spectrocloud · vault-token-factory-spectrocloud · Sep 13, 2024 · Sep 13, 2024
@@ -0,0 +1,47 @@
+---
+sidebar_label: "CVE-2022-45061"
+title: "CVE-2022-45061"
+description: "Lifecycle of CVE-2022-45061"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2022-45061](https://nvd.nist.gov/vuln/detail/CVE-2022-45061)
+
+## Last Update
+
+9/13/24
+
+## NIST CVE Summary
+
+An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing
+some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder
+could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a
+malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use
+of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an
+HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.
+
+## Our Official Summary
+
+Investigation is ongoing to determine how this vulnerability affects our products.
+
+## CVE Severity
+
+[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-45061)
+
+## Status
+
+Ongoing
+
+## Affected Products & Versions
+
+- Palette VerteX 4.4.17
+
+## Revision History
+
+- 1.0 9/13/2024 Initial Publication
+- 2.0 9/13/2024 Added Palette VerteX 4.4.17 to Affected Products
@@ -0,0 +1,42 @@
+---
+sidebar_label: "CVE-2022-48560"
+title: "CVE-2022-48560"
+description: "Lifecycle of CVE-2022-48560"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2022-48560](https://nvd.nist.gov/vuln/detail/CVE-2022-48560)
+
+## Last Update
+
+9/13/24
+
+## NIST CVE Summary
+
+A use-after-free exists in Python through 3.9 via heappushpop in heapq.
+
+## Our Official Summary
+
+Investigation is ongoing to determine how this vulnerability affects our products.
+
+## CVE Severity
+
+[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-48560)
+
+## Status
+
+Ongoing
+
+## Affected Products & Versions
+
+- Palette VerteX 4.4.17
+
+## Revision History
+
+- 1.0 9/13/2024 Initial Publication
+- 2.0 9/13/2024 Added Palette VerteX 4.4.17 to Affected Products
@@ -0,0 +1,43 @@
+---
+sidebar_label: "CVE-2022-48565"
+title: "CVE-2022-48565"
+description: "Lifecycle of CVE-2022-48565"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2022-48565](https://nvd.nist.gov/vuln/detail/CVE-2022-48565)
+
+## Last Update
+
+9/13/24
+
+## NIST CVE Summary
+
+An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity
+declarations in XML plist files to avoid XML vulnerabilities.
+
+## Our Official Summary
+
+Investigation is ongoing to determine how this vulnerability affects our products.
+
+## CVE Severity
+
+[9.8](https://nvd.nist.gov/vuln/detail/CVE-2022-48565)
+
+## Status
+
+Ongoing
+
+## Affected Products & Versions
+
+- Palette VerteX 4.4.17
+
+## Revision History
+
+- 1.0 9/13/2024 Initial Publication
+- 2.0 9/13/2024 Added Palette VerteX 4.4.17 to Affected Products
@@ -0,0 +1,43 @@
+---
+sidebar_label: "CVE-2023-24329"
+title: "CVE-2023-24329"
+description: "Lifecycle of CVE-2023-24329"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329)
+
+## Last Update
+
+9/13/24
+
+## NIST CVE Summary
+
+An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by
+supplying a URL that starts with blank characters.
+
+## Our Official Summary
+
+Investigation is ongoing to determine how this vulnerability affects our products.
+
+## CVE Severity
+
+[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-24329)
+
+## Status
+
+Ongoing
+
+## Affected Products & Versions
+
+- Palette VerteX 4.4.17
+
+## Revision History
+
+- 1.0 9/13/2024 Initial Publication
+- 2.0 9/13/2024 Added Palette VerteX 4.4.17 to Affected Products
@@ -0,0 +1,46 @@
+---
+sidebar_label: "CVE-2024-3651"
+title: "CVE-2024-3651"
+description: "Lifecycle of CVE-2024-3651"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+## CVE Details
+
+[CVE-2024-3651](https://nvd.nist.gov/vuln/detail/CVE-2024-3651)
+
+## Last Update
+
+9/13/24
+
+## NIST CVE Summary
+
+A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting
+version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic
+complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that
+causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing
+the processing time in a quadratic manner relative to the input size.
+
+## Our Official Summary
+
+Investigation is ongoing to determine how this vulnerability affects our products.
+
+## CVE Severity
+
+[7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-3651)
+
+## Status
+
+Ongoing
+
+## Affected Products & Versions
+
+- Palette VerteX 4.4.17
+
+## Revision History
+
+- 1.0 9/13/2024 Initial Publication
+- 2.0 9/13/2024 Added Palette VerteX 4.4.17 to Affected Products