Skip to main content
Version: latest

Security Bulletins

The vulnerabilities reported in this Security Bulletin include vulnerabilities within the Palette VerteX, Palette Enterprise, and airgap environments. The reported vulnerabilities also include third-party component vulnerabilities, which we have become aware of. These vulnerabilities are discovered via our Bug Bounty program, our security monitoring program, or reported to us by our supply chain.

info

The CVSS Severity is provided by either the third-party service provider, or NIST CVE. We do not provide the criticality score for third-party components. Previous security bulletins are available in the Security Bulletins Archive.

To fix all the vulnerabilities impacting your products, we recommend patching your instances to the latest version regarding any third-party components. For vulnerabilities originating in our products, we will provide mitigations and workarounds where applicable.

Click on the CVE ID to view the full details of the vulnerability.

CVE IDInitial Pub DateModified DateProduct VersionVulnerability TypeCVSS SeverityStatus
CVE-2024-216261/3/2410/29/244.4.11, 4.4.14, 4.4.18, 4.5.3Third-party component: kube-proxy8.6🔍 Ongoing
CVE-2022-417232/28/2310/10/244.4.11, 4.4.14, 4.4.18Third-party component: CoreDNS7.5🔍 Ongoing
GHSA-m425-mq94-257g10/25/2311/7/244.4.11, 4.4.14, 4.4.18, 4.5.3, 4.5.8Third-party component: CoreDNS7.5🔍 Ongoing
CVE-2023-4514210/12/2310/10/244.4.11, 4.4.14, 4.4.18Third-party component: OpenTelemetry-Go7.5🔍 Ongoing
CVE-2023-04643/22/2310/10/244.4.11, 4.4.14, 4.4.18, 4.5.3Third-party component: OpenSSL7.5🔍 Ongoing
CVE-2023-3932510/11/2311/7/244.4.11, 4.4.14, 4.4.18, 4.5.3, 4.5.8Third-party component: Go project7.5🔍 Ongoing
CVE-2023-4710811/20/2311/12/244.4.11, 4.4.14, 4.4.18, 4.5.3Third-party component: OpenTelemetry-Go7.5🔍 Ongoing
CVE-2023-4448710/10/236/27/244.4.11, 4.4.14Third-party component: CAPI7.5🔍 Ongoing
CVE-2022-258836/21/239/25/244.4.11, 4.4.14Third-party component: CAPI7.5🔍 Ongoing
CVE-2015-88551/23/179/25/244.4.11Third-party component: CAPI7.5🔍 Ongoing
CVE-2019-1290008/16/2411/7/244.4.14, 4.4.18, 4.5.3, 4.5.8Third-party component: BZ29.8🔍 Ongoing
CVE-2023-3792008/16/2410/29/244.4.14, 4.4.18, 4.5.3Third-party component: Certifi9.8🔍 Ongoing
CVE-2019-101002208/16/2411/7/244.4.14, 4.4.18, 4.5.3, 4.5.8Third-party component: GNU Libc9.8🔍 Ongoing
CVE-2016-158508/16/2411/12/244.4.14, 4.5.8Third-party component: Ubuntu9.8🔍 Ongoing
CVE-2018-2083908/16/2410/10/244.4.14, 4.4.18, 4.5.3Third-party component: MongoDB9.8🔍 Ongoing
CVE-2024-3842808/16/2410/10/244.4.14, 4.4.18Third-party component: MongoDB9.1🔍 Ongoing
CVE-2021-4269408/16/2410/10/244.4.14, 4.4.18, 4.5.3Third-party component: MongoDB8.3🔍 Ongoing
CVE-2021-3953708/16/2411/7/244.4.14, 4.4.18, 4.5.3, 4.5.8Third-party component: MongoDB8.8🔍 Ongoing
CVE-2019-992308/16/249/25/244.4.14Third-party component: MongoDB7.5🔍 Ongoing
CVE-2020-3632508/16/2411/7/244.4.14, 4.4.18, 4.5.3, 4.5.8Third-party component: Jansson7.5🔍 Ongoing
CVE-2005-254108/16/2410/25/244.4.14, 4.5.3Third-party component: MongoDB10.0🔍 Ongoing
CVE-2019-993708/16/249/25/244.4.14Third-party component: MongoDB7.5🔍 Ongoing
CVE-2019-993608/16/249/25/244.4.14Third-party component: MongoDB7.5🔍 Ongoing
CVE-2019-1924408/16/249/25/244.4.14Third-party component: MongoDB7.5🔍 Ongoing
CVE-2016-2001308/16/2411/7/244.4.14, 4.4.18, 4.5.3, 4.5.8Third-party component: Ubuntu7.5🔍 Ongoing
CVE-2022-039108/16/2410/10/244.4.14, 4.4.18Third-party component: MongoDB7.5🔍 Ongoing
CVE-2021-373708/16/249/25/244.4.14Third-party component: MongoDB7.5🔍 Ongoing
CVE-2019-967408/16/249/25/244.4.14Third-party component: MongoDB7.5🔍 Ongoing
CVE-2023-2660408/16/2411/7/244.4.14, 4.4.18, 4.5.3, 4.5.8Third-party component: Ubuntu7.8🔍 Ongoing
CVE-2015-2010708/16/249/25/244.4.14Third-party component: MongoDB7.6🔍 Ongoing
CVE-2017-1116408/16/2411/7/244.4.14, 4.4.18, 4.5.3, 4.5.8Third-party component: Ubuntu7.5🔍 Ongoing
CVE-2018-2022508/16/2411/12/244.4.14, 4.5.8Third-party component: MongoDB7.8🔍 Ongoing
CVE-2022-4140908/16/2411/7/244.4.14, 4.4.18, 4.5.3, 4.5.8Third-party component: MongoDB7.5🔍 Ongoing
CVE-2019-1754308/16/2408/16/244.4.14Third-party component: MongoDB8.1🔍 Ongoing
CVE-2022-489908/16/2411/7/244.4.14, 4.4.18, 4.5.3, 4.5.8Third-party component: MongoDB7.5🔍 Ongoing
CVE-2018-2065708/16/2411/7/244.4.14, 4.4.18, 4.5.3, 4.5.8Third-party component: MongoDB7.5🔍 Ongoing
CVE-2023-2753408/16/2410/25/244.4.14Third-party component: MongoDB8.8🔍 Ongoing
CVE-2023-3263608/16/2410/25/244.4.14Third-party component: MongoDB7.5🔍 Ongoing
CVE-2023-2949908/16/2410/25/244.4.14Third-party component: MongoDB7.5🔍 Ongoing
CVE-2024-247908/6/2410/29/244.4.11, 4.4.14Third-party component: Go Project9.8🔍 Ongoing
CVE-2023-415608/16/2410/25/244.4.14Third-party component: MongoDB7.1🔍 Ongoing
CVE-2022-2399008/16/2410/25/244.4.14Third-party component: MongoDB7.5🔍 Ongoing
CVE-2020-3551208/16/2410/25/244.4.14Third-party component: MongoDB7.8🔍 Ongoing
CVE-2012-266308/16/2411/7/244.4.14, 4.4.18, 4.5.3, 4.5.8Third-party component: iPtables7.5🔍 Ongoing
CVE-2019-919208/16/2411/7/244.4.14, 4.4.18, 4.5.3, 4.5.8Third-party component: GNU C Library7.5🔍 Ongoing
CVE-2018-2079608/16/2411/7/244.4.14, 4.4.18, 4.5.3, 4.5.8Third-party component: GNU C Library7.5🔍 Ongoing
GHSA-74fp-r6jw-h4mp10/25/2311/7/244.4.11, 4.4.14, 4.4.18, 4.5.3, 4.5.8Third-party component: Kubernetes API7.5🔍 Ongoing
CVE-2024-3532508/27/2408/30/244.4.14Third-party component: Libyaml9.8 Resolved
CVE-2024-619708/27/2410/10/244.4.14Third-party component: Libcurl7.5🔍 Ongoing
CVE-2024-3737108/30/2411/7/244.4.14, 4.4.18, 4.5.3, 4.5.8Third-party component: MIT Kerberos9.1🔍 Ongoing
CVE-2024-3737008/30/2411/7/244.4.14, 4.4.18, 4.5.3, 4.5.8Third-party component: MIT Kerberos7.5🔍 Ongoing
CVE-2021-468489/5/2411/7/244.4.14, 4.4.18, 4.5.3, 4.5.8Third-party component: GNU Libtasn19.1🔍 Ongoing
CVE-2024-75929/5/249/5/244.4.14, 4.4.18Third-party component: CPython7.5🔍 Ongoing
CVE-2024-17379/5/2410/10/244.4.14, 4.4.18Third-party component: ISC7.5🔍 Ongoing
CVE-2024-07609/5/2410/10/244.4.14, 4.4.18Third-party component: ISC7.5🔍 Ongoing
CVE-2024-19759/5/2410/10/244.4.14, 4.4.18, 4.5.3Third-party component: ISC7.5🔍 Ongoing
CVE-2024-454909/5/2410/10/244.4.14, 4.4.18, 4.5.3Third-party component: Libexpat9.8🔍 Ongoing
CVE-2024-454919/5/2410/10/244.4.14, 4.4.18, 4.5.3Third-party component: Libexpat9.8🔍 Ongoing
CVE-2024-454929/5/2410/10/244.4.14, 4.4.18, 4.5.3Third-party component: Libexpat9.8🔍 Ongoing
CVE-2024-62329/5/2410/10/244.4.14, 4.4.18, 4.5.3Third-party component: MIT Kerberos7.5🔍 Ongoing
CVE-2024-36519/13/2411/7/244.4.18, 4.5.3, 4.5.8Third-party component: kjd7.5🔍 Ongoing
CVE-2023-243299/13/2410/10/244.4.18Third-party component: Python7.5🔍 Ongoing
CVE-2022-450619/13/2410/24/244.4.18Third-party component: Python7.5🔍 Ongoing
CVE-2022-485609/13/2410/24/244.4.18Third-party component: Python7.5🔍 Ongoing
CVE-2022-485659/13/2410/24/244.4.18Third-party component: Python9.8 🔍 Ongoing
CVE-2022-4073511/14/2211/7/244.5.8Third-party component: DH Key Exhcnage7.5 🔍 Ongoing
CVE-2024-1096311/7/2411/12/244.5.8Third-party component: PAM7.4 🔍 Ongoing