spectrocloud · lennessyy · Aug 16, 2024 · Aug 9, 2024 · Aug 9, 2024 · Aug 16, 2024
@@ -0,0 +1,43 @@
+---
+sidebar_label: "CVE-2005-2541"
+title: "CVE-2005-2541"
+description: "Lifecycle of CVE-2005-2541"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2005-2541](https://nvd.nist.gov/vuln/detail/CVE-2005-2541)
+
+## Last Update
+
+8/16/2024
+
+## NIST CVE Summary
+
+Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote
+attackers to gain privileges.
+
+## Our Official Summary
+
+Waiting on a fix from third party mongodb vendor.
+
+## CVE Severity
+
+[10.0](https://nvd.nist.gov/vuln/detail/CVE-2005-2541)
+
+## Status
+
+Ongoing
+
+## Affected Products & Versions
+
+- Palette VerteX 4.4.12
+
+## Revision History
+
+- 1.0 08/16/2024 Initial Publication
+- 2.0 08/17/2024 Added Palette VerteX 4.4.12 to Affected Products
@@ -0,0 +1,44 @@
+---
+sidebar_label: "CVE-2012-2663"
+title: "CVE-2012-2663"
+description: "Lifecycle of CVE-2012-2663"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2012-2663](https://nvd.nist.gov/vuln/detail/CVE-2012-2663)
+
+## Last Update
+
+08/16/2024
+
+## NIST CVE Summary
+
+extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow
+remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this
+issue less relevant.
+
+## Our Official Summary
+
+Spectro Cloud Offical Summary Coming Soon
+
+## CVE Severity
+
+[7.5](https://nvd.nist.gov/vuln/detail/CVE-2012-2663)
+
+## Status
+
+Ongoing
+
+## Affected Products & Versions
+
+- Palette VerteX 4.4.12
+
+## Revision History
+
+- 1.0 08/16/2024 Initial Publication
+- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products
@@ -0,0 +1,45 @@
+---
+sidebar_label: "CVE-2015-20107"
+title: "CVE-2015-20107"
+description: "Lifecycle of CVE-2015-20107"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2015-20107](https://nvd.nist.gov/vuln/detail/CVE-2015-20107)
+
+## Last Update
+
+08/16/2024
+
+## NIST CVE Summary
+
+In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the
+system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch
+with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to
+3.7, 3.8, 3.9
+
+## Our Official Summary
+
+Waiting on a fix from third party mongodb vendor
+
+## CVE Severity
+
+[7.6](https://nvd.nist.gov/vuln/detail/CVE-2015-20107)
+
+## Status
+
+Ongoing
+
+## Affected Products & Versions
+
+- Palette VerteX 4.4.12
+
+## Revision History
+
+- 1.0 08/16/2024 Initial Publication
+- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products
@@ -0,0 +1,42 @@
+---
+sidebar_label: "CVE-2016-1585"
+title: "CVE-2016-1585"
+description: "Lifecycle of CVE-2016-1585"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2016-1585](https://nvd.nist.gov/vuln/detail/CVE-2016-1585)
+
+## Last Update
+
+8/16/2024
+
+## NIST CVE Summary
+
+In all versions of AppArmor mount rules are accidentally widened when compiled.
+
+## Our Official Summary
+
+Spectro Cloud Official Summary coming soon.
+
+## CVE Severity
+
+[9.8](https://nvd.nist.gov/vuln/detail/CVE-2016-1585)
+
+## Status
+
+Ongoing
+
+## Affected Products & Versions
+
+- Palette VerteX 4.4.12
+
+## Revision History
+
+- 1.0 08/16/2024 Initial Publication
+- 2.0 08/17/2024 Added Palette VerteX 4.4.12 to Affected Products
@@ -0,0 +1,43 @@
+---
+sidebar_label: "CVE-2016-20013"
+title: "CVE-2016-20013"
+description: "Lifecycle of CVE-2016-20013"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2016-20013](https://nvd.nist.gov/vuln/detail/CVE-2016-20013)
+
+## Last Update
+
+08/16/2024
+
+## NIST CVE Summary
+
+sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the
+algorithm's runtime is proportional to the square of the length of the password.
+
+## Our Official Summary
+
+Spectro Cloud Offical Summary Coming Soon
+
+## CVE Severity
+
+[7.5](https://nvd.nist.gov/vuln/detail/CVE-2016-20013)
+
+## Status
+
+Ongoing
+
+## Affected Products & Versions
+
+- Palette VerteX 4.4.12
+
+## Revision History
+
+- 1.0 08/16/2024 Initial Publication
+- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products
@@ -0,0 +1,43 @@
+---
+sidebar_label: "CVE-2017-11164"
+title: "CVE-2017-11164"
+description: "Lifecycle of CVE-2017-11164"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2017-11164](https://nvd.nist.gov/vuln/detail/CVE-2017-11164)
+
+## Last Update
+
+08/16/2024
+
+## NIST CVE Summary
+
+In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled
+recursion) when processing a crafted regular expression.
+
+## Our Official Summary
+
+Spectro Cloud Offical Summary Coming Soon
+
+## CVE Severity
+
+[7.8](https://nvd.nist.gov/vuln/detail/CVE-2017-11164)
+
+## Status
+
+Ongoing
+
+## Affected Products & Versions
+
+- Palette VerteX 4.4.12
+
+## Revision History
+
+- 1.0 08/16/2024 Initial Publication
+- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products
@@ -0,0 +1,46 @@
+---
+sidebar_label: "CVE-2018-20225"
+title: "CVE-2018-20225"
+description: "Lifecycle of CVE-2018-20225"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2018-20225](https://nvd.nist.gov/vuln/detail/CVE-2018-20225)
+
+## Last Update
+
+08/16/2024
+
+## NIST CVE Summary
+
+An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if
+the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url
+option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can
+put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality
+and the user is responsible for using --extra-index-url securely
+
+## Our Official Summary
+
+Waiting on a fix from third party mongodb vendor
+
+## CVE Severity
+
+[7.8](https://nvd.nist.gov/vuln/detail/CVE-2018-20225)
+
+## Status
+
+Ongoing
+
+## Affected Products & Versions
+
+- Palette VerteX 4.4.12
+
+## Revision History
+
+- 1.0 08/16/2024 Initial Publication
+- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products
@@ -0,0 +1,44 @@
+---
+sidebar_label: "CVE-2018-20657"
+title: "CVE-2018-20657"
+description: "Lifecycle of CVE-2018-20657"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2018-20657](https://nvd.nist.gov/vuln/detail/CVE-2018-20657)
+
+## Last Update
+
+08/16/2024
+
+## NIST CVE Summary
+
+The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak
+via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue
+to CVE-2018-12698.
+
+## Our Official Summary
+
+Waiting on a fix from third party mongodb & calico vendors
+
+## CVE Severity
+
+[7.5](https://nvd.nist.gov/vuln/detail/CVE-2018-20657)
+
+## Status
+
+Ongoing
+
+## Affected Products & Versions
+
+- Palette VerteX 4.4.12
+
+## Revision History
+
+- 1.0 08/16/2024 Initial Publication
+- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products