Security Bulletins
The vulnerabilities reported in this Security Bulletin include vulnerabilities within the Palette VerteX and Palette Enterprise airgap solution, and third-party component vulnerabilities, which we have become aware of. These vulnerabilities are discovered via our Bug Bounty program, our security monitoring program, or reported to us by our supply chain.
The CVSS Severity is provided by either the third-party service provider, or NIST CVE. We do not provide the criticality score for third-party components. Previous security bulletins are available in the Security Bulletins Archive.
To fix all the vulnerabilities impacting your products, we recommend patching your instances to the latest version regarding any third-party components. For vulnerabilities originating in our products, we will provide mitigations and workarounds where applicable.
Click on the CVE ID to view the full details of the vulnerability.
- Palette VerteX
- Palette Enterprise
CVE ID | Initial Pub Date | Modified Date | Product Version | Vulnerability Type | CVSS Severity | Status |
---|---|---|---|---|---|---|
CVE-2024-21626 | 1/3/24 | 10/10/24 | 4.4.11 & 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: kube-proxy | 8.6 | 🔍 Ongoing |
CVE-2022-41723 | 2/28/23 | 10/10/24 | 4.4.11 & 4.4.14 & 4.4.18 | Third-party component: CoreDNS | 7.5 | 🔍 Ongoing |
GHSA-m425-mq94-257g | 10/25/23 | 10/25/24 | 4.4.11 & 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: CoreDNS | 7.5 | 🔍 Ongoing |
CVE-2023-45142 | 10/12/23 | 10/10/24 | 4.4.11 & 4.4.14 & 4.4.18 | Third-party component: OpenTelemetry-Go | 7.5 | 🔍 Ongoing |
CVE-2023-0464 | 3/22/23 | 10/10/24 | 4.4.11 & 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: OpenSSL | 7.5 | 🔍 Ongoing |
CVE-2023-39325 | 10/11/23 | 10/10/24 | 4.4.11 & 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: Go project | 7.5 | 🔍 Ongoing |
CVE-2023-47108 | 11/20/23 | 10/10/24 | 4.4.11 & 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: OpenTelemetry-Go | 7.5 | 🔍 Ongoing |
CVE-2023-44487 | 10/10/23 | 6/27/24 | 4.4.11 & 4.4.14 | Third-party component: CAPI | 7.5 | 🔍 Ongoing |
CVE-2022-25883 | 6/21/23 | 9/25/24 | 4.4.11 & 4.4.14 | Third-party component: CAPI | 7.5 | 🔍 Ongoing |
CVE-2015-8855 | 1/23/17 | 9/25/24 | 4.4.11 | Third-party component: CAPI | 7.5 | 🔍 Ongoing |
CVE-2019-12900 | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: BZ2 | 9.8 | 🔍 Ongoing |
CVE-2023-37920 | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: Certifi | 9.8 | 🔍 Ongoing |
CVE-2019-1010022 | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: GNU Libc | 9.8 | 🔍 Ongoing |
CVE-2016-1585 | 08/16/24 | 9/25/24 | 4.4.14 | Third-party component: Ubuntu | 9.8 | 🔍 Ongoing |
CVE-2018-20839 | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: MongoDB | 9.8 | 🔍 Ongoing |
CVE-2024-38428 | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 | Third-party component: MongoDB | 9.1 | 🔍 Ongoing |
CVE-2021-42694 | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: MongoDB | 8.3 | 🔍 Ongoing |
CVE-2021-39537 | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: MongoDB | 8.8 | 🔍 Ongoing |
CVE-2019-9923 | 08/16/24 | 9/25/24 | 4.4.14 | Third-party component: MongoDB | 7.5 | 🔍 Ongoing |
CVE-2020-36325 | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: Jansson | 7.5 | 🔍 Ongoing |
CVE-2005-2541 | 08/16/24 | 9/25/24 | 4.4.14 | Third-party component: MongoDB | 10.0 | 🔍 Ongoing |
CVE-2019-9937 | 08/16/24 | 9/25/24 | 4.4.14 | Third-party component: MongoDB | 7.5 | 🔍 Ongoing |
CVE-2019-9936 | 08/16/24 | 9/25/24 | 4.4.14 | Third-party component: MongoDB | 7.5 | 🔍 Ongoing |
CVE-2019-19244 | 08/16/24 | 9/25/24 | 4.4.14 | Third-party component: MongoDB | 7.5 | 🔍 Ongoing |
CVE-2016-20013 | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: Ubuntu | 7.5 | 🔍 Ongoing |
CVE-2022-0391 | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 | Third-party component: MongoDB | 7.5 | 🔍 Ongoing |
CVE-2021-3737 | 08/16/24 | 9/25/24 | 4.4.14 | Third-party component: MongoDB | 7.5 | 🔍 Ongoing |
CVE-2019-9674 | 08/16/24 | 9/25/24 | 4.4.14 | Third-party component: MongoDB | 7.5 | 🔍 Ongoing |
CVE-2023-26604 | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: Ubuntu | 7.8 | 🔍 Ongoing |
CVE-2015-20107 | 08/16/24 | 9/25/24 | 4.4.14 | Third-party component: MongoDB | 7.6 | 🔍 Ongoing |
CVE-2017-11164 | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: Ubuntu | 7.5 | 🔍 Ongoing |
CVE-2018-20225 | 08/16/24 | 9/25/24 | 4.4.14 | Third-party component: MongoDB | 7.8 | 🔍 Ongoing |
CVE-2022-41409 | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: MongoDB | 7.5 | 🔍 Ongoing |
CVE-2019-17543 | 08/16/24 | 08/16/24 | 4.4.14 | Third-party component: MongoDB | 8.1 | 🔍 Ongoing |
CVE-2022-4899 | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: MongoDB | 7.5 | 🔍 Ongoing |
CVE-2018-20657 | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: MongoDB | 7.5 | 🔍 Ongoing |
CVE-2023-27534 | 08/16/24 | 08/16/24 | 4.4.14 | Third-party component: MongoDB | 8.8 | 🔍 Ongoing |
CVE-2023-32636 | 08/16/24 | 08/16/24 | 4.4.14 | Third-party component: MongoDB | 7.5 | 🔍 Ongoing |
CVE-2023-29499 | 08/16/24 | 08/16/24 | 4.4.14 | Third-party component: MongoDB | 7.5 | 🔍 Ongoing |
CVE-2024-24790 | 8/6/24 | 10/10/24 | 4.4.11 & 4.4.14 | Third-party component: Go Project | 9.8 | 🔍 Ongoing |
CVE-2023-4156 | 08/16/24 | 08/16/24 | 4.4.14 | Third-party component: MongoDB | 7.1 | 🔍 Ongoing |
CVE-2022-23990 | 08/16/24 | 9/25/24 | 4.4.14 | Third-party component: MongoDB | 7.5 | 🔍 Ongoing |
CVE-2020-35512 | 08/16/24 | 9/25/24 | 4.4.14 | Third-party component: MongoDB | 7.8 | 🔍 Ongoing |
CVE-2012-2663 | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: iPtables | 7.5 | 🔍 Ongoing |
CVE-2019-9192 | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: GNU C Library | 7.5 | 🔍 Ongoing |
CVE-2018-20796 | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: GNU C Library | 7.5 | 🔍 Ongoing |
GHSA-74fp-r6jw-h4mp | 10/25/23 | 10/10/24 | 4.4.11 & 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: Kubernetes API | 7.5 | 🔍 Ongoing |
CVE-2024-35325 | 08/27/24 | 08/30/24 | 4.4.14 | Third-party component: Libyaml | 9.8 | ✅ Resolved |
CVE-2024-6197 | 08/27/24 | 10/10/24 | 4.4.14 | Third-party component: Libcurl | 7.5 | 🔍 Ongoing |
CVE-2024-37371 | 08/30/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: MIT Kerberos | 9.1 | 🔍 Ongoing |
CVE-2024-37370 | 08/30/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: MIT Kerberos | 7.5 | 🔍 Ongoing |
CVE-2021-46848 | 9/5/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: GNU Libtasn1 | 9.1 | 🔍 Ongoing |
CVE-2024-7592 | 9/5/24 | 9/5/24 | 4.4.14 & 4.4.18 | Third-party component: CPython | 7.5 | 🔍 Ongoing |
CVE-2024-1737 | 9/5/24 | 10/10/24 | 4.4.14 & 4.4.18 | Third-party component: ISC | 7.5 | 🔍 Ongoing |
CVE-2024-0760 | 9/5/24 | 10/10/24 | 4.4.14 & 4.4.18 | Third-party component: ISC | 7.5 | 🔍 Ongoing |
CVE-2024-1975 | 9/5/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: ISC | 7.5 | 🔍 Ongoing |
CVE-2024-45490 | 9/5/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: Libexpat | 9.8 | 🔍 Ongoing |
CVE-2024-45491 | 9/5/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: Libexpat | 9.8 | 🔍 Ongoing |
CVE-2024-45492 | 9/5/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: Libexpat | 9.8 | 🔍 Ongoing |
CVE-2024-6232 | 9/5/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: MIT Kerberos | 7.5 | 🔍 Ongoing |
CVE-2024-3651 | 9/13/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: kjd | 7.5 | 🔍 Ongoing |
CVE-2023-24329 | 9/13/24 | 10/10/24 | 4.4.18 | Third-party component: Python | 7.5 | 🔍 Ongoing |
CVE-2022-45061 | 9/13/24 | 10/10/24 | 4.4.18 | Third-party component: Python | 7.5 | 🔍 Ongoing |
CVE-2022-48560 | 9/13/24 | 10/10/24 | 4.4.18 | Third-party component: Python | 7.5 | 🔍 Ongoing |
CVE-2022-48565 | 9/13/24 | 10/10/24 | 4.4.18 | Third-party component: Python | 9.8 | 🔍 Ongoing |
CVE ID | Initial Pub Date | Modified Date | Product Version | Vulnerability Type | CVSS Severity | Status |
---|---|---|---|---|---|---|
CVE-2024-37371 | 08/30/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: MIT Kerberos | 9.1 | 🔍 Ongoing |
CVE-2019-1010022 | 08/16/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: GNU Libc | 9.8 | 🔍 Ongoing |
CVE-2024-45490 | 9/5/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: Libexpat | 9.8 | 🔍 Ongoing |
CVE-2019-12900 | 08/16/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: BZ2 | 9.8 | 🔍 Ongoing |
CVE-2021-46848 | 9/5/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: GNU Libtasn1 | 9.1 | 🔍 Ongoing |
CVE-2024-24790 | 8/6/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: Go Project | 9.8 | 🔍 Ongoing |
CVE-2018-20839 | 08/16/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: MongoDB | 9.8 | 🔍 Ongoing |
CVE-2023-37920 | 08/16/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: Certifi | 9.8 | 🔍 Ongoing |
CVE-2024-45491 | 9/5/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: Libexpat | 9.8 | 🔍 Ongoing |
CVE-2024-45492 | 9/5/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: Libexpat | 9.8 | 🔍 Ongoing |
CVE-2024-38428 | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 | Third-party component: MongoDB | 9.1 | 🔍 Ongoing |
CVE-2024-6232 | 9/5/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: MIT Kerberos | 7.5 | 🔍 Ongoing |
CVE-2020-36325 | 08/16/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: Jansson | 7.5 | 🔍 Ongoing |
CVE-2019-9192 | 08/16/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: GNU C Library | 7.5 | 🔍 Ongoing |
CVE-2018-20796 | 08/16/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: GNU C Library | 7.5 | 🔍 Ongoing |
CVE-2012-2663 | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: iPtables | 7.5 | 🔍 Ongoing |
CVE-2023-47108 | 11/20/23 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: OpenTelemetry-Go | 7.5 | 🔍 Ongoing |
CVE-2023-45142 | 10/12/23 | 10/10/24 | 4.4.11 & 4.4.14 & 4.4.18 | Third-party component: OpenTelemetry-Go | 7.5 | 🔍 Ongoing |
CVE-2022-41409 | 08/16/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: MongoDB | 7.5 | 🔍 Ongoing |
CVE-2017-11164 | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: Ubuntu | 7.5 | 🔍 Ongoing |
GHSA-m425-mq94-257g | 10/25/23 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: CoreDNS | 7.5 | 🔍 Ongoing |
CVE-2022-4899 | 08/16/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: MongoDB | 7.5 | 🔍 Ongoing |
CVE-2022-41723 | 2/28/23 | 10/10/24 | 4.4.11 & 4.4.14 & 4.4.18 | Third-party component: CoreDNS | 7.5 | 🔍 Ongoing |
CVE-2023-0464 | 3/22/23 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: OpenSSL | 7.5 | 🔍 Ongoing |
CVE-2021-39537 | 08/16/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: MongoDB | 8.8 | 🔍 Ongoing |
CVE-2018-20657 | 08/16/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: MongoDB | 7.5 | 🔍 Ongoing |
CVE-2021-42694 | 08/16/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: MongoDB | 8.3 | 🔍 Ongoing |
GHSA-74fp-r6jw-h4mp | 10/25/23 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: Kubernetes API | 7.5 | 🔍 Ongoing |
CVE-2024-6197 | 08/27/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: Libcurl | 7.5 | 🔍 Ongoing |
CVE-2023-26604 | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 | Third-party component: Ubuntu | 7.8 | 🔍 Ongoing |
CVE-2023-39325 | 10/11/23 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: Go project | 7.5 | 🔍 Ongoing |
CVE-2024-37370 | 08/30/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: MIT Kerberos | 7.5 | 🔍 Ongoing |
CVE-2016-20013 | 08/16/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: Ubuntu | 7.5 | 🔍 Ongoing |
CVE-2024-21626 | 1/3/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: kube-proxy | 8.6 | 🔍 Ongoing |
CVE-2024-7592 | 9/5/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: CPython | 7.5 | 🔍 Ongoing |
CVE-2024-0760 | 9/5/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: ISC | 7.5 | 🔍 Ongoing |
CVE-2024-1737 | 9/5/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: ISC | 7.5 | 🔍 Ongoing |
CVE-2024-1975 | 9/5/24 | 10/10/24 | 4.4.14 & 4.4.18 & 4.5.2 | Third-party component: ISC | 7.5 | 🔍 Ongoing |
CVE-2022-28357 | 9/15/24 | 10/10/24 | 4.4.18 | Third-party component: NATS | 9.8 | 🔍 Ongoing |
CVE-2022-28948 | 9/15/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: Go-Yaml | 7.5 | 🔍 Ongoing |
CVE-2022-41724 | 9/15/24 | 10/10/24 | 4.4.18 | Third-party component: Go Project | 7.5 | 🔍 Ongoing |
CVE-2022-41725 | 9/15/24 | 10/10/24 | 4.4.18 | Third-party component: Go Project | 7.5 | 🔍 Ongoing |
CVE-2023-24534 | 9/15/24 | 10/10/24 | 4.4.18 | Third-party component: Go Project | 7.5 | 🔍 Ongoing |
CVE-2023-24536 | 9/15/24 | 10/10/24 | 4.4.18 | Third-party component: Go Project | 7.5 | 🔍 Ongoing |
CVE-2023-24537 | 9/15/24 | 10/10/24 | 4.4.18 | Third-party component: Go Project | 7.5 | 🔍 Ongoing |
CVE-2023-24538 | 9/15/24 | 10/10/24 | 4.4.18 | Third-party component: Go Project | 9.8 | 🔍 Ongoing |
CVE-2023-24539 | 9/15/24 | 10/10/24 | 4.4.18 | Third-party component: Go Project | 7.3 | 🔍 Ongoing |
CVE-2023-24540 | 9/15/24 | 10/10/24 | 4.4.18 | Third-party component: Go Project | 9.8 | 🔍 Ongoing |
CVE-2023-29400 | 9/15/24 | 10/10/24 | 4.4.18 | Third-party component: Go Project | 7.3 | 🔍 Ongoing |
CVE-2023-29403 | 9/15/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: Go Project | 7.8 | 🔍 Ongoing |
CVE-2023-45287 | 9/15/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: Go Project | 7.5 | 🔍 Ongoing |
CVE-2023-52356 | 9/15/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: Libtiff | 7.5 | 🔍 Ongoing |
CVE-2024-0743 | 9/15/24 | 10/10/24 | 4.4.18 & 4.5.2 | Third-party component: Mozilla | 7.5 | 🔍 Ongoing |
CVE-2024-32002 | 9/15/24 | 10/10/24 | 4.4.18 | Third-party component: Github | 9.0 | 🔍 Ongoing |
CVE-2023-49569 | 9/15/24 | 9/19/24 | 4.4.14 | Third-party component: Bitdefender | 9.8 | 🔍 Ongoing |