diff --git a/docs/docs-content/clusters/cluster-management/platform-settings/pause-platform-upgrades.md b/docs/docs-content/clusters/cluster-management/platform-settings/pause-platform-upgrades.md
index 01ed4ec891..9f75df24b3 100644
--- a/docs/docs-content/clusters/cluster-management/platform-settings/pause-platform-upgrades.md
+++ b/docs/docs-content/clusters/cluster-management/platform-settings/pause-platform-upgrades.md
@@ -8,11 +8,58 @@ tags: ["clusters", "cluster management"]
---
Palette supports the **Pause Agent Upgrades** feature to exclude a cluster or a group of clusters from getting
-automatically upgraded when Palette is upgraded. The three ways to activate this feature are:
+automatically upgraded when Palette is upgraded.
-- Pause Upgrades for a Single Cluster
-- Pause Upgrades for all Clusters within Project Scope
-- Pause Upgrades for all Clusters within Tenant Scope
+## Pause Agent Upgrade Scopes
+
+Upgrades can be paused and resumed in the following scopes:
+
+- Pause upgrades for a single cluster
+- Pause upgrades for all clusters within a project
+- Pause upgrades for all clusters within a tenant
+
+When determining if the agent upgrades for one cluster is paused or not, you only need to look at the setting for the
+cluster itself. Even if agent upgrades are paused on a tenant or project level, agent upgrades for an individual cluster
+can still be turned on.
+
+Pausing or resuming agent upgrades at a higher-level scope will automatically pause or resume agent upgrades in the
+lower-level scopes. For example, if you pause agent upgrades at the tenant level, then agent upgrades will be paused for
+all projects within that tenant, and all clusters within those projects. Similarly, if you resume upgrades at the
+project level, then all clusters within that project will have their agent upgrades resumed.
+
+This is a one-time change that happens at the moment when you pause or resume upgrades in the higher scope, and it does
+not mandate that the same setting be kept at the lower scopes. If you pause or resume agent upgrades in a lower-level
+scope, it will override the setting from the higher-level scope. For example, even if all agent upgrades are paused at
+the tenant level, you can override the tenant-level pause by resuming upgrades in a specific project or a specific
+cluster. However, if you resume upgrades at the tenant level, and then pause again at the tenant level, it will pause
+agent upgrades for all clusters within the tenant, including clusters where you manually overrode the tenant-level
+settings and resumed agent upgrades.
+
+## Agent Upgrades for PCG and Edge Hosts
+
+Aside from clusters, you can also pause the agent upgrades on Private Cloud Gateways (PCG) and Edge hosts that are
+registered with Palette but are not part of a cluster.
+
+Since PCGs are scoped to tenants, you can pause the agent upgrades on a PCG by pausing agent upgrades on the tenant to
+which the PCG is associated. You can also pause or resume upgrades for a PCG in the PCG details page through **Cluster
+Settings**. Similar to clusters, pausing and resuming upgrades at the tenant level will pause or resume agent upgrades
+for all PCGs in the tenant. Pausing and resuming upgrades for a PCG individually will override the tenant-level setting.
+
+Edge hosts that are part of a cluster have their agent upgrades managed by the settings of their cluster. Edge hosts
+that are not part of a cluster have their agent upgrades managed at the project and tenant level. Similar to clusters,
+pausing or resuming agent upgrades at the tenant level will automatically pause or resume agent upgrades for all
+projects with in that tenant. However, you can override the tenant level setting by manually changing the upgrade
+setting at the project level.
+
+The following is a table showing the scopes at which you can pause agent upgrades for different objects. The same
+relationship between the scopes applies: Changing the setting in a higher scope will trigger a one-time change to the
+lower scopes, and changing the setting at the lower scope will override the setting in the higher scope.
+
+| | Individual Cluster/PCG | Project | Tenant |
+| --------------- | ---------------------- | ------- | ------ |
+| Cluster | ✅ | ✅ | ✅ |
+| PCG | ✅ | | ✅ |
+| Idle Edge hosts | | ✅ | ✅ |
## Prerequisites
@@ -71,6 +118,24 @@ clusters within the project scope, or all within the tenant scope.
+
+
+1. Log in to [Palette](https://console.spectrocloud.com) as a tenant administrator.
+
+2. Navigate to the left **Main Menu** and select **Tenant Settings**.
+
+3. Select **Private Cloud Gateways** from the **Tenant Settings Menu**
+
+4. Click on the PCG you want to pause or resume upgrades for.
+
+5. From the PCG details page, click **Settings** > **Cluster Settings**.
+
+6. Toggle the **Pause Agent Upgrades** button to pause upgrades for the PCG.
+
+7. A pop-up box will ask you to confirm the action. Click **OK**.
+
+
+
## Validate
@@ -93,6 +158,9 @@ clusters within the project scope, or all within the tenant scope.
+Pausing upgrades in a project also pauses agent upgrades for all Edge hosts in the project that are not part of a
+cluster.
+
1. Log in to [Palette](https://console.spectrocloud.com).
2. Navigate to the left **Main Menu** and click on **Project Settings**.
@@ -105,6 +173,9 @@ clusters within the project scope, or all within the tenant scope.
+Pausing upgrades in a Tenant also pauses agent upgrades for all Edge hosts in the tenant that are not part of a cluster,
+as well as PCGs in the tenant.
+
1. Log in to [Palette](https://console.spectrocloud.com).
2. Navigate to the left **Main Menu** and click on **Tenant Settings**.
@@ -115,4 +186,20 @@ clusters within the project scope, or all within the tenant scope.
+
+
+1. Log in to [Palette](https://console.spectrocloud.com) as a tenant administrator.
+
+2. Navigate to the left **Main Menu** and select **Tenant Settings**.
+
+3. Select **Private Cloud Gateways** from the **Tenant Settings Menu**
+
+4. Click on the PCG you want to pause or resume upgrades for.
+
+5. From the PCG details page, click **Settings** > **Cluster Settings**.
+
+6. The **Pause Agent Upgrades** toggle button is checked.
+
+
+
diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-27191.md b/docs/docs-content/security-bulletins/reports/cve-2022-27191.md
new file mode 100644
index 0000000000..3c18b777bd
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2022-27191.md
@@ -0,0 +1,34 @@
+---
+sidebar_label: "CVE-2022-27191"
+title: "CVE-2022-27191"
+description: "Lifecycle of CVE-2022-27191"
+sidebar_class_name: "hide-from-sidebar"
+hide_table_of_contents: false
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2022-27191](https://nvd.nist.gov/vuln/detail/CVE-2022-27191)
+
+## Last Update
+
+11/7/2023
+
+## NIST Summary
+
+The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server
+in certain circumstances involving AddHostKey.
+
+## CVE Severity
+
+7.5
+
+## Status
+
+Resolved
+
+## Images
+
+- gcr.io/spectro-images-client/release/nas:4.4.14
diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-27664.md b/docs/docs-content/security-bulletins/reports/cve-2022-27664.md
new file mode 100644
index 0000000000..51fd6b6050
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2022-27664.md
@@ -0,0 +1,35 @@
+---
+sidebar_label: "CVE-2022-27664"
+title: "CVE-2022-27664"
+description: "Lifecycle of CVE-2022-27664"
+sidebar_class_name: "hide-from-sidebar"
+hide_table_of_contents: false
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2022-27664](https://nvd.nist.gov/vuln/detail/CVE-2022-27664)
+
+## Last Update
+
+11/7/2023
+
+## NIST Summary
+
+In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2
+connection can hang during closing if shutdown were preempted by a fatal error.
+
+## CVE Severity
+
+7.5
+
+## Status
+
+Ongoing
+
+## Images
+
+- registry.k8s.io/sig-storage/snapshot-validation-webhook:v6.2.1
+- registry.k8s.io/sig-storage/snapshot-controller:v6.2.1
diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-2880.md b/docs/docs-content/security-bulletins/reports/cve-2022-2880.md
new file mode 100644
index 0000000000..04f3e5eed0
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2022-2880.md
@@ -0,0 +1,39 @@
+---
+sidebar_label: "CVE-2022-2880"
+title: "CVE-2022-2880"
+description: "Lifecycle of CVE-2022-2880"
+sidebar_class_name: "hide-from-sidebar"
+hide_table_of_contents: false
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2022-2880](https://nvd.nist.gov/vuln/detail/CVE-2022-2880)
+
+## Last Update
+
+11/25/2023
+
+## NIST Summary
+
+Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable
+parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with
+an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound
+request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the
+query parameters. Proxies which do not parse query parameters continue to forward the original query parameters
+unchanged.
+
+## CVE Severity
+
+7.5
+
+## Status
+
+Resolved
+
+## Images
+
+- registry.k8s.io/sig-storage/snapshot-validation-webhook:v6.2.1
+- registry.k8s.io/sig-storage/snapshot-controller:v6.2.1
diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-32190.md b/docs/docs-content/security-bulletins/reports/cve-2022-32190.md
new file mode 100644
index 0000000000..9fb8da646e
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2022-32190.md
@@ -0,0 +1,36 @@
+---
+sidebar_label: "CVE-2022-32190"
+title: "CVE-2022-32190"
+description: "Lifecycle of CVE-2022-32190"
+sidebar_class_name: "hide-from-sidebar"
+hide_table_of_contents: false
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2022-32190](https://nvd.nist.gov/vuln/detail/CVE-2022-32190)
+
+## Last Update
+
+11/7/2023
+
+## NIST Summary
+
+JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example,
+JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating
+that ../ path elements are removed from the result.
+
+## CVE Severity
+
+7.5
+
+## Status
+
+Ongoing
+
+## Images
+
+- registry.k8s.io/sig-storage/snapshot-validation-webhook:v6.2.1
+- registry.k8s.io/sig-storage/snapshot-controller:v6.2.1
diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-3715.md b/docs/docs-content/security-bulletins/reports/cve-2022-3715.md
new file mode 100644
index 0000000000..ffc934047f
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2022-3715.md
@@ -0,0 +1,34 @@
+---
+sidebar_label: "CVE-2022-3715"
+title: "CVE-2022-3715"
+description: "Lifecycle of CVE-2022-3715"
+sidebar_class_name: "hide-from-sidebar"
+hide_table_of_contents: false
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2022-3715](https://nvd.nist.gov/vuln/detail/CVE-2022-3715)
+
+## Last Update
+
+2/24/2023
+
+## NIST Summary
+
+A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue
+may lead to memory problems.
+
+## CVE Severity
+
+7.8
+
+## Status
+
+Ongoing
+
+## Images
+
+- ghcr.io/k8snetworkplumbingwg/multus-cni:v4.0.2-thick
diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-3996.md b/docs/docs-content/security-bulletins/reports/cve-2022-3996.md
new file mode 100644
index 0000000000..252bfdcbff
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2022-3996.md
@@ -0,0 +1,42 @@
+---
+sidebar_label: "CVE-2022-3996"
+title: "CVE-2022-3996"
+description: "Lifecycle of CVE-2022-3996"
+sidebar_class_name: "hide-from-sidebar"
+hide_table_of_contents: false
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2022-3996](https://nvd.nist.gov/vuln/detail/CVE-2022-3996)
+
+## Last Update
+
+8/1/2024
+
+## NIST Summary
+
+If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will
+be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when
+the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common
+setup.
+
+Policy processing is enabled by passing the \`-policy' argument to the command line utilities or by calling the
+\`X509_VERIFY_PARAM_set1_policies()' function.
+
+Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.
+
+## CVE Severity
+
+7.5
+
+## Status
+
+Ongoing
+
+## Images
+
+- gcr.io/spectro-images-public/release/kubevirt/virt-handler:v1.2.0
+- gcr.io/spectro-images-public/release/kubevirt/virt-launcher:v1.2.0
diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-41715.md b/docs/docs-content/security-bulletins/reports/cve-2022-41715.md
new file mode 100644
index 0000000000..39553e2643
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2022-41715.md
@@ -0,0 +1,38 @@
+---
+sidebar_label: "CVE-2022-41715"
+title: "CVE-2022-41715"
+description: "Lifecycle of CVE-2022-41715"
+sidebar_class_name: "hide-from-sidebar"
+hide_table_of_contents: false
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2022-41715](https://nvd.nist.gov/vuln/detail/CVE-2022-41715)
+
+## Last Update
+
+11/25/2023
+
+## NIST Summary
+
+Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of
+service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can
+be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp
+being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than
+that are rejected. Normal use of regular expressions is unaffected.
+
+## CVE Severity
+
+7.5
+
+## Status
+
+Ongoing
+
+## Images
+
+- registry.k8s.io/sig-storage/snapshot-validation-webhook:v6.2.1
+- registry.k8s.io/sig-storage/snapshot-controller:v6.2.1
diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-41716.md b/docs/docs-content/security-bulletins/reports/cve-2022-41716.md
new file mode 100644
index 0000000000..6fa479db05
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2022-41716.md
@@ -0,0 +1,37 @@
+---
+sidebar_label: "CVE-2022-41716"
+title: "CVE-2022-41716"
+description: "Lifecycle of CVE-2022-41716"
+sidebar_class_name: "hide-from-sidebar"
+hide_table_of_contents: false
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2022-41716](https://nvd.nist.gov/vuln/detail/CVE-2022-41716)
+
+## Last Update
+
+11/7/2023
+
+## NIST Summary
+
+Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In
+syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked
+for. A malicious environment variable value can exploit this behavior to set a value for a different environment
+variable. For example, the environment variable string "A=B\\x00C=D" sets the variables "A=B" and "C=D".
+
+## CVE Severity
+
+7.5
+
+## Status
+
+Resolved
+
+## Images
+
+- registry.k8s.io/sig-storage/snapshot-validation-webhook:v6.2.1
+- registry.k8s.io/sig-storage/snapshot-controller:v6.2.1
diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-41720.md b/docs/docs-content/security-bulletins/reports/cve-2022-41720.md
new file mode 100644
index 0000000000..23dc7ccae0
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2022-41720.md
@@ -0,0 +1,40 @@
+---
+sidebar_label: "CVE-2022-41720"
+title: "CVE-2022-41720"
+description: "Lifecycle of CVE-2022-41720"
+sidebar_class_name: "hide-from-sidebar"
+hide_table_of_contents: false
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2022-41720](https://nvd.nist.gov/vuln/detail/CVE-2022-41720)
+
+## Last Update
+
+12/12/2022
+
+## NIST Summary
+
+On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide
+access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that
+root. For example, os.DirFS("C:/tmp").Open("COM1") opens the COM1 device. Both os.DirFS and http.Dir only provide
+read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can
+permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the
+behavior of os.DirFS("") has changed. Previously, an empty root was treated equivalently to "/", so
+os.DirFS("").Open("tmp") would open the path "/tmp". This now returns an error.
+
+## CVE Severity
+
+7.5
+
+## Status
+
+Resolved
+
+## Images
+
+- registry.k8s.io/sig-storage/snapshot-validation-webhook:v6.2.1
+- registry.k8s.io/sig-storage/snapshot-controller:v6.2.1
diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-41724.md b/docs/docs-content/security-bulletins/reports/cve-2022-41724.md
deleted file mode 100644
index a35e2d1643..0000000000
--- a/docs/docs-content/security-bulletins/reports/cve-2022-41724.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-sidebar_label: "CVE-2022-41724"
-title: "CVE-2022-41724"
-description: "Lifecycle of CVE-2022-41724"
-hide_table_of_contents: true
-sidebar_class_name: "hide-from-sidebar"
-toc_max_heading_level: 2
-tags: ["security", "cve"]
----
-
-## CVE Details
-
-[CVE-2022-41724](https://nvd.nist.gov/vuln/detail/CVE-2022-41724)
-
-## Last Update
-
-09/15/2024
-
-## NIST CVE Summary
-
-Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records
-which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3
-clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil
-value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).
-
-## Our Official Summary
-
-Investigation is ongoing to determine how this vulnerability affects our products.
-
-## CVE Severity
-
-[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41724)
-
-## Status
-
-Ongoing
-
-## Affected Products & Versions
-
-- Palette VerteX 4.4.18
-
-## Revision History
-
-- 1.0 09/15/2024 Initial Publication
-- 2.0 09/15/2024 Added palette VerteX 4.4.18 to Affected Products
diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-41725.md b/docs/docs-content/security-bulletins/reports/cve-2022-41725.md
deleted file mode 100644
index c0c05fdae5..0000000000
--- a/docs/docs-content/security-bulletins/reports/cve-2022-41725.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-sidebar_label: "CVE-2022-41725"
-title: "CVE-2022-41725"
-description: "Lifecycle of CVE-2022-41725"
-hide_table_of_contents: true
-sidebar_class_name: "hide-from-sidebar"
-toc_max_heading_level: 2
-tags: ["security", "cve"]
----
-
-## CVE Details
-
-[CVE-2022-41725](https://nvd.nist.gov/vuln/detail/CVE-2022-41725)
-
-## Last Update
-
-09/15/2024
-
-## NIST CVE Summary
-
-A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form
-parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also
-affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and
-PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved
-for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The
-unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector
-on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry
-overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition,
-ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a
-large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and
-should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware
-that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary
-file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation
-states, "If stored on disk, the File's underlying concrete type will be an \*os.File.". This is no longer the case when
-a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of
-using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct.
-Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk
-consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.
-
-## Our Official Summary
-
-Investigation is ongoing to determine how this vulnerability affects our products.
-
-## CVE Severity
-
-[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41725)
-
-## Status
-
-Ongoing
-
-## Affected Products & Versions
-
-- Palette VerteX 4.4.18
-
-## Revision History
-
-- 1.0 09/15/2024 Initial Publication
-- 2.0 09/15/2024 Added palette VerteX 4.4.18 to Affected Products
diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-4450.md b/docs/docs-content/security-bulletins/reports/cve-2022-4450.md
new file mode 100644
index 0000000000..0009b0cce2
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2022-4450.md
@@ -0,0 +1,51 @@
+---
+sidebar_label: "CVE-2022-4450"
+title: "CVE-2022-4450"
+description: "Lifecycle of CVE-2022-4450"
+sidebar_class_name: "hide-from-sidebar"
+hide_table_of_contents: false
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)
+
+## Last Update
+
+2/4/2024
+
+## NIST Summary
+
+The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any
+header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are
+populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those
+buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()
+will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed.
+If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be
+exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service
+attack.
+
+The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions
+are also directly affected.
+
+These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex()
+and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not
+vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These
+locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0.
+
+The OpenSSL asn1parse command line application is also impacted by this issue.
+
+## CVE Severity
+
+7.5
+
+## Status
+
+Ongoing
+
+## Images
+
+- gcr.io/spectro-images-public/release/kubevirt/virt-handler:v1.2.0
+- gcr.io/spectro-images-public/release/kubevirt/virt-launcher:v1.2.0
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-24534.md b/docs/docs-content/security-bulletins/reports/cve-2023-24534.md
deleted file mode 100644
index 6a12c59573..0000000000
--- a/docs/docs-content/security-bulletins/reports/cve-2023-24534.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-sidebar_label: "CVE-2023-24534"
-title: "CVE-2023-24534"
-description: "Lifecycle of CVE-2023-24534"
-hide_table_of_contents: true
-sidebar_class_name: "hide-from-sidebar"
-toc_max_heading_level: 2
-tags: ["security", "cve"]
----
-
-## CVE Details
-
-[CVE-2023-24534](https://nvd.nist.gov/vuln/detail/CVE-2023-24534)
-
-## Last Update
-
-09/15/2024
-
-## NIST CVE Summary
-
-HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading
-to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME
-headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this
-behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory
-exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold
-parsed headers.
-
-## Our Official Summary
-
-Investigation is ongoing to determine how this vulnerability affects our products.
-
-## CVE Severity
-
-[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-24534)
-
-## Status
-
-Ongoing
-
-## Affected Products & Versions
-
-- Palette VerteX 4.4.18
-
-## Revision History
-
-- 1.0 09/15/2024 Initial Publication
-- 2.0 09/15/2024 Added palette VerteX 4.4.18 to Affected Products
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-24536.md b/docs/docs-content/security-bulletins/reports/cve-2023-24536.md
deleted file mode 100644
index cb6d0a07a5..0000000000
--- a/docs/docs-content/security-bulletins/reports/cve-2023-24536.md
+++ /dev/null
@@ -1,56 +0,0 @@
----
-sidebar_label: "CVE-2023-24536"
-title: "CVE-2023-24536"
-description: "Lifecycle of CVE-2023-24536"
-hide_table_of_contents: true
-sidebar_class_name: "hide-from-sidebar"
-toc_max_heading_level: 2
-tags: ["security", "cve"]
----
-
-## CVE Details
-
-[CVE-2023-24536](https://nvd.nist.gov/vuln/detail/CVE-2023-24536)
-
-## Last Update
-
-09/15/2024
-
-## NIST CVE Summary
-
-Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large
-numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed
-multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs
-than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large
-numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers,
-further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause
-an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of
-service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package
-with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a
-better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In
-addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with
-ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable
-GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header
-fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This
-limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.
-
-## Our Official Summary
-
-Investigation is ongoing to determine how this vulnerability affects our products.
-
-## CVE Severity
-
-[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-24536)
-
-## Status
-
-Ongoing
-
-## Affected Products & Versions
-
-- Palette VerteX 4.4.18
-
-## Revision History
-
-- 1.0 09/15/2024 Initial Publication
-- 2.0 09/15/2024 Added palette VerteX 4.4.18 to Affected Products
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-24537.md b/docs/docs-content/security-bulletins/reports/cve-2023-24537.md
deleted file mode 100644
index b19308b8ee..0000000000
--- a/docs/docs-content/security-bulletins/reports/cve-2023-24537.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-sidebar_label: "CVE-2023-24537"
-title: "CVE-2023-24537"
-description: "Lifecycle of CVE-2023-24537"
-hide_table_of_contents: true
-sidebar_class_name: "hide-from-sidebar"
-toc_max_heading_level: 2
-tags: ["security", "cve"]
----
-
-## CVE Details
-
-[CVE-2023-24537](https://nvd.nist.gov/vuln/detail/CVE-2023-24537)
-
-## Last Update
-
-09/15/2024
-
-## NIST CVE Summary
-
-Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can
-cause an infinite loop due to integer overflow.
-
-## Our Official Summary
-
-Investigation is ongoing to determine how this vulnerability affects our products.
-
-## CVE Severity
-
-[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-24537)
-
-## Status
-
-Ongoing
-
-## Affected Products & Versions
-
-- Palette VerteX 4.4.18
-
-## Revision History
-
-- 1.0 09/15/2024 Initial Publication
-- 2.0 09/15/2024 Added palette VerteX 4.4.18 to Affected Products
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-24538.md b/docs/docs-content/security-bulletins/reports/cve-2023-24538.md
deleted file mode 100644
index 9db30ba8b4..0000000000
--- a/docs/docs-content/security-bulletins/reports/cve-2023-24538.md
+++ /dev/null
@@ -1,51 +0,0 @@
----
-sidebar_label: "CVE-2023-24538"
-title: "CVE-2023-24538"
-description: "Lifecycle of CVE-2023-24538"
-hide_table_of_contents: true
-sidebar_class_name: "hide-from-sidebar"
-toc_max_heading_level: 2
-tags: ["security", "cve"]
----
-
-## CVE Details
-
-[CVE-2023-24538](https://nvd.nist.gov/vuln/detail/CVE-2023-24538)
-
-## Last Update
-
-09/15/2024
-
-## NIST CVE Summary
-
-Templates do not properly consider backticks `` ` `` as Javascript string delimiters, and do not escape them as
-expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a
-Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary
-Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string
-interpolation, the decision was made to simply disallow Go template actions from being used inside of them
-e.g.`"var a = {{.}}"`, since there is no safe way to allow this behavior. This takes the same approach as
-github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an
-ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who
-rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks
-will now be escaped. This should be used with caution.
-
-## Our Official Summary
-
-Investigation is ongoing to determine how this vulnerability affects our products.
-
-## CVE Severity
-
-[9.8](https://nvd.nist.gov/vuln/detail/CVE-2023-24538)
-
-## Status
-
-Ongoing
-
-## Affected Products & Versions
-
-- Palette VerteX 4.4.18
-
-## Revision History
-
-- 1.0 09/15/2024 Initial Publication
-- 2.0 09/15/2024 Added palette VerteX 4.4.18 to Affected Products
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-24539.md b/docs/docs-content/security-bulletins/reports/cve-2023-24539.md
deleted file mode 100644
index cd468f1d76..0000000000
--- a/docs/docs-content/security-bulletins/reports/cve-2023-24539.md
+++ /dev/null
@@ -1,44 +0,0 @@
----
-sidebar_label: "CVE-2023-24539"
-title: "CVE-2023-24539"
-description: "Lifecycle of CVE-2023-24539"
-hide_table_of_contents: true
-sidebar_class_name: "hide-from-sidebar"
-toc_max_heading_level: 2
-tags: ["security", "cve"]
----
-
-## CVE Details
-
-[CVE-2023-24539](https://nvd.nist.gov/vuln/detail/CVE-2023-24539)
-
-## Last Update
-
-09/15/2024
-
-## NIST CVE Summary
-
-Angle brackets `<>` are not considered dangerous characters when inserted into CSS contexts. Templates containing
-multiple actions separated by a `/` character can result in unexpectedly closing the CSS context and allowing for
-injection of unexpected HTML, if executed with untrusted input.
-
-## Our Official Summary
-
-Investigation is ongoing to determine how this vulnerability affects our products.
-
-## CVE Severity
-
-[7.3](https://nvd.nist.gov/vuln/detail/CVE-2023-24539)
-
-## Status
-
-Ongoing
-
-## Affected Products & Versions
-
-- Palette VerteX 4.4.18
-
-## Revision History
-
-- 1.0 09/15/2024 Initial Publication
-- 2.0 09/15/2024 Added palette VerteX 4.4.18 to Affected Products
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-24540.md b/docs/docs-content/security-bulletins/reports/cve-2023-24540.md
deleted file mode 100644
index 8b31659cc0..0000000000
--- a/docs/docs-content/security-bulletins/reports/cve-2023-24540.md
+++ /dev/null
@@ -1,49 +0,0 @@
----
-sidebar_label: "CVE-2023-24540"
-title: "CVE-2023-24540"
-description: "Lifecycle of CVE-2023-24540"
-hide_table_of_contents: true
-sidebar_class_name: "hide-from-sidebar"
-toc_max_heading_level: 2
-tags: ["security", "cve"]
----
-
-## CVE Details
-
-[CVE-2023-24540](https://nvd.nist.gov/vuln/detail/CVE-2023-24540)
-
-## Last Update
-
-09/15/2024
-
-## NIST CVE Summary
-
-Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace
-characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions
-may not be properly sanitized during execution.
-
-## Our Official Summary
-
-This is a vulnerability affecting the Golang Go software, specifically the html/template package. This issue arises from
-improper handling of JavaScript whitespace characters in certain contexts, leading to potential security risks. Systems
-using Golang Go versions up to 1.19.9 and from 1.20.0 to 1.20.4 are affected, particularly those using the html/template
-package with JavaScript contexts containing actions and specific whitespace characters. The images in which
-vulnerabilities are report do not use the html package. So possibility of this vulnerability getting exploited in
-Spectro Cloud products is low. There is a upstream fix available, we will upgrade to that version.
-
-## CVE Severity
-
-[9.8](https://nvd.nist.gov/vuln/detail/CVE-2023-24540)
-
-## Status
-
-Ongoing
-
-## Affected Products & Versions
-
-- Palette VerteX 4.4.18
-
-## Revision History
-
-- 1.0 09/15/2024 Initial Publication
-- 2.0 09/15/2024 Added palette VerteX 4.4.18 to Affected Products
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-29400.md b/docs/docs-content/security-bulletins/reports/cve-2023-29400.md
deleted file mode 100644
index 41c1cb5e9b..0000000000
--- a/docs/docs-content/security-bulletins/reports/cve-2023-29400.md
+++ /dev/null
@@ -1,49 +0,0 @@
----
-sidebar_label: "CVE-2023-29400"
-title: "CVE-2023-29400"
-description: "Lifecycle of CVE-2023-29400"
-hide_table_of_contents: true
-sidebar_class_name: "hide-from-sidebar"
-toc_max_heading_level: 2
-tags: ["security", "cve"]
----
-
-## CVE Details
-
-[CVE-2023-29400](https://nvd.nist.gov/vuln/detail/CVE-2023-29400)
-
-## Last Update
-
-09/15/2024
-
-## NIST CVE Summary
-
-Templates containing actions in unquoted HTML attributes e.g. `"attr={{.}}"` executed with empty input can result in
-output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary
-attributes into tags.
-
-## Our Official Summary
-
-The vulnerability in golang arises from the use of unquoted HTML attributes in templates. When these templates are
-executed with empty input, the resulting output may be parsed incorrectly due to HTML normalization rules. This can
-enable an attacker to inject arbitrary attributes into HTML tags, potentially leading to cross-site scripting (XSS)
-attacks or other security vulnerabilities. All the images in which this CVE is reported are 3rd party images, which do
-not process HTML data. So possibility of this vulnerability getting exploited in Spectro Cloud products is low. Waiting
-on upsteam fixes.
-
-## CVE Severity
-
-[7.3](https://nvd.nist.gov/vuln/detail/CVE-2023-29400)
-
-## Status
-
-Ongoing
-
-## Affected Products & Versions
-
-- Palette VerteX 4.4.18
-
-## Revision History
-
-- 1.0 09/15/2024 Initial Publication
-- 2.0 09/15/2024 Added palette VerteX 4.4.18 to Affected Products
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-29403.md b/docs/docs-content/security-bulletins/reports/cve-2023-29403.md
deleted file mode 100644
index 8e76af18d3..0000000000
--- a/docs/docs-content/security-bulletins/reports/cve-2023-29403.md
+++ /dev/null
@@ -1,46 +0,0 @@
----
-sidebar_label: "CVE-2023-29403"
-title: "CVE-2023-29403"
-description: "Lifecycle of CVE-2023-29403"
-hide_table_of_contents: true
-sidebar_class_name: "hide-from-sidebar"
-toc_max_heading_level: 2
-tags: ["security", "cve"]
----
-
-## CVE Details
-
-[CVE-2023-29403](https://nvd.nist.gov/vuln/detail/CVE-2023-29403)
-
-## Last Update
-
-09/15/2024
-
-## NIST CVE Summary
-
-On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can
-be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file
-descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can
-result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is
-terminated, either via panic or signal, it may leak the contents of its registers.
-
-## Our Official Summary
-
-Investigation is ongoing to determine how this vulnerability affects our products.
-
-## CVE Severity
-
-[7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-29403)
-
-## Status
-
-Ongoing
-
-## Affected Products & Versions
-
-- Palette VerteX 4.4.18
-
-## Revision History
-
-- 1.0 09/15/2024 Initial Publication
-- 2.0 09/15/2024 Added palette VerteX 4.4.18 to Affected Products
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-45283.md b/docs/docs-content/security-bulletins/reports/cve-2023-45283.md
new file mode 100644
index 0000000000..4dc8a9d744
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2023-45283.md
@@ -0,0 +1,56 @@
+---
+sidebar_label: "CVE-2023-45283"
+title: "CVE-2023-45283"
+description: "Lifecycle of CVE-2023-45283"
+sidebar_class_name: "hide-from-sidebar"
+hide_table_of_contents: false
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283)
+
+## Last Update
+
+12/14/2023
+
+## NIST Summary
+
+The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\
+is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to
+access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x.
+Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will
+now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements
+into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now
+correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a
+volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths
+starting with \\?, resulting in filepath.Clean(\\?\\c:) returning \\?\\c: rather than \\?\\c:\\ (among other effects).
+The previous behavior has been restored.
+
+## CVE Severity
+
+7.5
+
+## Status
+
+Ongoing
+
+## Images
+
+- ghcr.io/k8snetworkplumbingwg/multus-cni:v4.0.2-thick
+- quay.io/kubevirt/cdi-apiserver:v1.58.0
+- quay.io/kubevirt/cdi-cloner:v1.58.0
+- quay.io/kubevirt/cdi-controller:v1.58.0
+- quay.io/kubevirt/cdi-importer:v1.58.0
+- quay.io/kubevirt/cdi-operator:v1.58.0
+- quay.io/kubevirt/cdi-uploadproxy:v1.58.0
+- quay.io/kubevirt/cdi-uploadserver:v1.58.0
+- registry.k8s.io/sig-storage/snapshot-controller:v6.3.4
+- registry.k8s.io/sig-storage/snapshot-validation-webhook:v6.3.4
+- gcr.io/spectro-images-public/release/cluster-api-provider-tencent/cluster-api-tencent-controller:v0.2.0-spectro-4.0.0
+- gcr.io/spectro-images-client/release/nas:4.4.14
+- registry.k8s.io/sig-storage/snapshot-validation-webhook:v6.2.1
+- registry.k8s.io/sig-storage/snapshot-controller:v6.2.1
+- registry.k8s.io/coredns/coredns:v1.10.1
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-45285.md b/docs/docs-content/security-bulletins/reports/cve-2023-45285.md
new file mode 100644
index 0000000000..9b1b1d6c99
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2023-45285.md
@@ -0,0 +1,42 @@
+---
+sidebar_label: "CVE-2023-45285"
+title: "CVE-2023-45285"
+description: "Lifecycle of CVE-2023-45285"
+sidebar_class_name: "hide-from-sidebar"
+hide_table_of_contents: false
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285)
+
+## Last Update
+
+1/20/2024
+
+## NIST Summary
+
+Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the
+module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said
+module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off).
+
+## CVE Severity
+
+7.5
+
+## Status
+
+Resolved
+
+## Images
+
+- ghcr.io/k8snetworkplumbingwg/multus-cni:v4.0.2-thick
+- registry.k8s.io/sig-storage/snapshot-controller:v6.3.4
+- registry.k8s.io/sig-storage/snapshot-validation-webhook:v6.3.4
+- gcr.io/spectro-images-public/release/cluster-api-provider-tencent/cluster-api-tencent-controller:v0.2.0-spectro-4.0.0
+- gcr.io/spectro-images-client/release/nas:4.4.14
+- registry.k8s.io/sig-storage/snapshot-validation-webhook:v6.2.1
+- registry.k8s.io/sig-storage/snapshot-controller:v6.2.1
+- registry.k8s.io/coredns/coredns:v1.10.1
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-45853.md b/docs/docs-content/security-bulletins/reports/cve-2023-45853.md
new file mode 100644
index 0000000000..5202c001d9
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2023-45853.md
@@ -0,0 +1,36 @@
+---
+sidebar_label: "CVE-2023-45853"
+title: "CVE-2023-45853"
+description: "Lifecycle of CVE-2023-45853"
+sidebar_class_name: "hide-from-sidebar"
+hide_table_of_contents: false
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853)
+
+## Last Update
+
+8/1/2024
+
+## NIST Summary
+
+MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64
+via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip
+through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code
+through its compress API.
+
+## CVE Severity
+
+9.8
+
+## Status
+
+Ongoing
+
+## Images
+
+- ghcr.io/k8snetworkplumbingwg/multus-cni:v4.0.2-thick
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-47038.md b/docs/docs-content/security-bulletins/reports/cve-2023-47038.md
new file mode 100644
index 0000000000..0124c3c0dd
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2023-47038.md
@@ -0,0 +1,34 @@
+---
+sidebar_label: "CVE-2023-47038"
+title: "CVE-2023-47038"
+description: "Lifecycle of CVE-2023-47038"
+sidebar_class_name: "hide-from-sidebar"
+hide_table_of_contents: false
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2023-47038](https://nvd.nist.gov/vuln/detail/CVE-2023-47038)
+
+## Last Update
+
+9/16/2024
+
+## NIST Summary
+
+A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled
+by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
+
+## CVE Severity
+
+7.8
+
+## Status
+
+Ongoing
+
+## Images
+
+- ghcr.io/k8snetworkplumbingwg/multus-cni:v4.0.2-thick
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-50387.md b/docs/docs-content/security-bulletins/reports/cve-2023-50387.md
new file mode 100644
index 0000000000..d9fab17fe4
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2023-50387.md
@@ -0,0 +1,36 @@
+---
+sidebar_label: "CVE-2023-50387"
+title: "CVE-2023-50387"
+description: "Lifecycle of CVE-2023-50387"
+sidebar_class_name: "hide-from-sidebar"
+hide_table_of_contents: false
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2023-50387](https://nvd.nist.gov/vuln/detail/CVE-2023-50387)
+
+## Last Update
+
+6/10/2024
+
+## NIST Summary
+
+Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to
+cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the
+concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an
+algorithm must evaluate all combinations of DNSKEY and RRSIG records.
+
+## CVE Severity
+
+7.5
+
+## Status
+
+Ongoing
+
+## Images
+
+- ghcr.io/k8snetworkplumbingwg/multus-cni:v4.0.2-thick
diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-0553.md b/docs/docs-content/security-bulletins/reports/cve-2024-0553.md
new file mode 100644
index 0000000000..199f48f53b
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2024-0553.md
@@ -0,0 +1,36 @@
+---
+sidebar_label: "CVE-2024-0553"
+title: "CVE-2024-0553"
+description: "Lifecycle of CVE-2024-0553"
+sidebar_class_name: "hide-from-sidebar"
+hide_table_of_contents: false
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2024-0553](https://nvd.nist.gov/vuln/detail/CVE-2024-0553)
+
+## Last Update
+
+9/16/2024
+
+## NIST Summary
+
+A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ
+from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to
+perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data.
+CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
+
+## CVE Severity
+
+7.5
+
+## Status
+
+Ongoing
+
+## Images
+
+- ghcr.io/k8snetworkplumbingwg/multus-cni:v4.0.2-thick
diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-0567.md b/docs/docs-content/security-bulletins/reports/cve-2024-0567.md
new file mode 100644
index 0000000000..14773d6f17
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2024-0567.md
@@ -0,0 +1,35 @@
+---
+sidebar_label: "CVE-2024-0567"
+title: "CVE-2024-0567"
+description: "Lifecycle of CVE-2024-0567"
+sidebar_class_name: "hide-from-sidebar"
+hide_table_of_contents: false
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2024-0567](https://nvd.nist.gov/vuln/detail/CVE-2024-0567)
+
+## Last Update
+
+9/16/2024
+
+## NIST Summary
+
+A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed
+trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an
+unauthenticated, remote client or attacker to initiate a denial of service attack.
+
+## CVE Severity
+
+7.5
+
+## Status
+
+Ongoing
+
+## Images
+
+- ghcr.io/k8snetworkplumbingwg/multus-cni:v4.0.2-thick
diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-25062.md b/docs/docs-content/security-bulletins/reports/cve-2024-25062.md
new file mode 100644
index 0000000000..4f2d51cb6f
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2024-25062.md
@@ -0,0 +1,35 @@
+---
+sidebar_label: "CVE-2024-25062"
+title: "CVE-2024-25062"
+description: "Lifecycle of CVE-2024-25062"
+sidebar_class_name: "hide-from-sidebar"
+hide_table_of_contents: false
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2024-25062](https://nvd.nist.gov/vuln/detail/CVE-2024-25062)
+
+## Last Update
+
+2/13/2024
+
+## NIST Summary
+
+An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD
+validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement
+use-after-free.
+
+## CVE Severity
+
+7.5
+
+## Status
+
+Ongoing
+
+## Images
+
+- ghcr.io/k8snetworkplumbingwg/multus-dynamic-networks-controller:latest-amd64
diff --git a/static/assets/docs/images/clusters_cluster-management_platform-settings_pause-agent-upgrade-flow.webp b/static/assets/docs/images/clusters_cluster-management_platform-settings_pause-agent-upgrade-flow.webp
new file mode 100644
index 0000000000..d2e787d59c
Binary files /dev/null and b/static/assets/docs/images/clusters_cluster-management_platform-settings_pause-agent-upgrade-flow.webp differ