February 2024 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2024-Feb 2024-Feb Final 1.0 276 2026-05-17T14:51:21 February 2024 Security Updates 2024-02-13T08:00:00 2026-05-17T14:51:21 <h2 id="this-release-consists-of-the-following-77-microsoft-cves">This release consists of the following 77 Microsoft CVEs:</h2> <table> <thead> <tr> <th>Tag</th> <th>CVE</th> <th>Base Score</th> <th>CVSS Vector</th> <th>Exploitability</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Azure DevOps</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20667">CVE-2024-20667</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20673">CVE-2024-20673</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Stack</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20679">CVE-2024-20679</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20684">CVE-2024-20684</a></td> <td>6.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Skype for Business</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20695">CVE-2024-20695</a></td> <td>5.7</td> <td>CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Trusted Compute Base</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21304">CVE-2024-21304</a></td> <td>4.1</td> <td>CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Defender for Endpoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21315">CVE-2024-21315</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21327">CVE-2024-21327</a></td> <td>7.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21328">CVE-2024-21328</a></td> <td>7.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Connected Machine Agent</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21329">CVE-2024-21329</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21338">CVE-2024-21338</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows USB Serial Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21339">CVE-2024-21339</a></td> <td>6.4</td> <td>CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21340">CVE-2024-21340</a></td> <td>4.6</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21341">CVE-2024-21341</a></td> <td>6.8</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: DNS Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21342">CVE-2024-21342</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Internet Connection Sharing (ICS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21343">CVE-2024-21343</a></td> <td>5.9</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Internet Connection Sharing (ICS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21344">CVE-2024-21344</a></td> <td>5.9</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21345">CVE-2024-21345</a></td> <td>8.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K - ICOMP</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21346">CVE-2024-21346</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21347">CVE-2024-21347</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Internet Connection Sharing (ICS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21348">CVE-2024-21348</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft ActiveX</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21349">CVE-2024-21349</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21350">CVE-2024-21350</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows SmartScreen</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21351">CVE-2024-21351</a></td> <td>7.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21352">CVE-2024-21352</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC ODBC Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21353">CVE-2024-21353</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21354">CVE-2024-21354</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21355">CVE-2024-21355</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows LDAP - Lightweight Directory Access Protocol</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21356">CVE-2024-21356</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Internet Connection Sharing (ICS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21357">CVE-2024-21357</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21358">CVE-2024-21358</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21359">CVE-2024-21359</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21360">CVE-2024-21360</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21361">CVE-2024-21361</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21362">CVE-2024-21362</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21363">CVE-2024-21363</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Site Recovery</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21364">CVE-2024-21364</a></td> <td>9.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21365">CVE-2024-21365</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21366">CVE-2024-21366</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21367">CVE-2024-21367</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21368">CVE-2024-21368</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21369">CVE-2024-21369</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21370">CVE-2024-21370</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21371">CVE-2024-21371</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows OLE</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21372">CVE-2024-21372</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Teams for Android</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21374">CVE-2024-21374</a></td> <td>5.0</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21375">CVE-2024-21375</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Azure Kubernetes Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21376">CVE-2024-21376</a></td> <td>9.0</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows DNS</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21377">CVE-2024-21377</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Outlook</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21378">CVE-2024-21378</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21379">CVE-2024-21379</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21380">CVE-2024-21380</a></td> <td>8.0</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Active Directory</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21381">CVE-2024-21381</a></td> <td>6.8</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office OneNote</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21384">CVE-2024-21384</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21386">CVE-2024-21386</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21389">CVE-2024-21389</a></td> <td>7.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21391">CVE-2024-21391</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21393">CVE-2024-21393</a></td> <td>7.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21394">CVE-2024-21394</a></td> <td>7.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21395">CVE-2024-21395</a></td> <td>8.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21396">CVE-2024-21396</a></td> <td>7.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure File Sync</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21397">CVE-2024-21397</a></td> <td>5.3</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21399">CVE-2024-21399</a></td> <td>8.3</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Active Directory</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21401">CVE-2024-21401</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Outlook</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21402">CVE-2024-21402</a></td> <td>7.1</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Azure Kubernetes Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21403">CVE-2024-21403</a></td> <td>9.0</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21404">CVE-2024-21404</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21405">CVE-2024-21405</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21406">CVE-2024-21406</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21410">CVE-2024-21410</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Internet Shortcut Files</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21412">CVE-2024-21412</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21413">CVE-2024-21413</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21420">CVE-2024-21420</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21423">CVE-2024-21423</a></td> <td>4.8</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26188">CVE-2024-26188</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26192">CVE-2024-26192</a></td> <td>8.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge for Android</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26196">CVE-2024-26196</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="we-are-republishing-17-non-microsoft-cves">We are republishing 17 non-Microsoft CVEs:</h2> <table> <thead> <tr> <th>CNA</th> <th>Tag</th> <th>CVE</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>MITRE</td> <td>Role: DNS Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-50387">CVE-2023-50387</a></td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-1059">CVE-2024-1059</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-1060">CVE-2024-1060</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-1077">CVE-2024-1077</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-1283">CVE-2024-1283</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-1284">CVE-2024-1284</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-1669">CVE-2024-1669</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-1670">CVE-2024-1670</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-1671">CVE-2024-1671</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-1672">CVE-2024-1672</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-1673">CVE-2024-1673</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-1674">CVE-2024-1674</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-1675">CVE-2024-1675</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-1676">CVE-2024-1676</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-1938">CVE-2024-1938</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-1939">CVE-2024-1939</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>GitHub</td> <td>GitHub</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21626">CVE-2024-21626</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-resources">Relevant Resources</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5034763">5034763</a></td> <td>Windows 10, version 21H2, Windows 10, version 22H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5034770">5034770</a></td> <td>Windows Server 2022</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5034795">5034795</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5034833">5034833</a></td> <td>Windows Server 2008 R2 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5035606">5035606</a></td> <td>Exchange Server 2019</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft PowerPoint 2016 (32-bit edition) Microsoft PowerPoint 2016 (64-bit edition) Microsoft Visio 2016 (32-bit edition) Microsoft Visio 2016 (64-bit edition) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Publisher 2016 (32-bit edition) Microsoft Publisher 2016 (64-bit edition) Skype for Business 2016 (32-bit) Skype for Business 2016 (64-bit) Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Skype for Business Server 2019 CU7 Microsoft Teams for Android Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Microsoft Dynamics 365 Customer Engagement V9.1 Microsoft Dynamics 365 (on-premises) version 9.1 Microsoft Dynamics 365 Business Central 2022 Release Wave 2 Microsoft Dynamics 365 Business Central 2023 Release Wave 1 Microsoft Dynamics 365 Business Central 2023 Release Wave 2 Azure Connected Machine Agent Microsoft Azure Active Directory B2C Microsoft Entra Jira Single-Sign-On Plugin Azure Kubernetes Service Azure DevOps Server 2022.1 Azure Stack Hub Azure Site Recovery Azure Kubernetes Service Confidential Containers Azure File Sync v16.0 Azure File Sync v15.0 Azure File Sync v14.0 Azure File Sync v17.0 Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 13 Microsoft Exchange Server 2019 Cumulative Update 14 Microsoft Edge (Chromium-based) Microsoft Edge for Android Microsoft Edge (Chromium-based) Extended Stable CBL Mariner 2.0 ARM CBL Mariner 2.0 x64 CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM Microsoft Defender for Endpoint for Windows on Windows 10 Version 1809 for 32-bit Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 1809 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 1809 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows Server 2019 Microsoft Defender for Endpoint for Windows on Windows Server 2019 (Server Core installation) Microsoft Defender for Endpoint for Windows on Windows Server 2022 Microsoft Defender for Endpoint for Windows on Windows Server 2022 (Server Core installation) Microsoft Defender for Endpoint for Windows on Windows 11 version 21H2 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows 11 version 21H2 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H2 for 32-bit Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H2 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H2 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 for 32-bit Systems Microsoft Defender for Endpoint for Windows on Windows 10 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 1607 for 32-bit Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 1607 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows Server 2016 Microsoft Defender for Endpoint for Windows on Windows Server 2016 (Server Core installation) Microsoft Defender for Endpoint for Windows on Windows Server 2012 R2 Microsoft Defender for Endpoint for Windows on Windows Server 2012 R2 (Server Core installation) Microsoft Defender for Endpoint for Windows on Windows 11 Version 23H2 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows 11 Version 22H2 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 22H2 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 22H2 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows Server 2022, 23H2 Edition (Server Core installation) Microsoft Defender for Endpoint for Windows on Windows 11 Version 23H2 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows 11 Version 22H2 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 22H2 for 32-bit Systems Microsoft Defender for Endpoint for Windows on Windows Server 2012 Microsoft Defender for Endpoint for Windows on Windows Server 2012 (Server Core installation) Azure DevOps Server 2019.1.2 Azure DevOps Server 2020.1.2 ASP.NET Core 6.0 ASP.NET Core 7.0 ASP.NET Core 8.0 Microsoft Visual Studio 2022 version 17.4 Microsoft Visual Studio 2022 version 17.6 Microsoft Visual Studio 2022 version 17.8 .NET 6.0 .NET 7.0 .NET 8.0 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft PowerPoint 2016 (32-bit edition) Microsoft PowerPoint 2016 (64-bit edition) Microsoft Visio 2016 (32-bit edition) Microsoft Visio 2016 (64-bit edition) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Publisher 2016 (32-bit edition) Microsoft Publisher 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Skype for Business 2016 (32-bit) Skype for Business 2016 (64-bit) Windows Server 2016 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Edge (Chromium-based) Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Edge for Android Azure Kubernetes Service Microsoft Dynamics 365 (on-premises) version 9.1 Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Azure Stack Hub Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Dynamics 365 Customer Engagement V9.1 Azure Site Recovery ASP.NET Core 6.0 Microsoft Teams for Android .NET 6.0 Microsoft Defender for Endpoint for Windows on Windows Server 2012 Microsoft Defender for Endpoint for Windows on Windows Server 2012 (Server Core installation) Microsoft Defender for Endpoint for Windows on Windows Server 2012 R2 Microsoft Defender for Endpoint for Windows on Windows Server 2012 R2 (Server Core installation) Microsoft Defender for Endpoint for Windows on Windows 10 for 32-bit Systems Microsoft Defender for Endpoint for Windows on Windows 10 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows Server 2016 Microsoft Defender for Endpoint for Windows on Windows 10 Version 1607 for 32-bit Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 1607 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows Server 2016 (Server Core installation) Microsoft Defender for Endpoint for Windows on Windows 10 Version 1809 for 32-bit Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 1809 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 1809 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows Server 2019 Microsoft Defender for Endpoint for Windows on Windows Server 2019 (Server Core installation) Microsoft Defender for Endpoint for Windows on Windows Server 2022 Microsoft Defender for Endpoint for Windows on Windows Server 2022 (Server Core installation) Microsoft Defender for Endpoint for Windows on Windows 11 version 21H2 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows 11 version 21H2 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H2 for 32-bit Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H2 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 21H2 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows 11 Version 22H2 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows 11 Version 22H2 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 22H2 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 22H2 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows 10 Version 22H2 for 32-bit Systems Microsoft Defender for Endpoint for Windows on Windows 11 Version 23H2 for ARM64-based Systems Microsoft Defender for Endpoint for Windows on Windows 11 Version 23H2 for x64-based Systems Microsoft Defender for Endpoint for Windows on Windows Server 2022, 23H2 Edition (Server Core installation) Microsoft Exchange Server 2016 Cumulative Update 23 Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Microsoft Dynamics 365 Business Central 2022 Release Wave 2 Microsoft Visual Studio 2022 version 17.4 .NET 7.0 CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM Microsoft Edge (Chromium-based) Extended Stable Azure DevOps Server 2020.1.2 Microsoft Visual Studio 2022 version 17.6 Microsoft Exchange Server 2019 Cumulative Update 13 Azure DevOps Server 2019.1.2 Microsoft Dynamics 365 Business Central 2023 Release Wave 1 Skype for Business Server 2019 CU7 ASP.NET Core 7.0 Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) ASP.NET Core 8.0 .NET 8.0 Azure Connected Machine Agent Azure DevOps Server 2022.1 Microsoft Visual Studio 2022 version 17.8 Azure File Sync v17.0 Azure Kubernetes Service Confidential Containers Microsoft Entra Jira Single-Sign-On Plugin Microsoft Azure Active Directory B2C Microsoft Exchange Server 2019 Cumulative Update 14 Microsoft Dynamics 365 Business Central 2023 Release Wave 2 Azure File Sync v14.0 Azure File Sync v15.0 Azure File Sync v16.0 cbl2 kernel 5.15.153.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.22.1-2 on Azure Linux 3.0 azl3 ceph 18.2.2-1 on Azure Linux 3.0 cbl2 reaper 3.1.1-10 on CBL Mariner 2.0 cbl2 kernel 5.15.148.2-2 on CBL Mariner 2.0 azl3 hyperv-daemons 6.6.35.1-1 on Azure Linux 3.0 azl3 hyperv-daemons 6.6.35.1-1 on Azure Linux 3.0 azl3 nodejs 20.14.0-1 on Azure Linux 3.0 azl3 kernel 6.6.35.1-4 on Azure Linux 3.0 azl3 bind 9.16.44-2 on Azure Linux 3.0 cbl2 kernel 5.15.186.1-1 on CBL Mariner 2.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 kernel 5.15.180.1-1 on CBL Mariner 2.0 cbl2 kernel 5.15.176.3-1 on CBL Mariner 2.0 cbl2 rust 1.72.0-10 on CBL Mariner 2.0 cbl2 kernel 5.15.164.1-1 on CBL Mariner 2.0 cbl2 frr 8.5.5-1 on CBL Mariner 2.0 cbl2 qemu 6.2.0-20 on CBL Mariner 2.0 cbl2 curl 8.8.0-1 on CBL Mariner 2.0 cbl2 cert-manager 1.11.2-12 on CBL Mariner 2.0 cbl2 kernel 5.15.158.2-1 on CBL Mariner 2.0 cbl2 kernel 5.15.158.1-1 on CBL Mariner 2.0 cbl2 fluent-bit 2.2.3-1 on CBL Mariner 2.0 cbl2 nodejs18 18.20.2-1 on CBL Mariner 2.0 cbl2 pytorch 2.0.0-4 on CBL Mariner 2.0 cbl2 nodejs 16.20.2-4 on CBL Mariner 2.0 cbl2 expat 2.6.2-2 on CBL Mariner 2.0 cbl2 hyperv-daemons 5.15.153.1-1 on CBL Mariner 2.0 cbl2 azure-iot-sdk-c 2022.01.21-3 on CBL Mariner 2.0 cbl2 xorg-x11-server 1.20.10-10 on CBL Mariner 2.0 cbl2 xorg-x11-server 1.20.10-12 on CBL Mariner 2.0 cbl2 pytorch 2.0.0-6 on CBL Mariner 2.0 cbl2 python-gevent 21.1.2-3 on CBL Mariner 2.0 cbl2 python-gevent 21.1.2-3 on CBL Mariner 2.0 cbl2 grpc 1.42.0-9 on CBL Mariner 2.0 cbl2 cert-manager 1.11.2-10 on CBL Mariner 2.0 cbl2 opensc 0.23.0-4 on CBL Mariner 2.0 cbl2 opensc 0.23.0-4 on CBL Mariner 2.0 cbl2 libgit2 1.6.5-1 on CBL Mariner 2.0 cbl2 libxml2 2.10.4-4 on CBL Mariner 2.0 cbl2 vim 9.0.2121-2 on CBL Mariner 2.0 cbl2 postgresql 14.11-1 on CBL Mariner 2.0 cbl2 nodejs18 18.18.2-4 on CBL Mariner 2.0 cbl2 moby-engine 20.10.27-3 on CBL Mariner 2.0 cbl2 ansible 2.14.12-2 on CBL Mariner 2.0 cbl2 ansible 2.14.12-2 on CBL Mariner 2.0 cbl2 pam 1.5.1-6 on CBL Mariner 2.0 cbl2 moby-engine 20.10.27-4 on CBL Mariner 2.0 azl3 qemu 8.2.0-16 on Azure Linux 3.0 azl3 libxml2 2.11.5-4 on Azure Linux 3.0 azl3 xerces-c 3.2.4-2 on Azure Linux 3.0 azl3 kernel 6.6.78.1-1 on Azure Linux 3.0 azl3 pam 1.5.3-4 on Azure Linux 3.0 azl3 kernel 6.6.57.1-1 on Azure Linux 3.0 azl3 curl 8.8.0-1 on Azure Linux 3.0 azl3 grpc 1.62.3-1 on Azure Linux 3.0 azl3 tensorflow 2.16.1-9 on Azure Linux 3.0 azl3 exiv2 0.28.3-1 on Azure Linux 3.0 azl3 krb5 1.21.3-1 on Azure Linux 3.0 azl3 cert-manager 1.12.12-3 on Azure Linux 3.0 azl3 fluent-bit 3.0.6-1 on Azure Linux 3.0 azl3 cmake 3.29.6-1 on Azure Linux 3.0 azl3 postgresql 16.3-1 on Azure Linux 3.0 azl3 freeglut 3.4.0-1 on Azure Linux 3.0 azl3 helm 3.13.2-3 on Azure Linux 3.0 azl3 cert-manager 1.12.13-1 on Azure Linux 3.0 azl3 python-gevent 23.9.1-4 on Azure Linux 3.0 azl3 c-ares 1.30.0-1 on Azure Linux 3.0 azl3 cert-manager 1.12.12-2 on Azure Linux 3.0 azl3 mariadb 10.11.6-3 on Azure Linux 3.0 azl3 azure-iot-sdk-c 2024.03.04-1 on Azure Linux 3.0 azl3 libuv 1.48.0-1 on Azure Linux 3.0 azl3 expat 2.6.2-1 on Azure Linux 3.0 azl3 hyperv-daemons 6.6.22.1-2 on Azure Linux 3.0 azl3 cmake 3.28.2-6 on Azure Linux 3.0 azl3 python-gevent 23.9.1-3 on Azure Linux 3.0 azl3 krb5 1.21.3-2 on Azure Linux 3.0 azl3 fluent-bit 3.0.3-1 on Azure Linux 3.0 azl3 moby-engine 25.0.3-1 on Azure Linux 3.0 azl3 pytorch 2.2.2-1 on Azure Linux 3.0 azl3 pam 1.5.3-2 on Azure Linux 3.0 azl3 opensc 0.25.1-3 on Azure Linux 3.0 azl3 coreutils 9.4-5 on Azure Linux 3.0 azl3 ansible 2.17.0-1 on Azure Linux 3.0 cbl2 grpc 1.42.0-11 on CBL Mariner 2.0 azl3 moby-engine 20.10.25-3 on Azure Linux 3.0 azl3 python-cryptography 3.3.2-5 on Azure Linux 3.0 azl3 hyperv-daemons 6.6.14.1-1 on Azure Linux 3.0 cbl2 wpa_supplicant 2.10-2 on CBL Mariner 2.0 azl3 wpa_supplicant 2.10-2 on Azure Linux 3.0 cbl2 nodejs 16.20.2-3 on CBL Mariner 2.0 cbl2 openvswitch 2.17.9-1 on CBL Mariner 2.0 azl3 openvswitch 3.3.0-1 on Azure Linux 3.0 azl3 bind 9.19.21-1 on Azure Linux 3.0 azl3 python-cryptography 42.0.5-1 on Azure Linux 3.0 azl3 graphviz 2.42.4-12 on Azure Linux 3.0 cbl2 postgresql 14.10-1 on CBL Mariner 2.0 azl3 openvswitch 2.17.5-3 on Azure Linux 3.0 azl3 mozjs 102.15.1-1 on Azure Linux 3.0 cbl2 kernel 5.15.182.1-1 on CBL Mariner 2.0 cbl2 expat 2.5.0-1 on CBL Mariner 2.0 azl3 javapackages-bootstrap 1.14.0-2 on Azure Linux 3.0 azl3 wpa_supplicant 2.10-3 on Azure Linux 3.0 azl3 pytorch 2.2.2-7 on Azure Linux 3.0 azl3 libxml2 2.11.5-5 on Azure Linux 3.0 cbl2 pytorch 2.0.0-8 on CBL Mariner 2.0 cbl2 less 590-3 on CBL Mariner 2.0 azl3 wireshark 4.4.7-1 on Azure Linux 3.0 azl3 kernel 6.6.92.2-1 on Azure Linux 3.0 azl3 elfutils 0.189-5 on Azure Linux 3.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 azl3 ceph 18.2.2-8 on Azure Linux 3.0 cbl2 kernel 5.15.164.1-1 on CBL Mariner 2.0 azl3 rust 1.75.0-14 on Azure Linux 3.0 cbl2 kernel 5.15.180.1-1 on CBL Mariner 2.0 cbl2 kernel 5.15.182.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 azl3 rust 1.86.0-1 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 cbl2 ansible 2.14.12-2 on CBL Mariner 2.0 cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0 azl3 ansible 2.15.3-1 on Azure Linux 3.0 cbl2 rust 1.72.0-10 on CBL Mariner 2.0 cbl2 curl 8.5.0-2 on CBL Mariner 2.0 cbl2 bind 9.16.50-1 on CBL Mariner 2.0 azl3 nodejs 20.10.0-2 on Azure Linux 3.0 azl3 curl 8.5.0-1 on Azure Linux 3.0 azl3 rubygem-mini_portile2 2.8.4-1 on Azure Linux 3.0 cbl2 nodejs18 18.18.2-7 on CBL Mariner 2.0 cbl2 dhcp 4.4.3.P1-2 on CBL Mariner 2.0 cbl2 rubygem-mini_portile2 2.8.0-1 on CBL Mariner 2.0 cbl2 vim 9.0.2121-5 on CBL Mariner 2.0 azl3 kernel 6.6.14.1-4 on Azure Linux 3.0 cbl2 fluent-bit 3.0.6-2 on CBL Mariner 2.0 cbl2 kernel 5.15.148.2-2 on CBL Mariner 2.0 azl3 hyperv-daemons 6.6.92.2-1 on Azure Linux 3.0 cbl2 ceph 16.2.10-7 on CBL Mariner 2.0 cbl2 cert-manager 1.11.2-22 on CBL Mariner 2.0 cbl2 reaper 3.1.1-18 on CBL Mariner 2.0 azl3 javapackages-bootstrap 1.14.0-3 on Azure Linux 3.0 cbl2 frr 8.5.3-6 on CBL Mariner 2.0 cbl2 opensc 0.23.0-4 on CBL Mariner 2.0 azl3 opensc 0.23.0-1 on Azure Linux 3.0 cbl2 azure-iot-sdk-c 2022.01.21-4 on CBL Mariner 2.0 azl3 azure-iot-sdk-c 2023.08.07-1 on Azure Linux 3.0 cbl2 grpc 1.42.0-11 on CBL Mariner 2.0 cbl2 less 590-4 on CBL Mariner 2.0 cbl2 expat 2.5.0-1 on CBL Mariner 2.0 azl3 expat 2.5.0-1 on Azure Linux 3.0 cbl2 wpa_supplicant 2.10-3 on CBL Mariner 2.0 cbl2 pytorch 2.0.0-8 on CBL Mariner 2.0 cbl2 mariadb 10.6.9-6 on CBL Mariner 2.0 cbl2 pam 1.5.1-7 on CBL Mariner 2.0 azl3 libuv 1.46.0-1 on Azure Linux 3.0 azl3 coreutils 9.4-6 on Azure Linux 3.0 cbl2 nodejs 16.20.2-4 on CBL Mariner 2.0 cbl2 xorg-x11-server 1.20.10-15 on CBL Mariner 2.0 cbl2 graphviz 2.42.4-10 on CBL Mariner 2.0 cbl2 libgit2 1.4.5-3 on CBL Mariner 2.0 cbl2 moby-engine 20.10.27-4 on CBL Mariner 2.0 cbl2 libuv 1.43.0-2 on CBL Mariner 2.0 cbl2 postgresql 14.10-1 on CBL Mariner 2.0 azl3 postgresql 16.1-1 on Azure Linux 3.0 cbl2 libxml2 2.10.4-6 on CBL Mariner 2.0 cbl2 python-cryptography 3.3.2-7 on CBL Mariner 2.0 cbl2 fluent-bit 2.2.3-7 on CBL Mariner 2.0 azl3 fluent-bit 2.2.2-1 on Azure Linux 3.0 cbl2 hyperv-daemons 5.15.148.2-1 on CBL Mariner 2.0 cbl2 krb5 1.19.4-3 on CBL Mariner 2.0 azl3 krb5 1.21.2-1 on Azure Linux 3.0 cbl2 bind 9.16.48-1 on CBL Mariner 2.0 cbl2 openvswitch 2.17.9-1 on CBL Mariner 2.0 cbl2 c-ares 1.19.1-2 on CBL Mariner 2.0 cbl2 xerces-c 3.2.4-2 on CBL Mariner 2.0 cbl2 python-gevent 21.1.2-3 on CBL Mariner 2.0 azl3 c-ares 1.25.0-1 on Azure Linux 3.0 azl3 fluent-bit 3.0.6-2 on Azure Linux 3.0 cbl2 javapackages-bootstrap 1.5.0-7 on CBL Mariner 2.0 azl3 kernel 6.6.96.2-2 on Azure Linux 3.0 azl3 kernel 6.6.104.2-4 on Azure Linux 3.0 azl3 kernel 6.6.112.1-2 on Azure Linux 3.0 azl3 elfutils 0.189-6 on Azure Linux 3.0 azl3 kernel 6.6.117.1-1 on Azure Linux 3.0 azl3 kernel 6.6.119.3-1 on Azure Linux 3.0 azl3 kernel 6.6.119.3-3 on Azure Linux 3.0 azl3 kernel 6.6.121.1-1 on Azure Linux 3.0 cbl2 kernel 5.15.200.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.126.1-1 on Azure Linux 3.0 cbl2 kernel 5.15.202.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.130.1-3 on Azure Linux 3.0 azl3 kernel 6.6.134.1-2 on Azure Linux 3.0 azl3 kernel 6.6.137.1-2 on Azure Linux 3.0 azl3 kernel 6.6.138.1-1 on Azure Linux 3.0 azl3 kernel 6.6.139.1-1 on Azure Linux 3.0 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) OCSP verification bypass with TLS session reuse <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner curl Yes CVE-2024-0853 Improper Certificate Validation 17271-16823 17629-17084 19736-17086 19742-17084 17271-16823 17629-17084 19736-17086 19742-17084 Moderate 17271-16823 Moderate 17629-17084 Moderate 19736-17086 Moderate 19742-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17271-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17629-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 19736-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 19742-17084 CBL-Mariner Releases 17271-16823 17629-17084 19736-17086 19742-17084 No Security Update 8.8.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17271-16823 17629-17084 19736-17086 19742-17084 CBL-Mariner Releases 2.2 2026-02-18T14:03:08 <p>Information published.</p> 1.0 2024-08-05T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> Kernel: race condition leads to use after free during vma lock in lock_vma_under_rcu <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-1312 Use After Free 16960-16823 19673-17086 17095-17086 16960-16823 19673-17086 17095-17086 Moderate 16960-16823 19673-17086 Moderate 17095-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 16960-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 16960-16823 19673-17086 17095-17086 No Security Update 5.15.148.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16960-16823 19673-17086 17095-17086 CBL-Mariner Releases 2.0 2026-02-18T14:33:19 <p>Information published.</p> 1.0 2024-02-15T00:00:00 <p>Information published.</p> Opensc: memory use after free in authentic driver when updating token info <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-1454 Use After Free 17437-16823 17819-17084 19853-17086 17437-17086 19857-17084 17437-16823 17819-17084 19853-17086 17437-17086 19857-17084 Low 17437-16823 Low 17819-17084 19853-17086 Low 17437-17086 Low 19857-17084 3.4 3.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N 17437-16823 3.4 3.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N 17819-17084 3.4 3.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N 19853-17086 3.4 3.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N 17437-17086 3.4 3.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N 19857-17084 CBL-Mariner Releases 17437-16823 19853-17086 17437-17086 No Security Update 0.23.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17437-16823 19853-17086 17437-17086 CBL-Mariner Releases CBL-Mariner Releases 17819-17084 19857-17084 No Security Update 0.25.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17819-17084 19857-17084 CBL-Mariner Releases 1.1 2025-03-04T00:00:00 <p>Added opensc to CBL-Mariner 2.0 Added opensc to Azure Linux 3.0</p> 2.0 2026-02-18T14:42:16 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> Xorg-x11-server: heap buffer overflow in disabledevice <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-21886 Heap-based Buffer Overflow 17431-16823 19982-17086 17431-16823 19982-17086 Important 17431-16823 Important 19982-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17431-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19982-17086 CBL-Mariner Releases 17431-16823 19982-17086 No Security Update 1.20.10-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17431-16823 19982-17086 CBL-Mariner Releases 1.0 2024-09-20T00:00:00 <p>Information published.</p> 1.1 2026-02-20T23:08:14 <p>Information published.</p> The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: ``` --allow-fs-read=/home/node/.ssh/*.pub ``` will ignore `pub` and give access to everything after `.ssh/`. This misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued the permission model is an experimental feature of Node.js. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2024-21890 16990-17084 19740-17084 16990-17084 19740-17084 Moderate 16990-17084 Moderate 19740-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 16990-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19740-17084 CBL-Mariner Releases 16990-17084 19740-17084 No Security Update 20.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16990-17084 19740-17084 CBL-Mariner Releases 1.2 2026-02-18T01:31:32 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2025-02-13T00:00:00 <p>Added nodejs to Azure Linux 3.0</p> Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-22667 Out-of-bounds Write 17441-16823 19763-17086 17441-16823 19763-17086 Important 17441-16823 Important 19763-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17441-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19763-17086 CBL-Mariner Releases 17441-16823 19763-17086 No Security Update 9.0.2121-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17441-16823 19763-17086 CBL-Mariner Releases 1.1 2025-02-08T00:00:00 <p>Added vim to CBL-Mariner 2.0</p> 1.2 2026-02-18T14:32:22 <p>Information published.</p> 1.0 2024-02-12T00:00:00 <p>Information published.</p> freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-24258 Missing Release of Memory after Effective Lifetime 17757-17084 17757-17084 Important 17757-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17757-17084 CBL-Mariner Releases 17757-17084 No Security Update 3.4.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17757-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> libgit2 is vulnerable to a denial of service attack in `git_revparse_single` <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-24575 Uncontrolled Resource Consumption 17438-16823 20007-17086 19686-17084 19671-17084 17438-16823 20007-17086 19686-17084 19671-17084 Important 17438-16823 Important 20007-17086 Important 19686-17084 Important 19671-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17438-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20007-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19686-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19671-17084 CBL-Mariner Releases 17438-16823 20007-17086 No Security Update 1.6.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17438-16823 20007-17086 CBL-Mariner Releases 1.1 2026-02-18T14:36:48 <p>Information published.</p> 1.0 2024-02-16T00:00:00 <p>Information published.</p> Improper Domain Lookup that potentially leads to SSRF attacks in libuv <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-24806 Server-Side Request Forgery (SSRF) 17443-16823 17809-17084 17810-17084 16990-17084 17782-17084 19748-17086 20030-17086 19922-17084 19740-17084 17770-17084 17734-17084 17443-16823 17809-17084 17810-17084 16990-17084 17782-17084 19748-17086 20030-17086 19922-17084 19740-17084 17770-17084 17734-17084 Important 17443-16823 Important 17809-17084 Important 17810-17084 Important 16990-17084 Important 17782-17084 Important 19748-17086 Important 20030-17086 Important 19922-17084 Important 19740-17084 Important 17770-17084 Important 17734-17084 7.3 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 17443-16823 7.3 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 17809-17084 7.3 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 17810-17084 7.3 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 16990-17084 7.3 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 17782-17084 7.3 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 19748-17086 7.3 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 20030-17086 7.3 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 19922-17084 7.3 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 19740-17084 7.3 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 17770-17084 7.3 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 17734-17084 CBL-Mariner Releases 17443-16823 19748-17086 No Security Update 18.18.2-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17443-16823 19748-17086 CBL-Mariner Releases CBL-Mariner Releases 17809-17084 17734-17084 No Security Update 3.28.2-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17809-17084 17734-17084 CBL-Mariner Releases CBL-Mariner Releases 17810-17084 17770-17084 No Security Update 23.9.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17810-17084 17770-17084 CBL-Mariner Releases CBL-Mariner Releases 16990-17084 19740-17084 No Security Update 20.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16990-17084 19740-17084 CBL-Mariner Releases CBL-Mariner Releases 17782-17084 19922-17084 No Security Update 1.48.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17782-17084 19922-17084 CBL-Mariner Releases CBL-Mariner Releases 20030-17086 No Security Update 1.43.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20030-17086 CBL-Mariner Releases 1.0 2024-02-12T00:00:00 <p>Information published.</p> 1.1 2024-02-15T00:00:00 <p>Added libuv to CBL-Mariner 2.0</p> 1.2 2024-06-30T07:00:00 <p>Information published.</p> 1.3 2024-08-29T00:00:00 <p>Information published.</p> 1.4 2024-08-30T00:00:00 <p>Information published.</p> 1.5 2024-08-31T00:00:00 <p>Information published.</p> 1.6 2024-09-01T00:00:00 <p>Information published.</p> 1.7 2024-09-02T00:00:00 <p>Information published.</p> 1.8 2024-09-03T00:00:00 <p>Information published.</p> 1.9 2024-09-05T00:00:00 <p>Information published.</p> 2.0 2024-09-06T00:00:00 <p>Information published.</p> 2.1 2024-09-07T00:00:00 <p>Information published.</p> 2.2 2024-09-08T00:00:00 <p>Information published.</p> 2.3 2024-09-11T00:00:00 <p>Information published.</p> 2.4 2024-10-05T00:00:00 <p>Information published.</p> 2.5 2024-12-04T00:00:00 <p>Added cmake to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added libuv to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added libuv to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 2.6 2026-02-18T14:31:26 <p>Information published.</p> Race condition vulnerability in Linux kernel net/bluetooth in {connadv}_{minmax}_interval_set() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Anolis Yes CVE-2024-24858 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17065-17084 17494-17084 17065-17084 17494-17084 Moderate 17065-17084 Moderate 17494-17084 5.3 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17065-17084 4.6 4.6 CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H 17494-17084 CBL-Mariner Releases 17065-17084 17494-17084 No Security Update 6.6.35.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17065-17084 17494-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:11:39 <p>Information published.</p> Race condition vulnerability in Linux kernel bluetooth driver in {minmax}_key_size_set() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Anolis Yes CVE-2024-24860 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17065-17084 19529-17084 17065-17084 19529-17084 Moderate 17065-17084 Moderate 19529-17084 5.3 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17065-17084 4.6 4.6 CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N 19529-17084 CBL-Mariner Releases 17065-17084 19529-17084 No Security Update 6.6.35.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17065-17084 19529-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:12:03 <p>Information published.</p> Dependency management path traversal in helm <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-25620 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 17299-16823 17768-17084 17772-17084 19817-17086 17707-17084 17299-16823 17768-17084 17772-17084 19817-17086 17707-17084 Moderate 17299-16823 Moderate 17768-17084 Moderate 17772-17084 Moderate 19817-17086 Moderate 17707-17084 6.4 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N 17299-16823 6.4 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N 17768-17084 6.4 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N 17772-17084 6.4 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N 19817-17086 6.4 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N 17707-17084 CBL-Mariner Releases 17299-16823 19817-17086 No Security Update 1.11.2-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17299-16823 19817-17086 CBL-Mariner Releases CBL-Mariner Releases 17768-17084 No Security Update 3.13.2-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17768-17084 CBL-Mariner Releases CBL-Mariner Releases 17772-17084 17707-17084 No Security Update 1.12.12-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17772-17084 17707-17084 CBL-Mariner Releases 2.8 2026-02-18T14:40:29 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2024-08-18T00:00:00 <p>Information published.</p> 1.2 2024-08-25T00:00:00 <p>Information published.</p> 1.3 2024-08-26T00:00:00 <p>Information published.</p> 1.4 2024-08-27T00:00:00 <p>Information published.</p> 1.5 2024-08-28T00:00:00 <p>Information published.</p> 1.6 2024-08-29T00:00:00 <p>Information published.</p> 1.7 2024-08-30T00:00:00 <p>Information published.</p> 1.8 2024-08-31T00:00:00 <p>Information published.</p> 1.9 2024-09-01T00:00:00 <p>Information published.</p> 2.0 2024-09-02T00:00:00 <p>Information published.</p> 2.1 2024-09-03T00:00:00 <p>Information published.</p> 2.2 2024-09-05T00:00:00 <p>Information published.</p> 2.3 2024-09-06T00:00:00 <p>Information published.</p> 2.4 2024-09-07T00:00:00 <p>Information published.</p> 2.5 2024-09-08T00:00:00 <p>Information published.</p> 2.6 2024-09-11T00:00:00 <p>Information published.</p> 2.7 2024-12-03T00:00:00 <p>Added cert-manager to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added helm to Azure Linux 3.0</p> create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes and crash because of a missing check for ubi->leb_size. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-25739 Improper Check for Unusual or Exceptional Conditions 17310-16823 17065-17084 19673-17086 19529-17084 17095-17086 17310-16823 17065-17084 19673-17086 19529-17084 17095-17086 Moderate 17310-16823 Moderate 17065-17084 19673-17086 Moderate 19529-17084 Moderate 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17310-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17065-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 17310-16823 19673-17086 17095-17086 No Security Update 5.15.158.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17310-16823 19673-17086 17095-17086 CBL-Mariner Releases CBL-Mariner Releases 17065-17084 19529-17084 No Security Update 6.6.35.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17065-17084 19529-17084 CBL-Mariner Releases 1.1 2024-08-16T00:00:00 <p>Information published.</p> 2.0 2026-02-18T14:55:25 <p>Information published.</p> 1.0 2024-02-27T00:00:00 <p>Information published.</p> Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-26458 17812-17084 20083-17086 17812-17084 20083-17086 17812-17084 20083-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 17812-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 20083-17086 CBL-Mariner Releases 17812-17084 20083-17086 No Security Update 1.21.3-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17812-17084 20083-17086 CBL-Mariner Releases 1.2 2024-10-15T00:00:00 <p>Added krb5 to Azure Linux 3.0 Added krb5 to CBL-Mariner 2.0</p> 1.3 2024-12-03T00:00:00 <p>Added krb5 to CBL-Mariner 2.0 Added krb5 to Azure Linux 3.0</p> 1.4 2024-12-08T00:00:00 <p>Added krb5 to CBL-Mariner 2.0 Added krb5 to Azure Linux 3.0</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-05T00:00:00 <p>Information published.</p> 1.5 2026-02-20T23:29:33 <p>Information published.</p> Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-26462 Missing Release of Memory after Effective Lifetime 17703-17084 20087-17084 17703-17084 20087-17084 Moderate 17703-17084 20087-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17703-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20087-17084 CBL-Mariner Releases 17703-17084 20087-17084 No Security Update 1.21.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17703-17084 20087-17084 CBL-Mariner Releases 1.2 2025-02-15T00:00:00 <p>Added krb5 to Azure Linux 3.0</p> 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2024-09-11T00:00:00 <p>Information published.</p> net: tls: fix use-after-free with partial reads and async decrypt <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-26582 Use After Free 16839-17084 19779-17084 16839-17084 19779-17084 Important 16839-17084 Important 19779-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16839-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19779-17084 CBL-Mariner Releases 16839-17084 19779-17084 No Security Update 6.6.22.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16839-17084 19779-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2026-02-18T01:08:38 <p>Information published.</p> tls: fix race between async notify and socket close <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-26583 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17310-16823 16839-17084 17785-17084 17987-17084 19673-17086 19779-17084 17095-17086 17310-16823 16839-17084 17785-17084 17987-17084 19673-17086 19779-17084 17095-17086 Moderate 17310-16823 Moderate 16839-17084 Moderate 17785-17084 Moderate 17987-17084 19673-17086 Moderate 19779-17084 Moderate 17095-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17987-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19779-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 17310-16823 19673-17086 17095-17086 No Security Update 5.15.158.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17310-16823 19673-17086 17095-17086 CBL-Mariner Releases CBL-Mariner Releases 16839-17084 17785-17084 17987-17084 19779-17084 No Security Update 6.6.22.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16839-17084 17785-17084 17987-17084 19779-17084 CBL-Mariner Releases 1.0 2024-03-16T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 2.0 2026-02-20T23:34:20 <p>Information published.</p> LoongArch: BPF: Prevent out-of-bounds memory access <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-26588 Improper Restriction of Operations within the Bounds of a Memory Buffer 17325-16823 17250-17086 19670-17086 17325-16823 17250-17086 19670-17086 Important 17325-16823 Important 17250-17086 19670-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17325-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17250-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19670-17086 CBL-Mariner Releases 17325-16823 17250-17086 19670-17086 No Security Update 5.15.158.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17325-16823 17250-17086 19670-17086 CBL-Mariner Releases 2.0 2026-02-18T01:33:12 <p>Information published.</p> 1.0 2024-03-19T00:00:00 <p>Information published.</p> sched/membarrier: reduce the ability to hammer on sys_membarrier <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-26602 16989-17084 19797-17084 16989-17084 19797-17084 Moderate 16989-17084 Moderate 19797-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16989-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19797-17084 CBL-Mariner Releases 16989-17084 19797-17084 No Security Update 6.6.35.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16989-17084 19797-17084 CBL-Mariner Releases 1.1 2026-02-18T02:46:11 <p>Information published.</p> 1.0 2024-08-15T00:00:00 <p>Information published.</p> ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet because of an attempted access to a missing attribute field. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-27913 17251-16823 19827-17086 17251-16823 19827-17086 Moderate 17251-16823 19827-17086 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17251-16823 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19827-17086 CBL-Mariner Releases 17251-16823 19827-17086 No Security Update 8.5.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17251-16823 19827-17086 CBL-Mariner Releases 1.1 2024-12-03T00:00:00 <p>Added frr to CBL-Mariner 2.0</p> 1.2 2025-01-22T00:00:00 <p>Added frr to CBL-Mariner 2.0</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-42282 Server-Side Request Forgery (SSRF) 19748-17086 19820-17086 19740-17084 19712-17086 19693-17084 17389-17086 16907-16823 17443-16823 18165-16823 16990-17084 19951-17086 19748-17086 19820-17086 19740-17084 19712-17086 19693-17084 17389-17086 16907-16823 17443-16823 18165-16823 16990-17084 19951-17086 Critical 19748-17086 Critical 19820-17086 Critical 19740-17084 Critical 19712-17086 Critical 19693-17084 Critical 17389-17086 Critical 16907-16823 Critical 17443-16823 Critical 18165-16823 Critical 16990-17084 19951-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19748-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19820-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19740-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19712-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19693-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17389-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 16907-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17443-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18165-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 16990-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19951-17086 CBL-Mariner Releases 19748-17086 17443-16823 No Security Update 18.18.2-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19748-17086 17443-16823 CBL-Mariner Releases CBL-Mariner Releases 19820-17086 16907-16823 No Security Update 3.1.1-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19820-17086 16907-16823 CBL-Mariner Releases CBL-Mariner Releases 19740-17084 16990-17084 No Security Update 20.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19740-17084 16990-17084 CBL-Mariner Releases CBL-Mariner Releases 17389-17086 18165-16823 19951-17086 No Security Update 16.20.2-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17389-17086 18165-16823 19951-17086 CBL-Mariner Releases 2.0 2026-02-18T14:41:40 <p>Information published.</p> 1.0 2024-02-19T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-07-13T00:00:00 <p>Information published.</p> Parsing large DNS messages may cause excessive CPU load <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner isc Yes CVE-2023-4408 18169-17084 20093-17086 19750-17086 17073-17084 18169-17084 20093-17086 19750-17086 17073-17084 Important 18169-17084 Important 20093-17086 Important 19750-17086 Important 17073-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18169-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20093-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19750-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17073-17084 CBL-Mariner Releases 18169-17084 17073-17084 No Security Update 9.19.21-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18169-17084 17073-17084 CBL-Mariner Releases CBL-Mariner Releases 20093-17086 No Security Update 9.16.48-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20093-17086 CBL-Mariner Releases 1.0 2024-02-19T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-09-11T00:00:00 <p>Information published.</p> 1.3 2024-12-03T00:00:00 <p>Added bind to CBL-Mariner 2.0 Added bind to Azure Linux 3.0</p> 1.4 2026-02-18T14:39:19 <p>Information published.</p> The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-52160 Improper Authentication 18161-16823 18162-17084 19907-17086 19363-17084 18161-16823 18162-17084 19907-17086 19363-17084 Moderate 18161-16823 Moderate 18162-17084 Moderate 19907-17086 Moderate 19363-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 18161-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 18162-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 19907-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 19363-17084 CBL-Mariner Releases 18161-16823 18162-17084 19907-17086 19363-17084 No Security Update 2.10-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18161-16823 18162-17084 19907-17086 19363-17084 CBL-Mariner Releases 1.1 2025-03-14T00:00:00 <p>Added wpa_supplicant to Azure Linux 3.0 Added wpa_supplicant to CBL-Mariner 2.0</p> 1.2 2026-02-20T23:31:36 <p>Information published.</p> 1.0 2024-03-04T00:00:00 <p>Information published.</p> libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-52425 Uncontrolled Resource Consumption 17399-16823 17783-17084 19901-17086 19906-17084 18576-17086 17399-16823 17783-17084 19901-17086 19906-17084 18576-17086 Important 17399-16823 Important 17783-17084 19901-17086 Important 19906-17084 Important 18576-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17399-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17783-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19901-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19906-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18576-17086 CBL-Mariner Releases 17399-16823 19901-17086 18576-17086 No Security Update 2.6.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17399-16823 19901-17086 18576-17086 CBL-Mariner Releases CBL-Mariner Releases 17783-17084 19906-17084 No Security Update 2.6.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17783-17084 19906-17084 CBL-Mariner Releases 1.0 2024-02-09T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 2.0 2026-02-18T14:23:00 <p>Information published.</p> dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes and crash because of a missing check for struct dm_ioctl.target_count. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-52429 Improper Check for Unusual or Exceptional Conditions 19793-17086 17987-17084 16838-16823 17785-17084 16839-17084 19779-17084 19793-17086 17987-17084 16838-16823 17785-17084 16839-17084 19779-17084 Moderate 19793-17086 Moderate 17987-17084 Moderate 16838-16823 Moderate 17785-17084 Moderate 16839-17084 Moderate 19779-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19793-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17987-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16838-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17785-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16839-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19779-17084 CBL-Mariner Releases 19793-17086 16838-16823 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19793-17086 16838-16823 CBL-Mariner Releases CBL-Mariner Releases 17987-17084 17785-17084 16839-17084 19779-17084 No Security Update 6.6.22.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17987-17084 17785-17084 16839-17084 19779-17084 CBL-Mariner Releases 1.2 2026-02-18T14:54:38 <p>Information published.</p> 1.0 2024-02-27T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> bpf: Defer the free of inner map when necessary <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52447 Use After Free 19670-17086 17250-17086 17325-16823 17427-16823 20072-17086 19670-17086 17250-17086 17325-16823 17427-16823 20072-17086 19670-17086 Moderate 17250-17086 Moderate 17325-16823 Moderate 17427-16823 Moderate 20072-17086 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 19670-17086 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 17250-17086 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 17325-16823 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 17427-16823 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 20072-17086 CBL-Mariner Releases 19670-17086 17250-17086 17325-16823 No Security Update 5.15.158.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19670-17086 17250-17086 17325-16823 CBL-Mariner Releases CBL-Mariner Releases 17427-16823 20072-17086 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17427-16823 20072-17086 CBL-Mariner Releases 1.0 2024-03-04T00:00:00 <p>Information published.</p> 1.1 2024-03-15T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 1.2 2024-10-07T00:00:00 <p>Information published.</p> 1.3 2024-10-09T00:00:00 <p>Information published.</p> 2.0 2026-02-20T23:25:39 <p>Information published.</p> Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner isc Yes CVE-2023-5517 Reachable Assertion 17073-17084 18169-17084 20093-17086 17073-17084 18169-17084 20093-17086 Important 17073-17084 Important 18169-17084 Important 20093-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17073-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18169-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20093-17086 CBL-Mariner Releases 17073-17084 18169-17084 No Security Update 9.19.21-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17073-17084 18169-17084 CBL-Mariner Releases CBL-Mariner Releases 20093-17086 No Security Update 9.16.48-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20093-17086 CBL-Mariner Releases 1.4 2026-02-18T14:39:49 <p>Information published.</p> 1.0 2024-02-19T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-09-11T00:00:00 <p>Information published.</p> 1.3 2024-12-03T00:00:00 <p>Added bind to CBL-Mariner 2.0 Added bind to Azure Linux 3.0</p> Cleaning an ECS-enabled cache may cause excessive CPU load <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner isc Yes CVE-2023-5680 1.0 2024-08-18T00:00:00 <p>Information published.</p> Marvin Attack vulnerability in SP Math All RSA <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner wolfSSL Yes CVE-2023-6935 Observable Discrepancy 17774-17084 17774-17084 Moderate 17774-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17774-17084 CBL-Mariner Releases 17774-17084 No Security Update 10.11.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17774-17084 CBL-Mariner Releases 1.0 2024-12-07T00:00:00 <p>Information published.</p> 1.2 2026-02-18T14:27:56 <p>Information published.</p> 1.1 2024-12-12T00:00:00 <p>Added mariadb to CBL-Mariner 2.0 Added mariadb to Azure Linux 3.0</p> Improper (D)TLS key boundary enforcement <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner wolfSSL Yes CVE-2023-6937 Improper Input Validation 17774-17084 17774-17084 Moderate 17774-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 17774-17084 CBL-Mariner Releases 17774-17084 No Security Update 10.11.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17774-17084 CBL-Mariner Releases 1.0 2024-12-07T00:00:00 <p>Information published.</p> 1.1 2024-12-12T00:00:00 <p>Added mariadb to CBL-Mariner 2.0 Added mariadb to Azure Linux 3.0</p> 1.2 2026-02-18T14:37:07 <p>Information published.</p> Apache Xerces C++: Use-after-free on external DTD scan <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2024-23807 Use After Free 17487-17084 20152-17086 17487-17084 20152-17086 Important 17487-17084 Important 20152-17086 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17487-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 20152-17086 CBL-Mariner Releases 17487-17084 20152-17086 No Security Update 3.2.4-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17487-17084 20152-17086 CBL-Mariner Releases 1.0 2025-01-29T00:00:00 <p>Information published.</p> 2.0 2025-01-30T00:00:00 <p>Information published.</p> 2.1 2026-02-18T02:26:32 <p>Information published.</p> Out-of-bounds read in QuickTimeVideo::NikonTagsDecoder in Exiv2 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-24826 Out-of-bounds Read 17692-17084 17692-17084 Moderate 17692-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17692-17084 CBL-Mariner Releases 17692-17084 No Security Update 0.28.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17692-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> Denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder in Exiv2 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-25112 Uncontrolled Resource Consumption 17692-17084 17692-17084 Moderate 17692-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17692-17084 CBL-Mariner Releases 17692-17084 No Security Update 0.28.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17692-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-26327 Out-of-bounds Write 17459-17084 17459-17084 Moderate 17459-17084 5.3 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17459-17084 CBL-Mariner Releases 17459-17084 No Security Update 8.2.0-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17459-17084 CBL-Mariner Releases 1.0 2025-05-27T00:00:00 <p>Information published.</p> An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-26328 Out-of-bounds Write 17459-17084 17459-17084 Moderate 17459-17084 6.0 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 17459-17084 CBL-Mariner Releases 17459-17084 No Security Update 8.2.0-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17459-17084 CBL-Mariner Releases 1.0 2025-05-27T00:00:00 <p>Information published.</p> close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-48624 19518-16823 19896-17086 19518-16823 19896-17086 Important 19518-16823 19896-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19518-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19896-17086 CBL-Mariner Releases 19518-16823 19896-17086 No Security Update 590-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19518-16823 19896-17086 CBL-Mariner Releases 1.0 2025-02-28T00:00:00 <p>Information published.</p> A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-24476 Improper Restriction of Operations within the Bounds of a Memory Buffer 19523-17084 19523-17084 Important 19523-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19523-17084 CBL-Mariner Releases 19523-17084 No Security Update 4.4.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19523-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-24479 Buffer Copy without Checking Size of Input (&#39;Classic Buffer Overflow&#39;) 19523-17084 19523-17084 Important 19523-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19523-17084 CBL-Mariner Releases 19523-17084 No Security Update 4.4.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19523-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> drm/bridge: sii902x: Fix probing race issue <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-26607 NULL Pointer Dereference 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 2.0 2026-03-03T14:50:40 <p>Information published.</p> 3.0 2026-03-31T15:09:28 <p>Information published.</p> 1.0 2025-09-03T21:27:56 <p>Information published.</p> drm/amd/display: Wake DMCUB before sending a command <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52485 19683-17084 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20925-17086 21093-17086 21094-17084 21332-17084 17087-17086 20553-17084 20860-17084 20956-17084 21248-17084 21308-17084 21344-17084 19683-17084 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20925-17086 21093-17086 21094-17084 21332-17084 17087-17086 20553-17084 20860-17084 20956-17084 21248-17084 21308-17084 21344-17084 19683-17084 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20925-17086 21093-17086 21094-17084 21332-17084 17087-17086 20553-17084 20860-17084 20956-17084 21248-17084 21308-17084 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-12-07T01:35:33 <p>Information published.</p> 3.0 2026-01-08T14:49:51 <p>Information published.</p> 4.0 2026-01-20T14:50:02 <p>Information published.</p> 6.0 2026-03-03T14:51:13 <p>Information published.</p> 7.0 2026-03-04T14:46:28 <p>Information published.</p> 9.0 2026-04-29T14:57:36 <p>Information published.</p> 1.0 2025-09-03T21:33:41 <p>Information published.</p> 5.0 2026-02-19T01:45:08 <p>Information published.</p> 8.0 2026-03-31T15:10:23 <p>Information published.</p> 10.0 2026-05-06T14:51:56 <p>Information published.</p> 11.0 2026-05-11T01:50:33 <p>Information published.</p> 12.0 2026-05-17T14:51:21 <p>Information published.</p> A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-1550 Improper Restriction of Rendered UI Layers or Frames 18469-17084 18469-17084 18469-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 18469-17084 1.0 2025-09-03T21:50:21 <p>Information published.</p> arm64: errata: Add Cortex-A520 speculative unprivileged load workaround <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52481 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 4.7 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 17087-17086 4.7 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 20925-17086 4.7 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 21093-17086 1.0 2025-09-03T22:25:38 <p>Information published.</p> 2.0 2026-03-03T14:56:26 <p>Information published.</p> 1.1 2025-11-19T01:55:07 <p>Information published.</p> 3.0 2026-03-31T14:37:20 <p>Information published.</p> A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-25740 Missing Release of Memory after Effective Lifetime 17087-17086 19683-17084 20553-17084 20613-17084 20725-17084 20823-17084 20956-17084 21093-17086 21094-17084 21248-17084 21332-17084 20412-17084 20788-17084 20860-17084 20925-17086 21308-17084 21344-17084 17087-17086 19683-17084 20553-17084 20613-17084 20725-17084 20823-17084 20956-17084 21093-17086 21094-17084 21248-17084 21332-17084 20412-17084 20788-17084 20860-17084 20925-17086 21308-17084 21344-17084 Moderate 17087-17086 19683-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20956-17084 Moderate 21093-17086 Moderate 21094-17084 Moderate 21248-17084 Moderate 21332-17084 20412-17084 Moderate 20788-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 21308-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-12-07T01:35:44 <p>Information published.</p> 4.0 2026-01-20T14:35:45 <p>Information published.</p> 9.0 2026-04-29T14:38:48 <p>Information published.</p> 1.0 2025-09-03T23:22:14 <p>Information published.</p> 1.1 2025-11-19T01:37:19 <p>Information published.</p> 3.0 2026-01-08T14:35:33 <p>Information published.</p> 5.0 2026-02-18T14:55:59 <p>Information published.</p> 6.0 2026-03-03T14:35:40 <p>Information published.</p> 7.0 2026-03-04T14:35:40 <p>Information published.</p> 8.0 2026-03-31T14:36:46 <p>Information published.</p> 10.0 2026-05-06T14:37:56 <p>Information published.</p> 11.0 2026-05-11T01:38:29 <p>Information published.</p> 12.0 2026-05-17T14:38:59 <p>Information published.</p> The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 123. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-1556 Improper Check for Unusual or Exceptional Conditions 18469-17084 18469-17084 18469-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18469-17084 1.0 2025-09-03T23:33:12 <p>Information published.</p> Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2024-26308 Allocation of Resources Without Limits or Throttling 19822-17084 19822-17084 Moderate 19822-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19822-17084 1.0 2025-09-04T00:13:43 <p>Information published.</p> Xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-0229 Out-of-bounds Write 17431-16823 19982-17086 17431-16823 19982-17086 Important 17431-16823 Important 19982-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17431-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19982-17086 CBL-Mariner Releases 17431-16823 19982-17086 No Security Update 1.20.10-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17431-16823 19982-17086 CBL-Mariner Releases 1.1 2026-02-18T14:26:07 <p>Information published.</p> 1.0 2024-09-20T00:00:00 <p>Information published.</p> Coreutils: heap overflow in split --line-bytes with very long lines <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner fedora Yes CVE-2024-0684 Out-of-bounds Write 17821-17084 19924-17084 17821-17084 19924-17084 Moderate 17821-17084 Moderate 19924-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17821-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19924-17084 CBL-Mariner Releases 17821-17084 19924-17084 No Security Update 9.4-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17821-17084 19924-17084 CBL-Mariner Releases 1.1 2026-02-18T01:27:13 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-0690 Improper Encoding or Escaping of Output 17445-16823 17822-17084 19710-17086 19716-17084 17445-17086 17445-16823 17822-17084 19710-17086 19716-17084 17445-17086 Moderate 17445-16823 Moderate 17822-17084 19710-17086 Moderate 19716-17084 Moderate 17445-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17445-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17822-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19710-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19716-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17445-17086 CBL-Mariner Releases 17445-16823 19710-17086 17445-17086 No Security Update 2.14.12-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17445-16823 19710-17086 17445-17086 CBL-Mariner Releases CBL-Mariner Releases 17822-17084 19716-17084 No Security Update 2.17.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17822-17084 19716-17084 CBL-Mariner Releases 1.0 2024-02-07T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 2.0 2026-02-18T14:20:59 <p>Information published.</p> PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner PostgreSQL Yes CVE-2024-0985 Privilege Dropping / Lowering Errors 17442-16823 17740-17084 18239-17086 20042-17086 20046-17084 17442-16823 17740-17084 18239-17086 20042-17086 20046-17084 Important 17442-16823 Important 17740-17084 Important 18239-17086 20042-17086 Important 20046-17084 8.0 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 17442-16823 8.0 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 17740-17084 8.0 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 18239-17086 8.0 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 20042-17086 8.0 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 20046-17084 CBL-Mariner Releases 17442-16823 18239-17086 20042-17086 No Security Update 14.11-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17442-16823 18239-17086 20042-17086 CBL-Mariner Releases CBL-Mariner Releases 17740-17084 20046-17084 No Security Update 16.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17740-17084 20046-17084 CBL-Mariner Releases 2.0 2026-02-18T14:31:59 <p>Information published.</p> 1.0 2024-02-12T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> Kernel: stack overflow problem in open vswitch kernel module leading to dos <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-1151 Out-of-bounds Write 17785-17084 17987-17084 17087-17086 19683-17084 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 21093-17086 21094-17084 20553-17084 20925-17086 20956-17084 21248-17084 21308-17084 21332-17084 21344-17084 17785-17084 17987-17084 17087-17086 19683-17084 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 21093-17086 21094-17084 20553-17084 20925-17086 20956-17084 21248-17084 21308-17084 21332-17084 21344-17084 Moderate 17785-17084 Moderate 17987-17084 Moderate 17087-17086 19683-17084 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 21093-17086 Moderate 21094-17084 Moderate 20553-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21248-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17785-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17987-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 CBL-Mariner Releases 17785-17084 17987-17084 No Security Update 6.6.22.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17785-17084 17987-17084 CBL-Mariner Releases 2.0 2025-12-07T01:39:50 <p>Information published.</p> 4.0 2026-01-20T14:38:48 <p>Information published.</p> 5.0 2026-02-20T23:36:40 <p>Information published.</p> 6.0 2026-03-03T14:47:02 <p>Information published.</p> 7.0 2026-03-04T14:38:44 <p>Information published.</p> 8.0 2026-03-31T15:00:12 <p>Information published.</p> 11.0 2026-05-11T01:40:50 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2025-11-19T01:54:57 <p>Information published.</p> 3.0 2026-01-08T14:39:09 <p>Information published.</p> 9.0 2026-04-29T14:42:55 <p>Information published.</p> 10.0 2026-05-06T14:41:37 <p>Information published.</p> 12.0 2026-05-17T14:41:45 <p>Information published.</p> Xorg-x11-server: heap buffer overflow in xisenddevicehierarchyevent <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-21885 Heap-based Buffer Overflow 17430-16823 19982-17086 17430-16823 19982-17086 Important 17430-16823 Important 19982-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17430-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19982-17086 CBL-Mariner Releases 17430-16823 19982-17086 No Security Update 1.20.10-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17430-16823 19982-17086 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2026-02-20T23:08:55 <p>Information published.</p> On Linux Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception Node.js incorrectly applies this exception even when certain other capabilities have been set. This allows unprivileged users to inject code that inherits the process's elevated privileges. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2024-21892 Improper Control of Generation of Code ('Code Injection') 17347-16823 16990-17084 19748-17086 19740-17084 17347-16823 16990-17084 19748-17086 19740-17084 Important 17347-16823 Important 16990-17084 Important 19748-17086 Important 19740-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17347-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16990-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19748-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19740-17084 CBL-Mariner Releases 17347-16823 19748-17086 No Security Update 18.20.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17347-16823 19748-17086 CBL-Mariner Releases CBL-Mariner Releases 16990-17084 19740-17084 No Security Update 20.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16990-17084 19740-17084 CBL-Mariner Releases 1.3 2026-02-18T14:51:18 <p>Information published.</p> 1.0 2024-02-26T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2025-02-13T00:00:00 <p>Added nodejs18 to CBL-Mariner 2.0 Added nodejs to Azure Linux 3.0</p> The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals namely Buffer.prototype.utf8Write the application can modify the result of path.resolve() which leads to a path traversal vulnerability. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued the permission model is an experimental feature of Node.js. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2024-21896 Path Traversal: 'dir/../../filename' 16990-17084 19740-17084 16990-17084 19740-17084 Critical 16990-17084 Important 19740-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 16990-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19740-17084 CBL-Mariner Releases 16990-17084 19740-17084 No Security Update 20.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16990-17084 19740-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2025-04-03T00:00:00 <p>Added nodejs to Azure Linux 3.0</p> 1.2 2026-02-18T01:16:35 <p>Information published.</p> Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued the permission model is an experimental feature of Node.js. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2024-21891 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 16990-17084 19740-17084 16990-17084 19740-17084 Important 16990-17084 Important 19740-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16990-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19740-17084 CBL-Mariner Releases 16990-17084 19740-17084 No Security Update 20.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16990-17084 19740-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2025-02-13T00:00:00 <p>Added nodejs to Azure Linux 3.0</p> 1.2 2026-02-18T01:15:56 <p>Information published.</p> A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion bypassing standard safeguards like timeouts and body size limits. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2024-22019 Improper Resource Shutdown or Release 17347-16823 16990-17084 19740-17084 19748-17086 17347-16823 16990-17084 19740-17084 19748-17086 Important 17347-16823 Important 16990-17084 Important 19740-17084 Important 19748-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17347-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16990-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19740-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19748-17086 CBL-Mariner Releases 17347-16823 19748-17086 No Security Update 18.20.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17347-16823 19748-17086 CBL-Mariner Releases CBL-Mariner Releases 16990-17084 19740-17084 No Security Update 20.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16990-17084 19740-17084 CBL-Mariner Releases 1.3 2026-02-18T14:52:01 <p>Information published.</p> 1.0 2024-02-26T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2025-04-03T00:00:00 <p>Added nodejs18 to CBL-Mariner 2.0 Added nodejs to Azure Linux 3.0</p> linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-22365 17446-16823 17818-17084 19916-17086 17599-17084 17446-16823 17818-17084 19916-17086 17599-17084 Moderate 17446-16823 Moderate 17818-17084 Moderate 19916-17086 Moderate 17599-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17446-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17818-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19916-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17599-17084 CBL-Mariner Releases 17446-16823 19916-17086 No Security Update 1.5.1-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17446-16823 19916-17086 CBL-Mariner Releases CBL-Mariner Releases 17818-17084 17599-17084 No Security Update 1.5.3-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17818-17084 17599-17084 CBL-Mariner Releases 1.1 2024-11-09T00:00:00 <p>Added pam to Azure Linux 3.0 Added pam to CBL-Mariner 2.0</p> 1.2 2026-02-18T14:19:36 <p>Information published.</p> 1.0 2024-02-06T00:00:00 <p>Information published.</p> freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-24259 Missing Release of Memory after Effective Lifetime 17757-17084 17757-17084 Important 17757-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17757-17084 CBL-Mariner Releases 17757-17084 No Security Update 3.4.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17757-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> QEMU before 8.2.0 has an integer underflow and resultant buffer overflow via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-24474 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 17255-16823 19662-17086 17093-17086 17255-16823 19662-17086 17093-17086 Important 17255-16823 19662-17086 Important 17093-17086 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17255-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19662-17086 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17093-17086 CBL-Mariner Releases 17255-16823 19662-17086 17093-17086 No Security Update 6.2.0-20 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17255-16823 19662-17086 17093-17086 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:24:21 <p>Information published.</p> Moby classic builder cache poisoning <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-24557 Origin Validation Error 17444-16823 17814-17084 20017-17086 17447-17086 17964-17084 17444-16823 17814-17084 20017-17086 17447-17086 17964-17084 Important 17444-16823 Important 17814-17084 20017-17086 Important 17447-17086 Important 17964-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17444-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17814-17084 6.9 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L 20017-17086 6.9 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L 17447-17086 6.9 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L 17964-17084 CBL-Mariner Releases 17444-16823 No Security Update 20.10.27-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17444-16823 CBL-Mariner Releases CBL-Mariner Releases 17814-17084 17964-17084 No Security Update 25.0.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17814-17084 17964-17084 CBL-Mariner Releases CBL-Mariner Releases 20017-17086 17447-17086 No Security Update 24.0.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20017-17086 17447-17086 CBL-Mariner Releases 2.0 2026-02-18T14:29:35 <p>Information published.</p> 1.0 2024-02-12T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> libgit2 is vulnerable to arbitrary code execution due to heap corruption in `git_index_add` <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-24577 Improper Restriction of Operations within the Bounds of a Memory Buffer 17438-16823 19671-17084 20007-17086 19721-17086 19686-17084 17183-17086 17438-16823 19671-17084 20007-17086 19721-17086 19686-17084 17183-17086 Critical 17438-16823 Critical 19671-17084 Critical 20007-17086 19721-17086 Important 19686-17084 Critical 17183-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17438-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19671-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20007-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19721-17086 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 19686-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17183-17086 CBL-Mariner Releases 17438-16823 20007-17086 No Security Update 1.6.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17438-16823 20007-17086 CBL-Mariner Releases 1.0 2024-02-12T00:00:00 <p>Information published.</p> 2.0 2026-02-18T14:28:56 <p>Information published.</p> Proxy-Authorization header not cleared on cross-origin redirect in fetch in Undici <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-24758 Exposure of Sensitive Information to an Unauthorized Actor 16990-17084 19740-17084 16990-17084 19740-17084 Moderate 16990-17084 Low 19740-17084 4.5 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N 16990-17084 3.9 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L 19740-17084 CBL-Mariner Releases 16990-17084 19740-17084 No Security Update 20.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16990-17084 19740-17084 CBL-Mariner Releases 1.1 2024-12-18T00:00:00 <p>Added nodejs to Azure Linux 3.0</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2026-02-18T01:15:21 <p>Information published.</p> Race condition vulnerability in Linux kernel bluetooth in conn_info_{minmax}_age_set() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Anolis Yes CVE-2024-24857 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17065-17084 17494-17084 17065-17084 17494-17084 Moderate 17065-17084 Moderate 17494-17084 6.8 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H 17065-17084 4.6 4.6 CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:L 17494-17084 CBL-Mariner Releases 17065-17084 17494-17084 No Security Update 6.6.35.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17065-17084 17494-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:11:28 <p>Information published.</p> Race condition vulnerability in Linux kernel bluetooth sniff_{minmax}_interval_set() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Anolis Yes CVE-2024-24859 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17065-17084 19529-17084 17065-17084 19529-17084 Moderate 17065-17084 Moderate 19529-17084 4.8 4.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H 17065-17084 4.6 4.6 CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H 19529-17084 CBL-Mariner Releases 17065-17084 19529-17084 No Security Update 6.6.35.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17065-17084 19529-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:11:51 <p>Information published.</p> Race condition vulnerability in Linux kernel media/xc4000 xc4000_get_frequency() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Anolis Yes CVE-2024-24861 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17065-17084 19529-17084 17065-17084 19529-17084 Moderate 17065-17084 Low 19529-17084 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 17065-17084 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 19529-17084 CBL-Mariner Releases 17065-17084 19529-17084 No Security Update 6.6.35.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17065-17084 19529-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:12:18 <p>Information published.</p> An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-25062 Use After Free 17440-16823 17475-17084 20051-17086 19447-17084 17440-16823 17475-17084 20051-17086 19447-17084 Important 17440-16823 Important 17475-17084 Important 20051-17086 Important 19447-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17440-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17475-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20051-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19447-17084 CBL-Mariner Releases 17440-16823 20051-17086 No Security Update 2.10.4-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17440-16823 20051-17086 CBL-Mariner Releases CBL-Mariner Releases 17475-17084 19447-17084 No Security Update 2.11.5-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17475-17084 19447-17084 CBL-Mariner Releases 1.0 2024-09-20T00:00:00 <p>Information published.</p> 1.1 2025-03-14T00:00:00 <p>Added libxml2 to Azure Linux 3.0 Added libxml2 to CBL-Mariner 2.0</p> 1.2 2026-02-18T14:32:56 <p>Information published.</p> Azure IoT Platform Device SDK Remote Code Execution Vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-25110 Use After Free 17428-16823 17778-17084 19859-17086 19861-17084 17428-16823 17778-17084 19859-17086 19861-17084 Important 17428-16823 Important 17778-17084 Important 19859-17086 Important 19861-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17428-16823 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17778-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19859-17086 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19861-17084 CBL-Mariner Releases 17428-16823 19859-17086 No Security Update 2022.01.21-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17428-16823 19859-17086 CBL-Mariner Releases CBL-Mariner Releases 17778-17084 19861-17084 No Security Update 2024.03.04-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17778-17084 19861-17084 CBL-Mariner Releases 1.2 2026-02-18T14:37:38 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> c-ares out of bounds read in ares__read_line() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-25629 Out-of-bounds Read 17433-16823 17347-16823 17434-16823 17326-16823 16855-17084 17770-17084 16990-17084 17732-17084 17771-17084 20149-17086 19748-17086 20160-17086 19752-17086 20170-17084 19740-17084 19746-17084 19814-17086 17868-17086 17433-17086 19787-17086 19889-17086 20173-17084 17664-17084 19666-17084 17667-17084 17433-16823 17347-16823 17434-16823 17326-16823 16855-17084 17770-17084 16990-17084 17732-17084 17771-17084 20149-17086 19748-17086 20160-17086 19752-17086 20170-17084 19740-17084 19746-17084 19814-17086 17868-17086 17433-17086 19787-17086 19889-17086 20173-17084 17664-17084 19666-17084 17667-17084 Moderate 17433-16823 Moderate 17347-16823 Moderate 17434-16823 Moderate 17326-16823 Moderate 16855-17084 Moderate 17770-17084 Moderate 16990-17084 Moderate 17732-17084 Moderate 17771-17084 Moderate 20149-17086 Moderate 19748-17086 20160-17086 Moderate 19752-17086 Moderate 20170-17084 Moderate 19740-17084 Moderate 19746-17084 Moderate 19814-17086 Moderate 17868-17086 Moderate 17433-17086 Moderate 19787-17086 19889-17086 Moderate 20173-17084 Moderate 17664-17084 Moderate 19666-17084 Moderate 17667-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17433-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17347-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17434-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17326-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16855-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17770-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16990-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17732-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17771-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20149-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19748-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20160-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19752-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20170-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19740-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19746-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19814-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17868-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17433-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19787-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19889-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20173-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17664-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19666-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17667-17084 CBL-Mariner Releases 17433-16823 No Security Update 21.1.2-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17433-16823 CBL-Mariner Releases CBL-Mariner Releases 17347-16823 19748-17086 No Security Update 18.20.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17347-16823 19748-17086 CBL-Mariner Releases CBL-Mariner Releases 17434-16823 17868-17086 19889-17086 No Security Update 1.42.0-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17434-16823 17868-17086 19889-17086 CBL-Mariner Releases CBL-Mariner Releases 17326-16823 19787-17086 No Security Update 2.2.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17326-16823 19787-17086 CBL-Mariner Releases CBL-Mariner Releases 16855-17084 19666-17084 No Security Update 18.2.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16855-17084 19666-17084 CBL-Mariner Releases CBL-Mariner Releases 17770-17084 No Security Update 23.9.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17770-17084 CBL-Mariner Releases CBL-Mariner Releases 16990-17084 19740-17084 No Security Update 20.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16990-17084 19740-17084 CBL-Mariner Releases CBL-Mariner Releases 17732-17084 20173-17084 No Security Update 3.0.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17732-17084 20173-17084 CBL-Mariner Releases CBL-Mariner Releases 17771-17084 20170-17084 No Security Update 1.30.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17771-17084 20170-17084 CBL-Mariner Releases CBL-Mariner Releases 20149-17086 No Security Update 1.19.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20149-17086 CBL-Mariner Releases 2.3 2024-10-22T00:00:00 <p>Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0 Added fluent-bit to Azure Linux 3.0 Added c-ares to Azure Linux 3.0 Added nodejs to Azure Linux 3.0</p> 2.4 2024-11-09T00:00:00 <p>Added python-gevent to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added c-ares to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 2.5 2025-02-08T00:00:00 <p>Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0 Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0</p> 2.6 2025-02-23T00:00:00 <p>Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0 Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0</p> 3.0 2025-03-02T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 3.1 2025-03-03T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 3.3 2025-03-05T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 3.4 2025-03-06T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 3.7 2025-03-10T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 3.8 2025-03-11T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 3.9 2025-03-12T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 4.0 2025-03-13T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 4.5 2025-03-18T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 4.8 2025-03-21T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 4.9 2025-03-22T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 5.5 2025-03-28T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 5.7 2025-03-30T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 5.8 2025-03-31T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 5.9 2025-04-01T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 6.1 2025-04-04T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 6.2 2025-04-05T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 6.4 2025-04-07T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 6.7 2025-04-11T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 6.9 2025-04-13T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 7.3 2025-04-17T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 7.6 2025-04-20T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 8.3 2025-04-28T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 8.4 2025-04-29T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 8.5 2025-04-30T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 8.6 2025-05-01T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 8.8 2025-05-03T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 9.1 2025-05-06T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 9.2 2025-05-07T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 9.6 2025-05-11T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 9.7 2025-05-12T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 10.2 2025-05-17T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 10.6 2025-05-21T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 10.7 2025-05-22T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 10.9 2025-05-24T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 11.0 2025-05-25T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 11.1 2025-05-26T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 11.2 2025-05-27T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 12.0 2026-02-18T14:48:29 <p>Information published.</p> 1.0 2024-02-26T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-08-29T00:00:00 <p>Information published.</p> 1.3 2024-08-30T00:00:00 <p>Information published.</p> 1.4 2024-08-31T00:00:00 <p>Information published.</p> 1.5 2024-09-01T00:00:00 <p>Information published.</p> 1.6 2024-09-02T00:00:00 <p>Information published.</p> 1.7 2024-09-03T00:00:00 <p>Information published.</p> 1.8 2024-09-05T00:00:00 <p>Information published.</p> 1.9 2024-09-06T00:00:00 <p>Information published.</p> 2.0 2024-09-07T00:00:00 <p>Information published.</p> 2.1 2024-09-08T00:00:00 <p>Information published.</p> 2.2 2024-09-11T00:00:00 <p>Information published.</p> 2.7 2025-02-27T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 2.8 2025-02-28T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 2.9 2025-03-01T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 3.2 2025-03-04T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 3.5 2025-03-08T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 3.6 2025-03-09T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 4.1 2025-03-14T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 4.2 2025-03-15T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 4.3 2025-03-16T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 4.4 2025-03-17T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 4.6 2025-03-19T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 4.7 2025-03-20T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 5.0 2025-03-23T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 5.1 2025-03-24T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 5.2 2025-03-25T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 5.3 2025-03-26T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 5.4 2025-03-27T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 5.6 2025-03-29T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 6.0 2025-04-03T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 6.3 2025-04-06T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 6.5 2025-04-08T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 6.6 2025-04-09T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 6.8 2025-04-12T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 7.0 2025-04-14T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 7.1 2025-04-15T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 7.2 2025-04-16T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 7.4 2025-04-18T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 7.5 2025-04-19T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 7.7 2025-04-21T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 7.8 2025-04-22T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 7.9 2025-04-23T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 8.0 2025-04-24T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 8.1 2025-04-25T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 8.2 2025-04-26T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 8.7 2025-05-02T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 8.9 2025-05-04T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 9.0 2025-05-05T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 9.3 2025-05-08T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 9.4 2025-05-09T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 9.5 2025-05-10T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 9.8 2025-05-13T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 9.9 2025-05-14T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 10.0 2025-05-15T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 10.1 2025-05-16T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 10.3 2025-05-18T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 10.4 2025-05-19T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 10.5 2025-05-20T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> 10.8 2025-05-23T00:00:00 <p>Added c-ares to Azure Linux 3.0 Added fluent-bit to Azure Linux 3.0 Added nodejs to Azure Linux 3.0 Added python-gevent to Azure Linux 3.0 Added c-ares to CBL-Mariner 2.0 Added grpc to CBL-Mariner 2.0 Added fluent-bit to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0</p> Helm's Missing YAML Content Leads To Panic <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-26147 Use of Uninitialized Resource 17435-16823 17768-17084 17769-17084 19817-17086 17707-17084 17435-16823 17768-17084 17769-17084 19817-17086 17707-17084 Important 17435-16823 Important 17768-17084 Important 17769-17084 Important 19817-17086 Important 17707-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17435-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17768-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17769-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19817-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17707-17084 CBL-Mariner Releases 17435-16823 19817-17086 No Security Update 1.11.2-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17435-16823 19817-17086 CBL-Mariner Releases CBL-Mariner Releases 17768-17084 No Security Update 3.13.2-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17768-17084 CBL-Mariner Releases CBL-Mariner Releases 17769-17084 17707-17084 No Security Update 1.12.13-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17769-17084 17707-17084 CBL-Mariner Releases 1.3 2026-02-18T14:49:37 <p>Information published.</p> 1.0 2024-02-26T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-09-20T00:00:00 <p>Information published.</p> fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-26455 Use After Free 17326-16823 17813-17084 20061-17086 20065-17084 17326-16823 17813-17084 20061-17086 20065-17084 Important 17326-16823 Important 17813-17084 Moderate 20061-17086 Important 20065-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17326-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17813-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20061-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20065-17084 CBL-Mariner Releases 17326-16823 20061-17086 No Security Update 2.2.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17326-16823 20061-17086 CBL-Mariner Releases CBL-Mariner Releases 17813-17084 20065-17084 No Security Update 3.0.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17813-17084 20065-17084 CBL-Mariner Releases 1.4 2026-02-20T23:19:30 <p>Information published.</p> 1.0 2024-03-04T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-09-11T00:00:00 <p>Information published.</p> 1.3 2024-10-22T00:00:00 <p>Added fluent-bit to CBL-Mariner 2.0 Added fluent-bit to Azure Linux 3.0</p> Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-26461 Allocation of Resources Without Limits or Throttling 17703-17084 20083-17086 20087-17084 17703-17084 20083-17086 20087-17084 Important 17703-17084 Important 20083-17086 Important 20087-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17703-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20083-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20087-17084 CBL-Mariner Releases 17703-17084 20083-17086 20087-17084 No Security Update 1.21.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17703-17084 20083-17086 20087-17084 CBL-Mariner Releases 1.0 2024-08-05T00:00:00 <p>Information published.</p> 1.1 2024-08-15T00:00:00 <p>Information published.</p> 1.2 2024-08-16T00:00:00 <p>Information published.</p> 1.3 2024-08-17T00:00:00 <p>Information published.</p> 1.4 2024-08-18T00:00:00 <p>Information published.</p> 1.5 2024-08-19T00:00:00 <p>Information published.</p> 1.6 2024-08-20T00:00:00 <p>Information published.</p> 1.7 2024-08-21T00:00:00 <p>Information published.</p> 1.8 2024-08-22T00:00:00 <p>Information published.</p> 1.9 2024-08-23T00:00:00 <p>Information published.</p> 2.0 2024-08-24T00:00:00 <p>Information published.</p> 2.1 2024-08-25T00:00:00 <p>Information published.</p> 2.2 2024-08-26T00:00:00 <p>Information published.</p> 2.3 2024-08-27T00:00:00 <p>Information published.</p> 2.4 2024-08-28T00:00:00 <p>Information published.</p> 2.5 2024-08-29T00:00:00 <p>Information published.</p> 2.6 2024-08-30T00:00:00 <p>Information published.</p> 2.7 2024-08-31T00:00:00 <p>Information published.</p> 2.8 2024-09-01T00:00:00 <p>Information published.</p> 2.9 2024-09-02T00:00:00 <p>Information published.</p> 3.0 2024-09-03T00:00:00 <p>Information published.</p> 3.1 2024-09-05T00:00:00 <p>Information published.</p> 3.2 2024-09-06T00:00:00 <p>Information published.</p> 3.3 2024-09-07T00:00:00 <p>Information published.</p> 3.4 2024-09-08T00:00:00 <p>Information published.</p> 3.5 2024-09-11T00:00:00 <p>Information published.</p> 3.6 2026-02-20T23:27:38 <p>Information published.</p> netfilter: nft_set_rbtree: skip end interval element from gc <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-26581 Use After Free 17427-16823 17785-17084 20072-17086 17987-17084 17427-16823 17785-17084 20072-17086 17987-17084 Important 17427-16823 Important 17785-17084 Important 20072-17086 Important 17987-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17427-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17785-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20072-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17987-17084 CBL-Mariner Releases 17427-16823 20072-17086 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17427-16823 20072-17086 CBL-Mariner Releases CBL-Mariner Releases 17785-17084 17987-17084 No Security Update 6.6.22.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17785-17084 17987-17084 CBL-Mariner Releases 1.2 2026-02-20T23:22:21 <p>Information published.</p> 1.0 2024-03-04T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> net: tls: handle backlogging of crypto requests <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-26584 Improper Handling of Exceptional Conditions 17310-16823 17095-17086 19673-17086 17310-16823 17095-17086 19673-17086 Moderate 17310-16823 Moderate 17095-17086 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 CBL-Mariner Releases 17310-16823 17095-17086 19673-17086 No Security Update 5.15.158.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17310-16823 17095-17086 19673-17086 CBL-Mariner Releases 2.0 2026-02-18T03:02:57 <p>Information published.</p> 1.0 2024-05-01T00:00:00 <p>Information published.</p> tls: fix race between tx work scheduling and socket close <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-26585 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17310-16823 16839-17084 19673-17086 19779-17084 17095-17086 17310-16823 16839-17084 19673-17086 19779-17084 17095-17086 Moderate 17310-16823 Moderate 16839-17084 19673-17086 Moderate 19779-17084 Moderate 17095-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19779-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 17310-16823 19673-17086 17095-17086 No Security Update 5.15.158.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17310-16823 19673-17086 17095-17086 CBL-Mariner Releases CBL-Mariner Releases 16839-17084 19779-17084 No Security Update 6.6.22.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16839-17084 19779-17084 CBL-Mariner Releases 1.0 2024-03-15T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 2.0 2026-02-18T01:07:59 <p>Information published.</p> net: netdevsim: don't try to destroy PHC on VFs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-26587 NULL Pointer Dereference 17325-16823 19673-17086 17095-17086 17325-16823 19673-17086 17095-17086 Moderate 17325-16823 19673-17086 Moderate 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 17325-16823 19673-17086 17095-17086 No Security Update 5.15.158.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17325-16823 19673-17086 17095-17086 CBL-Mariner Releases 1.0 2024-03-19T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:32:30 <p>Information published.</p> ksmbd: validate mech token in session setup <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-26594 Out-of-bounds Read 17427-16823 20072-17086 17427-16823 20072-17086 Important 17427-16823 Important 20072-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17427-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20072-17086 CBL-Mariner Releases 17427-16823 20072-17086 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17427-16823 20072-17086 CBL-Mariner Releases 1.0 2024-03-04T00:00:00 <p>Information published.</p> 1.1 2026-02-20T23:23:43 <p>Information published.</p> net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-26596 17601-17084 19529-17084 17601-17084 19529-17084 Moderate 17601-17084 Moderate 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17601-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 CBL-Mariner Releases 17601-17084 19529-17084 No Security Update 6.6.57.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17601-17084 19529-17084 CBL-Mariner Releases 1.0 2024-11-09T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:27:12 <p>Information published.</p> Azure IoT Platform Device SDK Double Free Vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-27099 Double Free 17428-16823 17778-17084 19859-17086 19861-17084 17428-16823 17778-17084 19859-17086 19861-17084 Critical 17428-16823 Critical 17778-17084 Critical 19859-17086 Critical 19861-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17428-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17778-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19859-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19861-17084 CBL-Mariner Releases 17428-16823 19859-17086 No Security Update 2022.01.21-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17428-16823 19859-17086 CBL-Mariner Releases CBL-Mariner Releases 17778-17084 19861-17084 No Security Update 2024.03.04-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17778-17084 19861-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2026-02-20T23:16:43 <p>Information published.</p> Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner HiddenLayer Yes CVE-2024-27318 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 17432-16823 17817-17084 19909-17086 19407-17084 19450-17086 17432-16823 17817-17084 19909-17086 19407-17084 19450-17086 Important 17432-16823 Important 17817-17084 19909-17086 Important 19407-17084 Important 19450-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17432-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17817-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19909-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19407-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19450-17086 CBL-Mariner Releases 17432-16823 19909-17086 19450-17086 No Security Update 2.0.0-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17432-16823 19909-17086 19450-17086 CBL-Mariner Releases CBL-Mariner Releases 17817-17084 19407-17084 No Security Update 2.2.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17817-17084 19407-17084 CBL-Mariner Releases 1.0 2024-02-26T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-09-21T00:00:00 <p>Information published.</p> 2.0 2026-02-18T14:52:52 <p>Information published.</p> Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner HiddenLayer Yes CVE-2024-27319 Out-of-bounds Read 17361-16823 17817-17084 19909-17086 19450-17086 19407-17084 17361-16823 17817-17084 19909-17086 19450-17086 19407-17084 Critical 17361-16823 Critical 17817-17084 19909-17086 Moderate 19450-17086 Moderate 19407-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 17361-16823 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 17817-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L 19909-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L 19450-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L 19407-17084 CBL-Mariner Releases 17361-16823 19909-17086 19450-17086 No Security Update 2.0.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17361-16823 19909-17086 19450-17086 CBL-Mariner Releases CBL-Mariner Releases 17817-17084 19407-17084 No Security Update 2.2.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17817-17084 19407-17084 CBL-Mariner Releases 1.2 2025-01-23T00:00:00 <p>Added pytorch to CBL-Mariner 2.0</p> 1.3 2025-01-27T00:00:00 <p>Added pytorch to Azure Linux 3.0 Added pytorch to CBL-Mariner 2.0</p> 2.0 2026-02-18T14:53:37 <p>Information published.</p> 1.0 2024-02-26T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> Openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3966 Uncaught Exception 18166-17086 18167-17084 20143-17086 18386-17084 18166-17086 18167-17084 20143-17086 18386-17084 Important 18166-17086 Important 18167-17084 20143-17086 Important 18386-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18166-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18167-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20143-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18386-17084 CBL-Mariner Releases 18166-17086 20143-17086 No Security Update 2.17.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18166-17086 20143-17086 CBL-Mariner Releases CBL-Mariner Releases 18167-17084 18386-17084 No Security Update 3.3.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18167-17084 18386-17084 CBL-Mariner Releases 2.0 2026-02-18T14:44:03 <p>Information published.</p> 1.0 2024-02-22T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-46045 Out-of-bounds Read 18173-17084 19988-17086 18173-17084 19988-17086 Important 18173-17084 Important 19988-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18173-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19988-17086 CBL-Mariner Releases 18173-17084 No Security Update 2.42.4-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18173-17084 CBL-Mariner Releases CBL-Mariner Releases 19988-17086 No Security Update 2.42.4-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19988-17086 CBL-Mariner Releases 1.0 2024-02-10T00:00:00 <p>Information published.</p> 1.1 2025-04-22T00:00:00 <p>Added graphviz to Azure Linux 3.0 Added graphviz to CBL-Mariner 2.0</p> 1.2 2026-02-18T14:26:44 <p>Information published.</p> Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-50782 Observable Discrepancy 20054-17086 17984-17084 18171-17084 20054-17086 17984-17084 18171-17084 Important 20054-17086 Important 17984-17084 Important 18171-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 20054-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17984-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 18171-17084 CBL-Mariner Releases 20054-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20054-17086 CBL-Mariner Releases CBL-Mariner Releases 17984-17084 18171-17084 No Security Update 42.0.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17984-17084 18171-17084 CBL-Mariner Releases 1.1 2026-02-18T14:33:52 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-52426 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') 19906-17084 17399-16823 17783-17084 19901-17086 18576-17086 19906-17084 17399-16823 17783-17084 19901-17086 18576-17086 Moderate 19906-17084 Moderate 17399-16823 Moderate 17783-17084 19901-17086 Moderate 18576-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19906-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17399-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17783-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19901-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18576-17086 CBL-Mariner Releases 19906-17084 17783-17084 No Security Update 2.6.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19906-17084 17783-17084 CBL-Mariner Releases CBL-Mariner Releases 17399-16823 19901-17086 18576-17086 No Security Update 2.6.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17399-16823 19901-17086 18576-17086 CBL-Mariner Releases 1.0 2024-02-09T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 2.0 2026-02-18T14:23:41 <p>Information published.</p> smb: client: fix potential OOBs in smb2_parse_contexts() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52434 Improper Restriction of Operations within the Bounds of a Memory Buffer 16838-16823 19793-17086 16838-16823 19793-17086 Important 16838-16823 Important 19793-17086 8.0 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16838-16823 8.0 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19793-17086 CBL-Mariner Releases 16838-16823 19793-17086 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16838-16823 19793-17086 CBL-Mariner Releases 1.0 2024-03-16T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:09:20 <p>Information published.</p> net: prevent mss overflow in skb_segment() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52435 Improper Restriction of Operations within the Bounds of a Memory Buffer 16838-16823 19793-17086 16838-16823 19793-17086 Moderate 16838-16823 Moderate 19793-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19793-17086 CBL-Mariner Releases 16838-16823 19793-17086 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16838-16823 19793-17086 CBL-Mariner Releases 1.0 2024-03-16T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:10:01 <p>Information published.</p> Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner isc Yes CVE-2023-5679 20093-17086 18169-17084 17073-17084 20093-17086 18169-17084 17073-17084 Important 20093-17086 Important 18169-17084 Important 17073-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20093-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18169-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17073-17084 CBL-Mariner Releases 20093-17086 No Security Update 9.16.48-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20093-17086 CBL-Mariner Releases CBL-Mariner Releases 18169-17084 17073-17084 No Security Update 9.19.21-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18169-17084 17073-17084 CBL-Mariner Releases 1.3 2024-12-03T00:00:00 <p>Added bind to CBL-Mariner 2.0 Added bind to Azure Linux 3.0</p> 1.4 2026-02-18T14:38:12 <p>Information published.</p> 1.0 2024-02-19T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-09-11T00:00:00 <p>Information published.</p> Specific recursive query patterns may lead to an out-of-memory condition <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner isc Yes CVE-2023-6516 Allocation of Resources Without Limits or Throttling 19739-17086 18169-17084 17073-17084 19739-17086 18169-17084 17073-17084 Important 19739-17086 Important 18169-17084 Important 17073-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19739-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18169-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17073-17084 CBL-Mariner Releases 19739-17086 No Security Update 9.16.48-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19739-17086 CBL-Mariner Releases CBL-Mariner Releases 18169-17084 17073-17084 No Security Update 9.19.21-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18169-17084 17073-17084 CBL-Mariner Releases 1.2 2026-02-18T14:38:41 <p>Information published.</p> 1.0 2024-02-19T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> Heap-buffer over-read with WOLFSSL_CALLBACKS <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner wolfSSL Yes CVE-2023-6936 Buffer Over-read 17774-17084 19914-17086 17774-17084 19914-17086 Moderate 17774-17084 Moderate 19914-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 17774-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19914-17086 CBL-Mariner Releases 17774-17084 No Security Update 10.11.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17774-17084 CBL-Mariner Releases CBL-Mariner Releases 19914-17086 No Security Update 10.6.20-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19914-17086 CBL-Mariner Releases 1.0 2024-12-07T00:00:00 <p>Information published.</p> 1.1 2024-12-12T00:00:00 <p>Added mariadb to CBL-Mariner 2.0 Added mariadb to Azure Linux 3.0</p> 1.2 2025-02-13T00:00:00 <p>Added mariadb to CBL-Mariner 2.0 Added mariadb to Azure Linux 3.0</p> 1.3 2026-02-18T14:43:07 <p>Information published.</p> serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52488 17110-16823 19682-17086 18490-17086 17110-16823 19682-17086 18490-17086 Moderate 17110-16823 19682-17086 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17110-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 CBL-Mariner Releases 17110-16823 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 CBL-Mariner Releases CBL-Mariner Releases 19682-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 CBL-Mariner Releases 1.0 2025-09-03T22:09:17 <p>Information published.</p> 2.0 2026-02-19T01:21:43 <p>Information published.</p> netlabel: fix out-of-bounds memory accesses <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2019-25160 Out-of-bounds Read 16989-16817 16989-17084 16989-16817 16989-17084 Important 16989-16817 Important 16989-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 16989-17084 CBL-Mariner Releases 16989-16817 16989-17084 No Security Update 6.6.35.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16989-16817 16989-17084 CBL-Mariner Releases 1.0 2024-08-15T00:00:00 <p>Information published.</p> An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-24478 Integer Overflow to Buffer Overflow 19523-17084 19523-17084 Important 19523-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19523-17084 CBL-Mariner Releases 19523-17084 No Security Update 4.4.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19523-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2024-25710 Loop with Unreachable Exit Condition (&#39;Infinite Loop&#39;) 19034-17084 20189-17086 19822-17084 19034-17084 20189-17086 19822-17084 Important 19034-17084 Important 20189-17086 Important 19822-17084 8.1 8.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 19034-17084 8.1 8.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 20189-17086 8.1 8.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 19822-17084 CBL-Mariner Releases 19034-17084 19822-17084 No Security Update 1.14.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19034-17084 19822-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:50:17 <p>Information published.</p> Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-1551 Reliance on Cookies without Validation and Integrity Checking 18469-17084 18469-17084 18469-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 18469-17084 1.0 2025-09-04T00:03:00 <p>Information published.</p> Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-1552 Incorrect Conversion between Numeric Types 18469-17084 18469-17084 18469-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 18469-17084 1.0 2025-09-04T03:56:01 <p>Information published.</p> elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-25260 NULL Pointer Dereference 19589-17084 20616-17084 19589-17084 20616-17084 Moderate 19589-17084 Moderate 20616-17084 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19589-17084 4.0 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20616-17084 CBL-Mariner Releases 19589-17084 20616-17084 No Security Update 0.189-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19589-17084 20616-17084 CBL-Mariner Releases 1.0 2025-09-04T04:57:15 <p>Information published.</p> Microsoft Office Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.</p> <p><strong>If I am running Office 2016 (32-bit edition) or Office 2016 (64-bit edition, what do I need to do to be protected from this vulnerability?</strong></p> <p>To be protected, customers running Office 2016 need to install all the updates listed for their edition in the following tables.</p> <p><strong>For Office 2016 (32-bit edition)</strong>:</p> <table> <thead> <tr> <th>Product</th> <th>Article</th> <th>Download</th> <th>Build Number</th> </tr> </thead> <tbody> <tr> <td>Microsoft Office 2016 (32-bit edition)</td> <td><a href="https://support.microsoft.com/help/5002537">5002537</a></td> <td><a href="https://www.microsoft.com/download/details.aspx?familyid=3f798cca-1d11-494e-82a5-f8e8cbe4d716">Security Update</a></td> <td>16.0.5435.1001</td> </tr> <tr> <td>Microsoft Office 2016 (32-bit edition)</td> <td><a href="https://support.microsoft.com/help/5002467">5002467</a></td> <td><a href="https://www.microsoft.com/download/details.aspx?familyid=0019c7f4-e4f2-4741-8cfb-0fd2311b71f4">Security Update</a></td> <td>16.0.5435.1001</td> </tr> <tr> <td>Microsoft Office 2016 (32-bit edition)</td> <td><a href="https://support.microsoft.com/help/5002522">5002522</a></td> <td><a href="https://www.microsoft.com/download/details.aspx?familyid=eced3839-7e06-43be-a013-ff34c4a3e4a7">Security Update</a></td> <td>16.0.5435.1001</td> </tr> <tr> <td>Microsoft Office 2016 (32-bit edition)</td> <td><a href="https://support.microsoft.com/help/5002469">5002469</a></td> <td><a href="https://www.microsoft.com/download/details.aspx?familyid=8315c33e-7682-4031-a323-f8c01c53dac1">Security Update</a></td> <td>16.0.5435.1001</td> </tr> <tr> <td>Microsoft Office 2016 (32-bit edition)</td> <td><a href="https://support.microsoft.com/help/5002519">5002519</a></td> <td><a href="https://www.microsoft.com/download/details.aspx?familyid=f6e4a256-d7fb-4ad0-a998-d3cdd5ea4bd8">Security Update</a></td> <td>16.0.5435.1001</td> </tr> </tbody> </table> <p><strong>For Office 2016 (64-bit edition)</strong>:</p> <table> <thead> <tr> <th>Product</th> <th>Article</th> <th>Download</th> <th>Build Number</th> </tr> </thead> <tbody> <tr> <td>Microsoft Office 2016 (64-bit edition)</td> <td><a href="https://support.microsoft.com/help/5002537">5002537</a></td> <td><a href="https://www.microsoft.com/download/details.aspx?familyid=0754e80a-a661-4e4c-b876-7288e83d0e26">Security Update</a></td> <td>16.0.5435.1001</td> </tr> <tr> <td>Microsoft Office 2016 (64-bit edition)</td> <td><a href="https://support.microsoft.com/help/5002467">5002467</a></td> <td><a href="https://www.microsoft.com/download/details.aspx?familyid=e80c5e98-5fd0-45d2-931c-4ebb126db870">Security Update</a></td> <td>16.0.5435.1001</td> </tr> <tr> <td>Microsoft Office 2016 (64-bit edition)</td> <td><a href="https://support.microsoft.com/help/5002522">5002522</a></td> <td><a href="https://www.microsoft.com/download/details.aspx?familyid=2b476112-870d-451c-a7d7-e513e72ec383">Security Update</a></td> <td>16.0.5435.1001</td> </tr> <tr> <td>Microsoft Office 2016 (64-bit edition)</td> <td><a href="https://support.microsoft.com/help/5002469">5002469</a></td> <td><a href="https://www.microsoft.com/download/details.aspx?familyid=cfd78b2e-736d-4e29-83a7-44699e8a289c">Security Update</a></td> <td>16.0.5435.1001</td> </tr> <tr> <td>Microsoft Office 2016 (64-bit edition)</td> <td><a href="https://support.microsoft.com/help/5002519">5002519</a></td> <td><a href="https://www.microsoft.com/download/details.aspx?familyid=96a56f04-fed0-4743-b518-23b904e9368e">Security Update</a></td> <td>16.0.5435.1001</td> </tr> </tbody> </table> Microsoft Office Microsoft Yes CVE-2024-20673 Protection Mechanism Failure 11573 11574 11952 11953 10739 10740 10753 10754 10741 10742 10743 10744 10746 10747 10749 10750 10770 10771 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 10739 Remote Code Execution 10740 Remote Code Execution 10753 Remote Code Execution 10754 Remote Code Execution 10741 Remote Code Execution 10742 Remote Code Execution 10743 Remote Code Execution 10744 Remote Code Execution 10746 Remote Code Execution 10747 Remote Code Execution 10749 Remote Code Execution 10750 Remote Code Execution 10770 Remote Code Execution 10771 Important 11573 Important 11574 Important 11952 Important 11953 Important 10739 Important 10740 Important 10753 Important 10754 Important 10741 Important 10742 Important 10743 Important 10744 Important 10746 Important 10747 Important 10749 Important 10750 Important 10770 Important 10771 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10741 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10742 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10743 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10744 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10746 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10747 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10749 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10750 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10770 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10771 Click to Run 11573 11574 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11952 11953 Click to Run 5002536 https://www.microsoft.com/download/details.aspx?familyid=ae195ecc-c97f-40b3-b5c8-84532c0b9fde 10739 Maybe Security Update 16.0.5435.1000 https://support.microsoft.com/help/5002536 10739 5002536 5002536 https://support.microsoft.com/help/5002536 10739 10740 5002536 https://www.microsoft.com/download/details.aspx?familyid=b367193a-ca59-47b8-acc2-e69515a68358 10740 Maybe Security Update 16.0.5435.1000 https://support.microsoft.com/help/5002536 10740 5002536 5002537 https://www.microsoft.com/download/details.aspx?familyid=3f798cca-1d11-494e-82a5-f8e8cbe4d716 10753 Maybe Security Update 16.0.5435.1001 https://support.microsoft.com/help/5002537 10753 5002537 5002467 https://www.microsoft.com/download/details.aspx?familyid=0019c7f4-e4f2-4741-8cfb-0fd2311b71f4 10753 Maybe Security Update 16.0.5435.1001 https://support.microsoft.com/help/5002467 10753 5002467 5002522 https://www.microsoft.com/download/details.aspx?familyid=eced3839-7e06-43be-a013-ff34c4a3e4a7 10753 Maybe Security Update 16.0.5435.1001 https://support.microsoft.com/help/5002522 10753 5002522 5002469 https://www.microsoft.com/download/details.aspx?familyid=8315c33e-7682-4031-a323-f8c01c53dac1 10753 Maybe Security Update 16.0.5435.1001 https://support.microsoft.com/help/5002469 10753 5002469 5002537 https://www.microsoft.com/download/details.aspx?familyid=0754e80a-a661-4e4c-b876-7288e83d0e26 10754 Maybe Security Update 16.0.5435.1001 https://support.microsoft.com/help/5002537 10754 5002537 5002467 https://www.microsoft.com/download/details.aspx?familyid=e80c5e98-5fd0-45d2-931c-4ebb126db870 10754 Maybe Security Update 16.0.5435.1001 https://support.microsoft.com/help/5002467 10754 5002467 5002522 https://www.microsoft.com/download/details.aspx?familyid=2b476112-870d-451c-a7d7-e513e72ec383 10754 Maybe Security Update 16.0.5435.1001 https://support.microsoft.com/help/5002522 10754 5002522 5002469 https://www.microsoft.com/download/details.aspx?familyid=cfd78b2e-736d-4e29-83a7-44699e8a289c 10754 Maybe Security Update 16.0.5435.1001 https://support.microsoft.com/help/5002469 10754 5002469 5002495 https://www.microsoft.com/download/details.aspx?familyid=eda04ab0-b2ef-498c-953c-a2c506c194a6 10741 Maybe Security Update 16.0.5435.1000 https://support.microsoft.com/help/5002495 10741 5002495 5002495 https://support.microsoft.com/help/5002495 10741 10742 5002495 https://www.microsoft.com/download/details.aspx?familyid=05fb70f3-4d59-4518-a2e9-52a909480115 10742 Maybe Security Update 16.0.5435.1000 https://support.microsoft.com/help/5002495 10742 5002495 5002491 https://www.microsoft.com/download/details.aspx?familyid=1b56f25c-c5c4-4d77-9022-a4df85dbc532 10743 Maybe Security Update 16.0.5435.1000 https://support.microsoft.com/help/5002491 10743 5002491 5002491 https://www.microsoft.com/download/details.aspx?familyid=1afba554-309f-4e53-9d25-8cbc3b418be7 10744 Maybe Security Update 16.0.5435.1000 https://support.microsoft.com/help/5002491 10744 5002491 5002542 https://www.microsoft.com/download/details.aspx?familyid=adbbc6b3-6fc1-42c7-b782-18539f2e89dd 10746 Maybe Security Update 16.0.5435.1000 https://support.microsoft.com/help/5002542 10746 5002542 5002542 https://support.microsoft.com/help/5002542 10746 10747 5002542 https://www.microsoft.com/download/details.aspx?familyid=9c3dbc6b-bfa1-4b9a-ab78-74b6ea9f93b4 10747 Maybe Security Update 16.0.5435.1000 https://support.microsoft.com/help/5002542 10747 5002542 5002492 https://www.microsoft.com/download/details.aspx?familyid=bfc358f2-ea3b-456a-aea9-8e4028a579fb 10749 Maybe Security Update 16.0.5435.1000 https://support.microsoft.com/help/5002492 10749 5002492 5002492 https://www.microsoft.com/download/details.aspx?familyid=bfc648bc-453f-43b9-b339-cadbaf8c7477 10750 Maybe Security Update 16.0.5435.1000 https://support.microsoft.com/help/5002492 10750 5002492 5002181 https://www.microsoft.com/download/details.aspx?familyid=63f19bfc-cbbb-415b-83da-53e2e170c61f 10770 Maybe Security Update 16.0.5435.1000 https://support.microsoft.com/help/5002181 10770 5002181 5002181 https://www.microsoft.com/download/details.aspx?familyid=8ba42ad5-37e7-40e7-b1f0-de5fa6f06472 10771 Maybe Security Update 16.0.5435.1000 https://support.microsoft.com/help/5002181 10771 5002181 Anonymous 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to navigate to a page with malicious content to be compromised by the attacker.</p> Microsoft Dynamics Microsoft Yes CVE-2024-21327 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11955 Spoofing 11955 Important 11955 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11955 5035110 https://www.microsoft.com/download/details.aspx?familyid=c14f7c99-edb2-4a23-8a31-31dfe6c075dd 11955 Maybe Security Update 9.1.25.17 https://support.microsoft.com/help/5035110 11955 5035110 <a href="https://twitter.com/dhiralpatel94">Dhiral Patel</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> Azure Connected Machine Agent Elevation of Privilege Vulnerability <p><strong>Why is the update for Azure Connected Machine Agents unavailable?</strong></p> <p>The update was removed from the Microsoft Update Catalog due to reports of installation failing. The update will be re-released when the issue is resolved, and this CVE will be updated at that time.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>A non-admin local user who has sufficient permissions to create symbolic links on a Windows computer that has Azure Connected Machine Agent installed (or before the agent is installed) could create links from a directory used by the agent to other privileged files on the computer. If the administrator later installs virtual machine extensions on the machine, those files could be deleted.</p> <p><strong>What privileges could an attacker gain with successful exploitation?</strong></p> <p>An attacker who successfully exploited the vulnerability could add symlinks and cause an arbitrary file delete as SYSTEM.</p> Azure Connected Machine Agent Microsoft Yes CVE-2024-21329 Improper Link Resolution Before File Access ('Link Following') 12264 Elevation of Privilege 12264 Important 12264 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12264 Release Notes https://learn.microsoft.com/en-us/azure/azure-arc/servers/manage-agent?tabs=windows#upgrade-the-agent 12264 Maybe Security Update 1.38 https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-release-notes 12264 Release Notes R4nger &amp; Zhiniang Peng 1.0 2024-02-13T08:00:00 <p>Information published.</p> 2.0 2024-02-15T08:00:00 <p>In the Security Updates table, removed the Article and Download links because the update is not available for Azure Connected Machine Agent. Customers will be notified via a revision to this CVE information when the update becomes available.</p> 3.0 2024-03-20T07:00:00 <p>The security update 1.38 for Azure Connected Machine Agent is now available. See the Security Updates table for more information.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> Windows Kernel Microsoft Yes CVE-2024-21338 Untrusted Pointer Dereference 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11568 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11569 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11570 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11571 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11572 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11923 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11924 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11926 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11927 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11929 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11930 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11931 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12085 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12086 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12097 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12098 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12099 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12242 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12243 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12244 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 Jan Vojtěšek with Avast 1.0 2024-02-13T08:00:00 <p>Information published.</p> 1.2 2024-02-28T08:00:00 <p>Updated the Exploitability Index to 0 - Exploitation Detected and <strong>Exploited</strong> to Yes. This is an informational change only.</p> 1.1 2024-02-15T08:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> Windows Hyper-V Denial of Service Vulnerability <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host.</p> Windows Hyper-V Microsoft Yes CVE-2024-20684 Improper Input Validation 11923 11924 11926 11927 12085 12086 12242 12243 12244 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 12085 Denial of Service 12086 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 12085 Critical 12086 Critical 12242 Critical 12243 Critical 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 Microsoft Offensive Research &amp; Security Engineering with Microsoft 1.0 2024-02-13T08:00:00 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows Kernel Microsoft Yes CVE-2024-21340 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 4.6 4.0 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft ActiveX Data Objects Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker would need to set up a malicious server and create a proof-of-concept script. The victim would then need to be convinced, possibly through social engineering techniques, to run this script, which would connect to the malicious server and potentially allow for remote code execution on the victim’s machine.</p> Microsoft ActiveX Microsoft Yes CVE-2024-21349 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Anonymous 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2024-21350 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Anonymous 1.0 2024-02-13T08:00:00 <p>Information published.</p> Windows SmartScreen Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass the SmartScreen user experience.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), a total loss of integrity (I:H), and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p> <p>The vulnerability allows a malicious actor to inject code into SmartScreen and potentially gain code execution, which could potentially lead to some data exposure, lack of system availability, or both.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>What is the relationship between Mark of the Web and Windows SmartScreen?</strong></p> <p>When you download a file from the internet, Windows adds the zone identifier or Mark of the Web as an NTFS stream to the file. So, when you run the file, Windows SmartScreen checks if there is a zone identifier Alternate Data Stream (ADS) attached to the file. If the ADS indicates ZoneId=3 which means that the file was downloaded from the internet, the SmartScreen does a reputation check. For more information on SmartScreen, please visit <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview">Microsoft Defender SmartScreen overview | Microsoft Learn</a>.</p> Windows SmartScreen Microsoft Yes CVE-2024-21351 Improper Control of Generation of Code ('Code Injection') 12243 12242 11568 11569 11570 11571 11923 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 Security Feature Bypass 12243 Security Feature Bypass 12242 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11923 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Moderate 12243 Moderate 12242 Moderate 11568 Moderate 11569 Moderate 11570 Moderate 11571 Moderate 11923 Moderate 11926 Moderate 11927 Moderate 11929 Moderate 11930 Moderate 11931 Moderate 12085 Moderate 12086 Moderate 12097 Moderate 12098 Moderate 12099 Moderate 10729 Moderate 10735 Moderate 10852 Moderate 10853 Moderate 10816 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 12243 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 12242 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11568 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11569 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11570 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11571 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11923 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11926 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11927 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11929 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11930 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 11931 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 12085 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 12086 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 12097 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 12098 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 12099 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 10729 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 10735 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 10852 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 10853 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C 10816 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12243 12242 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12243 12242 5034765 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 5034770 5034770 https://support.microsoft.com/help/5034770 11923 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 5034767 <a href="https://twitter.com/ericlaw">Eric Lawrence</a> with Microsoft 1.0 2024-02-13T08:00:00 <p>Information published.</p> 1.1 2024-02-15T08:00:00 <p>Updated FAQ information. This is an informational change only.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable).</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2024-21352 Numeric Truncation Error 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Anonymous 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Message Queuing Microsoft Yes CVE-2024-21354 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS score, the attack vector is network (AV:N). What does this mean for this vulnerability?</strong></p> <p>Windows Pragmatic General Multicast (PGM) produces multicast traffic that runs on layer 4 and is routable. Therefore this vulnerability can be exploited over the network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by sending specially crafted malicious traffic to a vulnerable server.</p> Windows Internet Connection Sharing (ICS) Microsoft Yes CVE-2024-21357 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12242 Critical 12243 Critical 12244 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Anonymous 1.0 2024-02-13T08:00:00 <p>Information published.</p> 1.1 2024-02-14T08:00:00 <p>Updated one or more CVSS scores for the affected products and added an FAQ explaining the vector string settings. This is an informational change only.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2024-21358 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Anonymous 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2024-21360 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Anonymous 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2024-21361 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Anonymous 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2024-21366 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Anonymous 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2024-21369 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Anonymous 1.0 2024-02-13T08:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2024-21371 Time-of-check Time-of-use (TOCTOU) Race Condition 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 <a href="https://twitter.com/thezdi">Anonymous</a> with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> 1.1 2024-09-06T07:00:00 <p>Added an acknowledgement. This is an informational change only.</p> Windows OLE Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> Windows OLE Microsoft Yes CVE-2024-21372 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Anonymous 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable).</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2024-21375 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Anonymous 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft Word Remote Code Execution Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.</p> Microsoft Office Word Microsoft Yes CVE-2024-21379 Integer Overflow or Wraparound 11573 11574 11762 11763 11952 11953 10746 10747 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 10746 Remote Code Execution 10747 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 10746 Important 10747 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10746 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10747 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run 5002542 https://www.microsoft.com/download/details.aspx?familyid=adbbc6b3-6fc1-42c7-b782-18539f2e89dd 10746 Maybe Security Update 16.0.5435.1000 https://support.microsoft.com/help/5002542 10746 5002542 5002542 https://support.microsoft.com/help/5002542 10746 10747 5002542 https://www.microsoft.com/download/details.aspx?familyid=9c3dbc6b-bfa1-4b9a-ab78-74b6ea9f93b4 10747 Maybe Security Update 16.0.5435.1000 https://support.microsoft.com/help/5002542 10747 5002542 Anonymous working with Trend Micro Zero Day Initiative 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft Azure Active Directory B2C Spoofing Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.</p> <p><strong>How does the update address this vulnerability?</strong></p> <p>As part of Azure AD Business-to-Customer's (B2C) ongoing commitment to our customers, we recently rolled out an update to our behavior for the Proof Key for Code Exchange (PKCE) as outlined in our documentation <a href="https://learn.microsoft.com/en-us/azure/active-directory-b2c/authorization-code-flow">here</a>. This update adds additional enforcement on B2C’s <code>/token</code> endpoint – requiring that code redemption attempts that include the PKCE <code>code_verifier</code> parameter must also include an authorization code that was originally opted-in to PKCE behavior via the <code>code_challenge</code> parameter.</p> <p>In effect, this change reduces the possibility for attackers to send fraudulent authorization codes to your consuming service, and is aligned with the “OAuth 2.0 Security Best Current Practice” document <a href="https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#name-pkce-downgrade-attack">here</a>.</p> <p><strong>What actions do customers need to take to protect themselves from this vulnerability?</strong></p> <p>The vast majority of customers have received the update automatically and do not need to take any action to update their applications. A small subset of customers are required to take an action and have been notified directly via <a href="https://learn.microsoft.com/en-us/azure/service-health/service-health-portal-update">Azure Service Health Alerts</a> under Tracking ID: 6MFP-NTZ. If you did not receive this notification, there is no action required.</p> Azure Active Directory Microsoft Yes CVE-2024-21381 Cross-Site Request Forgery (CSRF) 12291 Spoofing 12291 Important 12291 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.8 6.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12291 Update Guidance https://learn.microsoft.com/en-us/azure/active-directory-b2c/authorization-code-flow 12291 No Security Update https://learn.microsoft.com/en-us/azure/active-directory-b2c/authorization-code-flow 12291 Update Guidance Anonymous 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Microsoft Dynamics Microsoft Yes CVE-2024-21389 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11921 Spoofing 11921 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11921 5035110 https://www.microsoft.com/download/details.aspx?familyid=c14f7c99-edb2-4a23-8a31-31dfe6c075dd 11921 Maybe Security Update 9.1.25.17 https://support.microsoft.com/help/5035110 11921 5035110 <a href="https://batr.am/">batram</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> Microsoft Dynamics Microsoft Yes CVE-2024-21393 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11921 Spoofing 11921 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11921 5035110 https://www.microsoft.com/download/details.aspx?familyid=c14f7c99-edb2-4a23-8a31-31dfe6c075dd 11921 Maybe Security Update 9.1.25.17 https://support.microsoft.com/help/5035110 11921 5035110 <a href="https://batr.am/">batram</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> Dynamics 365 Field Service Spoofing Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to navigate to a page with malicious content to be compromised by the attacker.</p> Microsoft Dynamics Microsoft Yes CVE-2024-21394 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11921 Spoofing 11921 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11921 5035110 https://www.microsoft.com/download/details.aspx?familyid=c14f7c99-edb2-4a23-8a31-31dfe6c075dd 11921 Maybe Security Update 9.1.25.17 https://support.microsoft.com/help/5035110 11921 5035110 <a href="https://www.linkedin.com/in/leecybersec/">NGO VAN TU (@tusnj)</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> Dynamics 365 Sales Spoofing Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Microsoft Dynamics Microsoft Yes CVE-2024-21396 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11921 Spoofing 11921 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11921 5035110 https://www.microsoft.com/download/details.aspx?familyid=c14f7c99-edb2-4a23-8a31-31dfe6c075dd 11921 Maybe Security Update 9.1.25.17 https://support.microsoft.com/help/5035110 11921 5035110 <a href="https://twitter.com/kire_devs_hacks">Erik Donker</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker (PR:N) could exploit this vulnerability by running a script to access a targeted Jira server over the internet.</p> <p><strong>Is there any action I need to take to be protected from this vulnerability?</strong></p> <p>Customers running the Azure AD Jira sso plugin need to update to version 1.1.2 from the <a href="https://www.microsoft.com/en-us/download/details.aspx?id=56506">Microsoft Download Center </a> or from <a href="https://marketplace.atlassian.com/apps/1224430/microsoft-azure-active-directory-single-sign-on-for-jira?hosting=datacenter&amp;tab=overview">Atlassian Marketplace</a>.</p> <p><strong>What privileges could an attacker gain with successful exploitation of this vulnerability?</strong></p> <p>An attacker does not need to login to exploit this vulnerability. Exploiting this vulnerability could allow an attacker to fully update Entra ID SAML metadata and info for the plugin. The attacker could then change the authentication of the application to their tenant as needed.</p> Azure Active Directory Microsoft Yes CVE-2024-21401 Improper Access Control 12290 Elevation of Privilege 12290 Important 12290 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 9.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12290 Release Notes https://www.microsoft.com/en-us/download/details.aspx?id=56506 12290 Maybe Security Update 1.1.2 https://www.microsoft.com/en-us/download/details.aspx?id=56506 12290 Release Notes <a href="https://www.linkedin.com/in/thongvv3/">thongvv of GE Security (VNG)</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft Outlook Elevation of Privilege Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) and major loss of integrity (I:H) but have no effect on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow an attacker to disclose files and modify data, but the attacker cannot impact the availability of the files.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>The attacker would gain the rights of the user that is running the affected application.</p> Microsoft Office Outlook Microsoft Yes CVE-2024-21402 Improper Authorization 11762 11763 Elevation of Privilege 11762 Elevation of Privilege 11763 Important 11762 Important 11763 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11762 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11763 Click to Run 11762 11763 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates 11762 11763 Click to Run Aaron Erlandson, Trevor Harris, Jeff Klouda and Maggie Li 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft Exchange Server Elevation of Privilege Vulnerability <p><strong>Where can I find more information about NTLM relay attacks?</strong></p> <p>Download <a href="https://www.microsoft.com/en-us/download/details.aspx?id=36036">Mitigating Pass the Hash (PtH) Attacks and Other Credential Theft, Version 1 and 2</a>. This document discusses Pass-the-Hash (PtH) attacks against the Windows operating systems and provides holistic planning strategies that, when combined with the Windows security features, will provide a more effective defense against pass-the-hash attacks.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability. The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim's behalf. For more information about Exchange Server's support for Extended Protection for Authentication(EPA), please see <a href="https://aka.ms/ExchangeEPDoc">Configure Windows Extended Protection in Exchange Server</a>.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H) and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could relay a user's leaked Net-NTLMv2 hash against a vulnerable Exchange Server and authenticate as the user.</p> <p><strong>Why is this CVE listed as being exploited?</strong></p> <p>This CVE for Exchange Server 2019 Cumulative Update 14 enforces previous mitigations by default. We provided an optional mitigation for NTLM relay attacks in general in August 2022. These were documented in an Outlook CVE (<a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397">CVE-2023-23397</a>). Microsoft was aware of targeted NTLM relay attacks back in 2023; however, we are not aware of any current exploitation of NTLM relay attacks against Exchange Server.</p> <p>Microsoft strongly recommends installing CU14 on Exchange Server 2019 or enabling Extended Protection within your organization as per <a href="https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-extended-protection?view=exchserver-2019">Configure Windows Extended Protection in Exchange Server</a>.</p> <p><strong>How do I protect myself from this vulnerability?</strong></p> <p>Prior to the Exchange Server 2019 Cumulative Update 14 (CU14) update, Exchange Server did not enable NTLM credentials Relay Protections (called Extended Protection for Authentication or EPA) by default. Without the protection enabled, an attacker can target Exchange Server to relay leaked NTLM credentials from other targets (for example Outlook). Exchange Server 2019 CU14 enables EPA by default on Exchange servers. For more information regarding this update, please refer to the latest <a href="https://techcommunity.microsoft.com/t5/exchange-team-blog/released-2024-h1-cumulative-update-for-exchange-server/ba-p/4047506">Exchange Blog Post</a>.</p> <p><strong>I'm running Microsoft Exchange Server 2016 Cumulative Update 23. How do I protect myself from this vulnerability?</strong></p> <p>Microsoft introduced Extended Protection support as an optional feature for Exchange Server 2016 CU23 with the August 2022 security update (build 15.01.2507.012). We strongly recommend to download the latest security update for Exchange Server 2016 CU23 prior turning Extended Protection by the help of the <a href="https://aka.ms/ExchangeEPScript">ExchangeExtendedProtectionManagement.ps1</a> on.</p> <p><strong>If I already ran the script that enables NTLM credentials Relay Protections am I protected from this vulnerability?</strong></p> <p>Yes. If, for example, you are running Exchange Server 2019 CU13 or earlier and you have previously run the script then you are protected from this vulnerability, however, Microsoft strongly suggests installing the latest cumulative update.</p> <p><strong>How can I determine if Extended Protection is configured as expected and if my Exchange Server is protected against this vulnerability?</strong></p> <p>Run the latest version of the <a href="https://aka.ms/exchangeHealthChecker">Exchange Server Health Checker script</a>. The script will provide you with an overview of the Extended Protection status of your server.</p> Microsoft Exchange Server Microsoft Yes CVE-2024-21410 Improper Authentication 12039 12191 12293 Elevation of Privilege 12039 Elevation of Privilege 12191 Elevation of Privilege 12293 Critical 12039 Critical 12191 Critical 12293 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A 9.8 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12039 9.8 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12191 9.8 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12293 5036386 https://www.microsoft.com/download/details.aspx?familyid=348cb3fe-a4fb-45aa-b6d0-51b72e1712b1 5030877 12039 Yes Security Update 15.01.2507.037 https://support.microsoft.com/help/5036386 12039 5036386 5036386 https://support.microsoft.com/help/5036386 12039 5035606 https://www.microsoft.com/download/details.aspx?familyID=9fbd842e-828a-408a-b562-5632a8a827ab 12191 12293 Yes Security Update 15.2.1544.004 https://support.microsoft.com/help/5035606 12191 12293 5035606 5035606 https://support.microsoft.com/help/5035606 12191 12293 <p><strong>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factors</a> might be helpful in your situation:</strong></p> <p>Consult the <a href="https://aka.ms/ExchangeEPDoc">Exchange Extended Protection documentation</a> and use the <a href="https://aka.ms/ExchangeEPScript">ExchangeExtendedProtectionManagement.ps1</a> script to turn on the Extended Protection for Authentication (EPA) for Exchange Servers.</p> Internally found by Microsoft 1.1 2024-02-14T08:00:00 <p>Updated the Exploited flag and Exploitability Assessment to indicate that Microsoft was aware of exploitation of this vulnerability. This is an informational change only.</p> 1.2 2024-02-15T08:00:00 <p>Added FAQ information. This is an informational change only.</p> 1.3 2024-03-01T08:00:00 <p>Updated FAQ information. This is an informational change only.</p> 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft Outlook Remote Code Execution Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.</p> <p><strong>If I am running Office 2016 (32-bit edition) or Office 2016 (64-bit edition, what do I need to do to be protected from this vulnerability?</strong></p> <p>To be protected, customers running Office 2016 need to install all the updates listed for their edition in the following tables.</p> <p><strong>For Office 2016 (32-bit edition)</strong>:</p> <table> <thead> <tr> <th>Product</th> <th>Article</th> <th>Download</th> <th>Build Number</th> </tr> </thead> <tbody> <tr> <td>Microsoft Office 2016 (32-bit edition)</td> <td><a href="https://support.microsoft.com/help/5002537">5002537</a></td> <td><a href="https://www.microsoft.com/download/details.aspx?familyid=3f798cca-1d11-494e-82a5-f8e8cbe4d716">Security Update</a></td> <td>16.0.5435.1001</td> </tr> <tr> <td>Microsoft Office 2016 (32-bit edition)</td> <td><a href="https://support.microsoft.com/help/5002467">5002467</a></td> <td><a href="https://www.microsoft.com/download/details.aspx?familyid=0019c7f4-e4f2-4741-8cfb-0fd2311b71f4">Security Update</a></td> <td>16.0.5435.1001</td> </tr> <tr> <td>Microsoft Office 2016 (32-bit edition)</td> <td><a href="https://support.microsoft.com/help/5002522">5002522</a></td> <td><a href="https://www.microsoft.com/download/details.aspx?familyid=eced3839-7e06-43be-a013-ff34c4a3e4a7">Security Update</a></td> <td>16.0.5435.1001</td> </tr> <tr> <td>Microsoft Office 2016 (32-bit edition)</td> <td><a href="https://support.microsoft.com/help/5002469">5002469</a></td> <td><a href="https://www.microsoft.com/download/details.aspx?familyid=8315c33e-7682-4031-a323-f8c01c53dac1">Security Update</a></td> <td>16.0.5435.1001</td> </tr> <tr> <td>Microsoft Office 2016 (32-bit edition)</td> <td><a href="https://support.microsoft.com/help/5002519">5002519</a></td> <td><a href="https://www.microsoft.com/download/details.aspx?familyid=f6e4a256-d7fb-4ad0-a998-d3cdd5ea4bd8">Security Update</a></td> <td>16.0.5435.1001</td> </tr> </tbody> </table> <p><strong>For Office 2016 (64-bit edition)</strong>:</p> <table> <thead> <tr> <th>Product</th> <th>Article</th> <th>Download</th> <th>Build Number</th> </tr> </thead> <tbody> <tr> <td>Microsoft Office 2016 (64-bit edition)</td> <td><a href="https://support.microsoft.com/help/5002537">5002537</a></td> <td><a href="https://www.microsoft.com/download/details.aspx?familyid=0754e80a-a661-4e4c-b876-7288e83d0e26">Security Update</a></td> <td>16.0.5435.1001</td> </tr> <tr> <td>Microsoft Office 2016 (64-bit edition)</td> <td><a href="https://support.microsoft.com/help/5002467">5002467</a></td> <td><a href="https://www.microsoft.com/download/details.aspx?familyid=e80c5e98-5fd0-45d2-931c-4ebb126db870">Security Update</a></td> <td>16.0.5435.1001</td> </tr> <tr> <td>Microsoft Office 2016 (64-bit edition)</td> <td><a href="https://support.microsoft.com/help/5002522">5002522</a></td> <td><a href="https://www.microsoft.com/download/details.aspx?familyid=2b476112-870d-451c-a7d7-e513e72ec383">Security Update</a></td> <td>16.0.5435.1001</td> </tr> <tr> <td>Microsoft Office 2016 (64-bit edition)</td> <td><a href="https://support.microsoft.com/help/5002469">5002469</a></td> <td><a href="https://www.microsoft.com/download/details.aspx?familyid=cfd78b2e-736d-4e29-83a7-44699e8a289c">Security Update</a></td> <td>16.0.5435.1001</td> </tr> <tr> <td>Microsoft Office 2016 (64-bit edition)</td> <td><a href="https://support.microsoft.com/help/5002519">5002519</a></td> <td><a href="https://www.microsoft.com/download/details.aspx?familyid=96a56f04-fed0-4743-b518-23b904e9368e">Security Update</a></td> <td>16.0.5435.1001</td> </tr> </tbody> </table> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>How could the attacker exploit this vulnerability?</strong></p> <p>An attacker could craft a malicious link that bypasses the Protected View Protocol, which leads to the leaking of local NTLM credential information and remote code execution (RCE).</p> Microsoft Office Microsoft Yes CVE-2024-21413 Improper Input Validation 11573 11574 11762 11763 11952 11953 10753 10754 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 10753 Remote Code Execution 10754 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11952 Critical 11953 Critical 10753 Critical 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;DOS:N/A 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run 5002537 https://www.microsoft.com/download/details.aspx?familyid=3f798cca-1d11-494e-82a5-f8e8cbe4d716 10753 Maybe Security Update 16.0.5435.1001 https://support.microsoft.com/help/5002537 10753 5002537 5002467 https://www.microsoft.com/download/details.aspx?familyid=0019c7f4-e4f2-4741-8cfb-0fd2311b71f4 10753 Maybe Security Update 16.0.5435.1001 https://support.microsoft.com/help/5002467 10753 5002467 5002522 https://www.microsoft.com/download/details.aspx?familyid=eced3839-7e06-43be-a013-ff34c4a3e4a7 10753 Maybe Security Update 16.0.5435.1001 https://support.microsoft.com/help/5002522 10753 5002522 5002519 https://www.microsoft.com/download/details.aspx?familyid=f6e4a256-d7fb-4ad0-a998-d3cdd5ea4bd8 10753 Maybe Security Update 16.0.5435.1000 https://support.microsoft.com/help/5002519 10753 5002519 5002537 https://www.microsoft.com/download/details.aspx?familyid=0754e80a-a661-4e4c-b876-7288e83d0e26 10754 Maybe Security Update 16.0.5435.1001 https://support.microsoft.com/help/5002537 10754 5002537 5002467 https://www.microsoft.com/download/details.aspx?familyid=e80c5e98-5fd0-45d2-931c-4ebb126db870 10754 Maybe Security Update 16.0.5435.1001 https://support.microsoft.com/help/5002467 10754 5002467 5002522 https://www.microsoft.com/download/details.aspx?familyid=2b476112-870d-451c-a7d7-e513e72ec383 10754 Maybe Security Update 16.0.5435.1001 https://support.microsoft.com/help/5002522 10754 5002522 5002519 https://www.microsoft.com/download/details.aspx?familyid=96a56f04-fed0-4743-b518-23b904e9368e 10754 Maybe Security Update 16.0.5435.1000 https://support.microsoft.com/help/5002519 10754 5002519 Haifei Li of Check Point Research (https://research.checkpoint.com/) 1.0 2024-02-13T08:00:00 <p>Information published.</p> 1.2 2024-02-14T08:00:00 <p>Mistakenly updated exploited flag and exploitability assessment to indicate exploitation existed. Reverting values to no. This is an informational change only.</p> 1.1 2024-02-14T08:00:00 <p>Updated the Exploited flag and Exploitability Assessment to indicate that Microsoft was aware of exploitation of this vulnerability. This is an informational change only.</p> Chromium: CVE-2024-1077 Use after free in Network <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.98</td> <td>2/1/2024</td> <td>121.0.6167.139/140</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.167</td> <td>2/1/2024</td> <td>120.0.6099.276</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-1077 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 121.0.2277.98 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-02-01T19:55:43 <p>Information published.</p> Chromium: CVE-2024-1060 Use after free in Canvas <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.98</td> <td>2/1/2024</td> <td>121.0.6167.139/140</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.167</td> <td>2/1/2024</td> <td>120.0.6099.276</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-1060 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 121.0.2277.98 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-02-01T19:55:37 <p>Information published.</p> Chromium: CVE-2024-1059 Use after free in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.98</td> <td>2/1/2024</td> <td>121.0.6167.139/140</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.167</td> <td>2/1/2024</td> <td>120.0.6099.276</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-1059 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 121.0.2277.98 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-02-01T19:55:41 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2024-21420 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Anonymous 1.0 2024-02-13T08:00:00 <p>Information published.</p> Chromium: CVE-2024-1676 Inappropriate implementation in Navigation <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>122.0.2365.52</td> <td>2/23/2024</td> <td>122.0.6261.57/.58</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-1676 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 122.0.2365.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-02-23T18:57:31 <p>Information published.</p> Chromium: CVE-2024-1675 Insufficient policy enforcement in Download <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>122.0.2365.52</td> <td>2/23/2024</td> <td>122.0.6261.57/.58</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-1675 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 122.0.2365.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-02-23T18:57:29 <p>Information published.</p> Chromium: CVE-2024-1674 Inappropriate implementation in Navigation <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>122.0.2365.52</td> <td>2/23/2024</td> <td>122.0.6261.57/.58</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-1674 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 122.0.2365.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-02-23T18:57:27 <p>Information published.</p> Chromium: CVE-2024-1673 Use after free in Accessibility <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>122.0.2365.52</td> <td>2/23/2024</td> <td>122.0.6261.57/.58</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-1673 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 122.0.2365.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-02-23T18:57:25 <p>Information published.</p> Chromium: CVE-2024-1672 Inappropriate implementation in Content Security Policy <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>122.0.2365.52</td> <td>2/23/2024</td> <td>122.0.6261.57/.58</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-1672 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 122.0.2365.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-02-23T18:57:23 <p>Information published.</p> Chromium: CVE-2024-1670 Use after free in Mojo <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>122.0.2365.52</td> <td>2/23/2024</td> <td>122.0.6261.57/.58</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-1670 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 122.0.2365.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-02-23T18:57:19 <p>Information published.</p> Chromium: CVE-2024-1671 Inappropriate implementation in Site Isolation <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>122.0.2365.52</td> <td>2/23/2024</td> <td>122.0.6261.57/.58</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-1671 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 122.0.2365.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-02-23T18:57:21 <p>Information published.</p> Chromium: CVE-2024-1669 Out of bounds memory access in Blink <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>122.0.2365.52</td> <td>2/23/2024</td> <td>122.0.6261.57/.58</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-1669 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 122.0.2365.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-02-23T18:57:15 <p>Information published.</p> Microsoft Edge (Chromium-based) Information Disclosure Vulnerability <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>122.0.2365.52</td> <td>2/23/2024</td> <td>122.0.6261.57/.58</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability only discloses limited information, no sensitive information can be obtained.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L). What does that mean for this vulnerability?</strong></p> <p>The attacker who successfully exploited the vulnerability could have limited ability to perform code execution.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2024-21423 Protection Mechanism Failure 11655 Information Disclosure 11655 Low 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.8 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 122.0.2365.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes <a href="https://www.chromium.org/home/chromium-security/">Alex Gough</a> with Chrome Security Team 1.0 2024-02-23T08:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Spoofing Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could cover and spoof elements of the UI. The modified information is only visual.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>122.0.2365.52</td> <td>2/23/2024</td> <td>122.0.6261.57/.58</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2024-26188 Insufficient UI Warning of Dangerous Operations 11815 Spoofing 11815 Low 11815 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11815 Release Notes 11815 No Security Update 122.0.2365.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11815 Release Notes <a href="https://www.linkedin.com/in/hafiizh-7aa6bb31/">Hafiizh</a> with https://www.linkedin.com/in/hafiizh-7aa6bb31/ 1.0 2024-02-23T08:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Information Disclosure Vulnerability <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>122.0.2365.52</td> <td>2/23/2024</td> <td>122.0.6261.57/.58</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a browser sandbox escape.</p> <p><strong>How could an attacker exploit this vulnerability via the Network?</strong></p> <p>An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability?</strong></p> <p>The performance can be interrupted and/or reduced, but the attacker cannot fully deny service.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2024-26192 Exposure of Private Personal Information to an Unauthorized Actor 11655 Information Disclosure 11655 Important 11655 Publicly Disclosed:No;Exploited:No;DOS:N/A 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 122.0.2365.52 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Johnathan Norman, Windows & Devices Group - Operating System Security Team 1.0 2024-02-23T08:00:00 <p>Information published.</p> GitHub: CVE-2024-21626 Container breakout through process.cwd trickery and leaked fds https://nvd.nist.gov/vuln/detail/CVE-2024-21626 https://nvd.nist.gov/vuln/detail/CVE-2024-21626 https://nvd.nist.gov/vuln/detail/CVE-2024-21626 https://nvd.nist.gov/vuln/detail/CVE-2024-21626 <p><strong>Why is this GitHub CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in runc which is consumed by Azure Kubernetes Service. The mitigation for this vulnerability requires a security update and a corresponding Azure Kubernetes Service update enables the mitigation. This CVE is being documented in the Security Update Guide to announce that the Azure Kubernetes Service build published on January 31, 2024 is no longer vulnerable. Please see <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-21626/">CVE-2024-21626</a> for more information.</p> GitHub GitHub Yes CVE-2024-21626 Use of Unmaintained Third Party Components 11870 12140 12139 11870 12140 12139 11870 12140 12139 Publicly Disclosed:No;Exploited:No;DOS:N/A Release Notes https://github.com/Azure/AKS/issues/4080 11870 Maybe Security Update 202401.17.2 https://github.com/Azure/AKS/issues/4080 11870 Release Notes cri-tools 12140 cri-tools-1.28.0-5.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.28.0-5 https://nvd.nist.gov/vuln/detail/CVE-2024-21626 12140 cri-tools kubernetes 12140 kubernetes-1.28.4-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kubernetes-client-1.28.4-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kubernetes-kubeadm-1.28.4-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kubernetes-kube-proxy-1.28.4-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kubernetes-kube-apiserver-1.28.4-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kubernetes-kube-controller-manager-1.28.4-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kubernetes-kube-scheduler-1.28.4-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kubernetes-pause-1.28.4-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.28.4-3 https://nvd.nist.gov/vuln/detail/CVE-2024-21626 12140 kubernetes cri-tools 12139 cri-tools-1.28.0-5.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.28.0-5 https://nvd.nist.gov/vuln/detail/CVE-2024-21626 12139 cri-tools kubernetes 12139 kubernetes-1.28.4-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kubernetes-client-1.28.4-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kubernetes-kubeadm-1.28.4-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kubernetes-kube-proxy-1.28.4-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kubernetes-kube-apiserver-1.28.4-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kubernetes-kube-controller-manager-1.28.4-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kubernetes-kube-scheduler-1.28.4-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kubernetes-pause-1.28.4-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.28.4-3 https://nvd.nist.gov/vuln/detail/CVE-2024-21626 12139 kubernetes 1.0 2024-02-28T08:00:00 <p>Microsoft is announcing that the Azure Kubernetes Service security updates released on 31 January 2024 include runc updates, which addresses this vulnerability. Microsoft recommends that customers install the 31 January 2024 updates to ensure they have the most up-to-date version of Azure Kubernetes Service.</p> Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is client_secret token for a push notification service in Edge android.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>122.0.2365.63</td> <td>2/29/2024</td> <td>122.0.6261.94/.95</td> </tr> </tbody> </table> Microsoft Edge for Android Microsoft Yes CVE-2024-26196 Use of Hard-coded Password 11815 Information Disclosure 11815 Low 11815 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11815 Release Notes 11815 No Security Update 122.0.2365.63 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11815 Release Notes Oday Alhalabi 1.0 2024-02-29T08:00:00 <p>Information published.</p> Chromium: CVE-2024-1938 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>122.0.2365.63</td> <td>2/29/2024</td> <td>122.0.6261.94/.95</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-1938 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 122.0.2365.63 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-02-29T20:04:50 <p>Information published.</p> Chromium: CVE-2024-1939 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>122.0.2365.63</td> <td>2/29/2024</td> <td>122.0.6261.94/.95</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-1939 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 122.0.2365.63 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-02-29T20:04:54 <p>Information published.</p> Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p>This CVE was addressed by updates that were released in November 2023, but the CVE was inadvertently omitted from the November 2023 Security Updates. Microsoft strongly recommends that customers running affected versions of Microsoft Defender for Endpoint Protection install the November 2023 updates to be protected from this vulnerability.</p> Microsoft Defender for Endpoint Microsoft Yes CVE-2024-21315 Improper Input Validation 12013-11568 12013-11569 12013-11570 12013-11571 12013-11572 12013-11923 12013-11924 12013-11926 12013-11927 12013-11929 12013-11930 12013-11931 12013-10729 12013-10735 12013-10852 12013-10853 12013-10816 12013-10855 12013-10483 12013-10543 12013-12242 12013-12085 12013-12097 12013-12098 12013-12244 12013-12243 12013-12086 12013-12099 12013-10378 12013-10379 Elevation of Privilege 12013-11568 Elevation of Privilege 12013-11569 Elevation of Privilege 12013-11570 Elevation of Privilege 12013-11571 Elevation of Privilege 12013-11572 Elevation of Privilege 12013-11923 Elevation of Privilege 12013-11924 Elevation of Privilege 12013-11926 Elevation of Privilege 12013-11927 Elevation of Privilege 12013-11929 Elevation of Privilege 12013-11930 Elevation of Privilege 12013-11931 Elevation of Privilege 12013-10729 Elevation of Privilege 12013-10735 Elevation of Privilege 12013-10852 Elevation of Privilege 12013-10853 Elevation of Privilege 12013-10816 Elevation of Privilege 12013-10855 Elevation of Privilege 12013-10483 Elevation of Privilege 12013-10543 Elevation of Privilege 12013-12242 Elevation of Privilege 12013-12085 Elevation of Privilege 12013-12097 Elevation of Privilege 12013-12098 Elevation of Privilege 12013-12244 Elevation of Privilege 12013-12243 Elevation of Privilege 12013-12086 Elevation of Privilege 12013-12099 Elevation of Privilege 12013-10378 Elevation of Privilege 12013-10379 Important 12013-11568 Important 12013-11569 Important 12013-11570 Important 12013-11571 Important 12013-11572 Important 12013-11923 Important 12013-11924 Important 12013-11926 Important 12013-11927 Important 12013-11929 Important 12013-11930 Important 12013-11931 Important 12013-10729 Important 12013-10735 Important 12013-10852 Important 12013-10853 Important 12013-10816 Important 12013-10855 Important 12013-10483 Important 12013-10543 Important 12013-12242 Important 12013-12085 Important 12013-12097 Important 12013-12098 Important 12013-12244 Important 12013-12243 Important 12013-12086 Important 12013-12099 Important 12013-10378 Important 12013-10379 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12013-10379 5032196 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196 5031361 12013-11568 12013-11569 12013-11570 12013-11571 12013-11572 Yes Security Update 10.0.17763.5122 https://support.microsoft.com/help/5032196 12013-11568 12013-11569 12013-11570 12013-11571 12013-11572 5032196 5032196 https://support.microsoft.com/help/5032196 12013-11568 12013-11569 12013-11570 12013-11571 12013-11572 5032198 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198 5031364 12013-11923 Yes Security Update 10.0.20348.2113 https://support.microsoft.com/help/5032198 12013-11923 5032198 5032247 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032247 5031442 12013-11924 Yes Monthly Rollup 6.2.9200.24569 https://support.microsoft.com/help/5032247 12013-11924 5032247 5032192 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032192 5031358 12013-11926 12013-11927 Yes Security Update 10.0.22000.2600 https://support.microsoft.com/help/5032192 12013-11926 12013-11927 5032192 5032192 https://support.microsoft.com/help/5032192 12013-11926 12013-11927 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12013-11929 Yes Security Update 10.0.19041.3693 https://support.microsoft.com/help/5032189 12013-11929 5032189 5032189 https://support.microsoft.com/help/5032189 12013-11929 12013-11930 12013-11931 12013-12097 12013-12098 12013-12099 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12013-11930 12013-11931 Yes Security Update 10.0.19043.3693 https://support.microsoft.com/help/5032189 12013-11930 12013-11931 5032189 5032199 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032199 5031377 12013-10729 12013-10735 Yes Security Update 10.0.10240.20308 https://support.microsoft.com/help/5032199 12013-10729 12013-10735 5032199 5032197 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032197 5031362 12013-10852 12013-10853 12013-10816 12013-10855 Yes Security Update 10.0.14393.6452 https://support.microsoft.com/help/5032197 12013-10852 12013-10853 12013-10816 12013-10855 5032197 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 12013-10483 12013-10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 12013-10483 12013-10543 5034819 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 12013-12242 12013-12243 Yes Security Update 10.0.22631.2715 https://support.microsoft.com/help/5032190 12013-12242 12013-12243 5032190 5032190 https://support.microsoft.com/help/5032190 12013-12242 12013-12085 12013-12243 12013-12086 5032190 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032190 5031354 12013-12085 12013-12086 Yes Security Update 10.0.22621.2715 https://support.microsoft.com/help/5032190 12013-12085 12013-12086 5032190 5032189 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032189 5031356 12013-12097 12013-12098 12013-12099 Yes Security Update 10.0.19045.3693 https://support.microsoft.com/help/5032189 12013-12097 12013-12098 12013-12099 5032189 5032202 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032202 12013-12244 Yes Security Update 10.0.25398.531 https://support.microsoft.com/help/5032202 12013-12244 5032202 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 12013-10378 12013-10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 12013-10378 12013-10379 5034830 Achmea Red Team with Achmea Achmea Red Team with Achmea 1.0 2024-02-20T08:00:00 <p>Information published. This CVE was addressed by updates that were released in November 2023, but the CVE was inadvertently omitted from the November 2023 Security Updates. Microsoft strongly recommends that customers running affected versions of Microsoft Defender for Endpoint Protection install the November 2023 updates to be protected from this vulnerability.</p> Skype for Business Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require machine-in-the-middle (MITM) type setups or that rely on initially gaining a foothold in another environment.</p> <p><strong>There is no download information for Skype for Business Server 2019 CU7 in the Security Updates table. How do I protect myself from this vulnerability?</strong></p> <p>Follow the steps to create a file share as outlined in <a href="https://learn.microsoft.com/en-us/skypeforbusiness/deploy/install/create-a-file-share">Create a file share in Skype for Business Server</a>.</p> Skype for Business Microsoft Yes CVE-2024-20695 Improper Access Control 12223 Information Disclosure 12223 Important 12223 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12223 Fin Hume with WithSecure 1.0 2024-02-13T08:00:00 <p>Information published.</p> Trusted Compute Base Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> Trusted Compute Base Microsoft Yes CVE-2024-21304 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 4.1 3.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11568 4.1 3.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11569 4.1 3.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11570 4.1 3.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11571 4.1 3.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11572 4.1 3.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11923 4.1 3.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11924 4.1 3.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11926 4.1 3.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11927 4.1 3.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11929 4.1 3.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11930 4.1 3.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11931 4.1 3.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12085 4.1 3.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12086 4.1 3.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12097 4.1 3.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12098 4.1 3.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12099 4.1 3.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12242 4.1 3.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12243 4.1 3.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12244 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 1.0 2024-02-13T08:00:00 <p>Information published.</p> Azure DevOps Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N), attack complexity is high (AC:H), and privilege required is low (PR:L). What is the target used in the context of the remote code execution?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker to have Queue Build permissions and for the target Azure DevOps pipeline to meet certain conditions for an attacker to exploit this vulnerability.</p> Azure DevOps Microsoft Yes CVE-2024-20667 Improper Neutralization of Special Elements used in a Command ('Command Injection') 12270 12211 12143 Remote Code Execution 12270 Remote Code Execution 12211 Remote Code Execution 12143 Important 12270 Important 12211 Important 12143 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12270 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12211 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12143 Release Notes file://cpvsbuild/drops/mseng/tfs/Dev19/releases_M225.AzureDevOps2022.1/layouts/x86ret/Tfs2018Sgn_20240126.4/enu/devops/Patch 12270 Maybe Security Update 20240126.4 https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2022?view=azure-devops 12270 Release Notes Release Notes file://cpvsbuild/drops/mseng/tfs/Dev17/releases_AzureDevOps2019.1.1public/layouts/x86ret/Tfs2018Sgn_20240126.6/enu/devops/Patch 12211 Maybe Security Update 20240126.6 https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2019u1?view=azure-devops 12211 Release Notes Release Notes file://cpvsbuild/drops/mseng/tfs/Dev18/releases_M181.AzureDevOps2020.1.1public/layouts/x86ret/Tfs2018Sgn_20240126.2/enu/devops/Patch 12143 Maybe Security Update 20240126.2 https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2020u1?view=azure-devops 12143 Release Notes 1.0 2024-02-13T08:00:00 <p>Information published.</p> Azure Stack Hub Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> Azure Stack Microsoft Yes CVE-2024-20679 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11950 Spoofing 11950 Important 11950 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11950 Release Notes https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-updates?view=azs-2102 11950 Maybe Security Update 1.2311.1.22 https://learn.microsoft.com/en-us/azure-stack/operator/relnotearchive/release-notes?view=azs-2102 11950 Release Notes Felix Boulet with Centre gouvernemental de cyberd&#233;fense (CGCD) 1.0 2024-02-13T08:00:00 <p>Information published.</p> Dynamics 365 Sales Spoofing Vulnerability <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to navigate to a page with malicious content to be compromised by the attacker.</p> Microsoft Dynamics Microsoft Yes CVE-2024-21328 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11921 Spoofing 11921 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11921 5035110 https://www.microsoft.com/download/details.aspx?familyid=c14f7c99-edb2-4a23-8a31-31dfe6c075dd 11921 Maybe Security Update 9.1.25.17 https://support.microsoft.com/help/5035110 11921 5035110 <a href="https://www.linkedin.com/in/leecybersec/">NGO VAN TU (@tusnj)</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> Windows USB Generic Parent Driver Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> Windows USB Serial Driver Microsoft Yes CVE-2024-21339 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.4 5.6 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.4 5.6 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.4 5.6 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 6.4 5.6 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.4 5.6 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.4 5.6 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.4 5.6 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.4 5.6 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 6.4 5.6 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 6.4 5.6 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.4 5.6 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.4 5.6 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.4 5.6 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.4 5.6 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.4 5.6 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.4 5.6 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.4 5.6 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.4 5.6 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.4 5.6 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.4 5.6 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> Windows Kernel Remote Code Execution Vulnerability Windows Kernel Microsoft Yes CVE-2024-21341 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> Windows DNS Client Denial of Service Vulnerability Role: DNS Server Microsoft Yes CVE-2024-21342 Uncontrolled Resource Consumption 12085 12086 12242 12243 12244 Denial of Service 12085 Denial of Service 12086 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Important 12085 Important 12086 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 Anonymous 1.0 2024-02-13T08:00:00 <p>Information published.</p> Windows Network Address Translation (NAT) Denial of Service Vulnerability Windows Internet Connection Sharing (ICS) Microsoft Yes CVE-2024-21343 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> Windows Network Address Translation (NAT) Denial of Service Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> Windows Internet Connection Sharing (ICS) Microsoft Yes CVE-2024-21344 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker could run a specially crafted application that would give them control of the targeted destination and source of the copy.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p> Windows Kernel Microsoft Yes CVE-2024-21345 Heap-based Buffer Overflow 12244 Elevation of Privilege 12244 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 Emma Kirkpatrick (<a href=https://twitter.com/carrot_c4k3>@carrot_c4k3</a>) 1.0 2024-02-13T08:00:00 <p>Information published.</p> 1.1 2024-06-26T07:00:00 <p>Updated acknowledgment. This is an informational change only.</p> Win32k Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Win32K - ICOMP Microsoft Yes CVE-2024-21346 Untrusted Pointer Dereference 11926 11927 12085 12086 12242 12243 12244 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Important 11926 Important 11927 Important 12085 Important 12086 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 <a href="https://twitter.com/laith_satari">Laith AL-Satari</a> Abdelhamid Naceri 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft ODBC Driver Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection.</p> SQL Server Microsoft Yes CVE-2024-21347 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 1/2 gojo satoru 1.0 2024-02-13T08:00:00 <p>Information published.</p> Internet Connection Sharing (ICS) Denial of Service Vulnerability Windows Internet Connection Sharing (ICS) Microsoft Yes CVE-2024-21348 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> Microsoft WDAC ODBC Driver Microsoft Yes CVE-2024-21353 Heap-based Buffer Overflow 12244 Remote Code Execution 12244 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 Anonymous 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Message Queuing Microsoft Yes CVE-2024-21355 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Windows LDAP - Lightweight Directory Access Protocol Microsoft Yes CVE-2024-21356 NULL Pointer Dereference 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Microsoft Offensive Research & Security Engineering 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2024-21359 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Anonymous 1.0 2024-02-13T08:00:00 <p>Information published.</p> Windows Kernel Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass the Windows Code Integrity Guard (CIG).</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of integrity (I:H). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker could replace valid file content with specially crafted file content.</p> Windows Kernel Microsoft Yes CVE-2024-21362 Time-of-check Time-of-use (TOCTOU) Race Condition 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10855 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 Anonymous 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Windows Message Queuing Microsoft Yes CVE-2024-21363 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft Azure Site Recovery Elevation of Privilege Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker with local access to a machine with Azure Site Recovery (ASR) can execute code that allows escalating privileges to IUSR (or Anonymous User Identity) and could discover MySQL root password, which could result in the discovery of other stored encrypted credentials.</p> <p><strong>Why is this CVE rated as Moderate severity?</strong></p> <p>The attacker can only elevate their privileges to Root on the specific system or database which they are targeting. System privileges cannot be gained and information relating to other systems or database can not be obtained after elevating their privileges.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> Azure Site Recovery Microsoft Yes CVE-2024-21364 Improper Access Control 11964 Elevation of Privilege 11964 Moderate 11964 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 9.3 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 11964 5034599 https://learn.microsoft.com/en-us/azure/site-recovery/service-updates-how-to?source=recommendations 11964 Yes Security Update 9.57 https://support.microsoft.com/en-us/topic/update-rollup-70-for-azure-site-recovery-kb5034599-e94901f6-7624-4bb4-8d43-12483d2e1d50 11964 5034599 <a href="https://piffd0s.medium.com/">Chris Hernandez</a> with <a href="https://adversaryacademy.com/">Adversary Academy</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2024-21365 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Anonymous 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2024-21367 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Anonymous 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2024-21368 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Anonymous 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2024-21370 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Anonymous 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft Teams for Android Information Disclosure Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is information disclosure?</strong></p> <p>The attack itself is carried out locally. For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> (AV:L) and <strong>User Interaction</strong> is <strong>Required</strong> (UI:R), this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and run a malicious application. This could lead to a local attack on the user's device which could leak data.</p> <p><strong>How do I get the update for Teams for Android?</strong></p> <ol> <li>Tap the <strong>Play Store</strong> icon on your home screen.</li> <li>Tap the circular account icon at the top right of the screen.</li> <li>Tap <strong>Manage apps &amp; devices</strong>.</li> <li>Tap <strong>Updates available</strong>.</li> <li>Tap the <strong>Update</strong> button next to the Microsoft Teams app.</li> </ol> <p><strong>Is there a direct link on the web?</strong></p> <p>Yes: <a href="https://play.google.com/store/apps/details?id=com.microsoft.teams">https://play.google.com/store/apps/details?id=com.microsoft.teams</a></p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker could convince a user to confirm an action through a dialog box.</p> Microsoft Teams for Android Microsoft Yes CVE-2024-21374 Improper Input Validation 12007 Information Disclosure 12007 Important 12007 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12007 Release Notes https://play.google.com/store/apps/details?id=com.microsoft.teams 12007 Maybe Security Update 1.0.0.2024022302 https://play.google.com/store/apps/details?id=com.microsoft.teams 12007 Release Notes Dimitrios Valsamaras of Microsoft 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability <p><strong>Is there any action I need to take to be protected from this vulnerability?</strong></p> <p>Customer must ensure they are running the latest version of <code>az confcom</code> and Kata Image.</p> <p>Customers who do not have <code>az confcom</code> installed can install the latest version by executing <code>az extension add -n confcom</code>. Customers who are running versions prior to 0.3.3 need to update by executing <code>az extension update -n confcom</code>. For more information, reference:</p> <ul> <li><a href="https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-nodes-aks-addon">Confidential computing plugin for Confidential VMs</a>.</li> <li><a href="https://learn.microsoft.com/en-us/cli/azure/extension?view=azure-cli-latest#az-extension-update">https://learn.microsoft.com/en-us/cli/azure/extension?view=azure-cli-latest#az-extension-update</a></li> <li><a href="https://github.com/Azure/AgentBaker/blob/master/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/202402.26.0.txt">https://github.com/Azure/AgentBaker/blob/master/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/202402.26.0.txt</a></li> </ul> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could steal credentials and affect resources beyond the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC).</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker can access the untrusted AKS Kubernetes node and AKS Confidential Container to take over confidential guests and containers beyond the network stack it might be bound to.</p> <p><strong>According to the CVSS metric, privileges required is none (PR:N). Does the attacker need to be authenticated?</strong></p> <p>No. An unauthenticated attacker can move the same workload onto a machine they control, where the attacker is root.</p> Microsoft Azure Kubernetes Service Microsoft Yes CVE-2024-21376 Improper Access Control 12288 Remote Code Execution 12288 Important 12288 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 9.0 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 12288 Release Notes https://learn.microsoft.com/en-us/cli/azure/extension?view=azure-cli-latest#az-extension-update. 12288 Maybe Security Update 0.3.3 https://learn.microsoft.com/en-us/cli/azure/release-notes-azure-cli 12288 Release Notes <a href="https://twitter.com/yuvalavra">Yuval Avrahami</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> Windows DNS Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Microsoft Windows DNS Microsoft Yes CVE-2024-21377 Numeric Truncation Error 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 STATE GRID INFORMATION&amp;TELECOMMUNICATION BRANCH Wei Hu，Jingchu Wang 1.0 2024-02-13T08:00:00 <p>Information published.</p> 1.1 2024-07-19T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> Microsoft Outlook Remote Code Execution Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The attacker must be authenticated using valid Exchange user credentials.</p> Microsoft Office Outlook Microsoft Yes CVE-2024-21378 Improper Control of Generation of Code ('Code Injection') 11573 11574 11762 11763 11952 11953 10765 10766 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 10765 Remote Code Execution 10766 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 10765 Important 10766 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10765 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10766 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run 5002543 https://www.microsoft.com/download/details.aspx?familyid=3612a0d1-032c-4c0e-8a8a-eb5ff91d8e31 10765 Maybe Security Update 16.0.5435.1000 https://support.microsoft.com/help/5002543 10765 5002543 5002543 https://www.microsoft.com/download/details.aspx?familyid=bc7cd3d8-6fd1-4ff9-8713-9bd18fa65b4d 10766 Maybe Security Update 16.0.5435.1000 https://support.microsoft.com/help/5002543 10766 5002543 <a href="https://twitter.com/monoxgas">Nick Landers</a> with NetSPI 1.0 2024-02-13T08:00:00 <p>Information published.</p> 1.1 2024-03-05T08:00:00 <p>Updated FAQs and updated the CVSS score. These are informational changes only.</p> Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to the attacker gaining the ability to interact with other tenant’s applications and content.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could craft a payload allowing them to access sensitive user data, which could result in unauthorized access to the victim's account or compromise of other confidential information.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The attacker must be authenticated to be able to exploit this vulnerability.</p> Microsoft Dynamics Microsoft Yes CVE-2024-21380 Exposure of Sensitive Information to an Unauthorized Actor 12109 12219 12294 Information Disclosure 12109 Information Disclosure 12219 Information Disclosure 12294 Critical 12109 Critical 12219 Critical 12294 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12109 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12219 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12294 5035205 https://www.microsoft.com/en-us/download/details.aspx?id=105805 12109 Maybe Security Update Application Build 21.16.63199, Platform Build 21.0 http://support.microsoft.com/kb/5035205 12109 5035205 5035206 https://www.microsoft.com/en-us/download/details.aspx?id=105806 12219 Maybe Security Update Application Build 22.10.63195, Platform Build 22.0 http://support.microsoft.com/kb/5035206 12219 5035206 5035207 https://www.microsoft.com/en-us/download/details.aspx?id=105810 12294 Maybe Security Update Application Build 23.4.15715, Platform Build 23.0. http://support.microsoft.com/kb/5035207 12294 5035207 Marco Niederberger with <a href="https://www.logico.ch/">Logico Solutions AG</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft Office OneNote Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.</p> Microsoft Office OneNote Microsoft Yes CVE-2024-21384 Use After Free 11762 11763 11952 11953 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Important 11762 Important 11763 Important 11952 Important 11953 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 Click to Run 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates 11762 11763 11952 11953 Click to Run <a href="https://twitter.com/edwardzpeng">wh1tc &amp; Zhiniang Peng</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers Role: DNS Server MITRE Yes CVE-2023-50387 11571 11572 11923 11924 12244 10816 10855 10051 10049 10378 10379 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 12244 Denial of Service 10816 Denial of Service 10855 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12244 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10816 10855 5034767 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner from the German National Research Center for Applied Cybersecurity ATHENE 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2024-21391 Numeric Truncation Error 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 Anonymous 1.0 2024-02-13T08:00:00 <p>Information published. This CVE was addressed by updates that were released in January 2024, but the CVE was inadvertently omitted from the January 2024 Security Updates. This is an informational change only. Customers who have already installed the January 2024 updates do not need to take any further action.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> Microsoft Dynamics Microsoft Yes CVE-2024-21395 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11921 Spoofing 11921 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11921 5035110 https://www.microsoft.com/download/details.aspx?familyid=c14f7c99-edb2-4a23-8a31-31dfe6c075dd 11921 Maybe Security Update 9.1.25.17 https://support.microsoft.com/help/5035110 11921 5035110 <a href="https://twitter.com/kire_devs_hacks">Erik Donker</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft Azure File Sync Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker can create new files in directories they do not normally have access to. Those can only be on directories where Azure File Sync is configured, which could include SYSTEM directories. However, the attacker would not gain privileges to read, modify, or delete files.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability would not impact confidentiality (C:N), but would have a major impact on integrity (I:H) and have less impact on availability (A:L). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could affect the integrity because they could create new files in system directories. Confidentiality is not affected by a successful attack, because the attacker cannot modify, delete, or read files. A successful exploitation could have come impact on availability because there could be some interruption to the availability of the file server.</p> Azure File Sync Microsoft Yes CVE-2024-21397 Improper Link Resolution Before File Access ('Link Following') 12299 12298 12297 12287 Elevation of Privilege 12299 Elevation of Privilege 12298 Elevation of Privilege 12297 Elevation of Privilege 12287 Important 12299 Important 12298 Important 12297 Important 12287 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.3 4.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L/E:P/RL:O/RC:C 12299 5.3 4.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L/E:P/RL:O/RC:C 12298 5.3 4.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L/E:P/RL:O/RC:C 12297 5.3 4.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L/E:P/RL:O/RC:C 12287 5023052 https://catalog.update.microsoft.com/Search.aspx?q=5023052 12299 12298 12297 Maybe Security Update 16.2 https://catalog.update.microsoft.com/Search.aspx?q=5023052 12299 12298 12297 5023052 5023054 https://catalog.update.microsoft.com/Search.aspx?q=5023054 12287 Maybe Security Update 17.1 https://catalog.update.microsoft.com/Search.aspx?q=5023054 12287 5023054 3wyeye5 with OSR 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.98</td> <td>2/1/2024</td> <td>121.0.6167.139/140</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.167</td> <td>2/1/2024</td> <td>120.0.6099.276</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a browser sandbox escape.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> <p><strong>Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal?</strong></p> <p><a href="https://www.microsoft.com/en-us/msrc/bounty-new-edge">Per our severity guidelines</a>, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, &quot;If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded&quot;. The CVSS scoring system doesn't allow for this type of nuance.</p> <p><strong>How could an attacker exploit this vulnerability via the Network?</strong></p> <p>An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2024-21399 Use After Free 11655 Remote Code Execution 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.3 7.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 121.0.2277.98 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Anonymous 1.0 2024-02-01T08:00:00 <p>Information published.</p> Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker can access the untrusted AKS Kubernetes node and AKS Confidential Container to take over confidential guests and containers beyond the network stack it might be bound to.</p> <p><strong>According to the CVSS metric, privileges required is none (PR:N). Does the attacker need to be authenticated?</strong></p> <p>No. An unauthenticated attacker can move the same workload onto a machine they control, where the attacker is root.</p> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could steal credentials and affect resources beyond the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC).</p> <p><strong>Is there any action I need to take to be protected from this vulnerability?</strong></p> <p>Customer must ensure they are running the latest version of <code>az confcom</code> and Kata Image.</p> <p>Customers who do not have <code>az confcom</code> installed can install the latest version by executing <code>az extension add -n confcom</code>. Customers who are running versions prior to 0.3.3 need to update by executing <code>az extension update -n confcom</code>. For more information, reference:</p> <ul> <li><a href="https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-nodes-aks-addon">Confidential computing plugin for Confidential VMs</a>.</li> <li><a href="https://learn.microsoft.com/en-us/cli/azure/extension?view=azure-cli-latest#az-extension-update">https://learn.microsoft.com/en-us/cli/azure/extension?view=azure-cli-latest#az-extension-update</a></li> <li><a href="https://github.com/Azure/AgentBaker/blob/master/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/202402.26.0.txt">https://github.com/Azure/AgentBaker/blob/master/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/202402.26.0.txt</a></li> </ul> Microsoft Azure Kubernetes Service Microsoft Yes CVE-2024-21403 Files or Directories Accessible to External Parties 12288 Elevation of Privilege 12288 Important 12288 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 9.0 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 12288 Release Notes https://learn.microsoft.com/en-us/cli/azure/extension?view=azure-cli-latest#az-extension-update. 12288 Maybe Security Update 0.3.3 https://learn.microsoft.com/en-us/cli/azure/release-notes-azure-cli 12288 Release Notes <a href="https://twitter.com/yuvalavra">Yuval Avrahami</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Message Queuing Microsoft Yes CVE-2024-21405 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034795 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034795 5034173 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22511 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034795 5034795 https://support.microsoft.com/help/5034795 9312 10287 9318 9344 5034833 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034833 9312 10287 9318 9344 Yes Security Only 6.0.6003.22511 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034833 5034833 https://support.microsoft.com/help/5034833 9312 10287 9318 9344 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> Windows Printing Service Spoofing Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets.</p> Microsoft Windows Microsoft Yes CVE-2024-21406 Cleartext Transmission of Sensitive Information 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Spoofing 11568 Spoofing 11569 Spoofing 11570 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 11926 Spoofing 11927 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12085 Spoofing 12086 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12242 Spoofing 12243 Spoofing 12244 Spoofing 10729 Spoofing 10735 Spoofing 10852 Spoofing 10853 Spoofing 10816 Spoofing 10855 Spoofing 10051 Spoofing 10049 Spoofing 10378 Spoofing 10379 Spoofing 10483 Spoofing 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10543 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11568 11569 11570 11571 11572 5034768 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11923 11924 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11923 11924 5034770 5034770 https://support.microsoft.com/help/5034770 11923 11924 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11926 11927 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11926 11927 5034766 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 5034774 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034774 5034134 10729 10735 Yes Security Update 10.0.10240.20469 https://support.microsoft.com/help/5034774 10729 10735 5034774 5034767 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034767 5034119 10852 10853 10816 10855 Yes Security Update 10.0.14393.6709 https://support.microsoft.com/help/5034767 10852 10853 10816 10855 5034767 5034831 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034831 5034169 10051 10049 Yes Monthly Rollup 6.1.7601.26961 https://support.microsoft.com/help/5034831 10051 10049 5034831 5034809 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034809 10051 10049 Yes Security Only 6.1.7601.26961 https://support.microsoft.com/help/5034809 10051 10049 5034809 5034830 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034830 5034184 10378 10379 Yes Monthly Rollup 6.2.9200.24710 https://support.microsoft.com/help/5034830 10378 10379 5034830 5034819 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034819 5034171 10483 10543 Yes Monthly Rollup 6.3.9600.21813 https://support.microsoft.com/help/5034819 10483 10543 5034819 1.0 2024-02-13T08:00:00 <p>Information published.</p> Internet Shortcut Files Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An unauthenticated attacker could send the targeted user a specially crafted file that is designed to bypass displayed security checks. However, the attacker would have no way to force a user to view the attacker-controlled content. Instead, the attacker would have to convince them to take action by clicking on the file link.</p> Internet Shortcut Files Microsoft Yes CVE-2024-21412 Protection Mechanism Failure 11927 11570 11929 11930 11931 11924 12085 12086 12097 11571 12098 12099 12242 11926 11923 12243 12244 11569 11568 11572 Security Feature Bypass 11927 Security Feature Bypass 11570 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 11924 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 11571 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 11926 Security Feature Bypass 11923 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 11569 Security Feature Bypass 11568 Security Feature Bypass 11572 Important 11927 Important 11570 Important 11929 Important 11930 Important 11931 Important 11924 Important 12085 Important 12086 Important 12097 Important 11571 Important 12098 Important 12099 Important 12242 Important 11926 Important 11923 Important 12243 Important 12244 Important 11569 Important 11568 Important 11572 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A 8.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C 11927 8.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C 11570 8.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C 11929 8.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C 11930 8.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C 11931 8.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C 11924 8.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C 12085 8.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C 12086 8.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C 12097 8.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C 11571 8.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C 12098 8.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C 12099 8.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C 12242 8.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C 11926 8.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C 11923 8.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C 12243 8.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C 12244 8.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C 11569 8.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C 11568 8.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C 11572 5034766 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034766 5034121 11927 11926 Yes Security Update 10.0.22000.2777 https://support.microsoft.com/help/5034766 11927 11926 5034766 5034768 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034768 5034127 11570 11571 11569 11568 11572 Yes Security Update 10.0.17763.5458 https://support.microsoft.com/help/5034768 11570 11571 11569 11568 11572 5034768 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 11929 11930 11931 Yes Security Update 10.0.19044.4046 https://support.microsoft.com/help/5034763 11929 11930 11931 5034763 5034763 https://support.microsoft.com/help/5034763 11929 11930 11931 12097 12098 12099 5034770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034770 5034129 11924 11923 Yes Security Update 10.0.20348.2322 https://support.microsoft.com/help/5034770 11924 11923 5034770 5034770 https://support.microsoft.com/help/5034770 11924 11923 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12085 12086 Yes Security Update 10.0.22621.3155 https://support.microsoft.com/help/5034765 12085 12086 5034765 5034763 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034763 5034122 12097 12098 12099 Yes Security Update 10.0.19045.4046 https://support.microsoft.com/help/5034763 12097 12098 12099 5034763 5034765 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034765 5034123 12242 12243 Yes Security Update 10.0.22631.3155 https://support.microsoft.com/help/5034765 12242 12243 5034765 5034769 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034769 5034130 12244 Yes Security Update 10.0.25398.709 https://support.microsoft.com/help/5034769 12244 5034769 <a href="https://twitter.com/thezdi">Peter Girnus (gothburz) of Trend Micro's Zero Day Initiative</a> with <a href="https://www.zerodayinitiative.com/">Trend Micro</a> Dima Lenz and Vlad Stolyarov of Google's Threat Analysis Group <a href="https://twitter.com/dwbzn">dwbzn</a> with <a href="https://www.aurainfosec.com/">Aura Information Security</a> 1.0 2024-02-13T08:00:00 <p>Information published.</p> 1.1 2024-02-15T08:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> Chromium: CVE-2024-1284 Use after free in Mojo <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.112</td> <td>2/8/2024</td> <td>121.0.6167.160/161</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.175</td> <td>2/8/2024</td> <td>120.0.6099.283</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-1284 11655 12142 11655 12142 11655 12142 DOS:N/A Release Notes 11655 No Security Update 121.0.2277.113 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Release Notes 12142 No Security Update 120.0.2210.175 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 12142 Release Notes 1.0 2024-02-08T20:01:57 <p>Information published.</p> Chromium: CVE-2024-1283 Heap buffer overflow in Skia <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.112</td> <td>2/8/2024</td> <td>121.0.6167.160/161</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.175</td> <td>2/8/2024</td> <td>120.0.6099.283</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-1283 11655 12142 11655 12142 11655 12142 DOS:N/A Release Notes 11655 No Security Update 121.0.2277.113 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Release Notes 12142 No Security Update 120.0.2210.175 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 12142 Release Notes 1.0 2024-02-08T20:01:52 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-46838 https://nvd.nist.gov/vuln/detail/CVE-2023-46838 Mariner security@xen.org Yes CVE-2023-46838 12139 12140 12139 12140 12139 12140 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12139 kernel-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.153.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-46838 12139 kernel kernel 12140 kernel-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.153.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-46838 12140 kernel 1.0 2024-02-02T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-38593 https://nvd.nist.gov/vuln/detail/CVE-2021-38593 https://nvd.nist.gov/vuln/detail/CVE-2021-38593 https://nvd.nist.gov/vuln/detail/CVE-2021-38593 https://nvd.nist.gov/vuln/detail/CVE-2021-38593 https://nvd.nist.gov/vuln/detail/CVE-2021-38593 Mariner cve@mitre.org Yes CVE-2021-38593 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12138 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 qt5-qtsvg 12137 qt5-qtsvg-5.12.11-2.cm1.x86_64.rpm 0001-01-01T00:00:00 qt5-qtsvg-devel-5.12.11-2.cm1.x86_64.rpm 0001-01-01T00:00:00 qt5-qtsvg-examples-5.12.11-2.cm1.x86_64.rpm 0001-01-01T00:00:00 qt5-qtsvg-debuginfo-5.12.11-2.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.12.11-2 https://nvd.nist.gov/vuln/detail/CVE-2021-38593 12137 qt5-qtsvg qt5-qtsvg 12138 qt5-qtsvg-5.12.11-2.cm1.aarch64.rpm 0001-01-01T00:00:00 qt5-qtsvg-devel-5.12.11-2.cm1.aarch64.rpm 0001-01-01T00:00:00 qt5-qtsvg-examples-5.12.11-2.cm1.aarch64.rpm 0001-01-01T00:00:00 qt5-qtsvg-debuginfo-5.12.11-2.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.12.11-2 https://nvd.nist.gov/vuln/detail/CVE-2021-38593 12138 qt5-qtsvg qt5-qtbase 12139 qt5-qtbase-5.12.11-11.cm2.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-common-5.12.11-11.cm2.noarch.rpm 0001-01-01T00:00:00 qt5-qtbase-devel-5.12.11-11.cm2.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-private-devel-5.12.11-11.cm2.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-examples-5.12.11-11.cm2.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-static-5.12.11-11.cm2.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-gui-5.12.11-11.cm2.x86_64.rpm 0001-01-01T00:00:00 qt5-qtbase-debuginfo-5.12.11-11.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.12.11-11 https://nvd.nist.gov/vuln/detail/CVE-2021-38593 12139 qt5-qtbase qt5-qtsvg 12139 qt5-qtsvg-5.12.11-3.cm2.x86_64.rpm 0001-01-01T00:00:00 qt5-qtsvg-devel-5.12.11-3.cm2.x86_64.rpm 0001-01-01T00:00:00 qt5-qtsvg-examples-5.12.11-3.cm2.x86_64.rpm 0001-01-01T00:00:00 qt5-qtsvg-debuginfo-5.12.11-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.12.11-3 https://nvd.nist.gov/vuln/detail/CVE-2021-38593 12139 qt5-qtsvg qt5-qtbase 12140 qt5-qtbase-5.12.11-11.cm2.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-common-5.12.11-11.cm2.noarch.rpm 0001-01-01T00:00:00 qt5-qtbase-devel-5.12.11-11.cm2.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-private-devel-5.12.11-11.cm2.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-examples-5.12.11-11.cm2.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-static-5.12.11-11.cm2.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-gui-5.12.11-11.cm2.aarch64.rpm 0001-01-01T00:00:00 qt5-qtbase-debuginfo-5.12.11-11.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.12.11-11 https://nvd.nist.gov/vuln/detail/CVE-2021-38593 12140 qt5-qtbase qt5-qtsvg 12140 qt5-qtsvg-5.12.11-3.cm2.aarch64.rpm 0001-01-01T00:00:00 qt5-qtsvg-devel-5.12.11-3.cm2.aarch64.rpm 0001-01-01T00:00:00 qt5-qtsvg-examples-5.12.11-3.cm2.aarch64.rpm 0001-01-01T00:00:00 qt5-qtsvg-debuginfo-5.12.11-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.12.11-3 https://nvd.nist.gov/vuln/detail/CVE-2021-38593 12140 qt5-qtsvg 1.0 2021-10-01T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added qt5-qtsvg to CBL-Mariner 2.0</p> 1.2 2024-02-09T00:00:00 <p>Added qt5-qtbase to CBL-Mariner 2.0</p> https://nvd.nist.gov/vuln/detail/CVE-2023-6200 https://nvd.nist.gov/vuln/detail/CVE-2023-6200 Mariner secalert@redhat.com Yes CVE-2023-6200 12139 12140 12139 12140 12139 12140 DOS:N/A 7.5 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 7.5 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 kernel 12139 kernel-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.153.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-6200 12139 kernel kernel 12140 kernel-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.153.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-6200 12140 kernel 1.0 2024-02-04T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-23551 https://nvd.nist.gov/vuln/detail/CVE-2022-23551 Mariner security-advisories@github.com Yes CVE-2022-23551 12139 12140 12139 12140 12139 12140 DOS:N/A 5.3 5.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L 12139 5.3 5.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L 12140 nmi 12139 nmi-1.8.17-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.8.17-1 https://nvd.nist.gov/vuln/detail/CVE-2022-23551 12139 nmi nmi 12140 nmi-1.8.17-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.8.17-1 https://nvd.nist.gov/vuln/detail/CVE-2022-23551 12140 nmi 1.0 2024-02-12T00:00:00 <p>Information published.</p> .NET Denial of Service Vulnerability .NET Microsoft Yes CVE-2024-21386 Uncontrolled Resource Consumption 11968 12233 12256 12129 12187 12271 Denial of Service 11968 Denial of Service 12233 Denial of Service 12256 Denial of Service 12129 Denial of Service 12187 Denial of Service 12271 Important 11968 Important 12233 Important 12256 Important 12129 Important 12187 Important 12271 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11968 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12233 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12256 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12129 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12187 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12271 Release Notes https://dotnet.microsoft.com/download/dotnet/6.0 11968 Maybe Security Update 6.0.27 https://github.com/dotnet/announcements/issues/295 11968 Release Notes Release Notes https://dotnet.microsoft.com/download/dotnet/7.0 12233 Maybe Security Update 7.0.16 https://github.com/dotnet/announcements/issues/295 12233 Release Notes Release Notes https://dotnet.microsoft.com/download/dotnet/8.0 12256 Maybe Security Update 8.0.2 https://github.com/dotnet/announcements/issues/295 12256 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.16 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.12 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.7 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Brennan Conroy of Microsoft Corporation 1.0 2024-02-13T08:00:00 <p>Information published.</p> .NET Denial of Service Vulnerability .NET Microsoft Yes CVE-2024-21404 NULL Pointer Dereference 12009 12130 12260 12129 12187 12271 Denial of Service 12009 Denial of Service 12130 Denial of Service 12260 Denial of Service 12129 Denial of Service 12187 Denial of Service 12271 Important 12009 Important 12130 Important 12260 Important 12129 Important 12187 Important 12271 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12009 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12130 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12260 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12129 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12187 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12271 5035119 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.27 https://support.microsoft.com/help/5035119 12009 5035119 5035120 https://dotnet.microsoft.com/en-us/download/dotnet/7.0 12130 Maybe Security Update 7.0.16 https://support.microsoft.com/help/5035120 12130 5035120 5035121 https://dotnet.microsoft.com/en-us/download/dotnet/8.0 12260 Maybe Security Update 8.0.2 https://support.microsoft.com/help/5035121 12260 5035121 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.16 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.12 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.7 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes <p><strong>The following <a href="https://learn.microsoft.com/en-us/security-updates/Glossary/glossary#m">mitigating factors</a> might be helpful in your situation:</strong></p> <p>Only .NET services running on non-Windows platforms are affected by this vulnerability. If your web server is running on Windows, an attacker cannot use this DoS vector to bring down your web server.</p> Bahaa Naamneh with Crosspoint Labs 1.0 2024-02-13T08:00:00 <p>Information published.</p>