-
Notifications
You must be signed in to change notification settings - Fork 37
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: update security bulletin (#3598)
* Added 1 CVE for 8-9-24 * Added Official Summary to 8-9-24 CVE * CVEs for new release * 4.4.b cve changes added-JF * docs: make format * docs: make format * docs: fix table link issue * docs: add 24790 * 4.4.b minor cve updates --------- Co-authored-by: frederickjoi <[email protected]> Co-authored-by: Lenny Chen <[email protected]> Co-authored-by: Lenny Chen <[email protected]>
- Loading branch information
4 people
authored
Aug 16, 2024
1 parent
ebaebdb
commit 38f9a1b
Showing
44 changed files
with
1,668 additions
and
18 deletions.
There are no files selected for viewing
43 changes: 43 additions & 0 deletions
43
docs/docs-content/security-bulletins/reports/cve-2005-2541.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| --- | ||
| sidebar_label: "CVE-2005-2541" | ||
| title: "CVE-2005-2541" | ||
| description: "Lifecycle of CVE-2005-2541" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2005-2541](https://nvd.nist.gov/vuln/detail/CVE-2005-2541) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 8/16/2024 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote | ||
| attackers to gain privileges. | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| Waiting on a fix from third party mongodb vendor. | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [10.0](https://nvd.nist.gov/vuln/detail/CVE-2005-2541) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.12 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 08/16/2024 Initial Publication | ||
| - 2.0 08/17/2024 Added Palette VerteX 4.4.12 to Affected Products |
44 changes: 44 additions & 0 deletions
44
docs/docs-content/security-bulletins/reports/cve-2012-2663.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| --- | ||
| sidebar_label: "CVE-2012-2663" | ||
| title: "CVE-2012-2663" | ||
| description: "Lifecycle of CVE-2012-2663" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2012-2663](https://nvd.nist.gov/vuln/detail/CVE-2012-2663) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 08/16/2024 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow | ||
| remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this | ||
| issue less relevant. | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| Spectro Cloud Offical Summary Coming Soon | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [7.5](https://nvd.nist.gov/vuln/detail/CVE-2012-2663) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.12 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 08/16/2024 Initial Publication | ||
| - 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products |
45 changes: 45 additions & 0 deletions
45
docs/docs-content/security-bulletins/reports/cve-2015-20107.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| --- | ||
| sidebar_label: "CVE-2015-20107" | ||
| title: "CVE-2015-20107" | ||
| description: "Lifecycle of CVE-2015-20107" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2015-20107](https://nvd.nist.gov/vuln/detail/CVE-2015-20107) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 08/16/2024 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the | ||
| system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch | ||
| with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to | ||
| 3.7, 3.8, 3.9 | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| Waiting on a fix from third party mongodb vendor | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [7.6](https://nvd.nist.gov/vuln/detail/CVE-2015-20107) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.12 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 08/16/2024 Initial Publication | ||
| - 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products |
42 changes: 42 additions & 0 deletions
42
docs/docs-content/security-bulletins/reports/cve-2016-1585.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| --- | ||
| sidebar_label: "CVE-2016-1585" | ||
| title: "CVE-2016-1585" | ||
| description: "Lifecycle of CVE-2016-1585" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2016-1585](https://nvd.nist.gov/vuln/detail/CVE-2016-1585) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 8/16/2024 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| In all versions of AppArmor mount rules are accidentally widened when compiled. | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| Spectro Cloud Official Summary coming soon. | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [9.8](https://nvd.nist.gov/vuln/detail/CVE-2016-1585) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.12 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 08/16/2024 Initial Publication | ||
| - 2.0 08/17/2024 Added Palette VerteX 4.4.12 to Affected Products |
43 changes: 43 additions & 0 deletions
43
docs/docs-content/security-bulletins/reports/cve-2016-20013.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| --- | ||
| sidebar_label: "CVE-2016-20013" | ||
| title: "CVE-2016-20013" | ||
| description: "Lifecycle of CVE-2016-20013" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2016-20013](https://nvd.nist.gov/vuln/detail/CVE-2016-20013) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 08/16/2024 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the | ||
| algorithm's runtime is proportional to the square of the length of the password. | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| Spectro Cloud Offical Summary Coming Soon | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [7.5](https://nvd.nist.gov/vuln/detail/CVE-2016-20013) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.12 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 08/16/2024 Initial Publication | ||
| - 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products |
43 changes: 43 additions & 0 deletions
43
docs/docs-content/security-bulletins/reports/cve-2017-11164.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| --- | ||
| sidebar_label: "CVE-2017-11164" | ||
| title: "CVE-2017-11164" | ||
| description: "Lifecycle of CVE-2017-11164" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2017-11164](https://nvd.nist.gov/vuln/detail/CVE-2017-11164) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 08/16/2024 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled | ||
| recursion) when processing a crafted regular expression. | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| Spectro Cloud Offical Summary Coming Soon | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [7.8](https://nvd.nist.gov/vuln/detail/CVE-2017-11164) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.12 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 08/16/2024 Initial Publication | ||
| - 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products |
46 changes: 46 additions & 0 deletions
46
docs/docs-content/security-bulletins/reports/cve-2018-20225.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| --- | ||
| sidebar_label: "CVE-2018-20225" | ||
| title: "CVE-2018-20225" | ||
| description: "Lifecycle of CVE-2018-20225" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2018-20225](https://nvd.nist.gov/vuln/detail/CVE-2018-20225) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 08/16/2024 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if | ||
| the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url | ||
| option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can | ||
| put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality | ||
| and the user is responsible for using --extra-index-url securely | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| Waiting on a fix from third party mongodb vendor | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [7.8](https://nvd.nist.gov/vuln/detail/CVE-2018-20225) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.12 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 08/16/2024 Initial Publication | ||
| - 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products |
44 changes: 44 additions & 0 deletions
44
docs/docs-content/security-bulletins/reports/cve-2018-20657.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| --- | ||
| sidebar_label: "CVE-2018-20657" | ||
| title: "CVE-2018-20657" | ||
| description: "Lifecycle of CVE-2018-20657" | ||
| hide_table_of_contents: true | ||
| sidebar_class_name: "hide-from-sidebar" | ||
| toc_max_heading_level: 2 | ||
| tags: ["security", "cve"] | ||
| --- | ||
|
|
||
| ## CVE Details | ||
|
|
||
| [CVE-2018-20657](https://nvd.nist.gov/vuln/detail/CVE-2018-20657) | ||
|
|
||
| ## Last Update | ||
|
|
||
| 08/16/2024 | ||
|
|
||
| ## NIST CVE Summary | ||
|
|
||
| The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak | ||
| via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue | ||
| to CVE-2018-12698. | ||
|
|
||
| ## Our Official Summary | ||
|
|
||
| Waiting on a fix from third party mongodb & calico vendors | ||
|
|
||
| ## CVE Severity | ||
|
|
||
| [7.5](https://nvd.nist.gov/vuln/detail/CVE-2018-20657) | ||
|
|
||
| ## Status | ||
|
|
||
| Ongoing | ||
|
|
||
| ## Affected Products & Versions | ||
|
|
||
| - Palette VerteX 4.4.12 | ||
|
|
||
| ## Revision History | ||
|
|
||
| - 1.0 08/16/2024 Initial Publication | ||
| - 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products |
Oops, something went wrong.