spectrocloud · karl-cardenas-coding · Sep 19, 2024 · Sep 19, 2024 · Sep 19, 2024 · Sep 19, 2024
@@ -14,7 +14,7 @@ tags: ["security", "cve"]
 
 ## Last Update
 
-09/15/2024
+09/19/2024
 
 ## NIST CVE Summary
 
@@ -39,7 +39,8 @@ consumed by temporary files. Callers can limit the size of form data with http.M
 
 ## Our Official Summary
 
-Investigation is ongoing to determine how this vulnerability affects our products.
+A denial-of-service vulnerability has been identified in the Go standard library affecting the mime/multipart package. This vulnerability could allow an attacker to conduct a
+denial-of-service attack through excessive resource consumption in net/http and mime/multipart. This vulnerability affects multiple 3rd party images. Images will be upgraded to newer versions available.
 
 ## CVE Severity
 

@@ -14,7 +14,7 @@ tags: ["security", "cve"]
 
 ## Last Update
 
-09/15/2024
+09/19/2024
 
 ## NIST CVE Summary
 
@@ -24,7 +24,7 @@ injection of unexpected HTML, if executed with untrusted input.
 
 ## Our Official Summary
 
-Investigation is ongoing to determine how this vulnerability affects our products.
+A vulnerability was found in html-template up to 1.19.8/1.20.3 on Go. The affected component is the CSS Handler. Manipulation with an unknown input could lead to a cross-site scripting vulnerability. If the input contains special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. A fix for the images affected will be investigated.
 
 ## CVE Severity
 

@@ -14,7 +14,7 @@ tags: ["security", "cve"]
 
 ## Last Update
 
-09/15/2024
+09/19/2024
 
 ## NIST CVE Summary
 
@@ -26,7 +26,8 @@ exhibits any timing side channels.
 
 ## Our Official Summary
 
-Investigation is ongoing to determine how this vulnerability affects our products.
+This vulnerability exists in older versions of Golang for RSA based TLS exchanges. All the images in which this is detected are using older versions of Golang with updates
+available with a fix. In order to exploit the vulnerability, attackers need to obtain privileged access to the cluster and handcraft specific calls to these containers. Images will be upgraded to newer versions.
 
 ## CVE Severity
 

@@ -14,7 +14,7 @@ tags: ["security", "cve"]
 
 ## Last Update
 
-9/6/24
+9/19/24
 
 ## NIST CVE Summary
 
@@ -43,8 +43,10 @@ Ongoing
 
 ## Affected Products & Versions
 
-- Palette Enterprise 4.4.15
+- Palette Enterprise 4.4.14
 
 ## Revision History
 
 - 1.0 9/6/24 Initial Publication
+- 2.0 9/19/24 Added Palette Enterprise 4.4.14 to Affected Products
+
@@ -149,19 +149,20 @@ Click on the CVE ID to view the full details of the vulnerability.
 | [CVE-2022-28357](./cve-2022-28357.md)           | 9/15/24          | 9/15/24       | 4.4.18                   | Third-party component: NATS             | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2022-28357)   | :mag: Ongoing |
 | [CVE-2022-28948](./cve-2022-28948.md)           | 9/15/24          | 9/15/24       | 4.4.18                   | Third-party component: Go-Yaml          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-28948)   | :mag: Ongoing |
 | [CVE-2022-41724](./cve-2022-41724.md)           | 9/15/24          | 9/15/24       | 4.4.18                   | Third-party component: Go Project       | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41724)   | :mag: Ongoing |
-| [CVE-2022-41725](./cve-2022-41725.md)           | 9/15/24          | 9/15/24       | 4.4.18                   | Third-party component: Go Project       | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41725)   | :mag: Ongoing |
+| [CVE-2022-41725](./cve-2022-41725.md)           | 9/15/24          | 9/19/24       | 4.4.18                   | Third-party component: Go Project       | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41725)   | :mag: Ongoing |
 | [CVE-2023-24534](./cve-2023-24534.md)           | 9/15/24          | 9/15/24       | 4.4.18                   | Third-party component: Go Project       | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-24534)   | :mag: Ongoing |
 | [CVE-2023-24536](./cve-2023-24536.md)           | 9/15/24          | 9/15/24       | 4.4.18                   | Third-party component: Go Project       | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-24536)   | :mag: Ongoing |
 | [CVE-2023-24537](./cve-2023-24537.md)           | 9/15/24          | 9/15/24       | 4.4.18                   | Third-party component: Go Project       | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-24537)   | :mag: Ongoing |
 | [CVE-2023-24538](./cve-2023-24538.md)           | 9/15/24          | 9/15/24       | 4.4.18                   | Third-party component: Go Project       | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2023-24538)   | :mag: Ongoing |
-| [CVE-2023-24539](./cve-2023-24539.md)           | 9/15/24          | 9/15/24       | 4.4.18                   | Third-party component: Go Project       | [7.3](https://nvd.nist.gov/vuln/detail/CVE-2023-24539)   | :mag: Ongoing |
+| [CVE-2023-24539](./cve-2023-24539.md)           | 9/15/24          | 9/19/24       | 4.4.18                   | Third-party component: Go Project       | [7.3](https://nvd.nist.gov/vuln/detail/CVE-2023-24539)   | :mag: Ongoing |
 | [CVE-2023-24540](./cve-2023-24540.md)           | 9/15/24          | 9/15/24       | 4.4.18                   | Third-party component: Go Project       | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2023-24540)   | :mag: Ongoing |
 | [CVE-2023-29400](./cve-2023-29400.md)           | 9/15/24          | 9/15/24       | 4.4.18                   | Third-party component: Go Project       | [7.3](https://nvd.nist.gov/vuln/detail/CVE-2023-29400)   | :mag: Ongoing |
 | [CVE-2023-29403](./cve-2023-29403.md)           | 9/15/24          | 9/15/24       | 4.4.18                   | Third-party component: Go Project       | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-29403)   | :mag: Ongoing |
-| [CVE-2023-45287](./cve-2023-45287.md)           | 9/15/24          | 9/15/24       | 4.4.18                   | Third-party component: Go Project       | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45287)   | :mag: Ongoing |
+| [CVE-2023-45287](./cve-2023-45287.md)           | 9/15/24          | 9/19/24       | 4.4.18                   | Third-party component: Go Project       | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45287)   | :mag: Ongoing |
 | [CVE-2023-52356](./cve-2023-52356.md)           | 9/15/24          | 9/15/24       | 4.4.18                   | Third-party component: Libtiff          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-52356)   | :mag: Ongoing |
 | [CVE-2024-0743](./cve-2024-0743.md)             | 9/15/24          | 9/15/24       | 4.4.18                   | Third-party component: Mozilla          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-0743)    | :mag: Ongoing |
 | [CVE-2024-32002](./cve-2024-32002.md)           | 9/15/24          | 9/15/24       | 4.4.18                   | Third-party component: Github           | [9.0](https://nvd.nist.gov/vuln/detail/CVE-2024-32002)   | :mag: Ongoing |
+| [CVE-2023-49569](./cve-2023-49569.md)           | 9/15/24          | 9/19/24       | 4.4.14                   | Third-party component: Bitdefender      | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2023-49569)   | :mag: Ongoing |
 
 </TabItem>
 </Tabs>