spectrocloud · karl-cardenas-coding · Sep 5, 2024 · Sep 5, 2024 · Sep 5, 2024 · Sep 5, 2024
@@ -0,0 +1,44 @@
+---
+sidebar_label: "CVE-2021-46848"
+title: "CVE-2021-46848"
+description: "Lifecycle of CVE-2021-46848"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2021-46848](https://nvd.nist.gov/vuln/detail/CVE-2021-46848)
+
+## Last Update
+
+9/5/24
+
+## NIST CVE Summary
+
+GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
+
+## Our Official Summary
+
+This is a vulnerability reported in GNU Libtasn1 before version 4.19.0, a library used to manage the ASN.1 data
+structure. This vulnerability is caused by an off-by-one array size check issue, leading to an out-of-bounds read.
+Impacting systems using GNU Libtasn1 before 4.19.0. Waiting on an upstream fix.
+
+## CVE Severity
+
+[9.1](https://nvd.nist.gov/vuln/detail/CVE-2021-46848)
+
+## Status
+
+Ongoing
+
+## Affected Products & Versions
+
+- Palette VerteX 4.4.14
+
+## Revision History
+
+- 1.0 09/05/2024 Initial Publication
+- 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products
@@ -0,0 +1,48 @@
+---
+sidebar_label: "CVE-2024-0760"
+title: "CVE-2024-0760"
+description: "Lifecycle of CVE-2024-0760"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2024-0760](https://nvd.nist.gov/vuln/detail/CVE-2024-0760)
+
+## Last Update
+
+9/5/24
+
+## NIST CVE Summary
+
+A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the
+attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This
+issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1.
+
+## Our Official Summary
+
+A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the
+attack is in progress. The server may recover after the attack ceases. In order to exploit this vulnerability, image in
+which this cve is reported has to be compromised and hacker has to gain privileged access. There are sufficient controls
+in place to consider the probability of occurrence as low. There is a fix available upstream and we are investigating
+upgrading to the fixed version.
+
+## CVE Severity
+
+[7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-0760)
+
+## Status
+
+Ongoing
+
+## Affected Products & Versions
+
+- Palette VerteX 4.4.14
+
+## Revision History
+
+- 1.0 09/05/2024 Initial Publication
+- 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products
@@ -0,0 +1,51 @@
+---
+sidebar_label: "CVE-2024-1737"
+title: "CVE-2024-1737"
+description: "Lifecycle of CVE-2024-1737"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2024-1737](https://nvd.nist.gov/vuln/detail/CVE-2024-1737)
+
+## Last Update
+
+9/5/24
+
+## NIST CVE Summary
+
+Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any
+RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries
+for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through
+9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through
+9.18.27-S1.
+
+## Our Official Summary
+
+This vulnerability can be exploited if resolver caches and authoritative zone databases hold significant numbers of RRs
+for the same hostname (of any RTYPE). Services will suffer from degraded performance as content is being added or
+updated, and also when handling client queries for this name. In order to exploit this vulenerability, image in which
+this cve is reported has to be compromised and hacker has to gain privileged access. There are sufficient controls in
+place to consider the probability of occurence as low. There is a fix available upstream and we are investigating
+upgrading to the fixed version.
+
+## CVE Severity
+
+[7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-1737)
+
+## Status
+
+Ongoing
+
+## Affected Products & Versions
+
+- Palette VerteX 4.4.14
+
+## Revision History
+
+- 1.0 09/05/2024 Initial Publication
+- 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products
@@ -0,0 +1,49 @@
+---
+sidebar_label: "CVE-2024-1975"
+title: "CVE-2024-1975"
+description: "Lifecycle of CVE-2024-1975"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2024-1975](https://nvd.nist.gov/vuln/detail/CVE-2024-1975)
+
+## Last Update
+
+9/5/24
+
+## NIST CVE Summary
+
+If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from
+a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed
+requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27,
+9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.
+
+## Our Official Summary
+
+This vulnerability can be exploited by a client only if a server hosts a zone containing a “KEY” Resource Record, or a
+resolver DNSSEC-validates a “KEY” Resource Record from a DNSSEC-signed domain in cache. In order to exploit this
+vulenerability, image in which this cve is reported has to be compromised and hacker has to gain privileged access.
+There are sufficient controls in place to consider the probability of occurence as low. There is a fix available
+upstream and we are investigating upgrading to the fixed version.
+
+## CVE Severity
+
+[7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-1975)
+
+## Status
+
+Ongoing
+
+## Affected Products & Versions
+
+- Palette VerteX 4.4.14
+
+## Revision History
+
+- 1.0 09/05/2024 Initial Publication
+- 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products
@@ -0,0 +1,42 @@
+---
+sidebar_label: "CVE-2024-45490"
+title: "CVE-2024-45490"
+description: "Lifecycle of CVE-2024-45490"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2024-45490](https://nvd.nist.gov/vuln/detail/CVE-2024-45490)
+
+## Last Update
+
+9/5/24
+
+## NIST CVE Summary
+
+An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
+
+## Our Official Summary
+
+Our official summary coming soon.
+
+## CVE Severity
+
+[9.8](https://nvd.nist.gov/vuln/detail/CVE-2024-45490)
+
+## Status
+
+Ongoing
+
+## Affected Products & Versions
+
+- Palette VerteX 4.4.14
+
+## Revision History
+
+- 1.0 09/05/2024 Initial Publication
+- 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products
@@ -0,0 +1,43 @@
+---
+sidebar_label: "CVE-2024-45491"
+title: "CVE-2024-45491"
+description: "Lifecycle of CVE-2024-45491"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2024-45491](https://nvd.nist.gov/vuln/detail/CVE-2024-45491)
+
+## Last Update
+
+9/5/24
+
+## NIST CVE Summary
+
+An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on
+32-bit platforms (where UINT_MAX equals SIZE_MAX).
+
+## Our Official Summary
+
+Our official summary coming soon.
+
+## CVE Severity
+
+[9.8](https://nvd.nist.gov/vuln/detail/CVE-2024-45491)
+
+## Status
+
+Ongoing
+
+## Affected Products & Versions
+
+- Palette VerteX 4.4.14
+
+## Revision History
+
+- 1.0 09/05/2024 Initial Publication
+- 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products
@@ -0,0 +1,43 @@
+---
+sidebar_label: "CVE-2024-45492"
+title: "CVE-2024-45492"
+description: "Lifecycle of CVE-2024-45492"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2024-45492](https://nvd.nist.gov/vuln/detail/CVE-2024-45492)
+
+## Last Update
+
+9/5/24
+
+## NIST CVE Summary
+
+An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for
+m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
+
+## Our Official Summary
+
+Our official summary coming soon.
+
+## CVE Severity
+
+[9.8](https://nvd.nist.gov/vuln/detail/CVE-2024-45492)
+
+## Status
+
+Ongoing
+
+## Affected Products & Versions
+
+- Palette VerteX 4.4.14
+
+## Revision History
+
+- 1.0 09/05/2024 Initial Publication
+- 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products
@@ -0,0 +1,43 @@
+---
+sidebar_label: "CVE-2024-6232"
+title: "CVE-2024-6232"
+description: "Lifecycle of CVE-2024-6232"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2024-6232](https://nvd.nist.gov/vuln/detail/CVE-2024-6232)
+
+## Last Update
+
+9/5/24
+
+## NIST CVE Summary
+
+There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking
+during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
+
+## Our Official Summary
+
+Our official summary coming soon.
+
+## CVE Severity
+
+[7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-6232)
+
+## Status
+
+Ongoing
+
+## Affected Products & Versions
+
+- Palette VerteX 4.4.14
+
+## Revision History
+
+- 1.0 09/05/2024 Initial Publication
+- 2.0 09/05/2024 Added Palette VerteX 4.4.14 to Affected Products