/14/24 + +## NIST CVE Summary + +Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the +internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the +AVX512-IFMA instructions. Impact summary: If in an application that uses the OpenSSL library an attacker can influence +whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent +consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of +non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes. Before +returning to the caller all the XMM registers are set to zero rather than restoring their previous content. The +vulnerable code is used only on newer x86_64 processors supporting the AVX512-IFMA instructions. The consequences of +this kind of internal application state corruption can be various - from no consequences, if the calling application +does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker +could get complete control of the application process. However given the contents of the registers are just zeroized so +the attacker cannot put arbitrary values inside, the most likely consequence, if any, would be an incorrect result of +some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most +frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The +most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3 and a malicious client can influence +whether this AEAD cipher is used by the server. This implies that server applications using OpenSSL can be potentially +impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore +we consider this a Low severity security issue. As a workaround the AVX512-IFMA instructions support can be disabled at +runtime by setting the environment variable OPENSSL_ia32cap: OPENSSL_ia32cap=:~0x200000 The FIPS provider is not +affected by this issue. + +## Our Official Summary + +Investigation is ongoing to determine how this vulnerability affects our products. + +## CVE Severity + +[7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 + +## Revision History + +- 1.0 10/14/24 Initial Publication +- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-4911.md b/docs/docs-content/security-bulletins/reports/cve-2023-4911.md new file mode 100644 index 0000000000..2de1f89a93 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2023-4911.md @@ -0,0 +1,45 @@ +--- +sidebar_label: "CVE-2023-4911" +title: "CVE-2023-4911" +description: "Lifecycle of CVE-2023-4911" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911) + +## Last Update + +10/14/24 + +## NIST CVE Summary + +A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES +environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment +variables when launching binaries with SUID permission to execute code with elevated privileges. + +## Our Official Summary + +Investigation is ongoing to determine how this vulnerability affects our products. + +## CVE Severity + +[7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-4911) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 + +## Revision History + +- 1.0 10/14/24 Initial Publication +- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-49569.md b/docs/docs-content/security-bulletins/reports/cve-2023-49569.md index 3dd4664a33..370631fcd9 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-49569.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-49569.md @@ -43,9 +43,9 @@ Ongoing ## Affected Products & Versions -- Palette Enterprise 4.4.14 +- Palette Enterprise airgap 4.4.14 ## Revision History - 1.0 9/6/24 Initial Publication -- 2.0 9/19/24 Added Palette Enterprise 4.4.14 to Affected Products +- 2.0 9/19/24 Added Palette Enterprise airgap 4.4.14 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-52356.md b/docs/docs-content/security-bulletins/reports/cve-2023-52356.md index 8c03bdd5cb..7cbdd10bd5 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-52356.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-52356.md @@ -39,10 +39,12 @@ Ongoing ## Affected Products & Versions -- Palette Enterprise 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 09/15/2024 Initial Publication -- 2.0 09/15/2024 Added Palette Enterprise 4.4.18 to Affected Products -- 3.0 10/10/2024 Added Palette Enterprise 4.5.3 to Affected Products +- 2.0 09/15/2024 Added Palette Enterprise airgap 4.4.18 to Affected Products +- 3.0 10/10/2024 Added Palette Enterprise airgap 4.5.3 to Affected Products +- 4.0 10/14/2024 Added Palette Enterprise 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-5363.md b/docs/docs-content/security-bulletins/reports/cve-2023-5363.md new file mode 100644 index 0000000000..b1371af3e4 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2023-5363.md @@ -0,0 +1,61 @@ +--- +sidebar_label: "CVE-2023-5363" +title: "CVE-2023-5363" +description: "Lifecycle of CVE-2023-5363" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2023-5363](https://nvd.nist.gov/vuln/detail/CVE-2023-5363) + +## Last Update + +10/14/24 + +## NIST CVE Summary + +Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead +to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in +the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling +EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after +the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, +via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation +or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. +For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when +following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation +of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will +produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently +assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the +vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this +problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For +these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an +application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as +Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 +FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and +3.0 are vulnerable to this issue. + +## Our Official Summary + +Investigation is ongoing to determine how this vulnerability affects our products. + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-5363) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 + +## Revision History + +- 1.0 10/14/24 Initial Publication +- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-6246.md b/docs/docs-content/security-bulletins/reports/cve-2023-6246.md new file mode 100644 index 0000000000..c7013cfbe3 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2023-6246.md @@ -0,0 +1,46 @@ +--- +sidebar_label: "CVE-2023-6246" +title: "CVE-2023-6246" +description: "Lifecycle of CVE-2023-6246" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2023-6246](https://nvd.nist.gov/vuln/detail/CVE-2023-6246) + +## Last Update + +10/14/24 + +## NIST CVE Summary + +A heap-based buffer overflow was found in the \_\_vsyslog_internal function of the glibc library. This function is +called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with +the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in +an application crash or local privilege escalation. This issue affects glibc 2.36 and newer. + +## Our Official Summary + +Investigation is ongoing to determine how this vulnerability affects our products. + +## CVE Severity + +[7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-6246) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 + +## Revision History + +- 1.0 10/14/24 Initial Publication +- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-6779.md b/docs/docs-content/security-bulletins/reports/cve-2023-6779.md new file mode 100644 index 0000000000..838878a162 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2023-6779.md @@ -0,0 +1,46 @@ +--- +sidebar_label: "CVE-2023-6779" +title: "CVE-2023-6779" +description: "Lifecycle of CVE-2023-6779" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2023-6779](https://nvd.nist.gov/vuln/detail/CVE-2023-6779) + +## Last Update + +10/14/24 + +## NIST CVE Summary + +An off-by-one heap-based buffer overflow was found in the \_\_vsyslog_internal function of the glibc library. This +function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message +bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an +application crash. This issue affects glibc 2.37 and newer. + +## Our Official Summary + +Investigation is ongoing to determine how this vulnerability affects our products. + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-6779) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 + +## Revision History + +- 1.0 10/14/24 Initial Publication +- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-0743.md b/docs/docs-content/security-bulletins/reports/cve-2024-0743.md index 6f83469f04..f63f941cb8 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2024-0743.md +++ b/docs/docs-content/security-bulletins/reports/cve-2024-0743.md @@ -38,10 +38,12 @@ Ongoing ## Affected Products & Versions -- Palette Enterprise 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 09/15/2024 Initial Publication -- 2.0 09/15/2024 Added Palette Enterprise 4.4.18 to Affected Products -- 3.0 10/10/2024 Added Palette Enterprise 4.5.3 to Affected Products +- 2.0 09/15/2024 Added Palette Enterprise airgap 4.4.18 to Affected Products +- 3.0 10/10/2024 Added Palette Enterprise airgap 4.5.3 to Affected Products +- 4.0 10/14/2024 Added Palette Enterprise 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-0760.md b/docs/docs-content/security-bulletins/reports/cve-2024-0760.md index 1fa2bc0756..5e3ab29c1c 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2024-0760.md +++ b/docs/docs-content/security-bulletins/reports/cve-2024-0760.md @@ -40,12 +40,14 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 CVE remediated in Palette VerteX 4.5.3 +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 CVE remediated in Palette VerteX airgap 4.5.3 +- 5.0 10/14/2024 Added Palette Enterprise 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-1737.md b/docs/docs-content/security-bulletins/reports/cve-2024-1737.md index 860a66cde0..3fcc97c7eb 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2024-1737.md +++ b/docs/docs-content/security-bulletins/reports/cve-2024-1737.md @@ -43,12 +43,14 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 CVE remediated in Palette VerteX 4.5.3 +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 CVE remediated in Palette VerteX airgap 4.5.3 +- 5.0 10/14/2024 Added Palette Enterprise 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-1975.md b/docs/docs-content/security-bulletins/reports/cve-2024-1975.md index 11fceebe4d..9efb83f006 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2024-1975.md +++ b/docs/docs-content/security-bulletins/reports/cve-2024-1975.md @@ -41,12 +41,14 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 CVE remediated in Palette VerteX 4.5.3 +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 CVE remediated in Palette VerteX airgap 4.5.3 +- 5.0 10/14/2024 Added Palette Enterprise 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-21626.md b/docs/docs-content/security-bulletins/reports/cve-2024-21626.md index 544f81eb3d..11dda4c5db 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2024-21626.md +++ b/docs/docs-content/security-bulletins/reports/cve-2024-21626.md @@ -41,12 +41,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-24790.md b/docs/docs-content/security-bulletins/reports/cve-2024-24790.md index 9909fc9ca2..b18d62f66a 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2024-24790.md +++ b/docs/docs-content/security-bulletins/reports/cve-2024-24790.md @@ -36,10 +36,13 @@ Ongoing ## Affected Products & Versions -- Palette Enterprise 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.14, 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/06/2024 Initial Publication -- 2.0 09/17/2024 Added Palette Enterprise 4.4.18 to Affected Products -- 3.0 10/10/2024 Added Palette Enterprise 4.5.3 to Affected Products +- 2.0 09/17/2024 Added Palette Enterprise airgap 4.4.18 to Affected Products +- 3.0 10/10/2024 Added Palette Enterprise airgap 4.5.3 to Affected Products +- 4.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-32002.md b/docs/docs-content/security-bulletins/reports/cve-2024-32002.md index 4c74cd5e4a..d40cb8d018 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2024-32002.md +++ b/docs/docs-content/security-bulletins/reports/cve-2024-32002.md @@ -44,10 +44,10 @@ Ongoing ## Affected Products & Versions -- Palette Enterprise 4.4.18 +- Palette Enterprise airgap 4.4.18 ## Revision History - 1.0 09/15/2024 Initial Publication -- 2.0 09/15/2024 Added Palette Enterprise 4.4.18 to Affected Products -- 3.0 10/10/2024 CVE remediated in Palette Enterprise 4.5.3 +- 2.0 09/15/2024 Added Palette Enterprise airgap 4.4.18 to Affected Products +- 3.0 10/10/2024 CVE remediated in Palette Enterprise airgap 4.5.3 diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-35325.md b/docs/docs-content/security-bulletins/reports/cve-2024-35325.md index c09bdae652..5fb2436fa2 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2024-35325.md +++ b/docs/docs-content/security-bulletins/reports/cve-2024-35325.md @@ -38,10 +38,10 @@ Resolved ## Affected Products & Versions -- Palette VerteX 4.4.14 +- Palette VerteX airgap 4.4.14 ## Revision History - 1.0 08/27/2024 Initial Publication -- 2.0 08/27/2024 Added Palette VerteX 4.4.14 to Affected Products +- 2.0 08/27/2024 Added Palette VerteX airgap 4.4.14 to Affected Products - 3.0 08/30/2024 NIST reclassified CVE- not a security issue diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-3651.md b/docs/docs-content/security-bulletins/reports/cve-2024-3651.md index 4569a7c2f4..39f192952b 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2024-3651.md +++ b/docs/docs-content/security-bulletins/reports/cve-2024-3651.md @@ -42,10 +42,12 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 ## Revision History - 1.0 9/13/2024 Initial Publication -- 2.0 9/13/2024 Added Palette VerteX 4.4.18 to Affected Products -- 3.0 10/10/2024 Added Palette VerteX 4.5.3 to Affected Products +- 2.0 9/13/2024 Added Palette VerteX airgap 4.4.18 to Affected Products +- 3.0 10/10/2024 Added Palette VerteX airgap 4.5.3 to Affected Products +- 4.0 10/14/2024 Added Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-37370.md b/docs/docs-content/security-bulletins/reports/cve-2024-37370.md index 649e80e89a..5bdead6c3d 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2024-37370.md +++ b/docs/docs-content/security-bulletins/reports/cve-2024-37370.md @@ -37,12 +37,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-37371.md b/docs/docs-content/security-bulletins/reports/cve-2024-37371.md index 9991ac4034..403c0ea48a 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2024-37371.md +++ b/docs/docs-content/security-bulletins/reports/cve-2024-37371.md @@ -38,12 +38,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-38428.md b/docs/docs-content/security-bulletins/reports/cve-2024-38428.md index 9b6f9558a1..e5657a2deb 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2024-38428.md +++ b/docs/docs-content/security-bulletins/reports/cve-2024-38428.md @@ -40,12 +40,12 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18 -- Palette Enterprise 4.4.18 +- Palette VerteX airgap 4.4.14, 4.4.18 +- Palette Enterprise airgap 4.4.18 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 CVE remediated in Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 CVE remediated in Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-45490.md b/docs/docs-content/security-bulletins/reports/cve-2024-45490.md index 083359ede1..67bb17c50c 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2024-45490.md +++ b/docs/docs-content/security-bulletins/reports/cve-2024-45490.md @@ -39,12 +39,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-45491.md b/docs/docs-content/security-bulletins/reports/cve-2024-45491.md index 96333eecac..bfad18a57f 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2024-45491.md +++ b/docs/docs-content/security-bulletins/reports/cve-2024-45491.md @@ -39,12 +39,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-45492.md b/docs/docs-content/security-bulletins/reports/cve-2024-45492.md index 47161404bb..da2e022cf6 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2024-45492.md +++ b/docs/docs-content/security-bulletins/reports/cve-2024-45492.md @@ -40,12 +40,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette VerteX 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-6197.md b/docs/docs-content/security-bulletins/reports/cve-2024-6197.md index c0343e7219..9741129946 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2024-6197.md +++ b/docs/docs-content/security-bulletins/reports/cve-2024-6197.md @@ -42,11 +42,13 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.14 +- Palette VerteX airgap 4.4.14 +- Palette Enterprise airgap 4.5.3 - Palette Enterprise 4.5.3 ## Revision History - 1.0 08/27/2024 Initial Publication -- 2.0 08/27/2024 Added Palette VerteX 4.4.14 to Affected Products -- 3.0 10/10/2024 Added Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/27/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 3.0 10/10/2024 Added Palette Enterprise airgap 4.5.3 to Affected Products +- 4.0 10/14/2024 Added Palette Enterprise 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-6232.md b/docs/docs-content/security-bulletins/reports/cve-2024-6232.md index efcd62d91f..96353c05cc 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2024-6232.md +++ b/docs/docs-content/security-bulletins/reports/cve-2024-6232.md @@ -41,13 +41,16 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.11, 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.11, 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/16/2024 Added Palette VerteX 4.4.11 to Affected Products -- 3.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 4.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 5.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/16/2024 Added Palette VerteX airgap 4.4.11 to Affected Products +- 3.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 4.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 5.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 6.0 10/14/2024 Added Palette Enterprise and Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-7006.md b/docs/docs-content/security-bulletins/reports/cve-2024-7006.md new file mode 100644 index 0000000000..23af524329 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2024-7006.md @@ -0,0 +1,45 @@ +--- +sidebar_label: "CVE-2024-7006" +title: "CVE-2024-7006" +description: "Lifecycle of CVE-2024-7006" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2024-7006](https://nvd.nist.gov/vuln/detail/CVE-2024-7006) + +## Last Update + +10/14/24 + +## NIST CVE Summary + +A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger +memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a +segmentation fault. This can cause an application crash, eventually leading to a denial of service. + +## Our Official Summary + +Investigation is ongoing to determine how this vulnerability affects our products. + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-7006) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette Enterprise airgap 4.5.3 +- Palette Enterprise 4.5.3 + +## Revision History + +- 1.0 10/14/24 Initial Publication +- 2.0 10/14/2024 Added Palette Enterprise and Palette Enterprise airgap 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-7592.md b/docs/docs-content/security-bulletins/reports/cve-2024-7592.md index a46a077aad..62e680735a 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2024-7592.md +++ b/docs/docs-content/security-bulletins/reports/cve-2024-7592.md @@ -37,13 +37,16 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.11, 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.11, 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/16/2024 Added Palette VerteX 4.4.11 to Affected Products -- 3.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 4.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 5.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/16/2024 Added Palette VerteX airgap 4.4.11 to Affected Products +- 3.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 4.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 5.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 6.0 10/14/2024 Added Palette Enterprise and Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/ghsa-74fp-r6jw-h4mp.md b/docs/docs-content/security-bulletins/reports/ghsa-74fp-r6jw-h4mp.md index dbcb19bfff..ed8ac39ce2 100644 --- a/docs/docs-content/security-bulletins/reports/ghsa-74fp-r6jw-h4mp.md +++ b/docs/docs-content/security-bulletins/reports/ghsa-74fp-r6jw-h4mp.md @@ -38,13 +38,16 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.11, 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.11, 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette Enterprise 4.5.3 +- Palette VerteX 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/16/2024 Added Palette VerteX 4.4.11 to Affected Products -- 3.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 4.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 5.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/16/2024 Added Palette VerteX airgap 4.4.11 to Affected Products +- 3.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 4.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 5.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 6.0 10/14/2024 Added Palette Enterprise and Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md b/docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md index ae22de51a0..7f1ae4935d 100644 --- a/docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md +++ b/docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md @@ -38,13 +38,15 @@ Ongoing ## Affected Products & Versions -- Palette VerteX 4.4.11, 4.4.14, 4.4.18, 4.5.3 -- Palette Enterprise 4.4.18, 4.5.3 +- Palette VerteX airgap 4.4.11, 4.4.14, 4.4.18, 4.5.3 +- Palette Enterprise airgap 4.4.18, 4.5.3 +- Palette Enterprise 4.5.3 ## Revision History - 1.0 08/16/2024 Initial Publication -- 2.0 08/16/2024 Added Palette VerteX 4.4.11 to Affected Products -- 3.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products -- 4.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products -- 5.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products +- 2.0 08/16/2024 Added Palette VerteX airgap 4.4.11 to Affected Products +- 3.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products +- 4.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products +- 5.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products +- 6.0 10/14/2024 Added Palette VerteX 4.5.3 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/reports.md b/docs/docs-content/security-bulletins/reports/reports.md index 9b04db9bb0..64f919149e 100644 --- a/docs/docs-content/security-bulletins/reports/reports.md +++ b/docs/docs-content/security-bulletins/reports/reports.md @@ -11,10 +11,10 @@ tags: ["security", "cve"] # Security Bulletins -The vulnerabilities reported in this Security Bulletin include vulnerabilities within the Palette VerteX and Palette -Enterprise airgap solution, and third-party component vulnerabilities, which we have become aware of. These -vulnerabilities are discovered via our Bug Bounty program, our security monitoring program, or reported to us by our -supply chain. +The vulnerabilities reported in this Security Bulletin include vulnerabilities within the Palette VerteX, Palette +Enterprise, and airgap environments. The reported vulnerabilities also include third-party component vulnerabilities, +which we have become aware of. These vulnerabilities are discovered via our Bug Bounty program, our security monitoring +program, or reported to us by our supply chain. :::info @@ -32,7 +32,7 @@ Click on the CVE ID to view the full details of the vulnerability. - + | CVE ID | Initial Pub Date | Modified Date | Product Version | Vulnerability Type | CVSS Severity | Status | | ----------------------------------------------- | ---------------- | ------------- | -------------------------------- | --------------------------------------- | -------------------------------------------------------- | --------------------------- | @@ -56,7 +56,7 @@ Click on the CVE ID to view the full details of the vulnerability. | [CVE-2021-39537](./cve-2021-39537.md) | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.3 | Third-party component: MongoDB | [8.8](https://nvd.nist.gov/vuln/detail/CVE-2021-39537) | :mag: Ongoing | | [CVE-2019-9923](./cve-2019-9923.md) | 08/16/24 | 9/25/24 | 4.4.14 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9923) | :mag: Ongoing | | [CVE-2020-36325](./cve-2020-36325.md) | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.3 | Third-party component: Jansson | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2020-36325) | :mag: Ongoing | -| [CVE-2005-2541](./cve-2005-2541.md) | 08/16/24 | 9/25/24 | 4.4.14 | Third-party component: MongoDB | [10.0](https://nvd.nist.gov/vuln/detail/CVE-2005-2541) | :mag: Ongoing | +| [CVE-2005-2541](./cve-2005-2541.md) | 08/16/24 | 9/25/24 | 4.4.14 & 4.5.3 | Third-party component: MongoDB | [10.0](https://nvd.nist.gov/vuln/detail/CVE-2005-2541) | :mag: Ongoing | | [CVE-2019-9937](./cve-2019-9937.md) | 08/16/24 | 9/25/24 | 4.4.14 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9937) | :mag: Ongoing | | [CVE-2019-9936](./cve-2019-9936.md) | 08/16/24 | 9/25/24 | 4.4.14 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9936) | :mag: Ongoing | | [CVE-2019-19244](./cve-2019-19244.md) | 08/16/24 | 9/25/24 | 4.4.14 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-19244) | :mag: Ongoing | @@ -104,7 +104,7 @@ Click on the CVE ID to view the full details of the vulnerability. - + | CVE ID | Initial Pub Date | Modified Date | Product Version | Vulnerability Type | CVSS Severity | Status | | ----------------------------------------------- | ---------------- | ------------- | ------------------------ | --------------------------------------- | -------------------------------------------------------- | ------------- | @@ -163,6 +163,166 @@ Click on the CVE ID to view the full details of the vulnerability. | [CVE-2024-0743](./cve-2024-0743.md) | 9/15/24 | 10/10/24 | 4.4.18 & 4.5.3 | Third-party component: Mozilla | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-0743) | :mag: Ongoing | | [CVE-2024-32002](./cve-2024-32002.md) | 9/15/24 | 10/10/24 | 4.4.18 | Third-party component: Github | [9.0](https://nvd.nist.gov/vuln/detail/CVE-2024-32002) | :mag: Ongoing | | [CVE-2023-49569](./cve-2023-49569.md) | 9/15/24 | 9/19/24 | 4.4.14 | Third-party component: Bitdefender | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2023-49569) | :mag: Ongoing | +| [CVE-2024-7006](./cve-2024-7006.md) | 8/12/24 | 10/14/24 | 4.5.3 | Third-party component: Libtiff | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-7006) | :mag: Ongoing | + + + + + +| CVE ID | Initial Pub Date | Modified Date | Product Version | Vulnerability Type | CVSS Severity | Status | +| ----------------------------------------------- | ---------------- | ------------- | --------------- | --------------------------------------- | -------------------------------------------------------- | ------------- | +| [CVE-2005-2541](./cve-2005-2541.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [10.0](https://nvd.nist.gov/vuln/detail/CVE-2005-2541) | :mag: Ongoing | +| [CVE-2012-2663](./cve-2012-2663.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: iPtables | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2012-2663) | :mag: Ongoing | +| [CVE-2016-20013](./cve-2016-20013.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: Ubuntu | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2016-20013) | :mag: Ongoing | +| [CVE-2017-11164](./cve-2017-11164.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: Ubuntu | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2017-11164) | :mag: Ongoing | +| [CVE-2018-20657](./cve-2018-20657.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2018-20657) | :mag: Ongoing | +| [CVE-2018-20796](./cve-2018-20796.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: GNU C Library | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2018-20796) | :mag: Ongoing | +| [CVE-2018-20839](./cve-2018-20839.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2018-20839) | :mag: Ongoing | +| [CVE-2019-1010022](./cve-2019-1010022.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: GNU Libc | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2019-1010022) | :mag: Ongoing | +| [CVE-2019-12900](./cve-2019-12900.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: BZ2 | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2019-12900) | :mag: Ongoing | +| [CVE-2019-17543](./cve-2019-17543.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [8.1](https://nvd.nist.gov/vuln/detail/CVE-2019-17543) | :mag: Ongoing | +| [CVE-2019-19244](./cve-2019-19244.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-19244) | :mag: Ongoing | +| [CVE-2019-9192](./cve-2019-9192.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: GNU C Library | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9192) | :mag: Ongoing | +| [CVE-2019-9937](./cve-2019-9937.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9937) | :mag: Ongoing | +| [CVE-2019-9936](./cve-2019-9936.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9936) | :mag: Ongoing | +| [CVE-2020-36325](./cve-2020-36325.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: Jansson | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2020-36325) | :mag: Ongoing | +| [CVE-2021-39537](./cve-2021-39537.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [8.8](https://nvd.nist.gov/vuln/detail/CVE-2021-39537) | :mag: Ongoing | +| [CVE-2021-42694](./cve-2021-42694.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [8.3](https://nvd.nist.gov/vuln/detail/CVE-2021-42694) | :mag: Ongoing | +| [CVE-2021-46848](./cve-2021-46848.md) | 9/5/24 | 10/14/24 | 4.5.3 | Third-party component: GNU Libtasn1 | [9.1](https://nvd.nist.gov/vuln/detail/CVE-2021-46848) | :mag: Ongoing | +| [CVE-2022-28948](./cve-2022-28948.md) | 9/15/24 | 10/14/24 | 4.5.3 | Third-party component: Go-Yaml | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-28948) | :mag: Ongoing | +| [CVE-2022-41409](./cve-2022-41409.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41409) | :mag: Ongoing | +| [CVE-2022-41723](./cve-2022-41723.md) | 2/28/23 | 10/14/24 | 4.5.3 | Third-party component: CoreDNS | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41723) | :mag: Ongoing | +| [CVE-2022-41724](./cve-2022-41724.md) | 9/15/24 | 10/14/24 | 4.5.3 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41724) | :mag: Ongoing | +| [CVE-2022-41725](./cve-2022-41725.md) | 9/15/24 | 10/14/24 | 4.5.3 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41725) | :mag: Ongoing | +| [CVE-2022-4899](./cve-2022-4899.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4899) | :mag: Ongoing | +| [CVE-2023-0464](./cve-2023-0464.md) | 3/22/23 | 10/14/24 | 4.5.3 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0464) | :mag: Ongoing | +| [CVE-2023-24534](./cve-2023-24534.md) | 9/15/24 | 10/14/24 | 4.5.3 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-24534) | :mag: Ongoing | +| [CVE-2023-24536](./cve-2023-24536.md) | 9/15/24 | 10/14/24 | 4.5.3 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-24536) | :mag: Ongoing | +| [CVE-2023-27534](./cve-2023-27534.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [8.8](https://nvd.nist.gov/vuln/detail/CVE-2023-27534) | :mag: Ongoing | +| [CVE-2023-29403](./cve-2023-29403.md) | 9/15/24 | 10/14/24 | 4.5.3 | Third-party component: Go Project | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-29403) | :mag: Ongoing | +| [CVE-2023-29499](./cve-2023-29499.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-29499) | :mag: Ongoing | +| [CVE-2023-32636](./cve-2023-32636.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-32636) | :mag: Ongoing | +| [CVE-2023-37920](./cve-2023-37920.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: Certifi | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2023-37920) | :mag: Ongoing | +| [CVE-2023-39325](./cve-2023-39325.md) | 10/11/23 | 10/14/24 | 4.5.3 | Third-party component: Go project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | :mag: Ongoing | +| [CVE-2023-4156](./cve-2023-4156.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [7.1](https://nvd.nist.gov/vuln/detail/CVE-2023-4156) | :mag: Ongoing | +| [CVE-2023-45287](./cve-2023-45287.md) | 9/15/24 | 10/14/24 | 4.5.3 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45287) | :mag: Ongoing | +| [CVE-2023-47108](./cve-2023-47108.md) | 11/20/23 | 10/14/24 | 4.5.3 | Third-party component: OpenTelemetry-Go | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-47108) | :mag: Ongoing | +| [CVE-2023-52356](./cve-2023-52356.md) | 9/15/24 | 10/14/24 | 4.5.3 | Third-party component: Libtiff | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-52356) | :mag: Ongoing | +| [CVE-2024-0743](./cve-2024-0743.md) | 9/15/24 | 10/14/24 | 4.5.3 | Third-party component: Mozilla | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-0743) | :mag: Ongoing | +| [CVE-2024-0760](./cve-2024-0760.md) | 9/5/24 | 10/14/24 | 4.5.3 | Third-party component: ISC | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-0760) | :mag: Ongoing | +| [CVE-2024-1737](./cve-2024-1737.md) | 9/5/24 | 10/14/24 | 4.5.3 | Third-party component: ISC | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-1737) | :mag: Ongoing | +| [CVE-2024-1975](./cve-2024-1975.md) | 9/5/24 | 10/14/24 | 4.5.3 | Third-party component: ISC | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-1975) | :mag: Ongoing | +| [CVE-2024-21626](./cve-2024-21626.md) | 1/3/24 | 10/14/24 | 4.5.3 | Third-party component: kube-proxy | [8.6](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) | :mag: Ongoing | +| [CVE-2024-24790](./cve-2024-24790.md) | 8/6/24 | 10/14/24 | 4.5.3 | Third-party component: Go Project | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2024-24790) | :mag: Ongoing | +| [CVE-2024-37371](./cve-2024-37371.md) | 08/30/24 | 10/14/24 | 4.5.3 | Third-party component: MIT Kerberos | [9.1](https://nvd.nist.gov/vuln/detail/CVE-2024-37371) | :mag: Ongoing | +| [CVE-2024-37370](./cve-2024-37370.md) | 08/30/24 | 10/14/24 | 4.5.3 | Third-party component: MIT Kerberos | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-37370) | :mag: Ongoing | +| [CVE-2024-45490](./cve-2024-45490.md) | 9/5/24 | 10/14/24 | 4.5.3 | Third-party component: Libexpat | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2024-45490) | :mag: Ongoing | +| [CVE-2024-45491](./cve-2024-45491.md) | 9/5/24 | 10/14/24 | 4.5.3 | Third-party component: Libexpat | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2024-45491) | :mag: Ongoing | +| [CVE-2024-45492](./cve-2024-45492.md) | 9/5/24 | 10/14/24 | 4.5.3 | Third-party component: Libexpat | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2024-45492) | :mag: Ongoing | +| [CVE-2024-6197](./cve-2024-6197.md) | 08/27/24 | 10/14/24 | 4.5.3 | Third-party component: Libcurl | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-6197) | :mag: Ongoing | +| [CVE-2024-6232](./cve-2024-6232.md) | 9/5/24 | 10/14/24 | 4.5.3 | Third-party component: MIT Kerberos | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-6232) | :mag: Ongoing | +| [CVE-2024-7592](./cve-2024-7592.md) | 9/5/24 | 10/14/24 | 4.5.3 | Third-party component: CPython | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-7592) | :mag: Ongoing | +| [GHSA-74fp-r6jw-h4mp](./ghsa-74fp-r6jw-h4mp.md) | 10/25/23 | 10/14/24 | 4.5.3 | Third-party component: Kubernetes API | [7.5](https://github.com/advisories/GHSA-74fp-r6jw-h4mp) | :mag: Ongoing | +| [GHSA-m425-mq94-257g](./ghsa-m425-mq94-257g.md) | 10/25/23 | 10/14/24 | 4.5.3 | Third-party component: CoreDNS | [7.5](https://github.com/advisories/GHSA-m425-mq94-257g) | :mag: Ongoing | +| [CVE-2011-4116](./cve-2011-4116.md) | 1/31/20 | 10/14/24 | 4.5.3 | Third-party component: Perl | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2011-4116) | :mag: Ongoing | +| [CVE-2018-6829](./cve-2018-6829.md) | 2/7/18 | 10/14/24 | 4.5.3 | Third-party component: Libgcrypt | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2018-6829) | :mag: Ongoing | +| [CVE-2019-19882](./cve-2019-19882.md) | 12/18/19 | 10/14/24 | 4.5.3 | Third-party component: Shadow | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2019-19882) | :mag: Ongoing | +| [CVE-2022-27664](./cve-2022-27664.md) | 9/6/22 | 10/14/24 | 4.5.3 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-27664) | :mag: Ongoing | +| [CVE-2022-32190](./cve-2022-32190.md) | 11/6/23 | 10/14/24 | 4.5.3 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-32190) | :mag: Ongoing | +| [CVE-2022-3996](./cve-2022-3996.md) | 12/13/22 | 10/14/24 | 4.5.3 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-3996) | :mag: Ongoing | +| [CVE-2022-41715](./cve-2022-41715.md) | 10/14/22 | 10/14/24 | 4.5.3 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41715) | :mag: Ongoing | +| [CVE-2022-4450](./cve-2022-4450.md) | 2/8/23 | 10/14/24 | 4.5.3 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450) | :mag: Ongoing | +| [CVE-2023-0215](./cve-2023-0215.md) | 2/8/23 | 10/14/24 | 4.5.3 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0215) | :mag: Ongoing | +| [CVE-2023-0216](./cve-2023-0216.md) | 2/8/23 | 10/14/24 | 4.5.3 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0216) | :mag: Ongoing | +| [CVE-2023-0217](./cve-2023-0217.md) | 2/8/23 | 10/14/24 | 4.5.3 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0217) | :mag: Ongoing | +| [CVE-2023-0286](./cve-2023-0286.md) | 2/8/23 | 10/14/24 | 4.5.3 | Third-party component: OpenSSL | [7.4](https://nvd.nist.gov/vuln/detail/CVE-2023-0286) | :mag: Ongoing | +| [CVE-2023-0401](./cve-2023-0401.md) | 2/8/23 | 10/14/24 | 4.5.3 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0401) | :mag: Ongoing | +| [CVE-2023-31484](./cve-2023-31484.md) | 4/8/23 | 10/14/24 | 4.5.3 | Third-party component: CPAN | [8.1](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | :mag: Ongoing | +| [CVE-2023-31486](./cve-2023-31486.md) | 4/8/23 | 10/14/24 | 4.5.3 | Third-party component: CPAN | [8.1](https://nvd.nist.gov/vuln/detail/CVE-2023-31486) | :mag: Ongoing | +| [CVE-2023-36632](./cve-2023-36632.md) | 6/25/23 | 10/14/24 | 4.5.3 | Third-party component: Python | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-36632) | :mag: Ongoing | +| [CVE-2023-45853](./cve-2023-45853.md) | 10/13/23 | 10/14/24 | 4.5.3 | Third-party component: MiniZip | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2023-45853) | :mag: Ongoing | +| [CVE-2023-4807](./cve-2023-4807.md) | 9/8/23 | 10/14/24 | 4.5.3 | Third-party component: OpenSSL | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | :mag: Ongoing | +| [CVE-2023-4911](./cve-2023-4911.md) | 10/3/23 | 10/14/24 | 4.5.3 | Third-party component: GNU C Library | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-4911) | :mag: Ongoing | +| [CVE-2023-5363](./cve-2023-5363.md) | 10/25/23 | 10/14/24 | 4.5.3 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-5363) | :mag: Ongoing | +| [CVE-2023-6246](./cve-2023-6246.md) | 1/31/24 | 10/14/24 | 4.5.3 | Third-party component: GNU C Library | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-6246) | :mag: Ongoing | +| [CVE-2023-6779](./cve-2023-6779.md) | 1/31/24 | 10/14/24 | 4.5.3 | Third-party component: GNU C Library | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-6779) | :mag: Ongoing | +| [CVE-2024-7006](./cve-2024-7006.md) | 8/12/24 | 10/14/24 | 4.5.3 | Third-party component: Libtiff | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-7006) | :mag: Ongoing | + + + + + +| CVE ID | Initial Pub Date | Modified Date | Product Version | Vulnerability Type | CVSS Severity | Status | +| ----------------------------------------------- | ---------------- | ------------- | --------------- | --------------------------------------- | -------------------------------------------------------- | ------------- | +| [CVE-2005-2541](./cve-2005-2541.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [10.0](https://nvd.nist.gov/vuln/detail/CVE-2005-2541) | :mag: Ongoing | +| [CVE-2012-2663](./cve-2012-2663.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: iPtables | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2012-2663) | :mag: Ongoing | +| [CVE-2016-20013](./cve-2016-20013.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: Ubuntu | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2016-20013) | :mag: Ongoing | +| [CVE-2017-11164](./cve-2017-11164.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: Ubuntu | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2017-11164) | :mag: Ongoing | +| [CVE-2018-20657](./cve-2018-20657.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2018-20657) | :mag: Ongoing | +| [CVE-2018-20796](./cve-2018-20796.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: GNU C Library | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2018-20796) | :mag: Ongoing | +| [CVE-2018-20839](./cve-2018-20839.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2018-20839) | :mag: Ongoing | +| [CVE-2019-1010022](./cve-2019-1010022.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: GNU Libc | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2019-1010022) | :mag: Ongoing | +| [CVE-2019-12900](./cve-2019-12900.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: BZ2 | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2019-12900) | :mag: Ongoing | +| [CVE-2019-17543](./cve-2019-17543.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [8.1](https://nvd.nist.gov/vuln/detail/CVE-2019-17543) | :mag: Ongoing | +| [CVE-2019-19244](./cve-2019-19244.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-19244) | :mag: Ongoing | +| [CVE-2019-9192](./cve-2019-9192.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: GNU C Library | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9192) | :mag: Ongoing | +| [CVE-2019-9937](./cve-2019-9937.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9937) | :mag: Ongoing | +| [CVE-2019-9936](./cve-2019-9936.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9936) | :mag: Ongoing | +| [CVE-2020-36325](./cve-2020-36325.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: Jansson | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2020-36325) | :mag: Ongoing | +| [CVE-2021-39537](./cve-2021-39537.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [8.8](https://nvd.nist.gov/vuln/detail/CVE-2021-39537) | :mag: Ongoing | +| [CVE-2021-42694](./cve-2021-42694.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [8.3](https://nvd.nist.gov/vuln/detail/CVE-2021-42694) | :mag: Ongoing | +| [CVE-2021-46848](./cve-2021-46848.md) | 9/5/24 | 10/14/24 | 4.5.3 | Third-party component: GNU Libtasn1 | [9.1](https://nvd.nist.gov/vuln/detail/CVE-2021-46848) | :mag: Ongoing | +| [CVE-2022-41409](./cve-2022-41409.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41409) | :mag: Ongoing | +| [CVE-2022-41723](./cve-2022-41723.md) | 2/28/23 | 10/14/24 | 4.5.3 | Third-party component: CoreDNS | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41723) | :mag: Ongoing | +| [CVE-2022-41724](./cve-2022-41724.md) | 9/15/24 | 10/14/24 | 4.5.3 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41724) | :mag: Ongoing | +| [CVE-2022-41725](./cve-2022-41725.md) | 9/15/24 | 10/14/24 | 4.5.3 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41725) | :mag: Ongoing | +| [CVE-2022-4899](./cve-2022-4899.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4899) | :mag: Ongoing | +| [CVE-2023-0464](./cve-2023-0464.md) | 3/22/23 | 10/14/24 | 4.5.3 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0464) | :mag: Ongoing | +| [CVE-2023-24534](./cve-2023-24534.md) | 9/15/24 | 10/14/24 | 4.5.3 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-24534) | :mag: Ongoing | +| [CVE-2023-24536](./cve-2023-24536.md) | 9/15/24 | 10/14/24 | 4.5.3 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-24536) | :mag: Ongoing | +| [CVE-2023-26604](./cve-2023-26604.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: Ubuntu | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-26604) | :mag: Ongoing | +| [CVE-2023-27534](./cve-2023-27534.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [8.8](https://nvd.nist.gov/vuln/detail/CVE-2023-27534) | :mag: Ongoing | +| [CVE-2023-29403](./cve-2023-29403.md) | 9/15/24 | 10/14/24 | 4.5.3 | Third-party component: Go Project | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-29403) | :mag: Ongoing | +| [CVE-2023-29499](./cve-2023-29499.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-29499) | :mag: Ongoing | +| [CVE-2023-32636](./cve-2023-32636.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-32636) | :mag: Ongoing | +| [CVE-2023-37920](./cve-2023-37920.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: Certifi | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2023-37920) | :mag: Ongoing | +| [CVE-2023-39325](./cve-2023-39325.md) | 10/11/23 | 10/14/24 | 4.5.3 | Third-party component: Go project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | :mag: Ongoing | +| [CVE-2023-4156](./cve-2023-4156.md) | 08/16/24 | 10/14/24 | 4.5.3 | Third-party component: MongoDB | [7.1](https://nvd.nist.gov/vuln/detail/CVE-2023-4156) | :mag: Ongoing | +| [CVE-2023-45287](./cve-2023-45287.md) | 9/15/24 | 10/14/24 | 4.5.3 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45287) | :mag: Ongoing | +| [CVE-2023-47108](./cve-2023-47108.md) | 11/20/23 | 10/14/24 | 4.5.3 | Third-party component: OpenTelemetry-Go | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-47108) | :mag: Ongoing | +| [CVE-2024-21626](./cve-2024-21626.md) | 1/3/24 | 10/14/24 | 4.5.3 | Third-party component: Kube-proxy | [8.6](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) | :mag: Ongoing | +| [CVE-2024-24790](./cve-2024-24790.md) | 8/6/24 | 10/14/24 | 4.5.3 | Third-party component: Go Project | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2024-24790) | :mag: Ongoing | +| [CVE-2024-3651](./cve-2024-3651.md) | 9/13/24 | 10/14/24 | 4.5.3 | Third-party component: kjd | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-3651) | :mag: Ongoing | +| [CVE-2024-37371](./cve-2024-37371.md) | 08/30/24 | 10/14/24 | 4.5.3 | Third-party component: MIT Kerberos | [9.1](https://nvd.nist.gov/vuln/detail/CVE-2024-37371) | :mag: Ongoing | +| [CVE-2024-37370](./cve-2024-37370.md) | 08/30/24 | 10/14/24 | 4.5.3 | Third-party component: MIT Kerberos | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-37370) | :mag: Ongoing | +| [CVE-2024-45490](./cve-2024-45490.md) | 9/5/24 | 10/14/24 | 4.5.3 | Third-party component: Libexpat | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2024-45490) | :mag: Ongoing | +| [CVE-2024-45491](./cve-2024-45491.md) | 9/5/24 | 10/14/24 | 4.5.3 | Third-party component: Libexpat | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2024-45491) | :mag: Ongoing | +| [CVE-2024-45492](./cve-2024-45492.md) | 9/5/24 | 10/14/24 | 4.5.3 | Third-party component: Libexpat | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2024-45492) | :mag: Ongoing | +| [CVE-2024-6232](./cve-2024-6232.md) | 9/5/24 | 10/14/24 | 4.5.3 | Third-party component: MIT Kerberos | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-6232) | :mag: Ongoing | +| [CVE-2024-7592](./cve-2024-7592.md) | 9/5/24 | 10/14/24 | 4.5.3 | Third-party component: CPython | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-7592) | :mag: Ongoing | +| [GHSA-74fp-r6jw-h4mp](./ghsa-74fp-r6jw-h4mp.md) | 10/25/23 | 10/14/24 | 4.5.3 | Third-party component: Kubernetes API | [7.5](https://github.com/advisories/GHSA-74fp-r6jw-h4mp) | :mag: Ongoing | +| [CVE-2011-4116](./cve-2011-4116.md) | 1/31/20 | 10/14/24 | 4.5.3 | Third-party component: Perl | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2011-4116) | :mag: Ongoing | +| [CVE-2018-6829](./cve-2018-6829.md) | 2/7/18 | 10/14/24 | 4.5.3 | Third-party component: Libgcrypt | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2018-6829) | :mag: Ongoing | +| [CVE-2019-19882](./cve-2019-19882.md) | 12/18/19 | 10/14/24 | 4.5.3 | Third-party component: Shadow | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2019-19882) | :mag: Ongoing | +| [CVE-2022-27664](./cve-2022-27664.md) | 9/6/22 | 10/14/24 | 4.5.3 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-27664) | :mag: Ongoing | +| [CVE-2022-32190](./cve-2022-32190.md) | 11/6/23 | 10/14/24 | 4.5.3 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-32190) | :mag: Ongoing | +| [CVE-2022-3996](./cve-2022-3996.md) | 12/13/22 | 10/14/24 | 4.5.3 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-3996) | :mag: Ongoing | +| [CVE-2022-41715](./cve-2022-41715.md) | 10/14/22 | 10/14/24 | 4.5.3 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41715) | :mag: Ongoing | +| [CVE-2022-4450](./cve-2022-4450.md) | 2/8/23 | 10/14/24 | 4.5.3 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450) | :mag: Ongoing | +| [CVE-2023-0215](./cve-2023-0215.md) | 2/8/23 | 10/14/24 | 4.5.3 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0215) | :mag: Ongoing | +| [CVE-2023-0216](./cve-2023-0216.md) | 2/8/23 | 10/14/24 | 4.5.3 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0216) | :mag: Ongoing | +| [CVE-2023-0217](./cve-2023-0217.md) | 2/8/23 | 10/14/24 | 4.5.3 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0217) | :mag: Ongoing | +| [CVE-2023-0286](./cve-2023-0286.md) | 2/8/23 | 10/14/24 | 4.5.3 | Third-party component: OpenSSL | [7.4](https://nvd.nist.gov/vuln/detail/CVE-2023-0286) | :mag: Ongoing | +| [CVE-2023-0401](./cve-2023-0401.md) | 2/8/23 | 10/14/24 | 4.5.3 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0401) | :mag: Ongoing | +| [CVE-2023-31484](./cve-2023-31484.md) | 4/8/23 | 10/14/24 | 4.5.3 | Third-party component: CPAN | [8.1](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | :mag: Ongoing | +| [CVE-2023-31486](./cve-2023-31486.md) | 4/8/23 | 10/14/24 | 4.5.3 | Third-party component: CPAN | [8.1](https://nvd.nist.gov/vuln/detail/CVE-2023-31486) | :mag: Ongoing | +| [CVE-2023-36632](./cve-2023-36632.md) | 6/25/23 | 10/14/24 | 4.5.3 | Third-party component: Python | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-36632) | :mag: Ongoing | +| [CVE-2023-45853](./cve-2023-45853.md) | 10/13/23 | 10/14/24 | 4.5.3 | Third-party component: MiniZip | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2023-45853) | :mag: Ongoing | +| [CVE-2023-4807](./cve-2023-4807.md) | 9/8/23 | 10/14/24 | 4.5.3 | Third-party component: OpenSSL | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | :mag: Ongoing | +| [CVE-2023-4911](./cve-2023-4911.md) | 10/3/23 | 10/14/24 | 4.5.3 | Third-party component: GNU C Library | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-4911) | :mag: Ongoing | +| [CVE-2023-5363](./cve-2023-5363.md) | 10/25/23 | 10/14/24 | 4.5.3 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-5363) | :mag: Ongoing | +| [CVE-2023-6246](./cve-2023-6246.md) | 1/31/24 | 10/14/24 | 4.5.3 | Third-party component: GNU C Library | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-6246) | :mag: Ongoing | +| [CVE-2023-6779](./cve-2023-6779.md) | 1/31/24 | 10/14/24 | 4.5.3 | Third-party component: GNU C Library | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-6779) | :mag: Ongoing | diff --git a/redirects.js b/redirects.js index 17e337840b..3cb2a16574 100644 --- a/redirects.js +++ b/redirects.js @@ -606,9 +606,6 @@ const redirects = [ "/security-bulletins/reports/cve-2021-3711", "/security-bulletins/reports/cve-2021-45079", "/security-bulletins/reports/cve-2022-0778", - "/security-bulletins/reports/cve-2022-4450", - "/security-bulletins/reports/cve-2023-0215", - "/security-bulletins/reports/cve-2023-0286", "/security-bulletins/reports/cve-2023-52425", "/security-bulletins/reports/cve-2023-5528", "/security-bulletins/reports/prisma-2022-0227",