docs: added a new one and revised others (#4694)

* added a new one and revised others

* ci: auto-formatting prettier issues

---------

Co-authored-by: frederickjoi <[email protected]>

docs/docs-content/security-bulletins/reports/cve-2016-1585.md

@@ -14,15 +14,19 @@ tags: ["security", "cve"]
 
 ## Last Update
 
-11/7/24
+11/12/24
 
 ## NIST CVE Summary
 
 In all versions of AppArmor mount rules are accidentally widened when compiled.
 
 ## Our Official Summary
 
-Spectro Cloud Official Summary coming soon.
+The vulnerability allows programs to access files and directories that they should not have access to, potentially
+leading to unauthorized access to sensitive data. Exploitation of this vulnerability requires privileged access to the
+container since only local users on the container can exploit this. Hence the risk of exploitation is low. Even if
+exploited, since this is a container used for specific tasks, the risk that sensitive data will be exploited through
+this CVE is low.
 
 ## CVE Severity
 

docs/docs-content/security-bulletins/reports/cve-2018-20225.md

@@ -14,7 +14,7 @@ tags: ["security", "cve"]
 
 ## Last Update
 
-11/7/24
+11/12/24
 
 ## NIST CVE Summary
 
@@ -26,7 +26,10 @@ and the user is responsible for using --extra-index-url securely
 
 ## Our Official Summary
 
-Waiting on a fix from third party mongodb vendor
+This flaw was found in the python-pip component and only affects the --extra-index-url option. Exploitation requires
+that the package does not already exist in the public index (and thus the attacker can put the package there with an
+arbitrary version number). Risk of exploitation is low for our products as this CVE is reported on a backend container.
+Attacker must gain privileged access to the container and run pip on the container to be able to exploit this.
 
 ## CVE Severity
 

docs/docs-content/security-bulletins/reports/cve-2023-47108.md

@@ -14,7 +14,7 @@ tags: ["security", "cve"]
 
 ## Last Update
 
-11/7/2024
+11/12/2024
 
 ## NIST CVE Summary
 
@@ -24,8 +24,9 @@ cardinality. It leads to the server's potential memory exhaustion when many mali
 
 ## Our Official Summary
 
-CVE exists in vsphere-csi 3.2.0, and kube-controller-manaer version 1.28.11. Impacts all vsphere clusters. There is no
-workaround.
+This vulnerability is reported on the Kubernetes images such as apiserver, kube-controller-manager, kube-proxy and
+kube-scheduler. This flaw is from the open telemetry otelgrpc handler. Kubernetes components use open telemetry only for
+tracing and not for metrics collection, making this vulnerability a false positive and the risk of exploitation low.
 
 ## CVE Severity
 

docs/docs-content/security-bulletins/reports/cve-2024-10963.md

@@ -0,0 +1,48 @@
+---
+sidebar_label: "CVE-2024-10963"
+title: "CVE-2024-10963"
+description: "Lifecycle of CVE-2024-10963"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2024-10963](https://nvd.nist.gov/vuln/detail/CVE-2024-10963)
+
+## Last Update
+
+11/12/2024
+
+## NIST CVE Summary
+
+A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This
+vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access.
+This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.
+
+## Our Official Summary
+
+Investigation is ongoing to determine how this vulnerability impacts our products.
+
+## CVE Severity
+
+[7.4](https://nvd.nist.gov/vuln/detail/CVE-2024-10963)
+
+## Status
+
+Ongoing
+
+## Affected Products & Versions
+
+- Palette Enterprise airgap 4.5.8
+- Palette Enterprise 4.5.8
+- Palette VerteX airgap 4.5.8
+- Palette VerteX 4.5.8
+
+## Revision History
+
+- 1.0 11/12/2024 Initial Publication
+- 2.0 11/7/2024 Added Palette Enterprise airgap, Palette Enterprise, VerteX airgap, and Palette VerteX 4.5.8 to Affected
+  Products