February 2022 Security Updates
Security Update
secure@microsoft.com
The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc.
2022-Feb
2022-Feb
Final
1.0
42
2026-02-18T03:19:01
February 2022 Security Updates
2022-02-08T08:00:00
2026-02-18T03:19:01
<h2 id="updates-this-month">Updates this Month</h2>
<p>This release consists of security updates for the following products, features and roles.</p>
<ul>
<li>Azure Data Explorer</li>
<li>Kestrel Web Server</li>
<li>Microsoft Dynamics</li>
<li>Microsoft Dynamics GP</li>
<li>Microsoft Edge (Chromium-based)</li>
<li>Microsoft Office</li>
<li>Microsoft Office Excel</li>
<li>Microsoft Office Outlook</li>
<li>Microsoft Office SharePoint</li>
<li>Microsoft Office Visio</li>
<li>Microsoft OneDrive</li>
<li>Microsoft Teams</li>
<li>Microsoft Windows Codecs Library</li>
<li>Power BI</li>
<li>Roaming Security Rights Management Services</li>
<li>Role: DNS Server</li>
<li>Role: Windows Hyper-V</li>
<li>SQL Server</li>
<li>Visual Studio Code</li>
<li>Windows Common Log File System Driver</li>
<li>Windows DWM Core Library</li>
<li>Windows Kernel</li>
<li>Windows Kernel-Mode Drivers</li>
<li>Windows Named Pipe File System</li>
<li>Windows Print Spooler Components</li>
<li>Windows Remote Access Connection Manager</li>
<li>Windows Remote Procedure Call Runtime</li>
<li>Windows User Account Profile</li>
<li>Windows Win32K</li>
</ul>
<p>Please note the following information regarding the security updates:</p>
<h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2>
<table>
<thead>
<tr>
<th>Date</th>
<th>Blog Post</th>
</tr>
</thead>
<tbody>
<tr>
<td>January 11, 2022</td>
<td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td>
</tr>
<tr>
<td>February 9, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td>
</tr>
<tr>
<td>January 13, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td>
</tr>
<tr>
<td>December 8, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td>
</tr>
<tr>
<td>November 9, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td>
</tr>
</tbody>
</table>
<h2 id="relevant-information">Relevant Information</h2>
<ul>
<li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li>
<li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li>
<li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li>
<li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li>
<li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li>
<li>Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li>
</ul>
<h2 id="faqs-mitigations-and-workarounds">FAQs, Mitigations, and Workarounds</h2>
<p>The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting <strong>FAQs</strong>, <strong>Mitigations</strong> and <strong>Workarounds</strong> columns in the <strong>Edit Columns</strong> panel.</p>
<ul>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0452">CVE-2022-0452</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0453">CVE-2022-0453</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0454">CVE-2022-0454</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0455">CVE-2022-0455</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0456">CVE-2022-0456</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0457">CVE-2022-0457</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0458">CVE-2022-0458</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0459">CVE-2022-0459</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0460">CVE-2022-0460</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0461">CVE-2022-0461</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0462">CVE-2022-0462</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0463">CVE-2022-0463</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0464">CVE-2022-0464</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0465">CVE-2022-0465</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0466">CVE-2022-0466</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0467">CVE-2022-0467</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0468">CVE-2022-0468</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0469">CVE-2022-0469</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0470">CVE-2022-0470</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21844">CVE-2022-21844</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21926">CVE-2022-21926</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21927">CVE-2022-21927</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21965">CVE-2022-21965</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21968">CVE-2022-21968</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21971">CVE-2022-21971</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21974">CVE-2022-21974</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21984">CVE-2022-21984</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21985">CVE-2022-21985</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21986">CVE-2022-21986</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21987">CVE-2022-21987</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21988">CVE-2022-21988</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21989">CVE-2022-21989</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21991">CVE-2022-21991</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21992">CVE-2022-21992</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21993">CVE-2022-21993</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21995">CVE-2022-21995</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21997">CVE-2022-21997</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21998">CVE-2022-21998</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22003">CVE-2022-22003</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22004">CVE-2022-22004</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22005">CVE-2022-22005</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22709">CVE-2022-22709</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22712">CVE-2022-22712</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22716">CVE-2022-22716</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22717">CVE-2022-22717</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23252">CVE-2022-23252</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23254">CVE-2022-23254</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23255">CVE-2022-23255</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23256">CVE-2022-23256</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23261">CVE-2022-23261</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23262">CVE-2022-23262</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23263">CVE-2022-23263</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23269">CVE-2022-23269</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23272">CVE-2022-23272</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23274">CVE-2022-23274</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23276">CVE-2022-23276</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23280">CVE-2022-23280</a></li>
</ul>
<h2 id="known-issues">Known Issues</h2>
<p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p>
<p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p>
<table>
<thead>
<tr>
<th>KB Article</th>
<th>Applies To</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://support.microsoft.com/help/5010342">5010342</a></td>
<td>Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5010351">5010351</a></td>
<td>Windows 10, version 1809, Windows Server 2019</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5010354">5010354</a></td>
<td>Windows Server 2022</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5010384">5010384</a></td>
<td>Windows Server 2008 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5010392">5010392</a></td>
<td>Windows Server 2012 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5010395">5010395</a></td>
<td>Windows 8.1, Windows Server 2012 R2 (Security-only update)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5010403">5010403</a></td>
<td>Windows Server 2008 (Security-only update)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5010404">5010404</a></td>
<td>Windows 7, Windows Server 2008 R2 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5010412">5010412</a></td>
<td>Windows Server 2012 (Security-only update)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5010419">5010419</a></td>
<td>Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5010422">5010422</a></td>
<td>Windows 7, Windows Server 2008 R2 (Security-only update)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5002135">5002135</a></td>
<td>SharePoint Server 2019</td>
</tr>
</tbody>
</table>
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 11 version 21H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
HEVC Video Extension
HEVC Video Extensions
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
VP9 Video Extensions
Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft Dynamics GP
Microsoft Teams for iOS
Microsoft Teams for Android
Microsoft Teams Admin Center
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Server 2019
Microsoft SharePoint Server Subscription Edition
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft Office 2019 for Mac
Microsoft Office Online Server
Microsoft Office LTSC for Mac 2021
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions
Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions
OneDrive for Android
Microsoft Outlook 2016 for Mac
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
PowerBI-client JS SDK
SQL Server 2019 for Linux Containers
Microsoft Edge (Chromium-based)
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft Visual Studio 2022 version 17.0
Visual Studio 2019 for Mac version 8.10
.NET 5.0
.NET 6.0
Visual Studio Code
Azure Data Explorer
CBL Mariner 2.0 x64
CBL Mariner 2.0 ARM
CBL Mariner 1.0 x64
CBL Mariner 1.0 ARM
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows Server 2012 R2
Windows RT 8.1
Windows Server 2012 R2 (Server Core installation)
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Outlook 2016 for Mac
Windows Server 2016
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016 (Server Core installation)
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions
Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for Mac
Microsoft SharePoint Server 2019
Microsoft Office Online Server
Visual Studio Code
Microsoft Edge (Chromium-based)
Microsoft Dynamics 365 (on-premises) version 9.0
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
OneDrive for Android
.NET 5.0
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)
HEVC Video Extensions
Microsoft Teams for iOS
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
VP9 Video Extensions
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Visual Studio 2019 for Mac version 8.10
Microsoft Dynamics 365 (on-premises) version 9.1
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 11 version 21H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft Office LTSC for Mac 2021
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft SharePoint Server Subscription Edition
Microsoft Visual Studio 2022 version 17.0
Azure Data Explorer
Microsoft Dynamics GP
SQL Server 2019 for Linux Containers
Microsoft Teams for Android
Microsoft Teams Admin Center
.NET 6.0
HEVC Video Extension
PowerBI-client JS SDK
CBL Mariner 1.0 x64
CBL Mariner 1.0 ARM
CBL Mariner 2.0 x64
CBL Mariner 2.0 ARM
cbl2 samba 4.12.5-6 on CBL Mariner 2.0
azl3 samba 4.18.3-1 on Azure Linux 3.0
azl3 samba 4.18.3-1 on Azure Linux 3.0
cbl2 python-twisted 22.2.0-1 on CBL Mariner 2.0
azl3 python-tensorboard 2.16.2-2 on Azure Linux 3.0
cbl2 usbguard 1.1.0-1 on CBL Mariner 2.0
cbl2 application-gateway-kubernetes-ingress 1.4.0-25 on CBL Mariner 2.0
cbl2 moby-engine 20.10.27-4 on CBL Mariner 2.0
azl3 application-gateway-kubernetes-ingress 1.7.2-3 on Azure Linux 3.0
azl3 keda 2.14.0-1 on Azure Linux 3.0
azl3 rpm-ostree 2024.4-1 on Azure Linux 3.0
azl3 moby-engine 25.0.3-1 on Azure Linux 3.0
cm1 kernel 5.10.189.1-1 on CBL Mariner 1.0
azl3 moby-engine 20.10.25-3 on Azure Linux 3.0
cm1 kernel 5.10.111.1-1 on CBL Mariner 1.0
azl3 mozjs 102.15.1-1 on Azure Linux 3.0
cbl2 kernel 5.15.32.1-2 on CBL Mariner 2.0
cm1 mariadb 10.3.35-1 on CBL Mariner 1.0
cbl2 libtiff 4.3.0-2 on CBL Mariner 2.0
cm1 qemu-kvm 4.2.0-38 on CBL Mariner 1.0
cbl2 qemu 6.2.0-2 on CBL Mariner 2.0
cbl2 vim 8.2.4743-1 on CBL Mariner 2.0
cm1 libtiff 4.1.0-3 on CBL Mariner 1.0
cbl2 golang 1.17.8-1 on CBL Mariner 2.0
cm1 nodejs 14.18.3-1 on CBL Mariner 1.0
cbl2 nodejs 16.14.0-1 on CBL Mariner 2.0
cm1 libxml2 2.9.13-1 on CBL Mariner 1.0
cbl2 libxml2 2.9.13-1 on CBL Mariner 2.0
cm1 util-linux 2.32.1-7 on CBL Mariner 1.0
cbl2 util-linux 2.37.4-1 on CBL Mariner 2.0
cm1 kernel 5.10.102.1-1 on CBL Mariner 1.0
cbl2 kernel 5.15.26.1-1 on CBL Mariner 2.0
cm1 cyrus-sasl 2.1.28-1 on CBL Mariner 1.0
cbl2 cyrus-sasl 2.1.28-1 on CBL Mariner 2.0
cm1 vim 8.2.4495-1 on CBL Mariner 1.0
cm1 mariadb 10.3.34-1 on CBL Mariner 1.0
cbl2 mariadb 10.6.7-1 on CBL Mariner 2.0
cm1 expat 2.4.6-1 on CBL Mariner 1.0
cbl2 expat 2.4.8-1 on CBL Mariner 2.0
cm1 vim 8.2.4432-1 on CBL Mariner 1.0
cm1 kernel 5.10.93.1-4 on CBL Mariner 1.0
cm1 unzip 6.0-19 on CBL Mariner 1.0
cbl2 unzip 6.0-21 on CBL Mariner 2.0
azl3 unzip 6.0-21 on Azure Linux 3.0
cm1 python3 3.7.10-6 on CBL Mariner 1.0
cm1 python2 2.7.18-9 on CBL Mariner 1.0
cm1 golang 1.16.14-1 on CBL Mariner 1.0
cbl2 golang 1.18.8-3 on CBL Mariner 2.0
cm1 python-twisted 20.3.0-2 on CBL Mariner 1.0
cm1 vim 8.2.4281-1 on CBL Mariner 1.0
azl3 rpm-ostree 2022.1-7 on Azure Linux 3.0
azl3 librsvg2 2.58.1-1 on Azure Linux 3.0
azl3 rust crossbeam_utils-0.8.7 on Azure Linux 3.0
azl3 node-problem-detector 0.8.15-1 on Azure Linux 3.0
azl3 multus 4.0.2-1 on Azure Linux 3.0
azl3 prometheus-process-exporter 0.8.2-1 on Azure Linux 3.0
azl3 application-gateway-kubernetes-ingress 1.7.2-2 on Azure Linux 3.0
azl3 unzip 6.0-22 on Azure Linux 3.0
cm1 polkit 0.116-6 on CBL Mariner 1.0
cm1 zsh 5.8.1-1 on CBL Mariner 1.0
cbl2 zsh 5.9-1 on CBL Mariner 2.0
cm1 mariadb 10.3.32-1 on CBL Mariner 1.0
cbl2 wireshark 3.4.14-1 on CBL Mariner 2.0
cbl2 usbredir 0.12.0-1 on CBL Mariner 2.0
cbl2 qt5-qtbase 5.12.11-14 on CBL Mariner 2.0
cbl2 php on CBL Mariner 2.0
azl3 rust 1.75.0-14 on Azure Linux 3.0
azl3 rust 1.86.0-1 on Azure Linux 3.0
azl3 python-tensorboard 2.11.0-3 on Azure Linux 3.0
azl3 golang 1.24.3-1 on Azure Linux 3.0
cbl2 application-gateway-kubernetes-ingress 1.4.0-25 on CBL Mariner 2.0
cbl2 qt5-qtbase 5.12.11-15 on CBL Mariner 2.0
azl3 librsvg2 2.50.3-4 on Azure Linux 3.0
cbl2 cri-o 1.22.3-14 on CBL Mariner 2.0
cbl2 moby-buildx 0.7.1-24 on CBL Mariner 2.0
cbl2 moby-cli 20.10.27-5 on CBL Mariner 2.0
cbl2 libcontainers-common 20210626-7 on CBL Mariner 2.0
cbl2 kube-vip-cloud-provider 0.0.2-22 on CBL Mariner 2.0
cbl2 rook 1.6.2-26 on CBL Mariner 2.0
azl3 keda 2.4.0-15 on Azure Linux 3.0
cbl2 moby-engine 20.10.27-4 on CBL Mariner 2.0
azl3 multus 3.8-13 on Azure Linux 3.0
azl3 prometheus-process-exporter 0.7.10-15 on Azure Linux 3.0
cbl2 local-path-provisioner 0.0.21-18 on CBL Mariner 2.0
cbl2 nmi 1.8.7-15 on CBL Mariner 2.0
cbl2 node-problem-detector 0.8.10-20 on CBL Mariner 2.0
cbl2 prometheus-node-exporter 1.3.1-26 on CBL Mariner 2.0
cbl2 prometheus-process-exporter 0.7.10-21 on CBL Mariner 2.0
azl3 node-problem-detector 0.8.10-18 on Azure Linux 3.0
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-3773
Exposure of Sensitive Information to an Unauthorized Actor
17936-16820
17936-16820
Critical
17936-16820
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17936-16820
CBL-Mariner Releases
17936-16820
No
Security Update
5.10.189.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17936-16820
CBL-Mariner Releases
1.0
2025-10-01T23:11:11
<p>Information published.</p>
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2022-0185
Integer Underflow (Wrap or Wraparound)
18790-16820
18781-16823
18790-16820
18781-16823
Important
18790-16820
Important
18781-16823
8.4
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18790-16820
8.4
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18781-16823
CBL-Mariner Releases
18790-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18790-16820
CBL-Mariner Releases
CBL-Mariner Releases
18781-16823
No
Security Update
5.15.26.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18781-16823
CBL-Mariner Releases
1.0
2022-02-23T00:00:00
<p>Information published.</p>
An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7 bytes and the user cannot control what is read. This flaw affects the Linux kernel versions prior to 5.17-rc1.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2022-0382
Missing Initialization of Resource
18780-16820
18781-16823
18780-16820
18781-16823
Moderate
18780-16820
Moderate
18781-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
18780-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
18781-16823
CBL-Mariner Releases
18780-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18780-16820
CBL-Mariner Releases
CBL-Mariner Releases
18781-16823
No
Security Update
5.15.26.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18781-16823
CBL-Mariner Releases
1.0
2022-02-23T00:00:00
<p>Information published.</p>
A flaw was found in Python specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1 3.9.5 3.8.11 3.7.11 and 3.6.14.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2022-0391
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
18794-16820
18795-16820
18794-16820
18795-16820
Important
18794-16820
Important
18795-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
18794-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
18795-16820
CBL-Mariner Releases
18794-16820
No
Security Update
3.7.10-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18794-16820
CBL-Mariner Releases
CBL-Mariner Releases
18795-16820
No
Security Update
2.7.18-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18795-16820
CBL-Mariner Releases
1.0
2022-02-18T00:00:00
<p>Information published.</p>
Conversion of a wide string to a local string that leads to a heap of out-of-bound write
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Red Hat, Inc.
Yes
CVE-2022-0529
Out-of-bounds Write
18791-16820
18792-16823
18793-17084
18861-17084
18791-16820
18792-16823
18793-17084
18861-17084
Moderate
18791-16820
Moderate
18792-16823
Moderate
18793-17084
18861-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18791-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18792-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18793-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18861-17084
CBL-Mariner Releases
18791-16820
No
Security Update
6.0-19
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18791-16820
CBL-Mariner Releases
CBL-Mariner Releases
18792-16823
18793-17084
18861-17084
No
Security Update
6.0-21
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18792-16823
18793-17084
18861-17084
CBL-Mariner Releases
1.0
2024-11-27T00:00:00
<p>Information published.</p>
Conversion of a wide string to a local string that leads to a heap of out-of-bound write
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Red Hat, Inc.
Yes
CVE-2022-0530
18861-17084
18791-16820
18792-16823
18793-17084
18861-17084
18791-16820
18792-16823
18793-17084
18861-17084
Moderate
18791-16820
Moderate
18792-16823
Moderate
18793-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18861-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18791-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18792-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18793-17084
CBL-Mariner Releases
18861-17084
18792-16823
18793-17084
No
Security Update
6.0-21
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18861-17084
18792-16823
18793-17084
CBL-Mariner Releases
CBL-Mariner Releases
18791-16820
No
Security Update
6.0-19
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18791-16820
CBL-Mariner Releases
1.0
2024-11-27T00:00:00
<p>Information published.</p>
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources a fix is available with commit 561599c.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitLab
Yes
CVE-2022-0562
NULL Pointer Dereference
18769-16820
18728-16823
18769-16820
18728-16823
Moderate
18769-16820
Moderate
18728-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18769-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18728-16823
CBL-Mariner Releases
18769-16820
No
Security Update
4.1.0-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18769-16820
CBL-Mariner Releases
CBL-Mariner Releases
18728-16823
No
Security Update
4.3.0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18728-16823
CBL-Mariner Releases
1.0
2022-02-18T00:00:00
<p>Information published.</p>
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2022-0563
Generation of Error Message Containing Sensitive Information
18778-16820
18779-16823
18778-16820
18779-16823
Moderate
18778-16820
Moderate
18779-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
18778-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
18779-16823
CBL-Mariner Releases
18778-16820
No
Security Update
2.32.1-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18778-16820
CBL-Mariner Releases
CBL-Mariner Releases
18779-16823
No
Security Update
2.37.4-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18779-16823
CBL-Mariner Releases
1.0
2022-03-08T00:00:00
<p>Information published.</p>
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitLab
Yes
CVE-2022-0582
NULL Pointer Dereference
19467-16823
19467-16823
Critical
19467-16823
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19467-16823
CBL-Mariner Releases
19467-16823
No
Security Update
3.4.14-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19467-16823
CBL-Mariner Releases
1.0
2022-02-23T00:00:00
<p>Information published.</p>
Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitLab
Yes
CVE-2022-0583
Out-of-bounds Write
19467-16823
19467-16823
Important
19467-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19467-16823
CBL-Mariner Releases
19467-16823
No
Security Update
3.4.14-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19467-16823
CBL-Mariner Releases
1.0
2022-02-24T00:00:00
<p>Information published.</p>
A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2022-0617
NULL Pointer Dereference
18780-16820
18781-16823
18780-16820
18781-16823
Moderate
18780-16820
Moderate
18781-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18780-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18781-16823
CBL-Mariner Releases
18780-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18780-16820
CBL-Mariner Releases
CBL-Mariner Releases
18781-16823
No
Security Update
5.15.26.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18781-16823
CBL-Mariner Releases
1.0
2022-03-04T00:00:00
<p>Information published.</p>
Stack-based Buffer Overflow in vim/vim
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
@huntrdev
Yes
CVE-2022-0629
Stack-based Buffer Overflow
18758-16823
18758-16823
Important
18758-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18758-16823
CBL-Mariner Releases
18758-16823
No
Security Update
8.2.4743-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18758-16823
CBL-Mariner Releases
1.0
2022-02-26T00:00:00
<p>Information published.</p>
Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter which could be "__proto__". The prototype pollution has very limited control in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9 >= 14.18.3 >= 16.13.2 and >= 17.3.1 use a null protoype for the object these properties are being assigned to.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
hackerone
Yes
CVE-2022-21824
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
18774-16820
18775-16823
18774-16820
18775-16823
Important
18774-16820
Important
18775-16823
8.2
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
18774-16820
8.2
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
18775-16823
CBL-Mariner Releases
18774-16820
No
Security Update
14.18.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18774-16820
CBL-Mariner Releases
CBL-Mariner Releases
18775-16823
No
Security Update
16.14.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18775-16823
CBL-Mariner Releases
1.0
2022-03-09T00:00:00
<p>Information published.</p>
Improper Restriction of Operations within the Bounds of a Memory Buffer and Race Condition in crossbeam-utils
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2022-23639
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
18469-17084
18815-17084
19671-17084
18818-17084
17811-17084
18817-17084
19743-17084
19686-17084
18469-17084
18815-17084
19671-17084
18818-17084
17811-17084
18817-17084
19743-17084
19686-17084
18469-17084
18815-17084
19671-17084
Important
18818-17084
Important
17811-17084
Important
18817-17084
19743-17084
19686-17084
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
18469-17084
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
18815-17084
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
19671-17084
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
18818-17084
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
17811-17084
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
18817-17084
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
19743-17084
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
19686-17084
CBL-Mariner Releases
18815-17084
17811-17084
No
Security Update
2024.4-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18815-17084
17811-17084
CBL-Mariner Releases
CBL-Mariner Releases
19671-17084
19686-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19671-17084
19686-17084
CBL-Mariner Releases
CBL-Mariner Releases
18818-17084
No
Security Update
crossbeam_utils-0.8.7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18818-17084
CBL-Mariner Releases
CBL-Mariner Releases
18817-17084
19743-17084
No
Security Update
2.58.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18817-17084
19743-17084
CBL-Mariner Releases
1.0
2024-06-30T07:00:00
<p>Information published.</p>
1.1
2024-08-29T00:00:00
<p>Information published.</p>
1.2
2024-08-30T00:00:00
<p>Information published.</p>
1.3
2024-08-31T00:00:00
<p>Information published.</p>
1.4
2024-09-01T00:00:00
<p>Information published.</p>
1.5
2024-09-02T00:00:00
<p>Information published.</p>
1.6
2024-09-03T00:00:00
<p>Information published.</p>
1.7
2024-09-05T00:00:00
<p>Information published.</p>
1.8
2024-09-06T00:00:00
<p>Information published.</p>
1.9
2024-09-07T00:00:00
<p>Information published.</p>
2.0
2024-09-08T00:00:00
<p>Information published.</p>
2.1
2024-09-11T00:00:00
<p>Information published.</p>
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-23772
Integer Overflow or Wraparound
19696-17084
18796-16820
18772-16823
19696-17084
18796-16820
18772-16823
Important
19696-17084
Important
18796-16820
Important
18772-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19696-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18796-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18772-16823
CBL-Mariner Releases
19696-17084
No
Security Update
2.16.2-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19696-17084
CBL-Mariner Releases
CBL-Mariner Releases
18796-16820
No
Security Update
1.16.14-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18796-16820
CBL-Mariner Releases
CBL-Mariner Releases
18772-16823
No
Security Update
1.17.8-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18772-16823
CBL-Mariner Releases
2.2
2026-02-18T02:07:40
<p>Information published.</p>
1.0
2022-02-17T00:00:00
<p>Information published.</p>
1.1
2024-08-29T00:00:00
<p>Information published.</p>
1.2
2024-08-30T00:00:00
<p>Information published.</p>
1.3
2024-08-31T00:00:00
<p>Information published.</p>
1.4
2024-09-01T00:00:00
<p>Information published.</p>
1.5
2024-09-02T00:00:00
<p>Information published.</p>
1.6
2024-09-03T00:00:00
<p>Information published.</p>
1.7
2024-09-05T00:00:00
<p>Information published.</p>
1.8
2024-09-06T00:00:00
<p>Information published.</p>
1.9
2024-09-07T00:00:00
<p>Information published.</p>
2.0
2024-09-08T00:00:00
<p>Information published.</p>
2.1
2024-09-11T00:00:00
<p>Information published.</p>
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-23773
Interpretation Conflict
18796-16820
18772-16823
18796-16820
18772-16823
Important
18796-16820
Important
18772-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
18796-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
18772-16823
CBL-Mariner Releases
18796-16820
No
Security Update
1.16.14-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18796-16820
CBL-Mariner Releases
CBL-Mariner Releases
18772-16823
No
Security Update
1.17.8-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18772-16823
CBL-Mariner Releases
1.0
2022-02-17T00:00:00
<p>Information published.</p>
1.1
2024-08-29T00:00:00
<p>Information published.</p>
1.2
2024-08-30T00:00:00
<p>Information published.</p>
1.3
2024-08-31T00:00:00
<p>Information published.</p>
1.4
2024-09-01T00:00:00
<p>Information published.</p>
1.5
2024-09-02T00:00:00
<p>Information published.</p>
1.6
2024-09-03T00:00:00
<p>Information published.</p>
1.7
2024-09-05T00:00:00
<p>Information published.</p>
1.8
2024-09-06T00:00:00
<p>Information published.</p>
1.9
2024-09-07T00:00:00
<p>Information published.</p>
2.0
2024-09-08T00:00:00
<p>Information published.</p>
2.1
2024-09-11T00:00:00
<p>Information published.</p>
MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
zdi
Yes
CVE-2022-24050
Use After Free
18785-16820
18786-16823
18785-16820
18786-16823
Important
18785-16820
Important
18786-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18785-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18786-16823
CBL-Mariner Releases
18785-16820
No
Security Update
10.3.34-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18785-16820
CBL-Mariner Releases
CBL-Mariner Releases
18786-16823
No
Security Update
10.6.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18786-16823
CBL-Mariner Releases
1.0
2022-03-01T00:00:00
<p>Information published.</p>
MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
zdi
Yes
CVE-2022-24051
Use of Externally-Controlled Format String
18785-16820
18786-16823
18785-16820
18786-16823
Important
18785-16820
Important
18786-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18785-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18786-16823
CBL-Mariner Releases
18785-16820
No
Security Update
10.3.34-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18785-16820
CBL-Mariner Releases
CBL-Mariner Releases
18786-16823
No
Security Update
10.6.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18786-16823
CBL-Mariner Releases
1.0
2022-03-01T00:00:00
<p>Information published.</p>
An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag and tries to open a regular file nfs_atomic_open() performs a regular lookup. If a regular file is found ENOTDIR should occur but the server instead returns uninitialized data in the file descriptor.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-24448
Improper Handling of Exceptional Conditions
18780-16820
18781-16823
18780-16820
18781-16823
Low
18780-16820
Low
18781-16823
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
18780-16820
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
18781-16823
CBL-Mariner Releases
18780-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18780-16820
CBL-Mariner Releases
CBL-Mariner Releases
18781-16823
No
Security Update
5.15.26.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18781-16823
CBL-Mariner Releases
1.0
2022-02-10T00:00:00
<p>Information published.</p>
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-24958
Release of Invalid Pointer or Reference
18780-16820
18476-16823
18780-16820
18476-16823
Important
18780-16820
Important
18476-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18780-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18476-16823
CBL-Mariner Releases
18780-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18780-16820
CBL-Mariner Releases
CBL-Mariner Releases
18476-16823
No
Security Update
5.15.32.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18476-16823
CBL-Mariner Releases
1.0
2022-02-18T00:00:00
<p>Information published.</p>
An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-24959
Missing Release of Memory after Effective Lifetime
18780-16820
18781-16823
18780-16820
18781-16823
Moderate
18780-16820
Moderate
18781-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18780-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18781-16823
CBL-Mariner Releases
18780-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18780-16820
CBL-Mariner Releases
CBL-Mariner Releases
18781-16823
No
Security Update
5.15.26.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18781-16823
CBL-Mariner Releases
1.0
2022-02-18T00:00:00
<p>Information published.</p>
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX QProcess could execute a binary from the current working directory when not found in the PATH.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-25255
19494-16823
19737-17086
19494-16823
19737-17086
Important
19494-16823
19737-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19494-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19737-17086
CBL-Mariner Releases
19494-16823
19737-17086
No
Security Update
5.12.11-14
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19494-16823
19737-17086
CBL-Mariner Releases
1.0
2024-10-25T00:00:00
<p>Information published.</p>
An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-25258
NULL Pointer Dereference
18780-16820
18781-16823
18780-16820
18781-16823
Moderate
18780-16820
Moderate
18781-16823
4.6
4.6
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18780-16820
4.6
4.6
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18781-16823
CBL-Mariner Releases
18780-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18780-16820
CBL-Mariner Releases
CBL-Mariner Releases
18781-16823
No
Security Update
5.15.26.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18781-16823
CBL-Mariner Releases
1.0
2022-03-01T00:00:00
<p>Information published.</p>
In Expat (aka libexpat) before 2.4.5 there is an integer overflow in copyString.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-25314
Integer Overflow or Wraparound
18787-16820
18788-16823
18787-16820
18788-16823
Important
18787-16820
Important
18788-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18787-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18788-16823
CBL-Mariner Releases
18787-16820
No
Security Update
2.4.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18787-16820
CBL-Mariner Releases
CBL-Mariner Releases
18788-16823
No
Security Update
2.4.8-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18788-16823
CBL-Mariner Releases
1.0
2022-02-25T00:00:00
<p>Information published.</p>
In Expat (aka libexpat) before 2.4.5 there is an integer overflow in storeRawNames.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-25315
Integer Overflow or Wraparound
18787-16820
18788-16823
18787-16820
18788-16823
Critical
18787-16820
Critical
18788-16823
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18787-16820
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18788-16823
CBL-Mariner Releases
18787-16820
No
Security Update
2.4.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18787-16820
CBL-Mariner Releases
CBL-Mariner Releases
18788-16823
No
Security Update
2.4.8-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18788-16823
CBL-Mariner Releases
1.0
2022-02-25T00:00:00
<p>Information published.</p>
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-25375
Improper Validation of Specified Quantity in Input
18780-16820
18781-16823
18780-16820
18781-16823
Moderate
18780-16820
Moderate
18781-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
18780-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
18781-16823
CBL-Mariner Releases
18780-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18780-16820
CBL-Mariner Releases
CBL-Mariner Releases
18781-16823
No
Security Update
5.15.26.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18781-16823
CBL-Mariner Releases
1.0
2022-03-01T00:00:00
<p>Information published.</p>
A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-20320
Exposure of Sensitive Information to an Unauthorized Actor
18780-16820
18780-16820
Moderate
18780-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
18780-16820
CBL-Mariner Releases
18780-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18780-16820
CBL-Mariner Releases
1.0
2022-03-04T00:00:00
<p>Information published.</p>
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity because software that relies on UDP source port randomization are indirectly affected as well.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-20322
Use of Insufficiently Random Values
18780-16820
18780-16820
Important
18780-16820
7.4
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
18780-16820
CBL-Mariner Releases
18780-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18780-16820
CBL-Mariner Releases
1.0
2022-03-01T00:00:00
<p>Information published.</p>
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory resulting in a denial of service. The highest threat from this vulnerability is to system availability.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-3607
Integer Overflow or Wraparound
18756-16820
18756-16820
Moderate
18756-16820
6.0
6.0
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
18756-16820
CBL-Mariner Releases
18756-16820
No
Security Update
4.2.0-38
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18756-16820
CBL-Mariner Releases
1.0
2022-03-05T00:00:00
<p>Information published.</p>
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-3608
Access of Uninitialized Pointer
18756-16820
18756-16820
Moderate
18756-16820
6.0
6.0
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
18756-16820
CBL-Mariner Releases
18756-16820
No
Security Update
4.2.0-38
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18756-16820
CBL-Mariner Releases
1.0
2022-03-05T00:00:00
<p>Information published.</p>
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-3700
Use After Free
19472-16823
19472-16823
Moderate
19472-16823
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
19472-16823
CBL-Mariner Releases
19472-16823
No
Security Update
0.12.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19472-16823
CBL-Mariner Releases
1.0
2022-03-05T00:00:00
<p>Information published.</p>
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality integrity as well as system availability.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-3752
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
18780-16820
18780-16820
Important
18780-16820
7.1
7.1
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
18780-16820
CBL-Mariner Releases
18780-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18780-16820
CBL-Mariner Releases
1.0
2022-03-01T00:00:00
<p>Information published.</p>
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU resulting in a denial of service condition.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-3930
Off-by-one Error
18756-16820
18757-16823
18756-16820
18757-16823
Moderate
18756-16820
Moderate
18757-16823
6.5
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
18756-16820
6.5
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
18757-16823
CBL-Mariner Releases
18756-16820
No
Security Update
4.2.0-38
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18756-16820
CBL-Mariner Releases
CBL-Mariner Releases
18757-16823
No
Security Update
6.2.0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18757-16823
CBL-Mariner Releases
1.0
2023-03-10T00:00:00
<p>Information published.</p>
An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw a local attacker with user privilege may gain access to out-of-bounds memory leading to a system integrity and confidentiality threat.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-4090
Out-of-bounds Write
18780-16820
18781-16823
18780-16820
18781-16823
Important
18780-16820
Important
18781-16823
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
18780-16820
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
18781-16823
CBL-Mariner Releases
18780-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18780-16820
CBL-Mariner Releases
CBL-Mariner Releases
18781-16823
No
Security Update
5.15.26.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18781-16823
CBL-Mariner Releases
1.0
2022-03-01T00:00:00
<p>Information published.</p>
A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-4093
Out-of-bounds Read
18780-16820
18780-16820
Important
18780-16820
8.8
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
18780-16820
CBL-Mariner Releases
18780-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18780-16820
CBL-Mariner Releases
1.0
2022-03-01T00:00:00
<p>Information published.</p>
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-44141
Improper Link Resolution Before File Access ('Link Following')
16864-17084
16864-17084
Moderate
16864-17084
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
16864-17084
CBL-Mariner Releases
16864-17084
No
Security Update
4.18.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16864-17084
CBL-Mariner Releases
1.0
2024-10-15T00:00:00
<p>Information published.</p>
Node.js < 12.22.9 < 14.18.3 < 16.13.2 and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
hackerone
Yes
CVE-2021-44532
Improper Certificate Validation
18774-16820
18775-16823
18774-16820
18775-16823
Moderate
18774-16820
Moderate
18775-16823
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
18774-16820
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
18775-16823
CBL-Mariner Releases
18774-16820
No
Security Update
14.18.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18774-16820
CBL-Mariner Releases
CBL-Mariner Releases
18775-16823
No
Security Update
16.14.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18775-16823
CBL-Mariner Releases
1.0
2022-03-05T00:00:00
<p>Information published.</p>
Node.js < 12.22.9 < 14.18.3 < 16.13.2 and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name for example in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
hackerone
Yes
CVE-2021-44533
Improper Certificate Validation
18774-16820
18775-16823
18774-16820
18775-16823
Moderate
18774-16820
Moderate
18775-16823
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
18774-16820
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
18775-16823
CBL-Mariner Releases
18774-16820
No
Security Update
14.18.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18774-16820
CBL-Mariner Releases
CBL-Mariner Releases
18775-16823
No
Security Update
16.14.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18775-16823
CBL-Mariner Releases
1.0
2022-03-05T00:00:00
<p>Information published.</p>
In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3 special files are not considered leading to a move_data_page NULL pointer dereference.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-44879
NULL Pointer Dereference
18454-16820
18781-16823
18454-16820
18781-16823
Moderate
18454-16820
Moderate
18781-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18454-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18781-16823
CBL-Mariner Releases
18454-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18454-16820
CBL-Mariner Releases
CBL-Mariner Releases
18781-16823
No
Security Update
5.15.26.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18781-16823
CBL-Mariner Releases
1.0
2022-02-23T00:00:00
<p>Information published.</p>
The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction which allows local users to obtain potentially sensitive address information aka a "pointer leak."
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-45402
Exposure of Resource to Wrong Sphere
18780-16820
18781-16823
18780-16820
18781-16823
Moderate
18780-16820
Moderate
18781-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
18780-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
18781-16823
CBL-Mariner Releases
18780-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18780-16820
CBL-Mariner Releases
CBL-Mariner Releases
18781-16823
No
Security Update
5.15.26.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18781-16823
CBL-Mariner Releases
1.0
2022-02-24T00:00:00
<p>Information published.</p>
MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-46661
18785-16820
18786-16823
18785-16820
18786-16823
Moderate
18785-16820
Moderate
18786-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18785-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18786-16823
CBL-Mariner Releases
18785-16820
No
Security Update
10.3.34-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18785-16820
CBL-Mariner Releases
CBL-Mariner Releases
18786-16823
No
Security Update
10.6.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18786-16823
CBL-Mariner Releases
1.0
2022-02-04T00:00:00
<p>Information published.</p>
MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-46663
18785-16820
18786-16823
18785-16820
18786-16823
Moderate
18785-16820
Moderate
18786-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18785-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18786-16823
CBL-Mariner Releases
18785-16820
No
Security Update
10.3.34-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18785-16820
CBL-Mariner Releases
CBL-Mariner Releases
18786-16823
No
Security Update
10.6.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18786-16823
CBL-Mariner Releases
1.0
2022-02-04T00:00:00
<p>Information published.</p>
MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-46664
NULL Pointer Dereference
18785-16820
18786-16823
18785-16820
18786-16823
Moderate
18785-16820
Moderate
18786-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18785-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18786-16823
CBL-Mariner Releases
18785-16820
No
Security Update
10.3.34-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18785-16820
CBL-Mariner Releases
CBL-Mariner Releases
18786-16823
No
Security Update
10.6.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18786-16823
CBL-Mariner Releases
1.0
2022-02-04T00:00:00
<p>Information published.</p>
MariaDB before 10.6.5 has a sql_lex.cc integer overflow leading to an application crash.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-46667
Integer Overflow or Wraparound
18905-16820
18786-16823
18905-16820
18786-16823
Moderate
18905-16820
Moderate
18786-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18905-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18786-16823
CBL-Mariner Releases
18905-16820
No
Security Update
10.3.32-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18905-16820
CBL-Mariner Releases
CBL-Mariner Releases
18786-16823
No
Security Update
10.6.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18786-16823
CBL-Mariner Releases
1.0
2022-02-04T00:00:00
<p>Information published.</p>
MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-46668
Uncontrolled Resource Consumption
18785-16820
18786-16823
18785-16820
18786-16823
Moderate
18785-16820
Moderate
18786-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18785-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18786-16823
CBL-Mariner Releases
18785-16820
No
Security Update
10.3.34-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18785-16820
CBL-Mariner Releases
CBL-Mariner Releases
18786-16823
No
Security Update
10.6.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18786-16823
CBL-Mariner Releases
1.0
2022-02-04T00:00:00
<p>Information published.</p>
A flaw was found in the way Samba as an Active Directory Domain Controller implemented Kerberos name-based authentication. The Samba AD DC could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2020-25719
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
16863-16823
16864-17084
16863-16823
16864-17084
Important
16863-16823
Important
16864-17084
7.2
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
16863-16823
7.2
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
16864-17084
CBL-Mariner Releases
16863-16823
No
Security Update
4.12.5-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16863-16823
CBL-Mariner Releases
CBL-Mariner Releases
16864-17084
No
Security Update
4.18.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16864-17084
CBL-Mariner Releases
1.0
2024-10-15T00:00:00
<p>Information published.</p>
Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2020-25722
Incorrect Authorization
16863-16823
16864-17084
16863-16823
16864-17084
Important
16863-16823
Important
16864-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
16863-16823
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
16864-17084
CBL-Mariner Releases
16863-16823
No
Security Update
4.12.5-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16863-16823
CBL-Mariner Releases
CBL-Mariner Releases
16864-17084
No
Security Update
4.18.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16864-17084
CBL-Mariner Releases
1.0
2024-10-15T00:00:00
<p>Information published.</p>
An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running an unprivileged user could make USBGuard allow all USB devices to be connected in the future.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2019-25058
Incorrect Authorization
17057-16823
17057-16823
Important
17057-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17057-16823
CBL-Mariner Releases
17057-16823
No
Security Update
1.1.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17057-16823
CBL-Mariner Releases
1.0
2022-03-04T00:00:00
<p>Information published.</p>
UAF due to php_filter_float() failing
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
php
Yes
CVE-2021-21708
Use After Free
19641-16823
19641-16823
Critical
19641-16823
8.2
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
19641-16823
CBL-Mariner Releases
19641-16823
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19641-16823
CBL-Mariner Releases
1.0
2025-10-01T23:11:08
<p>Information published.</p>
A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. This flaws affects kernel versions < v5.16-rc6
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2022-0264
Improper Handling of Exceptional Conditions
18780-16820
18781-16823
18780-16820
18781-16823
Moderate
18780-16820
Moderate
18781-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
18780-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
18781-16823
CBL-Mariner Releases
18780-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18780-16820
CBL-Mariner Releases
CBL-Mariner Releases
18781-16823
No
Security Update
5.15.26.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18781-16823
CBL-Mariner Releases
1.0
2022-02-11T00:00:00
<p>Information published.</p>
Heap-based Buffer Overflow in vim/vim
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
@huntrdev
Yes
CVE-2022-0417
Heap-based Buffer Overflow
18799-16820
18758-16823
18799-16820
18758-16823
Important
18799-16820
Important
18758-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18799-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18758-16823
CBL-Mariner Releases
18799-16820
No
Security Update
8.2.4281-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18799-16820
CBL-Mariner Releases
CBL-Mariner Releases
18758-16823
No
Security Update
8.2.4743-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18758-16823
CBL-Mariner Releases
1.0
2022-02-05T00:00:00
<p>Information published.</p>
Use After Free in vim/vim
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
@huntrdev
Yes
CVE-2022-0443
Use After Free
18799-16820
18758-16823
18799-16820
18758-16823
Important
18799-16820
Important
18758-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18799-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18758-16823
CBL-Mariner Releases
18799-16820
No
Security Update
8.2.4281-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18799-16820
CBL-Mariner Releases
CBL-Mariner Releases
18758-16823
No
Security Update
8.2.4743-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18758-16823
CBL-Mariner Releases
1.0
2022-02-05T00:00:00
<p>Information published.</p>
A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2022-0487
Use After Free
18790-16820
18790-16820
Moderate
18790-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
18790-16820
CBL-Mariner Releases
18790-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18790-16820
CBL-Mariner Releases
1.0
2022-02-10T00:00:00
<p>Information published.</p>
Use of Out-of-range Pointer Offset in vim/vim
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
@huntrdev
Yes
CVE-2022-0554
Use of Out-of-range Pointer Offset
18789-16820
18758-16823
18789-16820
18758-16823
Important
18789-16820
Important
18758-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18789-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18758-16823
CBL-Mariner Releases
18789-16820
No
Security Update
8.2.4432-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18789-16820
CBL-Mariner Releases
CBL-Mariner Releases
18758-16823
No
Security Update
8.2.4743-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18758-16823
CBL-Mariner Releases
1.0
2022-02-19T00:00:00
<p>Information published.</p>
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources the fix is available with commit eecb0712.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitLab
Yes
CVE-2022-0561
NULL Pointer Dereference
18769-16820
18728-16823
18769-16820
18728-16823
Moderate
18769-16820
Moderate
18728-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18769-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18728-16823
CBL-Mariner Releases
18769-16820
No
Security Update
4.1.0-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18769-16820
CBL-Mariner Releases
CBL-Mariner Releases
18728-16823
No
Security Update
4.3.0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18728-16823
CBL-Mariner Releases
1.0
2022-02-18T00:00:00
<p>Information published.</p>
Heap-based Buffer Overflow in vim/vim
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
@huntrdev
Yes
CVE-2022-0572
Out-of-bounds Write
18789-16820
18758-16823
18789-16820
18758-16823
Important
18789-16820
Important
18758-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18789-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18758-16823
CBL-Mariner Releases
18789-16820
No
Security Update
8.2.4432-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18789-16820
CBL-Mariner Releases
CBL-Mariner Releases
18758-16823
No
Security Update
8.2.4743-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18758-16823
CBL-Mariner Releases
1.0
2022-02-23T00:00:00
<p>Information published.</p>
Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitLab
Yes
CVE-2022-0581
Use After Free
19467-16823
19467-16823
Important
19467-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19467-16823
CBL-Mariner Releases
19467-16823
No
Security Update
3.4.14-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19467-16823
CBL-Mariner Releases
1.0
2022-02-24T00:00:00
<p>Information published.</p>
Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitLab
Yes
CVE-2022-0585
Excessive Iteration
19467-16823
19467-16823
Moderate
19467-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
19467-16823
CBL-Mariner Releases
19467-16823
No
Security Update
3.4.14-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19467-16823
CBL-Mariner Releases
1.0
2022-02-25T00:00:00
<p>Information published.</p>
Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitLab
Yes
CVE-2022-0586
Loop with Unreachable Exit Condition ('Infinite Loop')
19467-16823
19467-16823
Important
19467-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19467-16823
CBL-Mariner Releases
19467-16823
No
Security Update
3.4.14-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19467-16823
CBL-Mariner Releases
1.0
2022-02-24T00:00:00
<p>Information published.</p>
Use of Out-of-range Pointer Offset in vim/vim
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
@huntrdev
Yes
CVE-2022-0685
Use of Out-of-range Pointer Offset
18758-16823
18758-16823
Important
18758-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18758-16823
CBL-Mariner Releases
18758-16823
No
Security Update
8.2.4743-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18758-16823
CBL-Mariner Releases
1.0
2022-03-01T00:00:00
<p>Information published.</p>
NULL Pointer Dereference in vim/vim
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
@huntrdev
Yes
CVE-2022-0696
NULL Pointer Dereference
18758-16823
18758-16823
Moderate
18758-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18758-16823
CBL-Mariner Releases
18758-16823
No
Security Update
8.2.4743-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18758-16823
CBL-Mariner Releases
1.0
2022-03-02T00:00:00
<p>Information published.</p>
Heap-based Buffer Overflow in vim/vim
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
@huntrdev
Yes
CVE-2022-0714
Heap-based Buffer Overflow
18784-16820
18758-16823
18784-16820
18758-16823
Moderate
18784-16820
Moderate
18758-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18784-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18758-16823
CBL-Mariner Releases
18784-16820
No
Security Update
8.2.4495-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18784-16820
CBL-Mariner Releases
CBL-Mariner Releases
18758-16823
No
Security Update
8.2.4743-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18758-16823
CBL-Mariner Releases
1.0
2022-03-02T00:00:00
<p>Information published.</p>
Use of Out-of-range Pointer Offset in vim/vim
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
@huntrdev
Yes
CVE-2022-0729
Use of Out-of-range Pointer Offset
18784-16820
18758-16823
18784-16820
18758-16823
Important
18784-16820
Important
18758-16823
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18784-16820
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18758-16823
CBL-Mariner Releases
18784-16820
No
Security Update
8.2.4495-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18784-16820
CBL-Mariner Releases
CBL-Mariner Releases
18758-16823
No
Security Update
8.2.4743-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18758-16823
CBL-Mariner Releases
1.0
2022-03-02T00:00:00
<p>Information published.</p>
Uncontrolled Resource Consumption in promhttp
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2022-21698
Allocation of Resources Without Limits or Throttling
18829-17084
18822-17084
18823-17084
17814-17084
17761-17084
18837-17084
19713-17086
19792-17086
19784-17086
19790-17086
20017-17086
20297-17086
20301-17086
17515-17084
17197-17086
17447-17086
19840-17086
20293-17086
20299-17086
20300-17086
19854-17086
19877-17084
17964-17084
20086-17084
20307-17084
20089-17084
19777-17086
18829-17084
18822-17084
18823-17084
17814-17084
17761-17084
18837-17084
19713-17086
19792-17086
19784-17086
19790-17086
20017-17086
20297-17086
20301-17086
17515-17084
17197-17086
17447-17086
19840-17086
20293-17086
20299-17086
20300-17086
19854-17086
19877-17084
17964-17084
20086-17084
20307-17084
20089-17084
19777-17086
Important
18829-17084
Important
18822-17084
Important
18823-17084
Important
17814-17084
Important
17761-17084
Important
18837-17084
19713-17086
Important
19792-17086
Important
19784-17086
Important
19790-17086
20017-17086
Important
20297-17086
Important
20301-17086
Important
17515-17084
Important
17197-17086
Important
17447-17086
Important
19840-17086
Important
20293-17086
Important
20299-17086
Important
20300-17086
Important
19854-17086
Important
19877-17084
Important
17964-17084
Important
20086-17084
Important
20307-17084
Important
20089-17084
Important
19777-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18829-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18822-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18823-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17814-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17761-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18837-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19713-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19792-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19784-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19790-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20017-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20297-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20301-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17515-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17197-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17447-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19840-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20293-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20299-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20300-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19854-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19877-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17964-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20086-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20307-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20089-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19777-17086
CBL-Mariner Releases
18829-17084
20089-17084
No
Security Update
0.8.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18829-17084
20089-17084
CBL-Mariner Releases
CBL-Mariner Releases
18822-17084
20307-17084
No
Security Update
0.8.15-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18822-17084
20307-17084
CBL-Mariner Releases
CBL-Mariner Releases
18823-17084
20086-17084
No
Security Update
4.0.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18823-17084
20086-17084
CBL-Mariner Releases
CBL-Mariner Releases
17814-17084
17964-17084
No
Security Update
25.0.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17814-17084
17964-17084
CBL-Mariner Releases
CBL-Mariner Releases
17761-17084
19877-17084
No
Security Update
2.14.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17761-17084
19877-17084
CBL-Mariner Releases
CBL-Mariner Releases
18837-17084
17515-17084
No
Security Update
1.7.2-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18837-17084
17515-17084
CBL-Mariner Releases
CBL-Mariner Releases
19713-17086
17197-17086
No
Security Update
1.4.0-17
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19713-17086
17197-17086
CBL-Mariner Releases
CBL-Mariner Releases
19784-17086
No
Security Update
0.7.1-16
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19784-17086
CBL-Mariner Releases
CBL-Mariner Releases
19790-17086
No
Security Update
20.10.27-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19790-17086
CBL-Mariner Releases
CBL-Mariner Releases
20017-17086
17447-17086
No
Security Update
20.10.27-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20017-17086
17447-17086
CBL-Mariner Releases
CBL-Mariner Releases
20297-17086
No
Security Update
1.8.11-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20297-17086
CBL-Mariner Releases
CBL-Mariner Releases
20301-17086
No
Security Update
0.7.10-18
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20301-17086
CBL-Mariner Releases
CBL-Mariner Releases
19840-17086
No
Security Update
0.0.2-14
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19840-17086
CBL-Mariner Releases
CBL-Mariner Releases
20293-17086
No
Security Update
0.0.21-14
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20293-17086
CBL-Mariner Releases
CBL-Mariner Releases
20299-17086
No
Security Update
0.8.10-19
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20299-17086
CBL-Mariner Releases
CBL-Mariner Releases
20300-17086
No
Security Update
1.3.1-23
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20300-17086
CBL-Mariner Releases
CBL-Mariner Releases
19854-17086
No
Security Update
1.6.2-18
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19854-17086
CBL-Mariner Releases
CBL-Mariner Releases
19777-17086
No
Security Update
1.21.7-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19777-17086
CBL-Mariner Releases
3.0
2026-02-18T03:19:01
<p>Information published.</p>
1.0
2023-11-08T00:00:00
<p>Information published.</p>
1.1
2024-01-24T00:00:00
<p>Added application-gateway-kubernetes-ingress to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added local-path-provisioner to CBL-Mariner 2.0
Added moby-buildx to CBL-Mariner 2.0</p>
1.2
2024-04-11T00:00:00
<p>Added cri-o to CBL-Mariner 2.0</p>
1.3
2024-06-30T07:00:00
<p>Information published.</p>
1.4
2024-08-29T00:00:00
<p>Information published.</p>
1.5
2024-08-30T00:00:00
<p>Information published.</p>
1.6
2024-08-31T00:00:00
<p>Information published.</p>
1.7
2024-09-01T00:00:00
<p>Information published.</p>
1.8
2024-09-02T00:00:00
<p>Information published.</p>
1.9
2024-09-03T00:00:00
<p>Information published.</p>
2.0
2024-09-05T00:00:00
<p>Information published.</p>
2.1
2024-09-06T00:00:00
<p>Information published.</p>
2.2
2024-09-07T00:00:00
<p>Information published.</p>
2.3
2024-09-08T00:00:00
<p>Information published.</p>
2.4
2024-09-11T00:00:00
<p>Information published.</p>
Cookie and header exposure in twisted
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2022-21712
Exposure of Sensitive Information to an Unauthorized Actor
18798-16820
17004-16823
18798-16820
17004-16823
Important
18798-16820
Important
17004-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
18798-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
17004-16823
CBL-Mariner Releases
18798-16820
No
Security Update
20.3.0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18798-16820
CBL-Mariner Releases
CBL-Mariner Releases
17004-16823
No
Security Update
22.2.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17004-16823
CBL-Mariner Releases
1.0
2022-02-15T00:00:00
<p>Information published.</p>
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-23308
Use After Free
18776-16820
18777-16823
18776-16820
18777-16823
Important
18776-16820
Important
18777-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18776-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18777-16823
CBL-Mariner Releases
18776-16820
18777-16823
No
Security Update
2.9.13-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18776-16820
18777-16823
CBL-Mariner Releases
1.0
2022-03-09T00:00:00
<p>Information published.</p>
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-23806
Unchecked Return Value
19697-17084
18796-16820
18797-16823
17021-17084
19696-17084
19697-17084
18796-16820
18797-16823
17021-17084
19696-17084
Critical
19697-17084
Critical
18796-16820
Critical
18797-16823
Critical
17021-17084
Critical
19696-17084
9.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
19697-17084
9.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
18796-16820
9.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
18797-16823
9.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
17021-17084
9.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
19696-17084
CBL-Mariner Releases
18796-16820
No
Security Update
1.16.14-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18796-16820
CBL-Mariner Releases
CBL-Mariner Releases
18797-16823
No
Security Update
1.18.8-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18797-16823
CBL-Mariner Releases
CBL-Mariner Releases
17021-17084
19696-17084
No
Security Update
2.16.2-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17021-17084
19696-17084
CBL-Mariner Releases
1.0
2022-02-18T00:00:00
<p>Information published.</p>
1.1
2024-08-29T00:00:00
<p>Information published.</p>
1.2
2024-08-30T00:00:00
<p>Information published.</p>
1.3
2024-08-31T00:00:00
<p>Information published.</p>
1.4
2024-09-01T00:00:00
<p>Information published.</p>
1.5
2024-09-02T00:00:00
<p>Information published.</p>
1.6
2024-09-03T00:00:00
<p>Information published.</p>
1.7
2024-09-05T00:00:00
<p>Information published.</p>
1.8
2024-09-06T00:00:00
<p>Information published.</p>
1.9
2024-09-07T00:00:00
<p>Information published.</p>
2.0
2024-09-08T00:00:00
<p>Information published.</p>
2.1
2024-09-11T00:00:00
<p>Information published.</p>
2.2
2026-02-18T01:06:11
<p>Information published.</p>
MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
zdi
Yes
CVE-2022-24048
Stack-based Buffer Overflow
18785-16820
18786-16823
18785-16820
18786-16823
Important
18785-16820
Important
18786-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18785-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18786-16823
CBL-Mariner Releases
18785-16820
No
Security Update
10.3.34-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18785-16820
CBL-Mariner Releases
CBL-Mariner Releases
18786-16823
No
Security Update
10.6.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18786-16823
CBL-Mariner Releases
1.0
2022-03-01T00:00:00
<p>Information published.</p>
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
zdi
Yes
CVE-2022-24052
Heap-based Buffer Overflow
18785-16820
18786-16823
18785-16820
18786-16823
Important
18785-16820
Important
18786-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18785-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18786-16823
CBL-Mariner Releases
18785-16820
No
Security Update
10.3.34-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18785-16820
CBL-Mariner Releases
CBL-Mariner Releases
18786-16823
No
Security Update
10.6.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18786-16823
CBL-Mariner Releases
1.0
2022-03-01T00:00:00
<p>Information published.</p>
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28 plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-24407
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
18782-16820
18783-16823
18782-16820
18783-16823
Important
18782-16820
Important
18783-16823
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18782-16820
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18783-16823
CBL-Mariner Releases
18782-16820
18783-16823
No
Security Update
2.1.28-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18782-16820
18783-16823
CBL-Mariner Releases
1.0
2022-03-04T00:00:00
<p>Information published.</p>
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding such as checks for whether a UTF-8 character is valid in a certain context.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-25235
Improper Encoding or Escaping of Output
18469-17084
18787-16820
18788-16823
18469-17084
18787-16820
18788-16823
18469-17084
Critical
18787-16820
Critical
18788-16823
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18469-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18787-16820
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18788-16823
CBL-Mariner Releases
18787-16820
No
Security Update
2.4.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18787-16820
CBL-Mariner Releases
CBL-Mariner Releases
18788-16823
No
Security Update
2.4.8-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18788-16823
CBL-Mariner Releases
1.0
2022-02-24T00:00:00
<p>Information published.</p>
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-25236
Exposure of Resource to Wrong Sphere
18787-16820
18788-16823
18787-16820
18788-16823
Critical
18787-16820
Critical
18788-16823
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18787-16820
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18788-16823
CBL-Mariner Releases
18787-16820
No
Security Update
2.4.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18787-16820
CBL-Mariner Releases
CBL-Mariner Releases
18788-16823
No
Security Update
2.4.8-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18788-16823
CBL-Mariner Releases
1.0
2022-02-24T00:00:00
<p>Information published.</p>
In the Linux kernel through 5.16.10 certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g. with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-25265
Improper Control of Dynamically-Managed Code Resources
18780-16820
18781-16823
18780-16820
18781-16823
Important
18780-16820
Important
18781-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18780-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18781-16823
CBL-Mariner Releases
18780-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18780-16820
CBL-Mariner Releases
CBL-Mariner Releases
18781-16823
No
Security Update
5.15.26.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18781-16823
CBL-Mariner Releases
1.0
2022-02-26T00:00:00
<p>Information published.</p>
In Expat (aka libexpat) before 2.4.5 an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-25313
Uncontrolled Recursion
18787-16820
18788-16823
18787-16820
18788-16823
Moderate
18787-16820
Moderate
18788-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18787-16820
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18788-16823
CBL-Mariner Releases
18787-16820
No
Security Update
2.4.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18787-16820
CBL-Mariner Releases
CBL-Mariner Releases
18788-16823
No
Security Update
2.4.8-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18788-16823
CBL-Mariner Releases
1.0
2022-02-25T00:00:00
<p>Information published.</p>
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-20321
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
18780-16820
18780-16820
Moderate
18780-16820
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
18780-16820
CBL-Mariner Releases
18780-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18780-16820
CBL-Mariner Releases
1.0
2022-03-04T00:00:00
<p>Information published.</p>
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to for example create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-3560
Improper Check for Unusual or Exceptional Conditions
18898-16820
18898-16820
Important
18898-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18898-16820
CBL-Mariner Releases
18898-16820
No
Security Update
0.116-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18898-16820
CBL-Mariner Releases
1.0
2022-03-01T00:00:00
<p>Information published.</p>
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-3753
Out-of-bounds Read
18780-16820
18780-16820
Moderate
18780-16820
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
18780-16820
CBL-Mariner Releases
18780-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18780-16820
CBL-Mariner Releases
1.0
2022-03-01T00:00:00
<p>Information published.</p>
A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-3947
Out-of-bounds Read
18756-16820
18757-16823
18756-16820
18757-16823
Moderate
18756-16820
Moderate
18757-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
18756-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
18757-16823
CBL-Mariner Releases
18756-16820
No
Security Update
4.2.0-38
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18756-16820
CBL-Mariner Releases
CBL-Mariner Releases
18757-16823
No
Security Update
6.2.0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18757-16823
CBL-Mariner Releases
1.0
2023-03-10T00:00:00
<p>Information published.</p>
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-4154
Use After Free
18790-16820
18790-16820
Important
18790-16820
8.8
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
18790-16820
CBL-Mariner Releases
18790-16820
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18790-16820
CBL-Mariner Releases
1.0
2022-02-10T00:00:00
<p>Information published.</p>
The Samba vfs_fruit module uses extended file attributes (EA xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd typically root.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2021-44142
Out-of-bounds Read
16864-17084
16864-17084
Important
16864-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
16864-17084
CBL-Mariner Releases
16864-17084
No
Security Update
4.18.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16864-17084
CBL-Mariner Releases
1.0
2024-10-15T00:00:00
<p>Information published.</p>
Accepting arbitrary Subject Alternative Name (SAN) types unless a PKI is specifically defined to use a particular SAN type can result in bypassing name-constrained intermediates. Node.js < 12.22.9 < 14.18.3 < 16.13.2 and < 17.3.1 was accepting URI SAN types which PKIs are often not defined to use. Additionally when a protocol allows URI SANs Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
hackerone
Yes
CVE-2021-44531
Improper Certificate Validation
18774-16820
18775-16823
18774-16820
18775-16823
Important
18774-16820
Important
18775-16823
7.4
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
18774-16820
7.4
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
18775-16823
CBL-Mariner Releases
18774-16820
No
Security Update
14.18.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18774-16820
CBL-Mariner Releases
CBL-Mariner Releases
18775-16823
No
Security Update
16.14.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18775-16823
CBL-Mariner Releases
1.0
2022-03-08T00:00:00
<p>Information published.</p>
In zsh before 5.8.1 an attacker can achieve code execution if they control a command output inside the prompt as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-45444
18899-16820
18900-16823
18899-16820
18900-16823
Important
18899-16820
Important
18900-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18899-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18900-16823
CBL-Mariner Releases
18899-16820
No
Security Update
5.8.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18899-16820
CBL-Mariner Releases
CBL-Mariner Releases
18900-16823
No
Security Update
5.9-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18900-16823
CBL-Mariner Releases
1.0
2022-02-23T00:00:00
<p>Information published.</p>
MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-46662
18785-16820
18786-16823
18785-16820
18786-16823
Moderate
18785-16820
Moderate
18786-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18785-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18786-16823
CBL-Mariner Releases
18785-16820
No
Security Update
10.3.34-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18785-16820
CBL-Mariner Releases
CBL-Mariner Releases
18786-16823
No
Security Update
10.6.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18786-16823
CBL-Mariner Releases
1.0
2022-02-04T00:00:00
<p>Information published.</p>
MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-46665
18785-16820
18786-16823
18785-16820
18786-16823
Moderate
18785-16820
Moderate
18786-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18785-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18786-16823
CBL-Mariner Releases
18785-16820
No
Security Update
10.3.34-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18785-16820
CBL-Mariner Releases
CBL-Mariner Releases
18786-16823
No
Security Update
10.6.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18786-16823
CBL-Mariner Releases
1.0
2022-02-04T00:00:00
<p>Information published.</p>
MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-46666
Reachable Assertion
18905-16820
18786-16823
18905-16820
18786-16823
Moderate
18905-16820
Moderate
18786-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18905-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18786-16823
CBL-Mariner Releases
18905-16820
No
Security Update
10.3.32-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18905-16820
CBL-Mariner Releases
CBL-Mariner Releases
18786-16823
No
Security Update
10.6.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18786-16823
CBL-Mariner Releases
1.0
2022-02-04T00:00:00
<p>Information published.</p>
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-46669
Use After Free
18704-16820
18786-16823
18704-16820
18786-16823
Important
18704-16820
Important
18786-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18704-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18786-16823
CBL-Mariner Releases
18704-16820
No
Security Update
10.3.35-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18704-16820
CBL-Mariner Releases
CBL-Mariner Releases
18786-16823
No
Security Update
10.6.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18786-16823
CBL-Mariner Releases
1.0
2022-02-04T00:00:00
<p>Information published.</p>
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2020-25717
Improper Input Validation
16863-16823
16864-17084
16863-16823
16864-17084
Important
16863-16823
Important
16864-17084
8.1
8.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
16863-16823
8.1
8.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
16864-17084
CBL-Mariner Releases
16863-16823
No
Security Update
4.12.5-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16863-16823
CBL-Mariner Releases
CBL-Mariner Releases
16864-17084
No
Security Update
4.18.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16864-17084
CBL-Mariner Releases
1.0
2024-10-15T00:00:00
<p>Information published.</p>
A flaw was found in the way samba as an Active Directory Domain Controller is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2020-25718
Missing Authorization
16863-16823
16864-17084
16863-16823
16864-17084
Important
16863-16823
Important
16864-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
16863-16823
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
16864-17084
CBL-Mariner Releases
16863-16823
No
Security Update
4.12.5-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16863-16823
CBL-Mariner Releases
CBL-Mariner Releases
16864-17084
No
Security Update
4.18.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16864-17084
CBL-Mariner Releases
1.0
2024-10-15T00:00:00
<p>Information published.</p>
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2016-2124
Improper Authentication
16864-17084
16863-16823
16864-16817
16864-17084
16863-16823
16864-16817
Moderate
16864-17084
Moderate
16863-16823
Moderate
16864-16817
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
16864-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
16863-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
16864-16817
CBL-Mariner Releases
16864-17084
16864-16817
No
Security Update
4.18.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16864-17084
16864-16817
CBL-Mariner Releases
CBL-Mariner Releases
16863-16823
No
Security Update
4.12.5-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16863-16823
CBL-Mariner Releases
1.0
2024-10-15T00:00:00
<p>Information published.</p>
Windows Runtime Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
Windows Remote Procedure Call Runtime
Microsoft
Yes
CVE-2022-21971
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11923
11924
11801
11802
11803
11926
11927
11929
11930
11931
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11712
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11896
Remote Code Execution
11897
Remote Code Execution
11898
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11803
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11923
Important
11924
Important
11801
Important
11802
Important
11803
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
5010351
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010351
5009557
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2565
5010351
https://support.microsoft.com/help/5010351
11568
11569
11570
11571
11572
5010345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010345
5009545
11712
11713
11714
Yes
Security Update
10.0.18363.2094
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11896
11897
11898
Yes
Security Update
10.0.19043.1526
5010342
https://support.microsoft.com/help/5010342
11896
11897
11898
11801
11802
11803
11929
11930
11931
5010354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010354
5009555
11923
11924
Yes
Security Update
10.0.20348.524
5010354
https://support.microsoft.com/help/5010354
11923
11924
5010456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.525
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11801
11802
11803
Yes
Security Update
10.0.19042.1526
5010386
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010386
5009566
11926
11927
Yes
Security Update
10.0.22000.493
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11929
11930
11931
Yes
Security Update
10.0.19044.1526
Anonymous
<a href="https://twitter.com/jq0904">Jinquan(@jq0904)</a> with <a href="https://www.dbappsecurity.com.cn/product/cloud250.html">DBAPPSecurity Lieying Lab</a>
<a href="https://twitter.com/wh1tc">Zesen Ye (@wh1tc)</a> and <a href="https://twitter.com/edwardzpeng">Zhiniang Peng (@edwardzpeng)</a> with <a href="https://www.sangfor.com/en">Sangfor</a>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Roaming Security Rights Management Services Remote Code Execution Vulnerability
<p><strong>According to the CVSS score, the Attack Vector is Local. Why does the CVE title indicate that this is a Remote Code Execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution/"ACE". The attack itself is carried out locally.</p>
<p>An example scenario for a When the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, that describes an exploit that an attacker, through social engineering, convinces a victim, for example, to go to a download and locally run a malicious file from a website or attached to an email which leads to a local attack on their computer.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
Roaming Security Rights Management Services
Microsoft
Yes
CVE-2022-21974
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11923
11924
11801
11802
11803
11926
11927
11929
11930
11931
10852
10853
10816
10855
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11712
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11896
Remote Code Execution
11897
Remote Code Execution
11898
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11803
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11923
Important
11924
Important
11801
Important
11802
Important
11803
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5010351
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010351
5009557
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2565
5010351
https://support.microsoft.com/help/5010351
11568
11569
11570
11571
11572
5010345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010345
5009545
11712
11713
11714
Yes
Security Update
10.0.18363.2094
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11896
11897
11898
Yes
Security Update
10.0.19043.1526
5010342
https://support.microsoft.com/help/5010342
11896
11897
11898
11801
11802
11803
11929
11930
11931
5010354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010354
5009555
11923
11924
Yes
Security Update
10.0.20348.524
5010354
https://support.microsoft.com/help/5010354
11923
11924
5010456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.525
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11801
11802
11803
Yes
Security Update
10.0.19042.1526
5010386
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010386
5009566
11926
11927
Yes
Security Update
10.0.22000.493
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11929
11930
11931
Yes
Security Update
10.0.19044.1526
5010359
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010359
5009546
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4946
5010359
https://support.microsoft.com/help/5010359
10852
10853
10816
10855
<a href="https://twitter.com/wh1tc">Zesen Ye (@wh1tc)</a> and <a href="https://twitter.com/edwardzpeng">Zhiniang Peng (@edwardzpeng)</a> with <a href="https://www.sangfor.com/en">Sangfor</a>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
HEVC Video Extensions Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>What is the difference between HEVC Video Extension and HEVC Video Extensions?</strong></p>
<p>HEVC Video Extension is available to consumers and HEVC Video Extensions is used by device OEMs.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>An attacker could exploit the vulnerability by convincing a victim to download and open a specially crafted file, which could lead to a crash.</p>
<p><strong>How do I get the updated app?</strong></p>
<p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p>
<p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p>
<p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. VLSC customers can visit the Volume Licensing Servicing Center to get the update <a href="https://www.microsoft.com/Licensing/servicecenter/">https://www.microsoft.com/Licensing/servicecenter/</a>.</p>
<p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p>
<p><strong>How can I check if the update is installed?</strong></p>
<p>If your device manufacturer preinstalled this app, package versions <strong>1.0.43421.0</strong> and later contain this update.</p>
<p>If you purchased this app from the Microsoft Store, package versions <strong>1.0.41532.0</strong> and later contain this update.</p>
<p>You can check the package version in PowerShell:</p>
<p><code>Get-AppxPackage -Name Microsoft.HEVCVideoExtension*</code></p>
Microsoft Windows Codecs Library
Microsoft
Yes
CVE-2022-21844
12010
11808
Remote Code Execution
12010
Remote Code Execution
11808
Important
12010
Important
11808
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12010
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11808
VLSC
12010
Maybe
Security Update
1.0.43421.0
Description
11808
Maybe
Security Update
1.0.43422.0
Dhanesh Kizhakkinan with Mandiant
1.0
2022-02-08T08:00:00
<p>Information published.</p>
HEVC Video Extensions Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>What is the difference between HEVC Video Extension and HEVC Video Extensions?</strong></p>
<p>HEVC Video Extension is available to consumers and HEVC Video Extensions is used by device OEMs.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>An attacker could exploit the vulnerability by convincing a victim to download and open a specially crafted file, which could lead to a crash.</p>
<p><strong>How do I get the updated app?</strong></p>
<p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p>
<p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p>
<p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. VLSC customers can visit the Volume Licensing Servicing Center to get the update <a href="https://www.microsoft.com/Licensing/servicecenter/">https://www.microsoft.com/Licensing/servicecenter/</a>.</p>
<p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p>
<p><strong>How can I check if the update is installed?</strong></p>
<p>If your device manufacturer preinstalled this app, package versions <strong>1.0.43421.0</strong> and later contain this update.</p>
<p>If you purchased this app from the Microsoft Store, package versions <strong>1.0.41532.0</strong> and later contain this update.</p>
<p>You can check the package version in PowerShell:</p>
<p><code>Get-AppxPackage -Name Microsoft.HEVCVideoExtension*</code></p>
Microsoft Windows Codecs Library
Microsoft
Yes
CVE-2022-21926
12010
11808
Remote Code Execution
12010
Remote Code Execution
11808
Important
12010
Important
11808
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12010
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11808
VLSC
12010
Maybe
Security Update
1.0.43421.0
Description
11808
Maybe
Security Update
1.0.43422.0
Dhanesh Kizhakkinan with Mandiant
1.0
2022-02-08T08:00:00
<p>Information published.</p>
HEVC Video Extensions Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>What is the difference between HEVC Video Extension and HEVC Video Extensions?</strong></p>
<p>HEVC Video Extension is available to consumers and HEVC Video Extensions is used by device OEMs.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>An attacker could exploit the vulnerability by convincing a victim to download and open a specially crafted file, which could lead to a crash.</p>
<p><strong>How do I get the updated app?</strong></p>
<p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p>
<p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p>
<p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. VLSC customers can visit the Volume Licensing Servicing Center to get the update <a href="https://www.microsoft.com/Licensing/servicecenter/">https://www.microsoft.com/Licensing/servicecenter/</a>.</p>
<p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p>
<p><strong>How can I check if the update is installed?</strong></p>
<p>If your device manufacturer preinstalled this app, package versions <strong>1.0.43421.0</strong> and later contain this update.</p>
<p>If you purchased this app from the Microsoft Store, package versions <strong>1.0.41532.0</strong> and later contain this update.</p>
<p>You can check the package version in PowerShell:</p>
<p><code>Get-AppxPackage -Name Microsoft.HEVCVideoExtension*</code></p>
Microsoft Windows Codecs Library
Microsoft
Yes
CVE-2022-21927
12010
11808
Remote Code Execution
12010
Remote Code Execution
11808
Important
12010
Important
11808
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;Older Software Release:Exploitation Unlikely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12010
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11808
VLSC
12010
Maybe
Security Update
1.0.43421.0
Description
11808
Maybe
Security Update
1.0.43422.0
Dhanesh Kizhakkinan with Mandiant
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
<p><strong>Are the updates for the Microsoft Dynamics 365 (on-premises) versions listed in this vulnerability currently available?</strong></p>
<p>The security update for Microsoft Dynamics 365 (on-premises) version 9.0 and Microsoft Dynamics 365 (on-premises) version 9.1 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p>
Microsoft Dynamics
Microsoft
Yes
CVE-2022-21957
11664
11921
Remote Code Execution
11664
Remote Code Execution
11921
Important
11664
Important
11921
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.2
6.3
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11664
7.2
6.3
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11921
5012732
https://www.microsoft.com/en-us/download/details.aspx?id=104010
11664
Maybe
Security Update
9.0.37.2
5012731
https://www.microsoft.com/en-us/download/details.aspx?id=104009
11921
Maybe
Security Update
9.1.9.8
<a href="https://www.linkedin.com/in/fabian-schmidt-42-/">Fabian Schmidt</a>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
1.1
2022-03-08T08:00:00
<p>Added FAQ to explain that the security updates for Microsoft Dynamics 365 (on-premises) version 8.2 and Microsoft Dynamics 365 (on-premises) version 9.1 are not immediately available, and that customers will be notified via a revision to the CVE when the updates are available.</p>
2.0
2022-03-23T07:00:00
<p>The following revisions have been made to the Security Updates table: 1) Microsoft is announcing the availability of the security updates for Microsoft Dynamics 365 (on-premises) version 9.0 and Microsoft Dynamics 365 (on-premises) version 9.1. Customers running these versions of Microsoft Dynamics 365 (on-premises) should install the update for their product to be protected from this vulnerability. See the Security Updates table for Download and Article links. 2) Removed Microsoft Dynamics 365 (on-premises) version 8.2 as it is not affected by this vulnerability.</p>
Microsoft Teams Denial of Service Vulnerability
<p><strong>How do I get the update for Teams for Android?</strong></p>
<ol>
<li>Tap the <strong>Google Play</strong> icon on your home screen.</li>
<li>Swipe in from the left edge of the screen.</li>
<li>Tap <strong>My apps & games</strong>.</li>
<li>Tap the Update box next to the <strong>Teams app</strong>.</li>
</ol>
<p><strong>Is there a direct link on the web?</strong></p>
<p>Yes: <a href="https://play.google.com/store/apps/details?id=com.microsoft.teams">https://play.google.com/store/apps/details?id=com.microsoft.teams</a></p>
<p><strong>How do I get the update for Microsoft Teams for iOS?</strong></p>
<ol>
<li>Tap the <strong>Settings</strong> icon</li>
<li>Tap the** iTunes & App Store**</li>
<li>Turn on AUTOMATIC DOWNLOADS for Apps</li>
</ol>
<p><strong>Alternatively</strong></p>
<ol>
<li>Tap the** App Store** icon</li>
<li>Scroll down to find Microsoft Teams</li>
<li>Tap the <strong>Update</strong> button</li>
</ol>
<p><strong>How can I find out what version of Teams I am running?</strong></p>
<ol>
<li>Click on the User Avatar at the top right of the Teams Windows.</li>
<li>Click on <strong>About</strong>, then <strong>Version</strong>.</li>
<li>The version will be displayed in the banner below the Search bar.</li>
</ol>
<p><strong>Where do I get the latest version of Teams?</strong></p>
<p>The latest version of Microsoft Teams can be downloaded at <a href="https://teams.microsoft.com/download">https://teams.microsoft.com/download</a>.</p>
Microsoft Teams
Microsoft
Yes
CVE-2022-21965
11858
12007
12008
Denial of Service
11858
Denial of Service
12007
Denial of Service
12008
Important
11858
Important
12007
Important
12008
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11858
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12007
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12008
Release Notes
https://apps.apple.com/us/app/microsoft-teams/id1113153706
11858
Maybe
Security Update
2.5.0
Release Notes
https://play.google.com/store/apps/details?id=com.microsoft.teams
12007
Maybe
Security Update
1416/1.0.0.2021040701
Release Notes
https://docs.microsoft.com/en-us/microsoftteams/teams-client-update
12008
Yes
Security Update
Frank Cozijnsen of the KPN REDteam
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Windows Common Log File System Driver Denial of Service Vulnerability
Windows Common Log File System Driver
Microsoft
Yes
CVE-2022-22710
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11923
11924
11801
11802
11803
11926
11927
11929
11930
11931
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11570
Denial of Service
11571
Denial of Service
11572
Denial of Service
11712
Denial of Service
11713
Denial of Service
11714
Denial of Service
11896
Denial of Service
11897
Denial of Service
11898
Denial of Service
11923
Denial of Service
11924
Denial of Service
11801
Denial of Service
11802
Denial of Service
11803
Denial of Service
11926
Denial of Service
11927
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
10047
Denial of Service
10048
Denial of Service
10481
Denial of Service
10482
Denial of Service
10484
Denial of Service
9312
Denial of Service
10287
Denial of Service
9318
Denial of Service
9344
Denial of Service
10051
Denial of Service
10049
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11923
Important
11924
Important
11801
Important
11802
Important
11803
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11570
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11712
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11713
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11714
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11896
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11897
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11898
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11801
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11802
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11803
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11926
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11927
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10047
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10048
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10481
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10482
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10484
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9312
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10287
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9318
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9344
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10051
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10049
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5010351
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010351
5009557
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2565
5010351
https://support.microsoft.com/help/5010351
11568
11569
11570
11571
11572
5010345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010345
5009545
11712
11713
11714
Yes
Security Update
10.0.18363.2094
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11896
11897
11898
Yes
Security Update
10.0.19043.1526
5010342
https://support.microsoft.com/help/5010342
11896
11897
11898
11801
11802
11803
11929
11930
11931
5010354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010354
5009555
11923
11924
Yes
Security Update
10.0.20348.524
5010354
https://support.microsoft.com/help/5010354
11923
11924
5010456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.525
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11801
11802
11803
Yes
Security Update
10.0.19042.1526
5010386
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010386
5009566
11926
11927
Yes
Security Update
10.0.22000.493
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11929
11930
11931
Yes
Security Update
10.0.19044.1526
5010358
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010358
5009585
10729
10735
Yes
Security Update
10.0.10240.19204
5010359
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010359
5009546
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4946
5010359
https://support.microsoft.com/help/5010359
10852
10853
10816
10855
5010404
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010404
5009610
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.25860
5010404
https://support.microsoft.com/help/5010404
10047
10048
10051
10049
5010422
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010422
10047
10048
10051
10049
Yes
Security Only
6.1.7601.25860
5010422
https://support.microsoft.com/help/5010422
10047
10048
10051
10049
5010419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010419
5009624
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20269
5010419
https://support.microsoft.com/help/5010419
10481
10482
10484
10483
10543
5010395
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010395
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20269
5010395
https://support.microsoft.com/help/5010395
10481
10482
10483
10543
5010419
5009624
10484
Yes
Monthly Rollup
6.3.9600.20269
5010384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010384
5009627
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21374
5010384
https://support.microsoft.com/help/5010384
9312
10287
9318
9344
5010403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010403
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21372
5010403
https://support.microsoft.com/help/5010403
9312
10287
9318
9344
5010392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010392
5009586
10378
10379
Yes
Monthly Rollup
6.2.9200.23605
5010392
https://support.microsoft.com/help/5010392
10378
10379
5010412
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010412
10378
10379
Yes
Security Only
6.2.9200.23605
5010412
https://support.microsoft.com/help/5010412
10378
10379
RyeLv(@b2ahex) of Tencent
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Windows Hyper-V Denial of Service Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host.</p>
Role: Windows Hyper-V
Microsoft
Yes
CVE-2022-22712
11569
11571
11572
11713
11896
11923
11924
11803
11926
11931
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11713
Denial of Service
11896
Denial of Service
11923
Denial of Service
11924
Denial of Service
11803
Denial of Service
11926
Denial of Service
11931
Important
11569
Important
11571
Important
11572
Important
11713
Important
11896
Important
11923
Important
11924
Important
11803
Important
11926
Important
11931
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.6
4.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
5.6
4.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
5.6
4.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
5.6
4.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11713
5.6
4.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11896
5.6
4.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
5.6
4.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
5.6
4.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11803
5.6
4.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11926
5.6
4.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
5010351
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010351
5009557
11569
11571
11572
Yes
Security Update
10.0.17763.2565
5010351
https://support.microsoft.com/help/5010351
11569
11571
11572
5010345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010345
5009545
11713
Yes
Security Update
10.0.18363.2094
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11896
Yes
Security Update
10.0.19043.1526
5010342
https://support.microsoft.com/help/5010342
11896
11803
11931
5010354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010354
5009555
11923
11924
Yes
Security Update
10.0.20348.524
5010354
https://support.microsoft.com/help/5010354
11923
11924
5010456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.525
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11803
Yes
Security Update
10.0.19042.1526
5010386
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010386
5009566
11926
Yes
Security Update
10.0.22000.493
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11931
Yes
Security Update
10.0.19044.1526
<a href="https://twitter.com/rezer0dai">rezer0dai</a> with Tutti Frutti
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Microsoft SharePoint Server Spoofing Vulnerability
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of the vulnerability requires that a target be lured to and make use of a specially crafted functionality on a SharePoint page created by the attacker.</p>
<p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to use the intended functionality.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>The attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability.</p>
<p><strong>What is the nature of the spoofing?</strong></p>
<p>An authenticated attacker could manipulate a SharePoint page they control to trick targeted users into sending attacker-controlled requests to the server under the permissions context of the target.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2022-21987
10950
11099
11585
11961
Spoofing
10950
Spoofing
11099
Spoofing
11585
Spoofing
11961
Important
10950
Important
11099
Important
11585
Important
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11099
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
5002136
https://www.microsoft.com/download/details.aspx?familyid=977f2baf-941b-423a-bc79-8383a844310a
5002113
10950
Security Update
16.0.5278.1000
5002120
https://www.microsoft.com/download/details.aspx?familyid=931bc018-8f42-4e39-ae81-ebdb7e4180f3
5002008
11099
Security Update
15.0.5423.1000
5002135
https://www.microsoft.com/download/details.aspx?familyid=9062c391-efc6-40d0-b679-e7a31d2bb294
5002109
11585
Security Update
16.0.10383.20001
5002135
https://support.microsoft.com/kb/5002135
11585
5002145
https://www.microsoft.com/download/details.aspx?familyid=e66ce694-33fb-41c6-ac72-535d3d6c579d
5002111
11961
Maybe
Security Update
16.0.14326.20742
malacupa
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Microsoft Office Visio Remote Code Execution Vulnerability
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>A user needs to be tricked into running malicious files.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
Microsoft Office Visio
Microsoft
Yes
CVE-2022-21988
11573
11574
11762
11763
11952
11953
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11952
Remote Code Execution
11953
Important
11573
Important
11574
Important
11762
Important
11763
Important
11952
Important
11953
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
Click to Run
11573
11574
11762
11763
11952
11953
No
Security Update
https://aka.ms/OfficeSecurityReleases
kdot working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Microsoft Power BI Information Disclosure Vulnerability
<p><strong>What actions do I need to take to be protected from this vulnerability?</strong></p>
<p>The main update will be automatically pushed to all affected products and services.</p>
<p>We recommend that customers update PowerBI Client JS SDK to version 2.19.1.
The package can be downloaded from <a href="https://www.npmjs.com/package/powerbi-client">NPM</a> or <a href="https://www.nuget.org/packages/Microsoft.PowerBI.JavaScript/">NuGet Gallery</a>.</p>
<p><strong>How do I know if I am affected?</strong></p>
<p>Our team will contact customers that are affected by this vulnerability.</p>
<p>We recommend that affected customers save their Power Apps to ensure the fix takes effect as expected.</p>
Power BI
Microsoft
Yes
CVE-2022-23254
12011
Information Disclosure
12011
Important
12011
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
4.9
4.3
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12011
Release Notes
https://www.nuget.org/packages/Microsoft.PowerBI.JavaScript/
12011
Maybe
Security Update
2.19.1
1.0
2022-02-08T08:00:00
<p>Information published.</p>
1.1
2022-02-08T08:00:00
<p>Corrected the CVE title and description to address the vulnerability as Information Disclosure. In the Affected Products table, corrected the Impact to Information Disclosure. This is an informational change only.</p>
Microsoft Dynamics GP Spoofing Vulnerability
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An authenticated user would have to visit a specific URL that will create an action for a workflow.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires that an attacker has privileges to generate a workflow. Dynamics GP will send an email to the user based on the info registered.</p>
<p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p>
<p>Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker.</p>
Microsoft Dynamics GP
Microsoft
Yes
CVE-2022-23269
12005
Spoofing
12005
Important
12005
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.4
4.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
12005
Release Notes
https://mbs2.microsoft.com/fileexchange/?fileID=57a6b620-7f89-42cd-99f0-65a1cff920b8
12005
Maybe
Security Update
18.4.1434
Ha Anh Hoang with <a href="https://viettelcybersecurity.com/">Viettel Cyber Security</a>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
1.1
2022-02-25T08:00:00
<p>Updated one or more CVSS scores for the affected products and added an FAQ explaining the vector string settings. This is an informational change only.</p>
Microsoft Dynamics GP Elevation Of Privilege Vulnerability
Microsoft Dynamics GP
Microsoft
Yes
CVE-2022-23271
12005
Elevation of Privilege
12005
Important
12005
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12005
Release Notes
https://mbs2.microsoft.com/fileexchange/?fileID=57a6b620-7f89-42cd-99f0-65a1cff920b8
12005
Maybe
Security Update
18.4.1434
Ha Anh Hoang with <a href="https://viettelcybersecurity.com/">Viettel Cyber Security</a>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Microsoft Dynamics GP Elevation Of Privilege Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could send a specially crafted request to a vulnerable Dynamics site and overwrite database contents.</p>
Microsoft Dynamics GP
Microsoft
Yes
CVE-2022-23272
12005
Elevation of Privilege
12005
Important
12005
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12005
Release Notes
https://mbs2.microsoft.com/fileexchange/?fileID=57a6b620-7f89-42cd-99f0-65a1cff920b8
12005
Maybe
Security Update
18.4.1434
Ha Anh Hoang with <a href="https://viettelcybersecurity.com/">Viettel Cyber Security</a>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Microsoft Dynamics GP Elevation Of Privilege Vulnerability
Microsoft Dynamics GP
Microsoft
Yes
CVE-2022-23273
12005
Elevation of Privilege
12005
Important
12005
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.1
6.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C
12005
Release Notes
https://mbs2.microsoft.com/fileexchange/?fileID=57a6b620-7f89-42cd-99f0-65a1cff920b8
12005
Maybe
Security Update
18.4.1434
Ha Anh Hoang with <a href="https://viettelcybersecurity.com/">Viettel Cyber Security</a>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Microsoft Dynamics GP Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An authenticated user could send a specially crafted SQL request to a Dynamics GP Web Service and perform remote code execution.</p>
<p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of availability (A:H)? What does that mean for this vulnerability?</strong></p>
<p>An attacker could impact availability of the data by assuming control of the server through remote code execution.</p>
Microsoft Dynamics GP
Microsoft
Yes
CVE-2022-23274
12005
Remote Code Execution
12005
Important
12005
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12005
Release Notes
https://mbs2.microsoft.com/fileexchange/?fileID=57a6b620-7f89-42cd-99f0-65a1cff920b8
12005
Maybe
Security Update
18.4.1434
Ha Anh Hoang with <a href="https://viettelcybersecurity.com/">Viettel Cyber Security</a>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
1.1
2022-03-08T08:00:00
<p>Added an FAQ and updated the CVSS score. This is an informational change only.</p>
SQL Server for Linux Containers Elevation of Privilege Vulnerability
<p><strong>If I'm running SQL Server 2019 on premise, am I vulnerable to this CVE?</strong></p>
<p>This vulnerability only exists in the containerized version of SQL Server 2019 for Linux. If you are running that version, Microsoft recommends applying the update.</p>
SQL Server
Microsoft
Yes
CVE-2022-23276
12006
Elevation of Privilege
12006
Important
12006
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12006
5010657
https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-change-repo?view=sql-server-ver15&pivots=ld2-rhel
12006
Maybe
Security Update
15.0.2090.38
<a href="https://twitter.com/alon_z4">Alon Zahavi</a> and <a href="https://twitter.com/c_h4ck_0">Nir Chako</a> with <a href="https://labs.cyberark.com/">CyberArk Labs</a>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
1.1
2022-02-09T08:00:00
<p>Updated acknowledgment. This is an informational change only.</p>
Microsoft Edge (Chromium-based) Tampering Vulnerability
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.43</td>
<td>2/3/2022</td>
<td>98.0.4758.80</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2022-23261
11655
Tampering
11655
Moderate
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
98.0.1108.43
<a href="https://github.com/ylemkimon">Young Min Kim</a> with <a href="https://compsec.snu.ac.kr/">CompSec Lab at Seoul National University</a>
1.0
2022-02-03T08:00:00
<p>Information published.</p>
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.43</td>
<td>2/3/2022</td>
<td>98.0.4758.80</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2022-23262
11655
Elevation of Privilege
11655
Important
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
6.3
5.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
98.0.1108.43
<a href="https://www.daviderceg.com/">David Erceg</a>
1.0
2022-02-03T08:00:00
<p>Information published.</p>
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.43</td>
<td>2/3/2022</td>
<td>98.0.4758.80</td>
</tr>
</tbody>
</table>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>This vulnerability could lead to a browser sandbox escape.</p>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2022-23263
11655
Elevation of Privilege
11655
Important
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.7
6.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
98.0.1108.43
<a href="https://www.daviderceg.com/">David Erceg</a>
1.0
2022-02-03T08:00:00
<p>Information published.</p>
Microsoft Edge (Chromium-based) Spoofing Vulnerability
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.50</td>
<td>2/10/2022</td>
<td>98.0.4758.80</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2022-23264
11655
Spoofing
11655
Low
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
4.7
4.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C
11655
11655
No
Security Update
98.0.1108.50
<a href="https://www.instagram.com/zaid_ghiffarii/">MUHAMMAD ZAID GHIFARI</a> with <a href="https://borneosec.or.id/">KALIMMANTAN UTARA</a>
1.0
2022-02-10T08:00:00
<p>Information published.</p>
Chromium: CVE-2022-0603 Use after free in File Manager
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.55</td>
<td>2/15/2022</td>
<td>98.0.4758.102</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0603
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.55
1.0
2022-02-16T08:00:00
<p>Information published.</p>
Chromium: CVE-2022-0604 Heap buffer overflow in Tab Groups
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.55</td>
<td>2/15/2022</td>
<td>98.0.4758.102</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0604
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.55
1.0
2022-02-16T08:00:00
<p>Information published.</p>
Chromium: CVE-2022-0605 Use after free in Webstore API
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.55</td>
<td>2/15/2022</td>
<td>98.0.4758.102</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0605
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.55
1.0
2022-02-16T08:00:00
<p>Information published.</p>
Chromium: CVE-2022-0606 Use after free in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.55</td>
<td>2/15/2022</td>
<td>98.0.4758.102</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0606
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.55
1.0
2022-02-16T08:00:00
<p>Information published.</p>
Chromium: CVE-2022-0607 Use after free in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.55</td>
<td>2/15/2022</td>
<td>98.0.4758.102</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0607
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.55
1.0
2022-02-16T08:00:00
<p>Information published.</p>
Chromium: CVE-2022-0608 Integer overflow in Mojo
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.55</td>
<td>2/15/2022</td>
<td>98.0.4758.102</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0608
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.55
1.0
2022-02-16T08:00:00
<p>Information published.</p>
Chromium: CVE-2022-0609 Use after free in Animation
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information. Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.55</td>
<td>2/15/2022</td>
<td>98.0.4758.102</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0609
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.55
1.0
2022-02-16T08:00:00
<p>Information published.</p>
Chromium: CVE-2022-0610 Inappropriate implementation in Gamepad API
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.55</td>
<td>2/15/2022</td>
<td>98.0.4758.102</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0610
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.55
1.0
2022-02-16T08:00:00
<p>Information published.</p>
Microsoft SharePoint Server Security Feature Bypass Vulnerability
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>The attacker must have read access to the target site within SharePoint.</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>The attacker would be able to bypass the protection in SharePoint blocking the HTTP request based on IP range. If an attacker successfully exploited this vulnerability, they could validate the presence or absence of an HTTP endpoint within the blocked IP range.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2022-21968
10950
11585
11961
10612
Security Feature Bypass
10950
Security Feature Bypass
11585
Security Feature Bypass
11961
Security Feature Bypass
10612
Important
10950
Important
11585
Important
11961
Important
10612
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10950
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11585
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11961
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10612
5002136
https://www.microsoft.com/download/details.aspx?familyid=977f2baf-941b-423a-bc79-8383a844310a
5002113
10950
Security Update
16.0.5278.1000
5002135
https://www.microsoft.com/download/details.aspx?familyid=9062c391-efc6-40d0-b679-e7a31d2bb294
5002109
11585
Security Update
16.0.10383.20001
5002135
https://support.microsoft.com/kb/5002135
11585
5002145
https://www.microsoft.com/download/details.aspx?familyid=e66ce694-33fb-41c6-ac72-535d3d6c579d
5002111
11961
Maybe
Security Update
16.0.14326.20742
5002155
https://www.microsoft.com/download/details.aspx?familyid=7887bc43-5ade-4bfd-a7ba-46bef6736d9e
5002127
10612
Security Update
15.0.5423.1000
Steven Seeley (mr_me)
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Named Pipe File System Elevation of Privilege Vulnerability
Windows Named Pipe File System
Microsoft
Yes
CVE-2022-22715
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11923
11924
11801
11802
11803
11926
11927
11929
11930
11931
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11896
Elevation of Privilege
11897
Elevation of Privilege
11898
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11923
Important
11924
Important
11801
Important
11802
Important
11803
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
5010351
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010351
5009557
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2565
5010351
https://support.microsoft.com/help/5010351
11568
11569
11570
11571
11572
5010345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010345
5009545
11712
11713
11714
Yes
Security Update
10.0.18363.2094
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11896
11897
11898
Yes
Security Update
10.0.19043.1526
5010342
https://support.microsoft.com/help/5010342
11896
11897
11898
11801
11802
11803
11929
11930
11931
5010354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010354
5009555
11923
11924
Yes
Security Update
10.0.20348.524
5010354
https://support.microsoft.com/help/5010354
11923
11924
5010456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.525
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11801
11802
11803
Yes
Security Update
10.0.19042.1526
5010386
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010386
5009566
11926
11927
Yes
Security Update
10.0.22000.493
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11929
11930
11931
Yes
Security Update
10.0.19044.1526
Kunlun lab (https://www.cyberkl.com) via TianfuCup (https://www.tianfucup.com)
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Microsoft Excel Information Disclosure Vulnerability
<p><strong>Are the updates for the Microsoft Office for Mac currently available?</strong></p>
<p>The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2022-22716
11099
11573
11574
11575
11605
11762
11763
11951
11952
11953
10739
10740
10656
10654
10655
10611
Information Disclosure
11099
Information Disclosure
11573
Information Disclosure
11574
Information Disclosure
11575
Information Disclosure
11605
Information Disclosure
11762
Information Disclosure
11763
Information Disclosure
11951
Information Disclosure
11952
Information Disclosure
11953
Information Disclosure
10739
Information Disclosure
10740
Information Disclosure
10656
Information Disclosure
10654
Information Disclosure
10655
Information Disclosure
10611
Important
11099
Important
11573
Important
11574
Important
11575
Important
11605
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
10739
Important
10740
Important
10656
Important
10654
Important
10655
Important
10611
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11573
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11574
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11575
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11605
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11762
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11763
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11951
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11952
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11953
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10739
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10740
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10656
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10654
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10655
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10611
5002147
https://www.microsoft.com/download/details.aspx?familyid=07d82b42-2d3e-43f0-9499-d9d5269ce17d
5002102
11099
Security Update
15.0.5423.1000
Click to Run
11573
11574
11762
11763
11952
11953
No
Security Update
https://aka.ms/OfficeSecurityReleases
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11575
11951
Maybe
Security Update
16.58.22021501
5002133
https://www.microsoft.com/download/details.aspx?familyid=5f04d448-b87e-438f-bd6f-948b15e0f836
5002107
11605
Security Update
16.0.10383.20001
5002137
https://www.microsoft.com/download/details.aspx?familyid=b262c1ef-3e93-405a-9c4b-ff9fa1c6959a
5002114
10739
Security Update
16.0.5278.1000
5002137
https://www.microsoft.com/download/details.aspx?familyid=413d5865-3126-4552-97a3-27a967d01dba
5002114
10740
Security Update
16.0.5278.1000
5002156
5002128
10656
Maybe
Security Update
15.0.5423.1000
5002156
https://www.microsoft.com/download/details.aspx?familyid=b5bba37b-31ec-49c3-93c0-b4307a917aa1
5002128
10654
Security Update
15.0.5423.1000
5002156
https://www.microsoft.com/download/details.aspx?familyid=658fb07a-c645-4ebd-b65e-b30ae8ca4cb7
5002128
10655
Security Update
15.0.5423.1000
5002149
https://www.microsoft.com/download/details.aspx?familyid=f0251975-2daa-42e7-b175-50dd7cc28030
5002122
10611
Security Update
15.0.5423.1000
Jaanus K\xc3\xa4\xc3\xa4p, Clarified Security working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
2.0
2022-02-17T08:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p>
Windows Print Spooler Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Windows Print Spooler Components
Microsoft
Yes
CVE-2022-22717
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11923
11924
11801
11802
11803
11926
11927
11929
11930
11931
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11896
Elevation of Privilege
11897
Elevation of Privilege
11898
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11923
Important
11924
Important
11801
Important
11802
Important
11803
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5010351
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010351
5009557
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2565
5010351
https://support.microsoft.com/help/5010351
11568
11569
11570
11571
11572
5010345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010345
5009545
11712
11713
11714
Yes
Security Update
10.0.18363.2094
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11896
11897
11898
Yes
Security Update
10.0.19043.1526
5010342
https://support.microsoft.com/help/5010342
11896
11897
11898
11801
11802
11803
11929
11930
11931
5010354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010354
5009555
11923
11924
Yes
Security Update
10.0.20348.524
5010354
https://support.microsoft.com/help/5010354
11923
11924
5010456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.525
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11801
11802
11803
Yes
Security Update
10.0.19042.1526
5010386
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010386
5009566
11926
11927
Yes
Security Update
10.0.22000.493
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11929
11930
11931
Yes
Security Update
10.0.19044.1526
5010358
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010358
5009585
10729
10735
Yes
Security Update
10.0.10240.19204
5010359
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010359
5009546
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4946
5010359
https://support.microsoft.com/help/5010359
10852
10853
10816
10855
5010404
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010404
5009610
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.25860
5010404
https://support.microsoft.com/help/5010404
10047
10048
10051
10049
5010422
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010422
10047
10048
10051
10049
Yes
Security Only
6.1.7601.25860
5010422
https://support.microsoft.com/help/5010422
10047
10048
10051
10049
5010419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010419
5009624
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20269
5010419
https://support.microsoft.com/help/5010419
10481
10482
10484
10483
10543
5010395
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010395
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20269
5010395
https://support.microsoft.com/help/5010395
10481
10482
10483
10543
5010419
5009624
10484
Yes
Monthly Rollup
6.3.9600.20269
5010384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010384
5009627
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21374
5010384
https://support.microsoft.com/help/5010384
9312
10287
9318
9344
5010403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010403
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21372
5010403
https://support.microsoft.com/help/5010403
9312
10287
9318
9344
5010392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010392
5009586
10378
10379
Yes
Monthly Rollup
6.2.9200.23605
5010392
https://support.microsoft.com/help/5010392
10378
10379
5010412
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010412
10378
10379
Yes
Security Only
6.2.9200.23605
5010412
https://support.microsoft.com/help/5010412
10378
10379
<a href="https://twitter.com/APTeeb0w">Thibault Van Geluwe de Berlaere</a> with <a href="https://www.mandiant.com/">Mandiant</a>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Components
Microsoft
Yes
CVE-2022-22718
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11923
11924
11801
11802
11803
11926
11927
11929
11930
11931
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11896
Elevation of Privilege
11897
Elevation of Privilege
11898
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11923
Important
11924
Important
11801
Important
11802
Important
11803
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5010351
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010351
5009557
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2565
5010351
https://support.microsoft.com/help/5010351
11568
11569
11570
11571
11572
5010345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010345
5009545
11712
11713
11714
Yes
Security Update
10.0.18363.2094
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11896
11897
11898
Yes
Security Update
10.0.19043.1526
5010342
https://support.microsoft.com/help/5010342
11896
11897
11898
11801
11802
11803
11929
11930
11931
5010354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010354
5009555
11923
11924
Yes
Security Update
10.0.20348.524
5010354
https://support.microsoft.com/help/5010354
11923
11924
5010456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.525
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11801
11802
11803
Yes
Security Update
10.0.19042.1526
5010386
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010386
5009566
11926
11927
Yes
Security Update
10.0.22000.493
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11929
11930
11931
Yes
Security Update
10.0.19044.1526
5010358
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010358
5009585
10729
10735
Yes
Security Update
10.0.10240.19204
5010359
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010359
5009546
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4946
5010359
https://support.microsoft.com/help/5010359
10852
10853
10816
10855
5010404
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010404
5009610
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.25860
5010404
https://support.microsoft.com/help/5010404
10047
10048
10051
10049
5010422
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010422
10047
10048
10051
10049
Yes
Security Only
6.1.7601.25860
5010422
https://support.microsoft.com/help/5010422
10047
10048
10051
10049
5010419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010419
5009624
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20269
5010419
https://support.microsoft.com/help/5010419
10481
10482
10484
10483
10543
5010395
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010395
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20269
5010395
https://support.microsoft.com/help/5010395
10481
10482
10483
10543
5010419
5009624
10484
Yes
Monthly Rollup
6.3.9600.20269
5010384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010384
5009627
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21374
5010384
https://support.microsoft.com/help/5010384
9312
10287
9318
9344
5010403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010403
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21372
5010403
https://support.microsoft.com/help/5010403
9312
10287
9318
9344
5010392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010392
5009586
10378
10379
Yes
Monthly Rollup
6.2.9200.23605
5010392
https://support.microsoft.com/help/5010392
10378
10379
5010412
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010412
10378
10379
Yes
Security Only
6.2.9200.23605
5010412
https://support.microsoft.com/help/5010412
10378
10379
NSFOCUS TIANJI Lab via TianfuCup
1.1
2022-02-09T08:00:00
<p>Added an acknowledgement. This is an informational change only.</p>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Windows DNS Server Remote Code Execution Vulnerability
Role: DNS Server
Microsoft
Yes
CVE-2022-21984
11712
11713
11714
11896
11897
11898
11923
11924
11801
11802
11803
11926
11927
11929
11930
11931
Remote Code Execution
11712
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11896
Remote Code Execution
11897
Remote Code Execution
11898
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11803
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11923
Important
11924
Important
11801
Important
11802
Important
11803
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
5010345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010345
5009545
11712
11713
11714
Yes
Security Update
10.0.18363.2094
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11896
11897
11898
Yes
Security Update
10.0.19043.1526
5010342
https://support.microsoft.com/help/5010342
11896
11897
11898
11801
11802
11803
11929
11930
11931
5010354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010354
5009555
11923
11924
Yes
Security Update
10.0.20348.524
5010354
https://support.microsoft.com/help/5010354
11923
11924
5010456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.525
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11801
11802
11803
Yes
Security Update
10.0.19042.1526
5010386
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010386
5009566
11926
11927
Yes
Security Update
10.0.22000.493
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11929
11930
11931
Yes
Security Update
10.0.19044.1526
<p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factors</a> may be helpful in your situation:</p>
<p>To be vulnerable, a DNS server would need to have dynamic updates enabled.</p>
Microsoft Offensive Research & Security Engineering (MORSE)
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Windows Remote Access Connection Manager Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
Windows Remote Access Connection Manager
Microsoft
Yes
CVE-2022-21985
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11923
11924
11801
11802
11803
11926
11927
11929
11930
11931
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11712
Information Disclosure
11713
Information Disclosure
11714
Information Disclosure
11896
Information Disclosure
11897
Information Disclosure
11898
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11801
Information Disclosure
11802
Information Disclosure
11803
Information Disclosure
11926
Information Disclosure
11927
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10047
Information Disclosure
10048
Information Disclosure
10481
Information Disclosure
10482
Information Disclosure
10484
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11923
Important
11924
Important
11801
Important
11802
Important
11803
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11712
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11713
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11714
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11896
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11897
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11898
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11801
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11802
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11803
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11926
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11927
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10047
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10048
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10481
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10482
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10484
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5010351
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010351
5009557
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2565
5010351
https://support.microsoft.com/help/5010351
11568
11569
11570
11571
11572
5010345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010345
5009545
11712
11713
11714
Yes
Security Update
10.0.18363.2094
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11896
11897
11898
Yes
Security Update
10.0.19043.1526
5010342
https://support.microsoft.com/help/5010342
11896
11897
11898
11801
11802
11803
11929
11930
11931
5010354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010354
5009555
11923
11924
Yes
Security Update
10.0.20348.524
5010354
https://support.microsoft.com/help/5010354
11923
11924
5010456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.525
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11801
11802
11803
Yes
Security Update
10.0.19042.1526
5010386
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010386
5009566
11926
11927
Yes
Security Update
10.0.22000.493
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11929
11930
11931
Yes
Security Update
10.0.19044.1526
5010358
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010358
5009585
10729
10735
Yes
Security Update
10.0.10240.19204
5010359
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010359
5009546
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4946
5010359
https://support.microsoft.com/help/5010359
10852
10853
10816
10855
5010404
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010404
5009610
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.25860
5010404
https://support.microsoft.com/help/5010404
10047
10048
10051
10049
5010422
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010422
10047
10048
10051
10049
Yes
Security Only
6.1.7601.25860
5010422
https://support.microsoft.com/help/5010422
10047
10048
10051
10049
5010419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010419
5009624
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20269
5010419
https://support.microsoft.com/help/5010419
10481
10482
10484
10483
10543
5010395
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010395
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20269
5010395
https://support.microsoft.com/help/5010395
10481
10482
10483
10543
5010419
5009624
10484
Yes
Monthly Rollup
6.3.9600.20269
5010384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010384
5009627
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21374
5010384
https://support.microsoft.com/help/5010384
9312
10287
9318
9344
5010403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010403
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21372
5010403
https://support.microsoft.com/help/5010403
9312
10287
9318
9344
5010392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010392
5009586
10378
10379
Yes
Monthly Rollup
6.2.9200.23605
5010392
https://support.microsoft.com/help/5010392
10378
10379
5010412
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010412
10378
10379
Yes
Security Only
6.2.9200.23605
5010412
https://support.microsoft.com/help/5010412
10378
10379
ziming zhang with Ant Security Light-Year Lab
1.0
2022-02-08T08:00:00
<p>Information published.</p>
.NET Denial of Service Vulnerability
<p><strong>What .NET component is affected by this denial of service vulnerability?</strong></p>
<p>This vulnerability affects applications that utilize the Kestrel web server when processing certain HTTP/2 and HTTP/3 requests.</p>
Kestrel Web Server
Microsoft
Yes
CVE-2022-21986
11872
11935
11969
11901
11761
12009
Denial of Service
11872
Denial of Service
11935
Denial of Service
11969
Denial of Service
11901
Denial of Service
11761
Denial of Service
12009
Important
11872
Important
11935
Important
11969
Important
11901
Important
11761
Important
12009
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11872
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11935
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11969
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11901
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11761
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12009
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.9
11872
Maybe
Security Update
16.9.17
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11
11935
Maybe
Security Update
16.11.10
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0
11969
Maybe
Security Update
17.0.6
Release Notes
https://visualstudio.microsoft.com/vs/mac/
11901
Maybe
Security Update
8.10.18
Release Notes
https://dotnet.microsoft.com/download/dotnet/5.0
11761
Maybe
Security Update
5.0.14
Release Notes
https://dotnet.microsoft.com/download/dotnet/6.0
12009
Maybe
Security Update
6.0.2
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Windows Kernel Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p>
Windows Kernel
Microsoft
Yes
CVE-2022-21989
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11923
11924
11801
11802
11803
11926
11927
11929
11930
11931
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11896
Elevation of Privilege
11897
Elevation of Privilege
11898
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11923
Important
11924
Important
11801
Important
11802
Important
11803
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11568
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11569
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11570
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11571
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11572
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11712
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11713
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11714
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11896
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11897
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11898
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11923
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11924
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11801
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11802
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11803
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11926
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11927
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11929
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11930
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11931
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
10729
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
10735
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
10852
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
10853
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
10816
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
10855
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
10047
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
10048
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
10481
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
10482
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
10484
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
9312
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
10287
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
9318
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
9344
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
10051
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
10049
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
10378
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
10379
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
10483
7.8
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
10543
5010351
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010351
5009557
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2565
5010351
https://support.microsoft.com/help/5010351
11568
11569
11570
11571
11572
5010345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010345
5009545
11712
11713
11714
Yes
Security Update
10.0.18363.2094
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11896
11897
11898
Yes
Security Update
10.0.19043.1526
5010342
https://support.microsoft.com/help/5010342
11896
11897
11898
11801
11802
11803
11929
11930
11931
5010354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010354
5009555
11923
11924
Yes
Security Update
10.0.20348.524
5010354
https://support.microsoft.com/help/5010354
11923
11924
5010456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.525
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11801
11802
11803
Yes
Security Update
10.0.19042.1526
5010386
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010386
5009566
11926
11927
Yes
Security Update
10.0.22000.493
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11929
11930
11931
Yes
Security Update
10.0.19044.1526
5010358
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010358
5009585
10729
10735
Yes
Security Update
10.0.10240.19204
5010359
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010359
5009546
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4946
5010359
https://support.microsoft.com/help/5010359
10852
10853
10816
10855
5010404
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010404
5009610
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.25860
5010404
https://support.microsoft.com/help/5010404
10047
10048
10051
10049
5010422
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010422
10047
10048
10051
10049
Yes
Security Only
6.1.7601.25860
5010422
https://support.microsoft.com/help/5010422
10047
10048
10051
10049
5010419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010419
5009624
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20269
5010419
https://support.microsoft.com/help/5010419
10481
10482
10484
10483
10543
5010395
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010395
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20269
5010395
https://support.microsoft.com/help/5010395
10481
10482
10483
10543
5010419
5009624
10484
Yes
Monthly Rollup
6.3.9600.20269
5010384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010384
5009627
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21374
5010384
https://support.microsoft.com/help/5010384
9312
10287
9318
9344
5010403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010403
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21372
5010403
https://support.microsoft.com/help/5010403
9312
10287
9318
9344
5010392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010392
5009586
10378
10379
Yes
Monthly Rollup
6.2.9200.23605
5010392
https://support.microsoft.com/help/5010392
10378
10379
5010412
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010412
10378
10379
Yes
Security Only
6.2.9200.23605
5010412
https://support.microsoft.com/help/5010412
10378
10379
Anonymous
Anonymous
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker would need to send a specially crafted request to a host running the Visual Studio Code Remote Development Extension. This issue only affects systems configured to host a remote development environment.</p>
Visual Studio Code
Microsoft
Yes
CVE-2022-21991
11622
Remote Code Execution
11622
Important
11622
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11622
Release Notes
https://code.visualstudio.com/Download
11622
Maybe
Security Update
1.64.1
levatao and eastjiao
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Windows Mobile Device Management Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
Windows Kernel
Microsoft
Yes
CVE-2022-21992
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11923
11924
11801
11802
11803
11926
11927
11929
11930
11931
10852
10853
10816
10855
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11712
Remote Code Execution
11713
Remote Code Execution
11714
Remote Code Execution
11896
Remote Code Execution
11897
Remote Code Execution
11898
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11803
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11923
Important
11924
Important
11801
Important
11802
Important
11803
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5010351
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010351
5009557
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2565
5010351
https://support.microsoft.com/help/5010351
11568
11569
11570
11571
11572
5010345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010345
5009545
11712
11713
11714
Yes
Security Update
10.0.18363.2094
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11896
11897
11898
Yes
Security Update
10.0.19043.1526
5010342
https://support.microsoft.com/help/5010342
11896
11897
11898
11801
11802
11803
11929
11930
11931
5010354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010354
5009555
11923
11924
Yes
Security Update
10.0.20348.524
5010354
https://support.microsoft.com/help/5010354
11923
11924
5010456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.525
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11801
11802
11803
Yes
Security Update
10.0.19042.1526
5010386
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010386
5009566
11926
11927
Yes
Security Update
10.0.22000.493
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11929
11930
11931
Yes
Security Update
10.0.19044.1526
5010359
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010359
5009546
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4946
5010359
https://support.microsoft.com/help/5010359
10852
10853
10816
10855
<a href="https://twitter.com/wh1tc">Zesen Ye (@wh1tc) & Zhiniang Peng(<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of <a href="https://www.sangfor.com/en">Sangfor </a>
<a href="https://twitter.com/jq0904">Jinquan(@jq0904)</a> with <a href="https://www.dbappsecurity.com.cn/product/cloud250.html">DBAPPSecurity Lieying Lab</a>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process.</p>
Windows Kernel-Mode Drivers
Microsoft
Yes
CVE-2022-21993
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11923
11924
11801
11802
11803
11926
11927
11929
11930
11931
10729
10735
10852
10853
10816
10855
10481
10482
10484
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11712
Information Disclosure
11713
Information Disclosure
11714
Information Disclosure
11896
Information Disclosure
11897
Information Disclosure
11898
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11801
Information Disclosure
11802
Information Disclosure
11803
Information Disclosure
11926
Information Disclosure
11927
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10481
Information Disclosure
10482
Information Disclosure
10484
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11923
Important
11924
Important
11801
Important
11802
Important
11803
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10481
Important
10482
Important
10484
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11712
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11713
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11714
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11896
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11897
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11898
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11801
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11802
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11803
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11926
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11927
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10481
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10482
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10484
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5010351
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010351
5009557
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2565
5010351
https://support.microsoft.com/help/5010351
11568
11569
11570
11571
11572
5010345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010345
5009545
11712
11713
11714
Yes
Security Update
10.0.18363.2094
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11896
11897
11898
Yes
Security Update
10.0.19043.1526
5010342
https://support.microsoft.com/help/5010342
11896
11897
11898
11801
11802
11803
11929
11930
11931
5010354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010354
5009555
11923
11924
Yes
Security Update
10.0.20348.524
5010354
https://support.microsoft.com/help/5010354
11923
11924
5010456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.525
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11801
11802
11803
Yes
Security Update
10.0.19042.1526
5010386
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010386
5009566
11926
11927
Yes
Security Update
10.0.22000.493
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11929
11930
11931
Yes
Security Update
10.0.19044.1526
5010358
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010358
5009585
10729
10735
Yes
Security Update
10.0.10240.19204
5010359
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010359
5009546
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4946
5010359
https://support.microsoft.com/help/5010359
10852
10853
10816
10855
5010419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010419
5009624
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20269
5010419
https://support.microsoft.com/help/5010419
10481
10482
10484
10483
10543
5010395
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010395
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20269
5010395
https://support.microsoft.com/help/5010395
10481
10482
10483
10543
5010419
5009624
10484
Yes
Monthly Rollup
6.3.9600.20269
5010392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010392
5009586
10378
10379
Yes
Monthly Rollup
6.2.9200.23605
5010392
https://support.microsoft.com/help/5010392
10378
10379
5010412
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010412
10378
10379
Yes
Security Only
6.2.9200.23605
5010412
https://support.microsoft.com/help/5010412
10378
10379
yyjb with http://blog.noah.360.net/
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Windows DWM Core Library Elevation of Privilege Vulnerability
Windows DWM Core Library
Microsoft
Yes
CVE-2022-21994
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11923
11924
11801
11802
11803
11926
11927
11929
11930
11931
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11896
Elevation of Privilege
11897
Elevation of Privilege
11898
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11923
Important
11924
Important
11801
Important
11802
Important
11803
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
5010351
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010351
5009557
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2565
5010351
https://support.microsoft.com/help/5010351
11568
11569
11570
11571
11572
5010345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010345
5009545
11712
11713
11714
Yes
Security Update
10.0.18363.2094
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11896
11897
11898
Yes
Security Update
10.0.19043.1526
5010342
https://support.microsoft.com/help/5010342
11896
11897
11898
11801
11802
11803
11929
11930
11931
5010354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010354
5009555
11923
11924
Yes
Security Update
10.0.20348.524
5010354
https://support.microsoft.com/help/5010354
11923
11924
5010456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.525
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11801
11802
11803
Yes
Security Update
10.0.19042.1526
5010386
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010386
5009566
11926
11927
Yes
Security Update
10.0.22000.493
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11929
11930
11931
Yes
Security Update
10.0.19044.1526
<a href="https://twitter.com/hillstone_lab">He YiSheng, Zhang WangJunJie, and Li WenYue</a> with <a href="https://www.hillstonenet.com.cn/">Hillstone Network Security Research Institute</a>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Windows Hyper-V Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution environment.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p>
Role: Windows Hyper-V
Microsoft
Yes
CVE-2022-21995
11569
11571
11572
11713
11896
11923
11924
11803
11926
11931
10735
10853
10816
10855
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11713
Remote Code Execution
11896
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11803
Remote Code Execution
11926
Remote Code Execution
11931
Remote Code Execution
10735
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Important
11569
Important
11571
Important
11572
Important
11713
Important
11896
Important
11923
Important
11924
Important
11803
Important
11926
Important
11931
Important
10735
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.9
6.9
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.9
6.9
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.9
6.9
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.9
6.9
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.9
6.9
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
7.9
6.9
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.9
6.9
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.9
6.9
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.9
6.9
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.9
6.9
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.9
6.9
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.9
6.9
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.9
6.9
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.9
6.9
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5010351
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010351
5009557
11569
11571
11572
Yes
Security Update
10.0.17763.2565
5010351
https://support.microsoft.com/help/5010351
11569
11571
11572
5010345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010345
5009545
11713
Yes
Security Update
10.0.18363.2094
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11896
Yes
Security Update
10.0.19043.1526
5010342
https://support.microsoft.com/help/5010342
11896
11803
11931
5010354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010354
5009555
11923
11924
Yes
Security Update
10.0.20348.524
5010354
https://support.microsoft.com/help/5010354
11923
11924
5010456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.525
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11803
Yes
Security Update
10.0.19042.1526
5010386
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010386
5009566
11926
Yes
Security Update
10.0.22000.493
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11931
Yes
Security Update
10.0.19044.1526
5010358
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010358
5009585
10735
Yes
Security Update
10.0.10240.19204
5010359
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010359
5009546
10853
10816
10855
Yes
Security Update
10.0.14393.4946
5010359
https://support.microsoft.com/help/5010359
10853
10816
10855
<a href="https://twitter.com/rezer0dai">rezer0dai</a> with EatingFigs ENooPig
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Win32k Elevation of Privilege Vulnerability
Windows Win32K
Microsoft
Yes
CVE-2022-21996
11926
11927
Elevation of Privilege
11926
Elevation of Privilege
11927
Important
11926
Important
11927
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:N/A;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
5010386
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010386
5009566
11926
11927
Yes
Security Update
10.0.22000.493
bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Windows Print Spooler Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents.</p>
Windows Print Spooler Components
Microsoft
Yes
CVE-2022-21997
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11923
11924
11801
11802
11803
11926
11927
11929
11930
11931
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11896
Elevation of Privilege
11897
Elevation of Privilege
11898
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11923
Important
11924
Important
11801
Important
11802
Important
11803
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11568
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11569
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11570
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11571
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11572
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11712
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11713
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11714
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11896
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11897
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11898
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11923
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11924
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11801
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11802
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11803
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11926
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11927
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11929
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11930
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11931
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10729
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10735
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10852
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10853
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10816
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10855
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10047
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10048
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10481
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10482
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10484
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
9312
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10287
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
9318
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
9344
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10051
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10049
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10378
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10379
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10483
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10543
5010351
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010351
5009557
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2565
5010351
https://support.microsoft.com/help/5010351
11568
11569
11570
11571
11572
5010345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010345
5009545
11712
11713
11714
Yes
Security Update
10.0.18363.2094
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11896
11897
11898
Yes
Security Update
10.0.19043.1526
5010342
https://support.microsoft.com/help/5010342
11896
11897
11898
11801
11802
11803
11929
11930
11931
5010354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010354
5009555
11923
11924
Yes
Security Update
10.0.20348.524
5010354
https://support.microsoft.com/help/5010354
11923
11924
5010456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.525
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11801
11802
11803
Yes
Security Update
10.0.19042.1526
5010386
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010386
5009566
11926
11927
Yes
Security Update
10.0.22000.493
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11929
11930
11931
Yes
Security Update
10.0.19044.1526
5010358
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010358
5009585
10729
10735
Yes
Security Update
10.0.10240.19204
5010359
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010359
5009546
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4946
5010359
https://support.microsoft.com/help/5010359
10852
10853
10816
10855
5010404
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010404
5009610
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.25860
5010404
https://support.microsoft.com/help/5010404
10047
10048
10051
10049
5010422
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010422
10047
10048
10051
10049
Yes
Security Only
6.1.7601.25860
5010422
https://support.microsoft.com/help/5010422
10047
10048
10051
10049
5010419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010419
5009624
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20269
5010419
https://support.microsoft.com/help/5010419
10481
10482
10484
10483
10543
5010395
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010395
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20269
5010395
https://support.microsoft.com/help/5010395
10481
10482
10483
10543
5010419
5009624
10484
Yes
Monthly Rollup
6.3.9600.20269
5010384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010384
5009627
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21374
5010384
https://support.microsoft.com/help/5010384
9312
10287
9318
9344
5010403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010403
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21372
5010403
https://support.microsoft.com/help/5010403
9312
10287
9318
9344
5010392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010392
5009586
10378
10379
Yes
Monthly Rollup
6.2.9200.23605
5010392
https://support.microsoft.com/help/5010392
10378
10379
5010412
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010412
10378
10379
Yes
Security Only
6.2.9200.23605
5010412
https://support.microsoft.com/help/5010412
10378
10379
<a href="https://wubonetcn.github.io/">Bo Wu</a>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Windows Common Log File System Driver Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p>
Windows Common Log File System Driver
Microsoft
Yes
CVE-2022-21998
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11923
11924
11801
11802
11803
11926
11927
11929
11930
11931
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11712
Information Disclosure
11713
Information Disclosure
11714
Information Disclosure
11896
Information Disclosure
11897
Information Disclosure
11898
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11801
Information Disclosure
11802
Information Disclosure
11803
Information Disclosure
11926
Information Disclosure
11927
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10047
Information Disclosure
10048
Information Disclosure
10481
Information Disclosure
10482
Information Disclosure
10484
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11923
Important
11924
Important
11801
Important
11802
Important
11803
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11712
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11713
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11714
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11896
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11897
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11898
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11801
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11802
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11803
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11926
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11927
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10047
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10048
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10481
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10482
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10484
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5010351
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010351
5009557
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2565
5010351
https://support.microsoft.com/help/5010351
11568
11569
11570
11571
11572
5010345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010345
5009545
11712
11713
11714
Yes
Security Update
10.0.18363.2094
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11896
11897
11898
Yes
Security Update
10.0.19043.1526
5010342
https://support.microsoft.com/help/5010342
11896
11897
11898
11801
11802
11803
11929
11930
11931
5010354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010354
5009555
11923
11924
Yes
Security Update
10.0.20348.524
5010354
https://support.microsoft.com/help/5010354
11923
11924
5010456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.525
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11801
11802
11803
Yes
Security Update
10.0.19042.1526
5010386
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010386
5009566
11926
11927
Yes
Security Update
10.0.22000.493
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11929
11930
11931
Yes
Security Update
10.0.19044.1526
5010358
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010358
5009585
10729
10735
Yes
Security Update
10.0.10240.19204
5010359
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010359
5009546
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4946
5010359
https://support.microsoft.com/help/5010359
10852
10853
10816
10855
5010404
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010404
5009610
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.25860
5010404
https://support.microsoft.com/help/5010404
10047
10048
10051
10049
5010422
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010422
10047
10048
10051
10049
Yes
Security Only
6.1.7601.25860
5010422
https://support.microsoft.com/help/5010422
10047
10048
10051
10049
5010419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010419
5009624
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20269
5010419
https://support.microsoft.com/help/5010419
10481
10482
10484
10483
10543
5010395
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010395
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20269
5010395
https://support.microsoft.com/help/5010395
10481
10482
10483
10543
5010419
5009624
10484
Yes
Monthly Rollup
6.3.9600.20269
5010384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010384
5009627
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21374
5010384
https://support.microsoft.com/help/5010384
9312
10287
9318
9344
5010403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010403
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21372
5010403
https://support.microsoft.com/help/5010403
9312
10287
9318
9344
5010392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010392
5009586
10378
10379
Yes
Monthly Rollup
6.2.9200.23605
5010392
https://support.microsoft.com/help/5010392
10378
10379
5010412
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010412
10378
10379
Yes
Security Only
6.2.9200.23605
5010412
https://support.microsoft.com/help/5010412
10378
10379
Anonymous
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Components
Microsoft
Yes
CVE-2022-21999
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11923
11924
11801
11802
11803
11926
11927
11929
11930
11931
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11896
Elevation of Privilege
11897
Elevation of Privilege
11898
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11923
Important
11924
Important
11801
Important
11802
Important
11803
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5010351
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010351
5009557
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2565
5010351
https://support.microsoft.com/help/5010351
11568
11569
11570
11571
11572
5010345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010345
5009545
11712
11713
11714
Yes
Security Update
10.0.18363.2094
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11896
11897
11898
Yes
Security Update
10.0.19043.1526
5010342
https://support.microsoft.com/help/5010342
11896
11897
11898
11801
11802
11803
11929
11930
11931
5010354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010354
5009555
11923
11924
Yes
Security Update
10.0.20348.524
5010354
https://support.microsoft.com/help/5010354
11923
11924
5010456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.525
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11801
11802
11803
Yes
Security Update
10.0.19042.1526
5010386
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010386
5009566
11926
11927
Yes
Security Update
10.0.22000.493
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11929
11930
11931
Yes
Security Update
10.0.19044.1526
5010358
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010358
5009585
10729
10735
Yes
Security Update
10.0.10240.19204
5010359
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010359
5009546
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4946
5010359
https://support.microsoft.com/help/5010359
10852
10853
10816
10855
5010404
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010404
5009610
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.25860
5010404
https://support.microsoft.com/help/5010404
10047
10048
10051
10049
5010422
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010422
10047
10048
10051
10049
Yes
Security Only
6.1.7601.25860
5010422
https://support.microsoft.com/help/5010422
10047
10048
10051
10049
5010419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010419
5009624
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20269
5010419
https://support.microsoft.com/help/5010419
10481
10482
10484
10483
10543
5010395
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010395
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20269
5010395
https://support.microsoft.com/help/5010395
10481
10482
10483
10543
5010419
5009624
10484
Yes
Monthly Rollup
6.3.9600.20269
5010384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010384
5009627
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21374
5010384
https://support.microsoft.com/help/5010384
9312
10287
9318
9344
5010403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010403
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21372
5010403
https://support.microsoft.com/help/5010403
9312
10287
9318
9344
5010392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010392
5009586
10378
10379
Yes
Monthly Rollup
6.2.9200.23605
5010392
https://support.microsoft.com/help/5010392
10378
10379
5010412
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010412
10378
10379
Yes
Security Only
6.2.9200.23605
5010412
https://support.microsoft.com/help/5010412
10378
10379
<a href="https://twitter.com/ly4k_">Oliver Lyak</a> with <a href="https://ifcr.dk/">Institut For Cyber Risk</a>
Xuefeng Li (@lxf02942370) & Zhiniang Peng (@edwardzpeng) of Sangfor Via Tianfu CUP
1.1
2022-02-09T08:00:00
<p>Added acknowledgements. This is an informational change only.</p>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Common Log File System Driver
Microsoft
Yes
CVE-2022-22000
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11923
11924
11801
11802
11803
11926
11927
11929
11930
11931
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11896
Elevation of Privilege
11897
Elevation of Privilege
11898
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11923
Important
11924
Important
11801
Important
11802
Important
11803
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5010351
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010351
5009557
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2565
5010351
https://support.microsoft.com/help/5010351
11568
11569
11570
11571
11572
5010345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010345
5009545
11712
11713
11714
Yes
Security Update
10.0.18363.2094
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11896
11897
11898
Yes
Security Update
10.0.19043.1526
5010342
https://support.microsoft.com/help/5010342
11896
11897
11898
11801
11802
11803
11929
11930
11931
5010354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010354
5009555
11923
11924
Yes
Security Update
10.0.20348.524
5010354
https://support.microsoft.com/help/5010354
11923
11924
5010456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.525
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11801
11802
11803
Yes
Security Update
10.0.19042.1526
5010386
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010386
5009566
11926
11927
Yes
Security Update
10.0.22000.493
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11929
11930
11931
Yes
Security Update
10.0.19044.1526
5010358
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010358
5009585
10729
10735
Yes
Security Update
10.0.10240.19204
5010359
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010359
5009546
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4946
5010359
https://support.microsoft.com/help/5010359
10852
10853
10816
10855
5010404
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010404
5009610
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.25860
5010404
https://support.microsoft.com/help/5010404
10047
10048
10051
10049
5010422
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010422
10047
10048
10051
10049
Yes
Security Only
6.1.7601.25860
5010422
https://support.microsoft.com/help/5010422
10047
10048
10051
10049
5010419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010419
5009624
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20269
5010419
https://support.microsoft.com/help/5010419
10481
10482
10484
10483
10543
5010395
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010395
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20269
5010395
https://support.microsoft.com/help/5010395
10481
10482
10483
10543
5010419
5009624
10484
Yes
Monthly Rollup
6.3.9600.20269
5010384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010384
5009627
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21374
5010384
https://support.microsoft.com/help/5010384
9312
10287
9318
9344
5010403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010403
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21372
5010403
https://support.microsoft.com/help/5010403
9312
10287
9318
9344
5010392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010392
5009586
10378
10379
Yes
Monthly Rollup
6.2.9200.23605
5010392
https://support.microsoft.com/help/5010392
10378
10379
5010412
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010412
10378
10379
Yes
Security Only
6.2.9200.23605
5010412
https://support.microsoft.com/help/5010412
10378
10379
<a href="https://cyberkl.com">Kunlun Lab</a> via <a href="http://tianfucup.com">TianfuCup</a>
1.1
2022-02-09T08:00:00
<p>Updated acknowledgment. This is an informational change only.</p>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Windows Remote Access Connection Manager
Microsoft
Yes
CVE-2022-22001
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11923
11924
11801
11802
11803
11926
11927
11929
11930
11931
10729
10735
10852
10853
10816
10855
10481
10482
10484
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11896
Elevation of Privilege
11897
Elevation of Privilege
11898
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11923
Important
11924
Important
11801
Important
11802
Important
11803
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10481
Important
10482
Important
10484
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5010351
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010351
5009557
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2565
5010351
https://support.microsoft.com/help/5010351
11568
11569
11570
11571
11572
5010345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010345
5009545
11712
11713
11714
Yes
Security Update
10.0.18363.2094
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11896
11897
11898
Yes
Security Update
10.0.19043.1526
5010342
https://support.microsoft.com/help/5010342
11896
11897
11898
11801
11802
11803
11929
11930
11931
5010354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010354
5009555
11923
11924
Yes
Security Update
10.0.20348.524
5010354
https://support.microsoft.com/help/5010354
11923
11924
5010456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.525
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11801
11802
11803
Yes
Security Update
10.0.19042.1526
5010386
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010386
5009566
11926
11927
Yes
Security Update
10.0.22000.493
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11929
11930
11931
Yes
Security Update
10.0.19044.1526
5010358
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010358
5009585
10729
10735
Yes
Security Update
10.0.10240.19204
5010359
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010359
5009546
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4946
5010359
https://support.microsoft.com/help/5010359
10852
10853
10816
10855
5010419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010419
5009624
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20269
5010419
https://support.microsoft.com/help/5010419
10481
10482
10484
10483
10543
5010395
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010395
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20269
5010395
https://support.microsoft.com/help/5010395
10481
10482
10483
10543
5010419
5009624
10484
Yes
Monthly Rollup
6.3.9600.20269
5010392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010392
5009586
10378
10379
Yes
Monthly Rollup
6.2.9200.23605
5010392
https://support.microsoft.com/help/5010392
10378
10379
5010412
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010412
10378
10379
Yes
Security Only
6.2.9200.23605
5010412
https://support.microsoft.com/help/5010412
10378
10379
ziming zhang of Ant Security Light-Year Lab
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Windows User Account Profile Picture Denial of Service Vulnerability
Windows User Account Profile
Microsoft
Yes
CVE-2022-22002
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11923
11924
11801
11802
11803
11926
11927
11929
11930
11931
10729
10735
10852
10853
10816
10855
10481
10482
10484
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11570
Denial of Service
11571
Denial of Service
11572
Denial of Service
11712
Denial of Service
11713
Denial of Service
11714
Denial of Service
11896
Denial of Service
11897
Denial of Service
11898
Denial of Service
11923
Denial of Service
11924
Denial of Service
11801
Denial of Service
11802
Denial of Service
11803
Denial of Service
11926
Denial of Service
11927
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
10481
Denial of Service
10482
Denial of Service
10484
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11923
Important
11924
Important
11801
Important
11802
Important
11803
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10481
Important
10482
Important
10484
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11570
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11712
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11713
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11714
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11896
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11897
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11898
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11801
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11802
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11803
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11926
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11927
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10481
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10482
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10484
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5010351
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010351
5009557
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2565
5010351
https://support.microsoft.com/help/5010351
11568
11569
11570
11571
11572
5010345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010345
5009545
11712
11713
11714
Yes
Security Update
10.0.18363.2094
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11896
11897
11898
Yes
Security Update
10.0.19043.1526
5010342
https://support.microsoft.com/help/5010342
11896
11897
11898
11801
11802
11803
11929
11930
11931
5010354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010354
5009555
11923
11924
Yes
Security Update
10.0.20348.524
5010354
https://support.microsoft.com/help/5010354
11923
11924
5010456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.525
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11801
11802
11803
Yes
Security Update
10.0.19042.1526
5010386
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010386
5009566
11926
11927
Yes
Security Update
10.0.22000.493
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11929
11930
11931
Yes
Security Update
10.0.19044.1526
5010358
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010358
5009585
10729
10735
Yes
Security Update
10.0.10240.19204
5010359
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010359
5009546
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4946
5010359
https://support.microsoft.com/help/5010359
10852
10853
10816
10855
5010419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010419
5009624
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20269
5010419
https://support.microsoft.com/help/5010419
10481
10482
10484
10483
10543
5010395
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010395
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20269
5010395
https://support.microsoft.com/help/5010395
10481
10482
10483
10543
5010419
5009624
10484
Yes
Monthly Rollup
6.3.9600.20269
5010392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010392
5009586
10378
10379
Yes
Monthly Rollup
6.2.9200.23605
5010392
https://support.microsoft.com/help/5010392
10378
10379
5010412
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010412
10378
10379
Yes
Security Only
6.2.9200.23605
5010412
https://support.microsoft.com/help/5010412
10378
10379
Abdelhamid Naceri working with Trend Micro Zero Day Initiative
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Microsoft Office Graphics Remote Code Execution Vulnerability
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>A user needs to be tricked into running malicious files.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Are the updates for the Microsoft Office for Mac currently available?</strong></p>
<p>The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p>
Microsoft Office
Microsoft
Yes
CVE-2022-22003
11573
11574
11575
11762
11763
11951
11952
11953
10753
10754
10603
10601
10602
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11575
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
10753
Remote Code Execution
10754
Remote Code Execution
10603
Remote Code Execution
10601
Remote Code Execution
10602
Important
11573
Important
11574
Important
11575
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
10753
Important
10754
Important
10603
Important
10601
Important
10602
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11575
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10753
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10754
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10603
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10601
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10602
Click to Run
11573
11574
11762
11763
11952
11953
No
Security Update
https://aka.ms/OfficeSecurityReleases
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11575
11951
Maybe
Security Update
16.58.22021501
5002140
https://www.microsoft.com/download/details.aspx?familyid=ab5c9559-8cb9-440a-b2e0-7b586957581f
5002116
10753
Security Update
16.0.5278.1000
5002140
https://www.microsoft.com/download/details.aspx?familyid=4287cc1e-9024-4457-973f-cdab4bf70b2f
5002116
10754
Security Update
16.0.5278.1000
5002146
5002119
10603
Maybe
Security Update
15.0.5423.1000
5002146
https://www.microsoft.com/download/details.aspx?familyid=7a138a91-b9f4-432f-bef6-d843e53eff48
5002119
10601
Security Update
15.0.5423.1000
5002146
https://www.microsoft.com/download/details.aspx?familyid=5f1deeac-3328-4be0-88a4-5c1547d0de08
5002119
10602
Security Update
15.0.5423.1000
<a href="https://www.linkedin.com/in/jaanuskaap/">Jaanus Kääp</a> with <a href="https://www.clarifiedsecurity.com/">Clarified Security</a>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
2.0
2022-02-17T08:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p>
Microsoft Office ClickToRun Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office
Microsoft
Yes
CVE-2022-22004
11441
11442
11762
11763
Remote Code Execution
11441
Remote Code Execution
11442
Remote Code Execution
11762
Remote Code Execution
11763
Important
11441
Important
11442
Important
11762
Important
11763
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11441
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11442
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
Update History
11441
11442
Maybe
Security Update
15.0.5415.xxxxxx
Click to Run
11762
11763
No
Security Update
https://aka.ms/OfficeSecurityReleases
DoHyun Lee(@l33d0hyun)
SeungYun LEE
<a href="https://https/">JaeHeng Yoon(@onnoveath)</a> with JENBlack Soft
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Microsoft SharePoint Server Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>The attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2022-22005
10950
11099
11585
11961
Remote Code Execution
10950
Remote Code Execution
11099
Remote Code Execution
11585
Remote Code Execution
11961
Important
10950
Important
11099
Important
11585
Important
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
5002136
https://www.microsoft.com/download/details.aspx?familyid=977f2baf-941b-423a-bc79-8383a844310a
5002113
10950
Security Update
16.0.5278.1000
5002120
https://www.microsoft.com/download/details.aspx?familyid=931bc018-8f42-4e39-ae81-ebdb7e4180f3
5002008
11099
Security Update
15.0.5423.1000
5002135
https://www.microsoft.com/download/details.aspx?familyid=9062c391-efc6-40d0-b679-e7a31d2bb294
5002109
11585
Security Update
16.0.10383.20001
5002135
https://support.microsoft.com/kb/5002135
11585
5002145
https://www.microsoft.com/download/details.aspx?familyid=e66ce694-33fb-41c6-ac72-535d3d6c579d
5002111
11961
Maybe
Security Update
16.0.14326.20742
Anonymous working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Microsoft Office Information Disclosure Vulnerability
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p>
Microsoft Office
Microsoft
Yes
CVE-2022-23252
11573
11574
11762
11763
11952
11953
10753
10754
10603
10601
10602
Information Disclosure
11573
Information Disclosure
11574
Information Disclosure
11762
Information Disclosure
11763
Information Disclosure
11952
Information Disclosure
11953
Information Disclosure
10753
Information Disclosure
10754
Information Disclosure
10603
Information Disclosure
10601
Information Disclosure
10602
Important
11573
Important
11574
Important
11762
Important
11763
Important
11952
Important
11953
Important
10753
Important
10754
Important
10603
Important
10601
Important
10602
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11573
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11574
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11762
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11763
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11952
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11953
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10753
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10754
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10603
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10601
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10602
Click to Run
11573
11574
11762
11763
11952
11953
No
Security Update
https://aka.ms/OfficeSecurityReleases
3118335
https://www.microsoft.com/download/details.aspx?familyid=a265f8e2-cdb6-4046-ba33-554915ed8b26
10753
Maybe
Security Update
16.0.5278.1000
3118335
https://www.microsoft.com/download/details.aspx?familyid=a82bd191-f4b2-4e31-864a-34aa8b32d7cf
10754
Maybe
Security Update
16.0.5278.1000
3172514
10603
Maybe
Security Update
15.0.5423.1000
3172514
https://www.microsoft.com/download/details.aspx?familyid=a265f8e2-cdb6-4046-ba33-554915ed8b26
10601
Security Update
15.0.5423.1000
3172514
https://www.microsoft.com/download/details.aspx?familyid=e70bd0c6-f6d2-4394-8b2c-c04e5433d27e
10602
Security Update
15.0.5423.1000
Jaanus K\xc3\xa4\xc3\xa4p, Clarified Security working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Microsoft OneDrive for Android Security Feature Bypass Vulnerability
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>The attacker needs access to an unlocked mobile device to exploit the vulnerability.</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>The authentication to access OneDrive files could potentially be bypassed. Microsoft recommends installing the update for this vulnerability as soon as possible.</p>
Microsoft OneDrive
Microsoft
Yes
CVE-2022-23255
11726
Security Feature Bypass
11726
Important
11726
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.9
5.2
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11726
App Store
11726
Maybe
Security Update
6.46
<a href="https://www.linkedin.com/in/harsh-tyagi-1468b3193/">Harsh Tyagi</a>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Common Log File System Driver
Microsoft
Yes
CVE-2022-21981
11568
11569
11570
11571
11572
11712
11713
11714
11896
11897
11898
11923
11924
11801
11802
11803
11926
11927
11929
11930
11931
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11712
Elevation of Privilege
11713
Elevation of Privilege
11714
Elevation of Privilege
11896
Elevation of Privilege
11897
Elevation of Privilege
11898
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11803
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11712
Important
11713
Important
11714
Important
11896
Important
11897
Important
11898
Important
11923
Important
11924
Important
11801
Important
11802
Important
11803
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11712
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11713
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11714
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11803
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5010351
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010351
5009557
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.2565
5010351
https://support.microsoft.com/help/5010351
11568
11569
11570
11571
11572
5010345
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010345
5009545
11712
11713
11714
Yes
Security Update
10.0.18363.2094
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11896
11897
11898
Yes
Security Update
10.0.19043.1526
5010342
https://support.microsoft.com/help/5010342
11896
11897
11898
11801
11802
11803
11929
11930
11931
5010354
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010354
5009555
11923
11924
Yes
Security Update
10.0.20348.524
5010354
https://support.microsoft.com/help/5010354
11923
11924
5010456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.525
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11801
11802
11803
Yes
Security Update
10.0.19042.1526
5010386
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010386
5009566
11926
11927
Yes
Security Update
10.0.22000.493
5010342
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010342
5009543
11929
11930
11931
Yes
Security Update
10.0.19044.1526
5010358
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010358
5009585
10729
10735
Yes
Security Update
10.0.10240.19204
5010359
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010359
5009546
10852
10853
10816
10855
Yes
Security Update
10.0.14393.4946
5010359
https://support.microsoft.com/help/5010359
10852
10853
10816
10855
5010404
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010404
5009610
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.25860
5010404
https://support.microsoft.com/help/5010404
10047
10048
10051
10049
5010422
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010422
10047
10048
10051
10049
Yes
Security Only
6.1.7601.25860
5010422
https://support.microsoft.com/help/5010422
10047
10048
10051
10049
5010419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010419
5009624
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20269
5010419
https://support.microsoft.com/help/5010419
10481
10482
10484
10483
10543
5010395
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010395
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20269
5010395
https://support.microsoft.com/help/5010395
10481
10482
10483
10543
5010419
5009624
10484
Yes
Monthly Rollup
6.3.9600.20269
5010384
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010384
5009627
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21374
5010384
https://support.microsoft.com/help/5010384
9312
10287
9318
9344
5010403
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010403
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21372
5010403
https://support.microsoft.com/help/5010403
9312
10287
9318
9344
5010392
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010392
5009586
10378
10379
Yes
Monthly Rollup
6.2.9200.23605
5010392
https://support.microsoft.com/help/5010392
10378
10379
5010412
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5010412
10378
10379
Yes
Security Only
6.2.9200.23605
5010412
https://support.microsoft.com/help/5010412
10378
10379
<a href="https://cyberkl.com">Kunlun Lab</a>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Azure Data Explorer Spoofing Vulnerability
<p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability?</strong></p>
<p>This vulnerability discloses a user's JSON web token to the attacker.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p>
<p><strong>How do I get the security update for Azure Data Explorer?</strong></p>
<p>You need to restart the Kusto.Explorer application. The update will be automatically downloaded.</p>
<p><strong>Where can I find information about the update?</strong></p>
<p>Release notes for the update are available in the application menu under <strong>Help->What’s new</strong>, under the applicable Version.</p>
<p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of integrity (I:H)? What does that mean for this vulnerability?</strong></p>
<p>The compromised JSON web token can be used to compromise accounts and modify account information.</p>
Azure Data Explorer
Microsoft
Yes
CVE-2022-23256
12004
Spoofing
12004
Important
12004
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
8.1
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12004
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Microsoft Outlook for Mac Security Feature Bypass Vulnerability
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>The attacker would be able to bypass the protection in Outlook that prevents an image from being shown automatically in an email. Depending on the user's settings, the user would normally need to choose to download images for display. If an attacker successfully exploited this vulnerability it could expose the target's IP information.</p>
<p><strong>How do I get the update for Outlook for Mac?</strong></p>
<ol>
<li>Tap the Settings Icon</li>
<li>Tap the iTunes & App Store</li>
<li>Turn on AUTOMATIC DOWNLOADS for Apps</li>
</ol>
<p><strong>Alternatively</strong></p>
<ol>
<li>Tap the App Store Icon</li>
<li>Scroll down to find Microsoft Outlook</li>
<li>Tap the Update button</li>
</ol>
<p><strong>If the preview pane is an attack vector, why is the severity for this vulnerability Important and not Critical?</strong></p>
<p>Even though the preview pane is an attack vector, the attacker cannot achieve remote code execution if they successfully exploit the vulnerability, but can only gain information from the victim.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
Microsoft Office Outlook
Microsoft
Yes
CVE-2022-23280
10768
Security Feature Bypass
10768
Important
10768
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10768
App Store
10768
Maybe
Security Update
16.57
<a href="https://twitter.com/r0ns3n">Ronnie Salomonsen</a> with <a href="https://www.mandiant.com/">Mandiant</a>
1.1
2022-02-09T08:00:00
<p>Updated acknowledgment. This is an informational change only.</p>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
VP9 Video Extensions Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>How do I get the updated app?</strong></p>
<p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p>
<p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p>
<p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. VLSC customers can visit the Volume Licensing Servicing Center to get the update <a href="https://www.microsoft.com/Licensing/servicecenter/">https://www.microsoft.com/Licensing/servicecenter/</a>.</p>
<p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p>
<p><strong>How can I check if the update is installed?</strong></p>
<p>App package versions <strong>1.0.42791.0</strong> and later contain this update.
You can check the package version in PowerShell: <code>Get-AppxPackage -Name Microsoft.VP9VideoExtensions</code></p>
Microsoft Windows Codecs Library
Microsoft
Yes
CVE-2022-22709
11884
Remote Code Execution
11884
Important
11884
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11884
MS Store Information
11884
Maybe
Security Update
1.0.42791.0
<a href="">Zhihua Yao</a> with <a href="">KunLun Lab</a>
1.0
2022-02-08T08:00:00
<p>Information published.</p>
Chromium: CVE-2022-0452 Use after free in Safe Browsing
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.43</td>
<td>2/3/2022</td>
<td>98.0.4758.80</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0452
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.43
1.0
2022-02-02T02:02:19
<p>Information published.</p>
Chromium: CVE-2022-0453 Use after free in Reader Mode
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.43</td>
<td>2/3/2022</td>
<td>98.0.4758.80</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0453
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.43
1.0
2022-02-02T02:02:30
<p>Information published.</p>
Chromium: CVE-2022-0454 Heap buffer overflow in ANGLE
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.43</td>
<td>2/3/2022</td>
<td>98.0.4758.80</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0454
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.43
1.0
2022-02-02T02:02:40
<p>Information published.</p>
Chromium: CVE-2022-0455 Inappropriate implementation in Full Screen Mode
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.43</td>
<td>2/3/2022</td>
<td>98.0.4758.80</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0455
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.43
1.0
2022-02-02T02:02:49
<p>Information published.</p>
Chromium: CVE-2022-0456 Use after free in Web Search
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.43</td>
<td>2/3/2022</td>
<td>98.0.4758.80</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0456
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.43
1.0
2022-02-02T02:02:57
<p>Information published.</p>
Chromium: CVE-2022-0457 Type Confusion in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.43</td>
<td>2/3/2022</td>
<td>98.0.4758.80</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0457
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.43
1.0
2022-02-02T02:03:07
<p>Information published.</p>
Chromium: CVE-2022-0458 Use after free in Thumbnail Tab Strip
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.43</td>
<td>2/3/2022</td>
<td>98.0.4758.80</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0458
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.43
1.0
2022-02-02T02:03:16
<p>Information published.</p>
Chromium: CVE-2022-0459 Use after free in Screen Capture
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.43</td>
<td>2/3/2022</td>
<td>98.0.4758.80</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0459
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.43
1.0
2022-02-02T02:03:26
<p>Information published.</p>
Chromium: CVE-2022-0460 Use after free in Window Dialog
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.43</td>
<td>2/3/2022</td>
<td>98.0.4758.80</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0460
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.43
1.0
2022-02-02T02:03:36
<p>Information published.</p>
Chromium: CVE-2022-0461 Policy bypass in COOP
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.43</td>
<td>2/3/2022</td>
<td>98.0.4758.80</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0461
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.43
1.0
2022-02-02T02:03:44
<p>Information published.</p>
Chromium: CVE-2022-0462 Inappropriate implementation in Scroll
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.43</td>
<td>2/3/2022</td>
<td>98.0.4758.80</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0462
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.43
1.0
2022-02-02T02:03:55
<p>Information published.</p>
Chromium: CVE-2022-0463 Use after free in Accessibility
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.43</td>
<td>2/3/2022</td>
<td>98.0.4758.80</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0463
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.43
1.0
2022-02-02T02:04:04
<p>Information published.</p>
Chromium: CVE-2022-0464 Use after free in Accessibility
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.43</td>
<td>2/3/2022</td>
<td>98.0.4758.80</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0464
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.43
1.0
2022-02-02T02:04:14
<p>Information published.</p>
Chromium: CVE-2022-0465 Use after free in Extensions
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.43</td>
<td>2/3/2022</td>
<td>98.0.4758.80</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0465
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.43
1.0
2022-02-02T02:04:24
<p>Information published.</p>
Chromium: CVE-2022-0466 Inappropriate implementation in Extensions Platform
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.43</td>
<td>2/3/2022</td>
<td>98.0.4758.80</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0466
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.43
1.0
2022-02-02T02:04:32
<p>Information published.</p>
Chromium: CVE-2022-0467 Inappropriate implementation in Pointer Lock
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.43</td>
<td>2/3/2022</td>
<td>98.0.4758.80</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0467
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.43
1.0
2022-02-02T02:04:40
<p>Information published.</p>
Chromium: CVE-2022-0468 Use after free in Payments
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.43</td>
<td>2/3/2022</td>
<td>98.0.4758.80</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0468
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.43
1.0
2022-02-02T02:04:49
<p>Information published.</p>
Chromium: CVE-2022-0469 Use after free in Cast
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.43</td>
<td>2/3/2022</td>
<td>98.0.4758.80</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0469
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.43
1.0
2022-02-02T02:04:56
<p>Information published.</p>
Chromium: CVE-2022-0470 Out of bounds memory access in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2022">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>98.0.1108.43</td>
<td>2/3/2022</td>
<td>98.0.4758.80</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2022-0470
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
98.0.1108.43
1.0
2022-02-02T02:05:04
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2021-22600
https://nvd.nist.gov/vuln/detail/CVE-2021-22600
Mariner
security@google.com
Yes
CVE-2021-22600
12139
12140
12139
12140
12139
12140
DOS:N/A
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
12139
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
12140
kernel
12139
kernel-5.15.32.1-3.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.32.1-3.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.32.1-3.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.32.1-3.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.32.1-3.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.32.1-3.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.32.1-3.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.32.1-3.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.32.1-3.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.18.1-1
kernel
12140
kernel-5.15.32.1-3.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.32.1-3.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.32.1-3.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.32.1-3.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.32.1-3.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.32.1-3.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.32.1-3.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.32.1-3.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.32.1-3.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.32.1-3.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.18.1-1
1.0
2022-02-05T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2021-36690
https://nvd.nist.gov/vuln/detail/CVE-2021-36690
Mariner
cve@mitre.org
Yes
CVE-2021-36690
12139
12140
12139
12140
12139
12140
DOS:N/A
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12139
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12140
sqlite
12139
sqlite-3.36.0-3.cm2.x86_64.rpm
0001-01-01T00:00:00
sqlite-devel-3.36.0-3.cm2.x86_64.rpm
0001-01-01T00:00:00
sqlite-libs-3.36.0-3.cm2.x86_64.rpm
0001-01-01T00:00:00
sqlite-debuginfo-3.36.0-3.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
3.36.0-3
sqlite
12140
sqlite-3.36.0-3.cm2.aarch64.rpm
0001-01-01T00:00:00
sqlite-devel-3.36.0-3.cm2.aarch64.rpm
0001-01-01T00:00:00
sqlite-libs-3.36.0-3.cm2.aarch64.rpm
0001-01-01T00:00:00
sqlite-debuginfo-3.36.0-3.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
3.36.0-3
1.0
2022-02-10T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2018-16301
https://nvd.nist.gov/vuln/detail/CVE-2018-16301
https://nvd.nist.gov/vuln/detail/CVE-2018-16301
https://nvd.nist.gov/vuln/detail/CVE-2018-16301
Mariner
cve@mitre.org
Yes
CVE-2018-16301
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12139
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12140
tcpdump
12137
tcpdump-4.99.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
tcpdump-debuginfo-4.99.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
4.99.1-1
tcpdump
12138
tcpdump-4.99.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
tcpdump-debuginfo-4.99.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
4.99.1-1
tcpdump
12139
tcpdump-4.99.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
tcpdump-debuginfo-4.99.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
4.99.1-1
tcpdump
12140
tcpdump-4.99.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
tcpdump-debuginfo-4.99.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
4.99.1-1
1.0
2022-02-15T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2021-45079
https://nvd.nist.gov/vuln/detail/CVE-2021-45079
https://nvd.nist.gov/vuln/detail/CVE-2021-45079
https://nvd.nist.gov/vuln/detail/CVE-2021-45079
Mariner
cve@mitre.org
Yes
CVE-2021-45079
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
9.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
12137
9.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
12138
9.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
12139
9.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
12140
strongswan
12137
strongswan-5.7.2-5.cm1.x86_64.rpm
0001-01-01T00:00:00
strongswan-debuginfo-5.7.2-5.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.7.2-5
strongswan
12138
strongswan-5.7.2-5.cm1.aarch64.rpm
0001-01-01T00:00:00
strongswan-debuginfo-5.7.2-5.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.7.2-5
strongswan
12139
strongswan-5.9.5-1.cm2.x86_64.rpm
0001-01-01T00:00:00
strongswan-debuginfo-5.9.5-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.9.5-1
strongswan
12140
strongswan-5.9.5-1.cm2.aarch64.rpm
0001-01-01T00:00:00
strongswan-debuginfo-5.9.5-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.9.5-1
1.0
2022-02-08T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2021-46657
https://nvd.nist.gov/vuln/detail/CVE-2021-46657
https://nvd.nist.gov/vuln/detail/CVE-2021-46657
https://nvd.nist.gov/vuln/detail/CVE-2021-46657
Mariner
cve@mitre.org
Yes
CVE-2021-46657
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12138
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12139
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12140
mariadb
12137
mariadb-10.3.32-1.cm1.x86_64.rpm
0001-01-01T00:00:00
mariadb-server-10.3.32-1.cm1.x86_64.rpm
0001-01-01T00:00:00
mariadb-server-galera-10.3.32-1.cm1.x86_64.rpm
0001-01-01T00:00:00
mariadb-devel-10.3.32-1.cm1.x86_64.rpm
0001-01-01T00:00:00
mariadb-errmsg-10.3.32-1.cm1.x86_64.rpm
0001-01-01T00:00:00
mariadb-debuginfo-10.3.32-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
10.3.32-1
mariadb
12138
mariadb-10.3.32-1.cm1.aarch64.rpm
0001-01-01T00:00:00
mariadb-server-10.3.32-1.cm1.aarch64.rpm
0001-01-01T00:00:00
mariadb-server-galera-10.3.32-1.cm1.aarch64.rpm
0001-01-01T00:00:00
mariadb-devel-10.3.32-1.cm1.aarch64.rpm
0001-01-01T00:00:00
mariadb-errmsg-10.3.32-1.cm1.aarch64.rpm
0001-01-01T00:00:00
mariadb-debuginfo-10.3.32-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
10.3.32-1
mariadb
12139
mariadb-10.6.7-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mariadb-server-10.6.7-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mariadb-server-galera-10.6.7-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mariadb-devel-10.6.7-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mariadb-errmsg-10.6.7-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mariadb-debuginfo-10.6.7-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
10.6.7-1
mariadb
12140
mariadb-10.6.7-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mariadb-server-10.6.7-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mariadb-server-galera-10.6.7-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mariadb-devel-10.6.7-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mariadb-errmsg-10.6.7-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mariadb-debuginfo-10.6.7-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
10.6.7-1
1.0
2022-02-05T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2021-46658
https://nvd.nist.gov/vuln/detail/CVE-2021-46658
https://nvd.nist.gov/vuln/detail/CVE-2021-46658
https://nvd.nist.gov/vuln/detail/CVE-2021-46658
Mariner
cve@mitre.org
Yes
CVE-2021-46658
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12138
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12139
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12140
mariadb
12137
mariadb-10.3.32-1.cm1.x86_64.rpm
0001-01-01T00:00:00
mariadb-server-10.3.32-1.cm1.x86_64.rpm
0001-01-01T00:00:00
mariadb-server-galera-10.3.32-1.cm1.x86_64.rpm
0001-01-01T00:00:00
mariadb-devel-10.3.32-1.cm1.x86_64.rpm
0001-01-01T00:00:00
mariadb-errmsg-10.3.32-1.cm1.x86_64.rpm
0001-01-01T00:00:00
mariadb-debuginfo-10.3.32-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
10.3.32-1
mariadb
12138
mariadb-10.3.32-1.cm1.aarch64.rpm
0001-01-01T00:00:00
mariadb-server-10.3.32-1.cm1.aarch64.rpm
0001-01-01T00:00:00
mariadb-server-galera-10.3.32-1.cm1.aarch64.rpm
0001-01-01T00:00:00
mariadb-devel-10.3.32-1.cm1.aarch64.rpm
0001-01-01T00:00:00
mariadb-errmsg-10.3.32-1.cm1.aarch64.rpm
0001-01-01T00:00:00
mariadb-debuginfo-10.3.32-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
10.3.32-1
mariadb
12139
mariadb-10.6.7-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mariadb-server-10.6.7-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mariadb-server-galera-10.6.7-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mariadb-devel-10.6.7-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mariadb-errmsg-10.6.7-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mariadb-debuginfo-10.6.7-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
10.6.7-1
mariadb
12140
mariadb-10.6.7-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mariadb-server-10.6.7-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mariadb-server-galera-10.6.7-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mariadb-devel-10.6.7-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mariadb-errmsg-10.6.7-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mariadb-debuginfo-10.6.7-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
10.6.7-1
1.0
2022-02-05T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2021-46659
https://nvd.nist.gov/vuln/detail/CVE-2021-46659
https://nvd.nist.gov/vuln/detail/CVE-2021-46659
https://nvd.nist.gov/vuln/detail/CVE-2021-46659
Mariner
cve@mitre.org
Yes
CVE-2021-46659
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12138
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12139
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12140
mariadb
12137
mariadb-10.3.34-1.cm1.x86_64.rpm
0001-01-01T00:00:00
mariadb-server-10.3.34-1.cm1.x86_64.rpm
0001-01-01T00:00:00
mariadb-server-galera-10.3.34-1.cm1.x86_64.rpm
0001-01-01T00:00:00
mariadb-devel-10.3.34-1.cm1.x86_64.rpm
0001-01-01T00:00:00
mariadb-errmsg-10.3.34-1.cm1.x86_64.rpm
0001-01-01T00:00:00
mariadb-debuginfo-10.3.34-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
10.3.34-1
mariadb
12138
mariadb-10.3.34-1.cm1.aarch64.rpm
0001-01-01T00:00:00
mariadb-server-10.3.34-1.cm1.aarch64.rpm
0001-01-01T00:00:00
mariadb-server-galera-10.3.34-1.cm1.aarch64.rpm
0001-01-01T00:00:00
mariadb-devel-10.3.34-1.cm1.aarch64.rpm
0001-01-01T00:00:00
mariadb-errmsg-10.3.34-1.cm1.aarch64.rpm
0001-01-01T00:00:00
mariadb-debuginfo-10.3.34-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
10.3.34-1
mariadb
12139
mariadb-10.6.7-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mariadb-server-10.6.7-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mariadb-server-galera-10.6.7-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mariadb-devel-10.6.7-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mariadb-errmsg-10.6.7-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mariadb-debuginfo-10.6.7-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
10.6.7-1
mariadb
12140
mariadb-10.6.7-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mariadb-server-10.6.7-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mariadb-server-galera-10.6.7-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mariadb-devel-10.6.7-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mariadb-errmsg-10.6.7-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mariadb-debuginfo-10.6.7-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
10.6.7-1
1.0
2022-02-05T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-0393
https://nvd.nist.gov/vuln/detail/CVE-2022-0393
https://nvd.nist.gov/vuln/detail/CVE-2022-0393
https://nvd.nist.gov/vuln/detail/CVE-2022-0393
Mariner
security@huntr.dev
Yes
CVE-2022-0393
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
12137
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
12138
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
12139
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
12140
vim
12137
vim-8.2.4281-1.cm1.x86_64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4281-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4281-1
vim
12138
vim-8.2.4281-1.cm1.aarch64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4281-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4281-1
vim
12139
vim-8.2.4743-2.cm2.x86_64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4743-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4233-1
vim
12140
vim-8.2.4743-2.cm2.aarch64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4743-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4233-1
1.0
2022-02-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-0368
https://nvd.nist.gov/vuln/detail/CVE-2022-0368
https://nvd.nist.gov/vuln/detail/CVE-2022-0368
https://nvd.nist.gov/vuln/detail/CVE-2022-0368
Mariner
security@huntr.dev
Yes
CVE-2022-0368
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12139
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12140
vim
12137
vim-8.2.4281-1.cm1.x86_64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4281-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4281-1
vim
12138
vim-8.2.4281-1.cm1.aarch64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4281-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4281-1
vim
12139
vim-8.2.4743-2.cm2.x86_64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4743-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4233-1
vim
12140
vim-8.2.4743-2.cm2.aarch64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4743-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4233-1
1.0
2022-02-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-0392
https://nvd.nist.gov/vuln/detail/CVE-2022-0392
https://nvd.nist.gov/vuln/detail/CVE-2022-0392
https://nvd.nist.gov/vuln/detail/CVE-2022-0392
Mariner
security@huntr.dev
Yes
CVE-2022-0392
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12139
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12140
vim
12137
vim-8.2.4281-1.cm1.x86_64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4281-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4281-1
vim
12138
vim-8.2.4281-1.cm1.aarch64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4281-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4281-1
vim
12139
vim-8.2.4743-2.cm2.x86_64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4743-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4233-1
vim
12140
vim-8.2.4743-2.cm2.aarch64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4743-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4233-1
1.0
2022-02-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-0359
https://nvd.nist.gov/vuln/detail/CVE-2022-0359
https://nvd.nist.gov/vuln/detail/CVE-2022-0359
https://nvd.nist.gov/vuln/detail/CVE-2022-0359
Mariner
security@huntr.dev
Yes
CVE-2022-0359
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12139
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12140
vim
12137
vim-8.2.4281-1.cm1.x86_64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4281-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4281-1
vim
12138
vim-8.2.4281-1.cm1.aarch64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4281-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4281-1
vim
12139
vim-8.2.4743-2.cm2.x86_64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4743-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4233-1
vim
12140
vim-8.2.4743-2.cm2.aarch64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4743-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4233-1
1.0
2022-02-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-0361
https://nvd.nist.gov/vuln/detail/CVE-2022-0361
https://nvd.nist.gov/vuln/detail/CVE-2022-0361
https://nvd.nist.gov/vuln/detail/CVE-2022-0361
Mariner
security@huntr.dev
Yes
CVE-2022-0361
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12139
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12140
vim
12137
vim-8.2.4281-1.cm1.x86_64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4281-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4281-1
vim
12138
vim-8.2.4281-1.cm1.aarch64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4281-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4281-1
vim
12139
vim-8.2.4743-2.cm2.x86_64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4743-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4233-1
vim
12140
vim-8.2.4743-2.cm2.aarch64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4743-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4233-1
1.0
2022-02-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-0413
https://nvd.nist.gov/vuln/detail/CVE-2022-0413
https://nvd.nist.gov/vuln/detail/CVE-2022-0413
https://nvd.nist.gov/vuln/detail/CVE-2022-0413
Mariner
security@huntr.dev
Yes
CVE-2022-0413
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12139
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12140
vim
12137
vim-8.2.4281-1.cm1.x86_64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4281-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4281-1
vim
12138
vim-8.2.4281-1.cm1.aarch64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4281-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4281-1
vim
12139
vim-8.2.4743-2.cm2.x86_64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4743-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4743-1
vim
12140
vim-8.2.4743-2.cm2.aarch64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4743-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4743-1
1.0
2022-02-05T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-0408
https://nvd.nist.gov/vuln/detail/CVE-2022-0408
https://nvd.nist.gov/vuln/detail/CVE-2022-0408
https://nvd.nist.gov/vuln/detail/CVE-2022-0408
Mariner
security@huntr.dev
Yes
CVE-2022-0408
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12139
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12140
vim
12137
vim-8.2.4281-1.cm1.x86_64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4281-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4281-1
vim
12138
vim-8.2.4281-1.cm1.aarch64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4281-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4281-1
vim
12139
vim-8.2.4743-2.cm2.x86_64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4743-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4743-1
vim
12140
vim-8.2.4743-2.cm2.aarch64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4743-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4743-1
1.0
2022-02-05T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-0407
https://nvd.nist.gov/vuln/detail/CVE-2022-0407
https://nvd.nist.gov/vuln/detail/CVE-2022-0407
https://nvd.nist.gov/vuln/detail/CVE-2022-0407
Mariner
security@huntr.dev
Yes
CVE-2022-0407
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12139
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12140
vim
12137
vim-8.2.4281-1.cm1.x86_64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4281-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4281-1
vim
12138
vim-8.2.4281-1.cm1.aarch64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4281-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4281-1
vim
12139
vim-8.2.4743-2.cm2.x86_64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4743-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4233-1
vim
12140
vim-8.2.4743-2.cm2.aarch64.rpm
0001-01-01T00:00:00
vim-extra-8.2.4743-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.2.4233-1
1.0
2022-02-05T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-22844
https://nvd.nist.gov/vuln/detail/CVE-2022-22844
Mariner
cve@mitre.org
Yes
CVE-2022-22844
12139
12140
12139
12140
12139
12140
DOS:N/A
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
12139
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
12140
libtiff
12139
libtiff-4.3.0-2.cm2.x86_64.rpm
0001-01-01T00:00:00
libtiff-devel-4.3.0-2.cm2.x86_64.rpm
0001-01-01T00:00:00
libtiff-debuginfo-4.3.0-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
4.3.0-2
libtiff
12140
libtiff-4.3.0-2.cm2.aarch64.rpm
0001-01-01T00:00:00
libtiff-devel-4.3.0-2.cm2.aarch64.rpm
0001-01-01T00:00:00
libtiff-debuginfo-4.3.0-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
4.3.0-2
1.0
2022-02-17T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-24122
https://nvd.nist.gov/vuln/detail/CVE-2022-24122
Mariner
cve@mitre.org
Yes
CVE-2022-24122
12139
12140
12139
12140
12139
12140
DOS:N/A
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12139
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12140
kernel
12139
kernel-5.15.32.1-3.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.32.1-3.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.32.1-3.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.32.1-3.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.32.1-3.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.32.1-3.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.32.1-3.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.32.1-3.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.32.1-3.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.26.1-1
kernel
12140
kernel-5.15.32.1-3.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.32.1-3.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.32.1-3.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.32.1-3.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.32.1-3.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.32.1-3.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.32.1-3.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.32.1-3.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.32.1-3.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.32.1-3.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.26.1-1
1.0
2022-02-05T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-24130
https://nvd.nist.gov/vuln/detail/CVE-2022-24130
Mariner
cve@mitre.org
Yes
CVE-2022-24130
12139
12140
12139
12140
12139
12140
DOS:N/A
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
12139
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
12140
xterm
12139
xterm-372-1.cm2.x86_64.rpm
0001-01-01T00:00:00
xterm-resize-372-1.cm2.x86_64.rpm
0001-01-01T00:00:00
xterm-debuginfo-372-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
372-1
xterm
12140
xterm-372-1.cm2.aarch64.rpm
0001-01-01T00:00:00
xterm-resize-372-1.cm2.aarch64.rpm
0001-01-01T00:00:00
xterm-debuginfo-372-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
372-1
1.0
2022-02-05T00:00:00
<p>Information published.</p>