December 2023 Security Updates
Security Update
secure@microsoft.com
The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc.
2023-Dec
2023-Dec
Final
1.0
101
2026-02-20T23:38:03
December 2023 Security Updates
2023-12-12T08:00:00
2026-02-20T23:38:03
<h2 id="this-release-consists-of-the-following-37-microsoft-cves">This release consists of the following 37 Microsoft CVEs:</h2>
<table>
<thead>
<tr>
<th>Tag</th>
<th>CVE</th>
<th>Base Score</th>
<th>CVSS Vector</th>
<th>Exploitability</th>
<th>FAQs?</th>
<th>Workarounds?</th>
<th>Mitigations?</th>
</tr>
</thead>
<tbody>
<tr>
<td>Windows Media</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21740">CVE-2023-21740</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure DevOps</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21751">CVE-2023-21751</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35618">CVE-2023-35618</a></td>
<td>9.6</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Outlook</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35619">CVE-2023-35619</a></td>
<td>5.3</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Dynamics</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35621">CVE-2023-35621</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Windows DNS</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35622">CVE-2023-35622</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Connected Machine Agent</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35624">CVE-2023-35624</a></td>
<td>7.3</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Machine Learning</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35625">CVE-2023-35625</a></td>
<td>4.7</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows MSHTML Platform</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35628">CVE-2023-35628</a></td>
<td>8.1</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows USB Mass Storage Class Driver</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35629">CVE-2023-35629</a></td>
<td>6.8</td>
<td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Internet Connection Sharing (ICS)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35630">CVE-2023-35630</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Win32K</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35631">CVE-2023-35631</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Internet Connection Sharing (ICS)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35632">CVE-2023-35632</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kernel</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35633">CVE-2023-35633</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Bluetooth Driver</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35634">CVE-2023-35634</a></td>
<td>8.0</td>
<td>CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kernel</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35635">CVE-2023-35635</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Outlook</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35636">CVE-2023-35636</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows DHCP Server</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35638">CVE-2023-35638</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows ODBC Driver</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35639">CVE-2023-35639</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Internet Connection Sharing (ICS)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35641">CVE-2023-35641</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Internet Connection Sharing (ICS)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35642">CVE-2023-35642</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows DHCP Server</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35643">CVE-2023-35643</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kernel-Mode Drivers</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35644">CVE-2023-35644</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>XAML Diagnostics</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36003">CVE-2023-36003</a></td>
<td>6.7</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows DPAPI (Data Protection Application Programming Interface)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36004">CVE-2023-36004</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Telephony Server</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36005">CVE-2023-36005</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft WDAC OLE DB provider for SQL</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36006">CVE-2023-36006</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Word</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36009">CVE-2023-36009</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Defender</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36010">CVE-2023-36010</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Win32K</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36011">CVE-2023-36011</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows DHCP Server</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36012">CVE-2023-36012</a></td>
<td>5.3</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Power Platform Connector</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36019">CVE-2023-36019</a></td>
<td>9.6</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td><strong>Yes</strong></td>
</tr>
<tr>
<td>Microsoft Dynamics</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36020">CVE-2023-36020</a></td>
<td>7.6</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Local Security Authority Subsystem Service (LSASS)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36391">CVE-2023-36391</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Cloud Files Mini Filter Driver</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36696">CVE-2023-36696</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36880">CVE-2023-36880</a></td>
<td>4.8</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38174">CVE-2023-38174</a></td>
<td>4.3</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
</tbody>
</table>
<h2 id="we-are-republishing-6-non-microsoft-cves">We are republishing 6 non-Microsoft CVEs:</h2>
<table>
<thead>
<tr>
<th>CNA</th>
<th>Tag</th>
<th>CVE</th>
<th>FAQs?</th>
<th>Workarounds?</th>
<th>Mitigations?</th>
</tr>
</thead>
<tbody>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-6508">CVE-2023-6508</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-6509">CVE-2023-6509</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-6510">CVE-2023-6510</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-6511">CVE-2023-6511</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-6512">CVE-2023-6512</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>AMD</td>
<td>Chipsets</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-20588">CVE-2023-20588</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
</tbody>
</table>
<h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2>
<table>
<thead>
<tr>
<th>Date</th>
<th>Blog Post</th>
</tr>
</thead>
<tbody>
<tr>
<td>January 11, 2022</td>
<td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td>
</tr>
<tr>
<td>February 9, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td>
</tr>
<tr>
<td>January 13, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td>
</tr>
<tr>
<td>December 8, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td>
</tr>
<tr>
<td>November 9, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td>
</tr>
</tbody>
</table>
<h2 id="relevant-resources">Relevant Resources</h2>
<ul>
<li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li>
<li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li>
<li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li>
<li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li>
<li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li>
<li>Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li>
</ul>
<h2 id="known-issues">Known Issues</h2>
<p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p>
<p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p>
<table>
<thead>
<tr>
<th>KB Article</th>
<th>Applies To</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://support.microsoft.com/help/5033369">5033369</a></td>
<td>Windows 11, version 21H2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5033371">5033371</a></td>
<td>Windows 10, version 1809, Windows Server 2019</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5033372">5033372</a></td>
<td>Windows 10, version 21H2, Windows 10, version 22H2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5033375">5033375</a></td>
<td>Windows 11, version 22H2, Windows 11, version 23H2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5033422">5033422</a></td>
<td>Windows Server 2008 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5033424">5033424</a></td>
<td>Windows Server 2008 R2 (Security-only update)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5033427">5033427</a></td>
<td>Windows Server 2008 (Security-only update)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5033433">5033433</a></td>
<td>Windows Server 2008 R2 (Monthly Rollup)</td>
</tr>
</tbody>
</table>
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 11 version 21H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 23H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft Power Platform
Dynamics 365 for Finance and Operations Version 10.0.38 Platform Update 62
Dynamics 365 for Finance and Operations Version 10.0.37 Platform Update 61
Dynamics 365 for Finance and Operations Platform Update 60
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office LTSC for Mac 2021
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Microsoft Edge (Chromium-based)
Azure Machine Learning SDK
Azure Logic Apps
Azure Connected Machine Agent
Azure DevOps Server 2022.1
Microsoft Malware Protection Platform
Azure DevOps Server 2020.1.2
CBL Mariner 2.0 x64
CBL Mariner 2.0 ARM
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Windows Server 2016
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016 (Server Core installation)
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Edge (Chromium-based)
Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Dynamics 365 (on-premises) version 9.1
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 11 version 21H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Microsoft Office LTSC for Mac 2021
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
CBL Mariner 2.0 x64
CBL Mariner 2.0 ARM
Azure DevOps Server 2020.1.2
Microsoft Malware Protection Platform
Azure Logic Apps
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Microsoft Power Platform
Azure Connected Machine Agent
Azure Machine Learning SDK
Dynamics 365 for Finance and Operations Version 10.0.37 Platform Update 61
Dynamics 365 for Finance and Operations Version 10.0.38 Platform Update 62
Dynamics 365 for Finance and Operations Platform Update 60
Azure DevOps Server 2022.1
cbl2 kernel 5.15.153.1-1 on CBL Mariner 2.0
azl3 libglvnd 1.7.0-2 on Azure Linux 3.0
azl3 kernel 6.6.29.1-4 on Azure Linux 3.0
azl3 kernel 6.6.35.1-4 on Azure Linux 3.0
cbl2 kernel 5.15.180.1-1 on CBL Mariner 2.0
cbl2 postgresql 14.14-1 on CBL Mariner 2.0
cbl2 rust 1.72.0-10 on CBL Mariner 2.0
cbl2 mysql 8.0.40-1 on CBL Mariner 2.0
cbl2 golang 1.21.6-1 on CBL Mariner 2.0
cbl2 qt5-qtbase 5.12.11-15 on CBL Mariner 2.0
cbl2 telegraf 1.28.5-5 on CBL Mariner 2.0
cbl2 moby-compose 2.17.3-5 on CBL Mariner 2.0
cbl2 ansible 2.14.12-2 on CBL Mariner 2.0
cbl2 ansible 2.14.12-2 on CBL Mariner 2.0
cbl2 kernel 5.15.148.1-1 on CBL Mariner 2.0
azl3 mysql 8.0.40-1 on Azure Linux 3.0
azl3 nmap 7.95-2 on Azure Linux 3.0
azl3 tensorflow 2.16.1-9 on Azure Linux 3.0
azl3 qtbase 6.6.2-1 on Azure Linux 3.0
azl3 python3 3.12.3-1 on Azure Linux 3.0
azl3 cmake 3.29.6-1 on Azure Linux 3.0
azl3 hyperv-daemons 6.6.29.1-1 on Azure Linux 3.0
azl3 kubernetes 1.30.1-1 on Azure Linux 3.0
azl3 cert-manager 1.12.12-1 on Azure Linux 3.0
azl3 hyperv-daemons 6.6.22.1-2 on Azure Linux 3.0
azl3 libcontainers-common 20240213-3 on Azure Linux 3.0
azl3 docker-buildx 0.14.0-1 on Azure Linux 3.0
azl3 cmake 3.28.2-6 on Azure Linux 3.0
azl3 ansible 2.17.0-1 on Azure Linux 3.0
cbl2 hyperv-daemons 5.15.145.2-1 on CBL Mariner 2.0
cbl2 perl 5.34.1-489 on CBL Mariner 2.0
cbl2 cmake 3.21.4-13 on CBL Mariner 2.0
cbl2 qemu 6.2.0-22 on CBL Mariner 2.0
azl3 packer 1.9.5-1 on Azure Linux 3.0
azl3 node-problem-detector 0.8.15-4 on Azure Linux 3.0
azl3 cf-cli 8.7.3-6 on Azure Linux 3.0
cbl2 packer 1.9.5-3 on CBL Mariner 2.0
cbl2 msft-golang 1.21.5-1 on CBL Mariner 2.0
cbl2 golang 1.21.5-1 on CBL Mariner 2.0
cbl2 msft-golang 1.22.3-1. on CBL Mariner 2.0
cbl2 msft-golang 1.20.0-1 on CBL Mariner 2.0
cbl2 golang 1.20.0-1 on CBL Mariner 2.0
azl3 golang 1.20.0-1 on Azure Linux 3.0
cbl2 telegraf 1.29.4-1 on CBL Mariner 2.0
azl3 telegraf 1.29.4-1 on Azure Linux 3.0
cbl2 qt5-qtbase 5.12.11-10 on CBL Mariner 2.0
cbl2 postfix 3.7.0-3 on CBL Mariner 2.0
azl3 postfix 3.9.0-1 on Azure Linux 3.0
cbl2 moby-engine 20.10.27-1 on CBL Mariner 2.0
cbl2 jsch 0.1.55-2 on CBL Mariner 2.0
cbl2 terraform 1.3.2-25 on CBL Mariner 2.0
cbl2 moby-cli 20.10.27-2 on CBL Mariner 2.0
cbl2 kubevirt 0.59.0-26 on CBL Mariner 2.0
cbl2 kubernetes 1.28.4-4 on CBL Mariner 2.0
cbl2 openssh 8.9p1-4 on CBL Mariner 2.0
cbl2 nmap 7.93-2 on CBL Mariner 2.0
cbl2 libssh2 1.9.0-4 on CBL Mariner 2.0
cbl2 libssh 0.10.6-1 on CBL Mariner 2.0
cbl2 erlang 25.2-1 on CBL Mariner 2.0
cbl2 cert-manager 1.11.2-7 on CBL Mariner 2.0
azl3 node-problem-detector 0.8.20-2 on Azure Linux 3.0
azl3 nmap 7.93-2 on Azure Linux 3.0
azl3 libssh2 1.11.1-1 on Azure Linux 3.0
azl3 libssh 0.10.6-1 on Azure Linux 3.0
azl3 kubevirt 1.2.0-9 on Azure Linux 3.0
azl3 erlang 26.2.3-1 on Azure Linux 3.0
azl3 cf-cli 8.7.11-1 on Azure Linux 3.0
cbl2 ansible 2.14.11-1 on CBL Mariner 2.0
cbl2 kernel 5.15.143.1-1 on CBL Mariner 2.0
cbl2 shadow-utils 4.9-14 on CBL Mariner 2.0
cbl2 sudo 1.9.15p5-1 on CBL Mariner 2.0
cbl2 apparmor 3.0.4-3 on CBL Mariner 2.0
cbl2 openssh 8.9p1-3 on CBL Mariner 2.0
azl3 openssh 9.7p1-1 on Azure Linux 3.0
cbl2 xorg-x11-server 1.20.10-5 on CBL Mariner 2.0
cbl2 ncurses 6.4-3 on CBL Mariner 2.0
cbl2 libtiff 4.6.0-6 on CBL Mariner 2.0
azl3 libtiff 4.6.0-6 on Azure Linux 3.0
cbl2 kernel 5.15.145.2-1 on CBL Mariner 2.0
cbl2 bluez 5.63-5 on CBL Mariner 2.0
azl3 bluez 5.63-6 on Azure Linux 3.0
azl3 qemu 8.2.0-1 on Azure Linux 3.0
cbl2 mysql 8.0.35-2 on CBL Mariner 2.0
cbl2 curl 8.5.0-1 on CBL Mariner 2.0
cbl2 postgresql 14.10-1 on CBL Mariner 2.0
cbl2 fish 3.6.2-1 on CBL Mariner 2.0
cbl2 strongswan 5.9.10-3 on CBL Mariner 2.0
azl3 strongswan 5.9.12-1 on Azure Linux 3.0
azl3 gcc 13.2.0-7 on Azure Linux 3.0
azl3 systemd 255-20 on Azure Linux 3.0
azl3 espeak-ng 1.52.0-1 on Azure Linux 3.0
azl3 espeak-ng 1.51.1-1 on Azure Linux 3.0
cbl2 gcc 11.2.0-8 on CBL Mariner 2.0
azl3 mozjs 102.15.1-1 on Azure Linux 3.0
azl3 qemu 6.2.0-18 on Azure Linux 3.0
cbl2 qt5-qtsvg 5.12.11-6 on CBL Mariner 2.0
azl3 postgresql 16.7-1 on Azure Linux 3.0
azl3 kubevirt 1.2.0-17 on Azure Linux 3.0
azl3 openssh 9.8p1-4 on Azure Linux 3.0
azl3 kernel 6.6.92.2-1 on Azure Linux 3.0
azl3 erlang 26.2.5.12-1 on Azure Linux 3.0
cbl2 systemd 250.3-22 on CBL Mariner 2.0
azl3 telegraf 1.27.3-4 on Azure Linux 3.0
azl3 ceph 18.2.2-8 on Azure Linux 3.0
cbl2 systemd-bootstrap 250.3-13 on CBL Mariner 2.0
cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0
azl3 rust 1.75.0-14 on Azure Linux 3.0
cbl2 kernel 5.15.180.1-1 on CBL Mariner 2.0
azl3 golang 1.23.9-1 on Azure Linux 3.0
azl3 rust 1.86.0-1 on Azure Linux 3.0
azl3 systemd-bootstrap 250.3-18 on Azure Linux 3.0
azl3 mysql 8.0.36-1 on Azure Linux 3.0
cbl2 pytorch 2.5.1-1 on CBL Mariner 2.0
azl3 systemd 255-21 on Azure Linux 3.0
azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0
azl3 golang 1.24.3-1 on Azure Linux 3.0
cbl2 fluent-bit 2.1.10-3 on CBL Mariner 2.0
cbl2 ansible 2.14.12-2 on CBL Mariner 2.0
cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0
azl3 ansible 2.15.3-1 on Azure Linux 3.0
cbl2 gcc 11.2.0-8 on CBL Mariner 2.0
cbl2 rust 1.72.0-10 on CBL Mariner 2.0
cbl2 qt5-qtsvg 5.12.11-6 on CBL Mariner 2.0
cbl2 qt5-qtbase 5.12.11-15 on CBL Mariner 2.0
azl3 qtbase 6.6.1-1 on Azure Linux 3.0
cbl2 postfix 3.7.4-1 on CBL Mariner 2.0
azl3 postfix 3.7.0-2 on Azure Linux 3.0
cbl2 sqlite 3.39.2-3 on CBL Mariner 2.0
azl3 golang 1.23.8-1 on Azure Linux 3.0
cbl2 golang 1.17.13-2 on CBL Mariner 2.0
cbl2 golang 1.18.8-7 on CBL Mariner 2.0
azl3 docker-buildx 0.12.1-1 on Azure Linux 3.0
cbl2 cert-manager 1.11.2-22 on CBL Mariner 2.0
azl3 ncurses 6.4-2 on Azure Linux 3.0
azl3 cert-manager 1.11.2-8 on Azure Linux 3.0
cbl2 hyperv-daemons 5.15.139.1-1 on CBL Mariner 2.0
azl3 openssh 9.5p1-2 on Azure Linux 3.0
cbl2 perl 5.34.1-490 on CBL Mariner 2.0
azl3 packer 1.9.4-1 on Azure Linux 3.0
azl3 python3 3.12.0-4 on Azure Linux 3.0
azl3 kubernetes 1.29.1-4 on Azure Linux 3.0
cbl2 telegraf 1.28.5-5 on CBL Mariner 2.0
azl3 libssh 0.10.5-2 on Azure Linux 3.0
azl3 strongswan 5.9.11-1 on Azure Linux 3.0
azl3 apparmor 3.1.7-1 on Azure Linux 3.0
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-41913
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
20127-17084
18241-16823
18242-17084
20127-17084
18241-16823
18242-17084
Critical
20127-17084
Critical
18241-16823
Critical
18242-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20127-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18241-16823
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18242-17084
CBL-Mariner Releases
20127-17084
18242-17084
No
Security Update
5.9.12-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20127-17084
18242-17084
CBL-Mariner Releases
CBL-Mariner Releases
18241-16823
No
Security Update
5.9.10-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18241-16823
CBL-Mariner Releases
1.2
2026-02-18T02:06:21
<p>Information published.</p>
1.0
2023-12-08T00:00:00
<p>Information published.</p>
1.1
2024-06-30T07:00:00
<p>Information published.</p>
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value) and because the values do not resist flips of a single bit.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-42465
18222-16823
18222-16823
Important
18222-16823
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
18222-16823
CBL-Mariner Releases
18222-16823
No
Security Update
1.9.15p5-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18222-16823
CBL-Mariner Releases
1.0
2023-12-27T00:00:00
<p>Information published.</p>
When saving HSTS data to an excessively long file name curl could end up
removing all contents making subsequent requests using that file unaware of
the HSTS status they should otherwise use.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
hackerone
Yes
CVE-2023-46219
Missing Encryption of Sensitive Data
19721-17086
19690-17084
19671-17084
19686-17084
17183-17086
17218-16823
18235-16823
17734-17084
17607-17084
17809-17084
19668-17086
17667-17084
19721-17086
19690-17084
19671-17084
19686-17084
17183-17086
17218-16823
18235-16823
17734-17084
17607-17084
17809-17084
19668-17086
17667-17084
19721-17086
Moderate
19690-17084
Moderate
19671-17084
Moderate
19686-17084
Moderate
17183-17086
Moderate
17218-16823
Moderate
18235-16823
Moderate
17734-17084
Moderate
17607-17084
Moderate
17809-17084
Moderate
19668-17086
Moderate
17667-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
19721-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
19690-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
19671-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
19686-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
17183-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
17218-16823
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
18235-16823
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
17734-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
17607-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
17809-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
19668-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
17667-17084
CBL-Mariner Releases
19690-17084
17218-16823
17607-17084
No
Security Update
8.0.40-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19690-17084
17218-16823
17607-17084
CBL-Mariner Releases
CBL-Mariner Releases
18235-16823
No
Security Update
8.5.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18235-16823
CBL-Mariner Releases
CBL-Mariner Releases
17734-17084
17809-17084
No
Security Update
3.29.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17734-17084
17809-17084
CBL-Mariner Releases
2.4
2024-11-09T00:00:00
<p>Added mysql to Azure Linux 3.0
Added cmake to Azure Linux 3.0
Added mysql to CBL-Mariner 2.0
Added curl to CBL-Mariner 2.0</p>
3.0
2026-02-18T03:12:39
<p>Information published.</p>
1.0
2023-12-12T00:00:00
<p>Information published.</p>
1.1
2024-08-29T00:00:00
<p>Information published.</p>
1.2
2024-08-30T00:00:00
<p>Information published.</p>
1.3
2024-08-31T00:00:00
<p>Information published.</p>
1.4
2024-09-01T00:00:00
<p>Information published.</p>
1.5
2024-09-02T00:00:00
<p>Information published.</p>
1.6
2024-09-03T00:00:00
<p>Information published.</p>
1.7
2024-09-05T00:00:00
<p>Information published.</p>
1.8
2024-09-06T00:00:00
<p>Information published.</p>
1.9
2024-09-07T00:00:00
<p>Information published.</p>
2.0
2024-09-08T00:00:00
<p>Information published.</p>
2.1
2024-09-11T00:00:00
<p>Information published.</p>
2.2
2024-10-23T00:00:00
<p>Added mysql to CBL-Mariner 2.0
Added curl to CBL-Mariner 2.0
Added cmake to Azure Linux 3.0</p>
2.3
2024-10-25T00:00:00
<p>Added mysql to Azure Linux 3.0
Added cmake to Azure Linux 3.0
Added mysql to CBL-Mariner 2.0
Added curl to CBL-Mariner 2.0</p>
2.5
2024-12-04T00:00:00
<p>Added mysql to Azure Linux 3.0
Added cmake to Azure Linux 3.0
Added mysql to CBL-Mariner 2.0
Added curl to CBL-Mariner 2.0</p>
cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-50472
NULL Pointer Dereference
16928-17084
18223-16823
19666-17084
19691-17086
20442-17084
16928-17084
18223-16823
19666-17084
19691-17086
20442-17084
Important
16928-17084
Important
18223-16823
Important
19666-17084
Important
19691-17086
Important
20442-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
16928-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18223-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19666-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19691-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20442-17084
CBL-Mariner Releases
18223-16823
No
Security Update
3.0.4-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18223-16823
CBL-Mariner Releases
CBL-Mariner Releases
19666-17084
No
Security Update
18.2.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19666-17084
CBL-Mariner Releases
CBL-Mariner Releases
20442-17084
No
Security Update
3.1.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20442-17084
CBL-Mariner Releases
1.0
2023-12-26T00:00:00
<p>Information published.</p>
1.1
2026-02-19T01:16:35
<p>Information published.</p>
In ssh-agent in OpenSSH before 9.6 certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys these constraints are only applied to the first key even if a PKCS#11 token returns multiple keys.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-51384
19897-17084
18224-16823
18225-17084
19897-17084
18224-16823
18225-17084
Moderate
19897-17084
Moderate
18224-16823
Moderate
18225-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
19897-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
18224-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
18225-17084
CBL-Mariner Releases
19897-17084
No
Security Update
9.7p1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19897-17084
CBL-Mariner Releases
CBL-Mariner Releases
18224-16823
No
Security Update
8.9p1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18224-16823
CBL-Mariner Releases
CBL-Mariner Releases
18225-17084
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18225-17084
CBL-Mariner Releases
1.2
2026-02-18T01:22:01
<p>Information published.</p>
1.0
2023-12-25T00:00:00
<p>Information published.</p>
1.1
2024-06-30T07:00:00
<p>Information published.</p>
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>) a different solution is required such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23 3.6.13 3.7.9 3.8.4 or 3.9.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-51764
Insufficient Verification of Data Authenticity
19749-17086
18197-16823
18198-17084
19753-17084
19749-17086
18197-16823
18198-17084
19753-17084
Moderate
19749-17086
Moderate
18197-16823
Moderate
18198-17084
Moderate
19753-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
19749-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
18197-16823
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
18198-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
19753-17084
CBL-Mariner Releases
19749-17086
18197-16823
No
Security Update
3.7.0-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19749-17086
18197-16823
CBL-Mariner Releases
CBL-Mariner Releases
18198-17084
19753-17084
No
Security Update
3.9.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18198-17084
19753-17084
CBL-Mariner Releases
1.0
2024-01-06T00:00:00
<p>Information published.</p>
1.1
2024-06-30T07:00:00
<p>Information published.</p>
1.2
2026-02-18T02:00:04
<p>Information published.</p>
An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-51781
Use After Free
19673-17086
17452-16823
17095-17086
19673-17086
17452-16823
17095-17086
19673-17086
Important
17452-16823
Important
17095-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19673-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17452-16823
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17095-17086
CBL-Mariner Releases
19673-17086
17452-16823
17095-17086
No
Security Update
5.15.148.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19673-17086
17452-16823
17095-17086
CBL-Mariner Releases
2.0
2026-02-18T02:53:08
<p>Information published.</p>
1.0
2024-01-19T00:00:00
<p>Information published.</p>
Postgresql: memory disclosure in aggregate function calls
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-5868
Function Call With Incorrect Argument Type
18239-16823
18239-16823
Moderate
18239-16823
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
18239-16823
CBL-Mariner Releases
18239-16823
No
Security Update
14.10-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18239-16823
CBL-Mariner Releases
1.0
2023-12-11T00:00:00
<p>Information published.</p>
Xorg-x11-server: out-of-bounds memory reads/writes in xkb button actions
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-6377
Out-of-bounds Read
18226-16823
18226-16823
Important
18226-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18226-16823
CBL-Mariner Releases
18226-16823
No
Security Update
1.20.10-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18226-16823
CBL-Mariner Releases
1.0
2023-12-22T00:00:00
<p>Information published.</p>
Groups not dropped before running subprocess when using empty 'extra_groups' parameter
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
PSF
Yes
CVE-2023-6507
Improper Privilege Management
19964-17084
17712-17084
19964-17084
17712-17084
Moderate
19964-17084
Moderate
17712-17084
6.1
6.1
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
19964-17084
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
17712-17084
CBL-Mariner Releases
19964-17084
17712-17084
No
Security Update
3.12.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19964-17084
17712-17084
CBL-Mariner Releases
1.0
2024-09-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:34:44
<p>Information published.</p>
Kernel: null pointer dereference vulnerability in nft_dynset_init()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-6622
NULL Pointer Dereference
18220-16823
18220-16823
Moderate
18220-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18220-16823
CBL-Mariner Releases
18220-16823
No
Security Update
5.15.143.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18220-16823
CBL-Mariner Releases
1.0
2023-12-22T00:00:00
<p>Information published.</p>
Use-after-free in Linux kernel's netfilter: nf_tables component
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Google
Yes
CVE-2023-6817
Use After Free
18230-16823
18230-16823
Important
18230-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18230-16823
CBL-Mariner Releases
18230-16823
No
Security Update
5.15.145.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18230-16823
CBL-Mariner Releases
1.1
2024-12-18T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
1.0
2024-07-12T00:00:00
<p>Information published.</p>
1.2
2025-03-12T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
Out-of-bounds write in Linux kernel's Performance Events system component
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Google
Yes
CVE-2023-6931
Out-of-bounds Write
19529-17084
18220-16823
17065-17084
19529-17084
18220-16823
17065-17084
Important
19529-17084
Important
18220-16823
Important
17065-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19529-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
18220-16823
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17065-17084
CBL-Mariner Releases
19529-17084
17065-17084
No
Security Update
6.6.35.1-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
17065-17084
CBL-Mariner Releases
CBL-Mariner Releases
18220-16823
No
Security Update
5.15.143.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18220-16823
CBL-Mariner Releases
1.1
2024-08-15T00:00:00
<p>Information published.</p>
1.2
2026-02-19T01:11:05
<p>Information published.</p>
1.0
2023-12-29T00:00:00
<p>Information published.</p>
Possible private key restoration in go package github.com/ecies/go
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2023-49292
Exposure of Sensitive Information to an Unauthorized Actor
19679-17084
19778-17086
19785-17086
17375-16823
19697-17084
19679-17084
19778-17086
19785-17086
17375-16823
19697-17084
Moderate
19679-17084
Moderate
19778-17086
Moderate
19785-17086
Moderate
17375-16823
Moderate
19697-17084
4.9
4.9
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
19679-17084
4.9
4.9
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
19778-17086
4.9
4.9
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
19785-17086
4.9
4.9
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
17375-16823
4.9
4.9
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
19697-17084
CBL-Mariner Releases
19778-17086
19785-17086
19697-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19778-17086
19785-17086
19697-17084
CBL-Mariner Releases
CBL-Mariner Releases
17375-16823
No
Security Update
1.21.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17375-16823
CBL-Mariner Releases
1.1
2026-02-18T03:11:09
<p>Information published.</p>
1.0
2025-09-04T04:54:22
<p>Information published.</p>
Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Go
Yes
CVE-2023-45287
Observable Discrepancy
19718-17086
18315-17084
19679-17084
19778-17086
19712-17086
19762-17084
19697-17084
18447-17086
17375-16823
18156-16823
18157-16823
18158-17084
19785-17086
19668-17086
17667-17084
19693-17084
19718-17086
18315-17084
19679-17084
19778-17086
19712-17086
19762-17084
19697-17084
18447-17086
17375-16823
18156-16823
18157-16823
18158-17084
19785-17086
19668-17086
17667-17084
19693-17084
19718-17086
Important
18315-17084
Important
19679-17084
Important
19778-17086
Important
19712-17086
Important
19762-17084
Important
19697-17084
Important
18447-17086
Important
17375-16823
Important
18156-16823
Important
18157-16823
Important
18158-17084
Important
19785-17086
Important
19668-17086
Important
17667-17084
Important
19693-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
19718-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
18315-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
19679-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
19778-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
19712-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
19762-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
19697-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
18447-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
17375-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
18156-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
18157-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
18158-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
19785-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
19668-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
17667-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
19693-17084
CBL-Mariner Releases
19778-17086
19785-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19778-17086
19785-17086
CBL-Mariner Releases
CBL-Mariner Releases
17375-16823
No
Security Update
1.21.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17375-16823
CBL-Mariner Releases
CBL-Mariner Releases
18156-16823
18157-16823
18158-17084
No
Security Update
1.20.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18156-16823
18157-16823
18158-17084
CBL-Mariner Releases
1.0
2025-09-03T21:28:14
<p>Information published.</p>
2.0
2026-02-18T02:50:19
<p>Information published.</p>
Shadow-utils: possible password leak during passwd(1) change
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-4641
Incorrect Implementation of Authentication Algorithm
18221-16823
18221-16823
Moderate
18221-16823
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
18221-16823
CBL-Mariner Releases
18221-16823
No
Security Update
4.9-14
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18221-16823
CBL-Mariner Releases
1.0
2025-05-05T00:00:00
<p>Information published.</p>
In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-47100
Improper Handling of Exceptional Conditions
19954-17086
17843-16823
19954-17086
17843-16823
Critical
19954-17086
Critical
17843-16823
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19954-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17843-16823
CBL-Mariner Releases
19954-17086
17843-16823
No
Security Update
5.34.1-489
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19954-17086
17843-16823
CBL-Mariner Releases
1.0
2025-09-03T22:27:01
<p>Information published.</p>
1.1
2026-02-18T02:19:21
<p>Information published.</p>
Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-49993
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
18421-17084
18420-17084
18421-17084
18420-17084
Moderate
18421-17084
Moderate
18420-17084
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
18421-17084
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
18420-17084
CBL-Mariner Releases
18421-17084
18420-17084
No
Security Update
1.52.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18421-17084
18420-17084
CBL-Mariner Releases
1.1
2026-02-18T02:06:30
<p>Information published.</p>
1.0
2025-05-05T00:00:00
<p>Information published.</p>
Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-49994
Incorrect Comparison
18421-17084
18420-17084
18421-17084
18420-17084
Moderate
18421-17084
Moderate
18420-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18421-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18420-17084
CBL-Mariner Releases
18421-17084
18420-17084
No
Security Update
1.52.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18421-17084
18420-17084
CBL-Mariner Releases
1.1
2026-02-18T02:04:21
<p>Information published.</p>
1.0
2025-05-05T00:00:00
<p>Information published.</p>
Libtiff: heap-based buffer overflow in cpstriptotile() in tools/tiffcp.c
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-6228
Out-of-bounds Write
18228-16823
18229-17084
18228-16823
18229-17084
Low
18228-16823
Low
18229-17084
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
18228-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18229-17084
CBL-Mariner Releases
18228-16823
18229-17084
No
Security Update
4.6.0-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18228-16823
18229-17084
CBL-Mariner Releases
2.0
2025-05-05T00:00:00
<p>Information published.</p>
1.0
2025-04-11T00:00:00
<p>Information published.</p>
Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mozilla
Yes
CVE-2023-6864
Out-of-bounds Write
18469-17084
18469-17084
Important
18469-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18469-17084
1.0
2025-09-03T23:22:24
<p>Information published.</p>
1.1
2026-02-18T14:50:48
<p>Information published.</p>
Qemu: 9pfs: improper access control on special files
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
fedora
Yes
CVE-2023-2861
Improper Access Control
18016-16823
18233-17084
18535-17084
18016-16823
18233-17084
18535-17084
Important
18016-16823
Important
18233-17084
Important
18535-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
18016-16823
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
18233-17084
6.0
6.0
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
18535-17084
CBL-Mariner Releases
18016-16823
No
Security Update
6.2.0-22
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18016-16823
CBL-Mariner Releases
CBL-Mariner Releases
18233-17084
18535-17084
No
Security Update
8.2.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18233-17084
18535-17084
CBL-Mariner Releases
1.1
2025-04-11T00:00:00
<p>Added qemu to CBL-Mariner 2.0
Added qemu to Azure Linux 3.0</p>
1.2
2026-02-18T01:44:19
<p>Information published.</p>
1.0
2024-09-11T00:00:00
<p>Information published.</p>
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection and accept HID keyboard reports potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-45866
Improper Authentication
18231-16823
18232-17084
18231-16823
18232-17084
Moderate
18231-16823
Moderate
18232-17084
6.3
6.3
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
18231-16823
6.3
6.3
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
18232-17084
CBL-Mariner Releases
18231-16823
No
Security Update
5.63-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18231-16823
CBL-Mariner Releases
CBL-Mariner Releases
18232-17084
No
Security Update
5.63-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18232-17084
CBL-Mariner Releases
1.1
2024-11-09T00:00:00
<p>Added bluez to Azure Linux 3.0
Added bluez to CBL-Mariner 2.0</p>
1.0
2023-12-21T00:00:00
<p>Information published.</p>
This flaw allows a malicious HTTP server to set "super cookies" in curl that
are then passed back to more origins than what is otherwise allowed or
possible. This allows a site to set cookies that then would get sent to
different and unrelated sites and domains.
It could do this by exploiting a mixed case flaw in curl's function that
verifies a given cookie domain against the Public Suffix List (PSL). For
example a cookie could be set with `domain=co.UK` when the URL used a lower
case hostname `curl.co.uk` even though `co.uk` is listed as a PSL domain.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
hackerone
Yes
CVE-2023-46218
19671-17084
17667-17084
19668-17086
19686-17084
18234-16823
17956-16823
18235-16823
17607-17084
17734-17084
17809-17084
19690-17084
19671-17084
17667-17084
19668-17086
19686-17084
18234-16823
17956-16823
18235-16823
17607-17084
17734-17084
17809-17084
19690-17084
Moderate
19671-17084
Moderate
17667-17084
Moderate
19668-17086
Moderate
19686-17084
Moderate
18234-16823
Moderate
17956-16823
Moderate
18235-16823
Moderate
17607-17084
Moderate
17734-17084
Moderate
17809-17084
Moderate
19690-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
19671-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
17667-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
19668-17086
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
19686-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
18234-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
17956-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
18235-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
17607-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
17734-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
17809-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
19690-17084
CBL-Mariner Releases
18234-16823
No
Security Update
8.0.35-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18234-16823
CBL-Mariner Releases
CBL-Mariner Releases
17956-16823
No
Security Update
3.21.4-13
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17956-16823
CBL-Mariner Releases
CBL-Mariner Releases
18235-16823
No
Security Update
8.5.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18235-16823
CBL-Mariner Releases
CBL-Mariner Releases
17607-17084
19690-17084
No
Security Update
8.0.40-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17607-17084
19690-17084
CBL-Mariner Releases
CBL-Mariner Releases
17734-17084
17809-17084
No
Security Update
3.29.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17734-17084
17809-17084
CBL-Mariner Releases
2.4
2024-11-09T00:00:00
<p>Added mysql to Azure Linux 3.0
Added cmake to Azure Linux 3.0
Added curl to CBL-Mariner 2.0
Added mysql to CBL-Mariner 2.0</p>
2.6
2024-12-04T00:00:00
<p>Added mysql to Azure Linux 3.0
Added cmake to Azure Linux 3.0
Added cmake to CBL-Mariner 2.0
Added curl to CBL-Mariner 2.0
Added mysql to CBL-Mariner 2.0</p>
2.7
2026-02-18T01:25:48
<p>Information published.</p>
1.0
2023-12-11T00:00:00
<p>Information published.</p>
1.1
2023-12-12T00:00:00
<p>Added mysql to CBL-Mariner 2.0</p>
1.2
2024-08-29T00:00:00
<p>Information published.</p>
1.3
2024-08-30T00:00:00
<p>Information published.</p>
1.4
2024-08-31T00:00:00
<p>Information published.</p>
1.5
2024-09-01T00:00:00
<p>Information published.</p>
1.6
2024-09-02T00:00:00
<p>Information published.</p>
1.7
2024-09-03T00:00:00
<p>Information published.</p>
1.8
2024-09-05T00:00:00
<p>Information published.</p>
1.9
2024-09-06T00:00:00
<p>Information published.</p>
2.0
2024-09-07T00:00:00
<p>Information published.</p>
2.1
2024-09-08T00:00:00
<p>Information published.</p>
2.2
2024-09-11T00:00:00
<p>Information published.</p>
2.3
2024-10-25T00:00:00
<p>Added mysql to Azure Linux 3.0
Added cmake to Azure Linux 3.0
Added curl to CBL-Mariner 2.0
Added mysql to CBL-Mariner 2.0</p>
2.5
2024-11-20T00:00:00
<p>Added cmake to CBL-Mariner 2.0
Added curl to CBL-Mariner 2.0
Added mysql to CBL-Mariner 2.0
Added mysql to Azure Linux 3.0
Added cmake to Azure Linux 3.0</p>
The SSH transport protocol with certain OpenSSH extensions found in OpenSSH before 9.6 and other products allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message) and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP) implemented by these extensions mishandles the handshake phase and mishandles use of sequence numbers. For example there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT Dropbear through 2022.83 Ssh before 5.1.1 in Erlang/OTP PuTTY before 0.80 AsyncSSH before 2.14.2 golang.org/x/crypto before 0.17.0 libssh before 0.10.6 libssh2
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-48795
Improper Validation of Integrity Check Value
18085-17084
19339-17084
20073-17084
19664-17084
18199-16823
18200-16823
18201-16823
18130-16823
17414-16823
18202-16823
18203-16823
18204-16823
18205-16823
18206-16823
18207-16823
18208-16823
18209-16823
18210-16823
18211-17084
17801-17084
18041-17084
18212-17084
18213-17084
18214-17084
18215-17084
17753-17084
18216-17084
18217-17084
17766-17084
19863-17084
19605-17084
19986-17084
17793-17084
17642-17084
19453-17084
19962-17084
19808-17084
18082-17084
18085-17084
19339-17084
20073-17084
19664-17084
18199-16823
18200-16823
18201-16823
18130-16823
17414-16823
18202-16823
18203-16823
18204-16823
18205-16823
18206-16823
18207-16823
18208-16823
18209-16823
18210-16823
18211-17084
17801-17084
18041-17084
18212-17084
18213-17084
18214-17084
18215-17084
17753-17084
18216-17084
18217-17084
17766-17084
19863-17084
19605-17084
19986-17084
17793-17084
17642-17084
19453-17084
19962-17084
19808-17084
18082-17084
Moderate
18085-17084
Moderate
19339-17084
Moderate
20073-17084
Moderate
19664-17084
Moderate
18199-16823
Moderate
18200-16823
Moderate
18201-16823
Moderate
18130-16823
Moderate
17414-16823
Moderate
18202-16823
Moderate
18203-16823
Moderate
18204-16823
Moderate
18205-16823
Moderate
18206-16823
Moderate
18207-16823
Moderate
18208-16823
Moderate
18209-16823
Moderate
18210-16823
Moderate
18211-17084
Moderate
17801-17084
Moderate
18041-17084
Moderate
18212-17084
Moderate
18213-17084
Moderate
18214-17084
Moderate
18215-17084
Moderate
17753-17084
Moderate
18216-17084
Moderate
18217-17084
Moderate
17766-17084
Moderate
19863-17084
Moderate
19605-17084
Moderate
19986-17084
Moderate
17793-17084
Moderate
17642-17084
Moderate
19453-17084
Moderate
19962-17084
Moderate
19808-17084
Moderate
18082-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18085-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
19339-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20073-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
19664-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18199-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18200-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18201-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18130-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
17414-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18202-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18203-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18204-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18205-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18206-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18207-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18208-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18209-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18210-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18211-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
17801-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18041-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18212-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18213-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18214-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18215-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
17753-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18216-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18217-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
17766-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
19863-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
19605-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
19986-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
17793-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
17642-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
19453-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
19962-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
19808-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18082-17084
CBL-Mariner Releases
18085-17084
18217-17084
No
Security Update
8.7.11-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18085-17084
18217-17084
CBL-Mariner Releases
CBL-Mariner Releases
19339-17084
18215-17084
No
Security Update
1.2.0-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19339-17084
18215-17084
CBL-Mariner Releases
CBL-Mariner Releases
20073-17084
18208-16823
18214-17084
No
Security Update
0.10.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20073-17084
18208-16823
18214-17084
CBL-Mariner Releases
CBL-Mariner Releases
19664-17084
No
Security Update
1.29.4-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19664-17084
CBL-Mariner Releases
CBL-Mariner Releases
18199-16823
No
Security Update
20.10.27-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18199-16823
CBL-Mariner Releases
CBL-Mariner Releases
18200-16823
No
Security Update
0.1.55-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18200-16823
CBL-Mariner Releases
CBL-Mariner Releases
18201-16823
No
Security Update
1.3.2-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18201-16823
CBL-Mariner Releases
CBL-Mariner Releases
18130-16823
No
Security Update
1.9.5-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18130-16823
CBL-Mariner Releases
CBL-Mariner Releases
17414-16823
No
Security Update
2.17.3-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17414-16823
CBL-Mariner Releases
CBL-Mariner Releases
18202-16823
No
Security Update
20.10.27-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18202-16823
CBL-Mariner Releases
CBL-Mariner Releases
18203-16823
No
Security Update
0.59.0-26
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18203-16823
CBL-Mariner Releases
CBL-Mariner Releases
18204-16823
No
Security Update
1.28.4-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18204-16823
CBL-Mariner Releases
CBL-Mariner Releases
18205-16823
No
Security Update
8.9p1-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18205-16823
CBL-Mariner Releases
CBL-Mariner Releases
18206-16823
18212-17084
No
Security Update
7.93-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18206-16823
18212-17084
CBL-Mariner Releases
CBL-Mariner Releases
18207-16823
No
Security Update
1.9.0-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18207-16823
CBL-Mariner Releases
CBL-Mariner Releases
18209-16823
No
Security Update
25.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18209-16823
CBL-Mariner Releases
CBL-Mariner Releases
18210-16823
No
Security Update
1.11.2-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18210-16823
CBL-Mariner Releases
CBL-Mariner Releases
18211-17084
18082-17084
No
Security Update
0.8.20-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18211-17084
18082-17084
CBL-Mariner Releases
CBL-Mariner Releases
17801-17084
19808-17084
No
Security Update
0.14.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17801-17084
19808-17084
CBL-Mariner Releases
CBL-Mariner Releases
18041-17084
19962-17084
No
Security Update
1.9.5-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18041-17084
19962-17084
CBL-Mariner Releases
CBL-Mariner Releases
18213-17084
No
Security Update
1.11.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18213-17084
CBL-Mariner Releases
CBL-Mariner Releases
17753-17084
19986-17084
No
Security Update
1.30.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17753-17084
19986-17084
CBL-Mariner Releases
CBL-Mariner Releases
18216-17084
No
Security Update
26.2.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18216-17084
CBL-Mariner Releases
CBL-Mariner Releases
17766-17084
19863-17084
No
Security Update
1.12.12-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17766-17084
19863-17084
CBL-Mariner Releases
CBL-Mariner Releases
19605-17084
No
Security Update
26.2.3-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19605-17084
CBL-Mariner Releases
CBL-Mariner Releases
19453-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19453-17084
CBL-Mariner Releases
1.3
2024-08-16T00:00:00
<p>Information published.</p>
2.9
2024-11-09T00:00:00
<p>Added kubevirt to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added packer to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added docker-buildx to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added moby-compose to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added erlang to CBL-Mariner 2.0
Added libssh2 to CBL-Mariner 2.0
Added moby-cli to CBL-Mariner 2.0
Added openssh to CBL-Mariner 2.0
Added libssh to CBL-Mariner 2.0</p>
3.0
2025-03-13T00:00:00
<p>Added cf-cli to Azure Linux 3.0
Added node-problem-detector to Azure Linux 3.0
Added kubevirt to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added packer to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added docker-buildx to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added moby-compose to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added erlang to CBL-Mariner 2.0
Added libssh2 to CBL-Mariner 2.0
Added moby-cli to CBL-Mariner 2.0
Added openssh to CBL-Mariner 2.0
Added libssh to CBL-Mariner 2.0</p>
1.0
2023-12-25T00:00:00
<p>Information published.</p>
1.1
2023-12-27T00:00:00
<p>Added moby-cli to CBL-Mariner 2.0</p>
1.2
2024-06-30T07:00:00
<p>Information published.</p>
1.4
2024-08-25T00:00:00
<p>Information published.</p>
1.5
2024-08-26T00:00:00
<p>Information published.</p>
1.6
2024-08-27T00:00:00
<p>Information published.</p>
1.7
2024-08-28T00:00:00
<p>Information published.</p>
1.8
2024-08-29T00:00:00
<p>Information published.</p>
1.9
2024-08-30T00:00:00
<p>Information published.</p>
2.0
2024-08-31T00:00:00
<p>Information published.</p>
2.1
2024-09-01T00:00:00
<p>Information published.</p>
2.2
2024-09-02T00:00:00
<p>Information published.</p>
2.3
2024-09-03T00:00:00
<p>Information published.</p>
2.4
2024-09-05T00:00:00
<p>Information published.</p>
2.5
2024-09-06T00:00:00
<p>Information published.</p>
2.6
2024-09-07T00:00:00
<p>Information published.</p>
2.7
2024-09-08T00:00:00
<p>Information published.</p>
2.8
2024-09-11T00:00:00
<p>Information published.</p>
3.1
2025-03-27T00:00:00
<p>Added libssh to Azure Linux 3.0
Added cf-cli to Azure Linux 3.0
Added node-problem-detector to Azure Linux 3.0
Added kubevirt to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added packer to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added docker-buildx to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added moby-compose to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added erlang to CBL-Mariner 2.0
Added libssh2 to CBL-Mariner 2.0
Added moby-cli to CBL-Mariner 2.0
Added openssh to CBL-Mariner 2.0
Added libssh to CBL-Mariner 2.0</p>
3.2
2025-04-08T00:00:00
<p>Added kubevirt to CBL-Mariner 2.0
Added terraform to CBL-Mariner 2.0
Added moby-compose to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added erlang to CBL-Mariner 2.0
Added libssh2 to CBL-Mariner 2.0
Added moby-cli to CBL-Mariner 2.0
Added openssh to CBL-Mariner 2.0
Added libssh to CBL-Mariner 2.0
Added libssh to Azure Linux 3.0
Added cf-cli to Azure Linux 3.0
Added node-problem-detector to Azure Linux 3.0
Added kubevirt to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added packer to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added docker-buildx to Azure Linux 3.0
Added telegraf to Azure Linux 3.0</p>
3.3
2025-04-12T00:00:00
<p>Added libssh2 to Azure Linux 3.0
Added libssh to Azure Linux 3.0
Added cf-cli to Azure Linux 3.0
Added node-problem-detector to Azure Linux 3.0
Added kubevirt to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added packer to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added docker-buildx to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added kubevirt to CBL-Mariner 2.0
Added terraform to CBL-Mariner 2.0
Added moby-compose to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added erlang to CBL-Mariner 2.0
Added libssh2 to CBL-Mariner 2.0
Added moby-cli to CBL-Mariner 2.0
Added openssh to CBL-Mariner 2.0
Added libssh to CBL-Mariner 2.0</p>
3.4
2026-02-18T15:07:55
<p>Information published.</p>
Command substitution output can trigger shell expansion in fish shell
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2023-49284
Interpretation Conflict
18240-16823
18240-16823
Moderate
18240-16823
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
18240-16823
CBL-Mariner Releases
18240-16823
No
Security Update
3.6.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18240-16823
CBL-Mariner Releases
1.0
2023-12-09T00:00:00
<p>Information published.</p>
Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-49990
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
18421-17084
18421-17084
Moderate
18421-17084
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
18421-17084
CBL-Mariner Releases
18421-17084
No
Security Update
1.51.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18421-17084
CBL-Mariner Releases
1.0
2024-06-30T07:00:00
<p>Information published.</p>
sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-50431
16838-16823
19529-17084
16838-16823
19529-17084
Moderate
16838-16823
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
16838-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
19529-17084
CBL-Mariner Releases
16838-16823
No
Security Update
5.15.153.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16838-16823
CBL-Mariner Releases
CBL-Mariner Releases
19529-17084
No
Security Update
6.6.12.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
CBL-Mariner Releases
1.0
2023-12-22T00:00:00
<p>Information published.</p>
cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-50471
NULL Pointer Dereference
16928-17084
18223-16823
19666-17084
19691-17086
20442-17084
16928-17084
18223-16823
19666-17084
19691-17086
20442-17084
Important
16928-17084
Important
18223-16823
Important
19666-17084
Important
19691-17086
Important
20442-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
16928-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18223-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19666-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19691-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20442-17084
CBL-Mariner Releases
18223-16823
No
Security Update
3.0.4-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18223-16823
CBL-Mariner Releases
CBL-Mariner Releases
19666-17084
No
Security Update
18.2.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19666-17084
CBL-Mariner Releases
CBL-Mariner Releases
20442-17084
No
Security Update
3.1.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20442-17084
CBL-Mariner Releases
1.0
2023-12-26T00:00:00
<p>Information published.</p>
1.1
2026-02-19T01:16:58
<p>Information published.</p>
NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
MITRE
Yes
CVE-2023-50495
18227-16823
19855-17084
18227-16823
19855-17084
Moderate
18227-16823
Moderate
19855-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18227-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
19855-17084
CBL-Mariner Releases
18227-16823
No
Security Update
6.4-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18227-16823
CBL-Mariner Releases
CBL-Mariner Releases
19855-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19855-17084
CBL-Mariner Releases
1.0
2024-12-07T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:13:56
<p>Information published.</p>
The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-50658
Allocation of Resources Without Limits or Throttling
20013-17086
18163-16823
18164-17084
19664-17084
17405-17086
20013-17086
18163-16823
18164-17084
19664-17084
17405-17086
20013-17086
Important
18163-16823
Important
18164-17084
19664-17084
17405-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20013-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18163-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18164-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19664-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17405-17086
CBL-Mariner Releases
20013-17086
18163-16823
18164-17084
19664-17084
17405-17086
No
Security Update
1.29.4-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20013-17086
18163-16823
18164-17084
19664-17084
17405-17086
CBL-Mariner Releases
1.0
2024-02-29T00:00:00
<p>Information published.</p>
1.1
2024-06-30T07:00:00
<p>Information published.</p>
1.2
2025-02-15T00:00:00
<p>Added telegraf to CBL-Mariner 2.0
Added telegraf to Azure Linux 3.0</p>
2.0
2026-02-20T23:09:57
<p>Information published.</p>
Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-5115
Absolute Path Traversal
19716-17084
18218-16823
17822-17084
19710-17086
17445-17086
19716-17084
18218-16823
17822-17084
19710-17086
17445-17086
Moderate
19716-17084
Moderate
18218-16823
Moderate
17822-17084
19710-17086
Moderate
17445-17086
6.3
6.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
19716-17084
6.3
6.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
18218-16823
6.3
6.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
17822-17084
6.3
6.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
19710-17086
6.3
6.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
17445-17086
CBL-Mariner Releases
19716-17084
17822-17084
No
Security Update
2.17.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19716-17084
17822-17084
CBL-Mariner Releases
CBL-Mariner Releases
18218-16823
No
Security Update
2.14.11-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18218-16823
CBL-Mariner Releases
CBL-Mariner Releases
19710-17086
17445-17086
No
Security Update
2.14.18-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19710-17086
17445-17086
CBL-Mariner Releases
2.0
2025-07-10T00:00:00
<p>Added ansible to CBL-Mariner 2.0
Added ansible to Azure Linux 3.0</p>
3.0
2026-02-18T01:55:20
<p>Information published.</p>
1.0
2024-06-30T07:00:00
<p>Information published.</p>
In ssh in OpenSSH before 9.6 OS command injection might occur if a user name or host name has shell metacharacters and this name is referenced by an expansion token in certain situations. For example an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-51385
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
19897-17084
18224-16823
18225-17084
19897-17084
18224-16823
18225-17084
Moderate
19897-17084
Moderate
18224-16823
Moderate
18225-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
19897-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
18224-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
18225-17084
CBL-Mariner Releases
19897-17084
No
Security Update
9.7p1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19897-17084
CBL-Mariner Releases
CBL-Mariner Releases
18224-16823
No
Security Update
8.9p1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18224-16823
CBL-Mariner Releases
CBL-Mariner Releases
18225-17084
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18225-17084
CBL-Mariner Releases
1.2
2026-02-18T01:22:41
<p>Information published.</p>
1.0
2023-12-25T00:00:00
<p>Information published.</p>
1.1
2024-06-30T07:00:00
<p>Information published.</p>
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17 6.x before 6.2.11 6.3.x through 6.5.x before 6.5.4 and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-51714
Integer Overflow or Wraparound
19727-17086
19737-17086
19089-17086
18179-16823
17680-17084
19741-17084
17384-17086
19727-17086
19737-17086
19089-17086
18179-16823
17680-17084
19741-17084
17384-17086
19727-17086
19737-17086
Critical
19089-17086
Critical
18179-16823
Critical
17680-17084
Critical
19741-17084
Critical
17384-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19727-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19737-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19089-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18179-16823
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17680-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19741-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17384-17086
CBL-Mariner Releases
19737-17086
18179-16823
17384-17086
No
Security Update
5.12.11-10
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19737-17086
18179-16823
17384-17086
CBL-Mariner Releases
CBL-Mariner Releases
17680-17084
19741-17084
No
Security Update
6.6.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17680-17084
19741-17084
CBL-Mariner Releases
1.0
2024-01-21T00:00:00
<p>Information published.</p>
1.1
2024-06-30T07:00:00
<p>Information published.</p>
2.0
2026-02-18T01:58:25
<p>Information published.</p>
bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-51779
Use After Free
17785-17084
17748-17084
17785-17084
17748-17084
Important
17785-17084
Important
17748-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17785-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17748-17084
CBL-Mariner Releases
17785-17084
17748-17084
No
Security Update
6.6.29.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17785-17084
17748-17084
CBL-Mariner Releases
1.0
2024-06-30T07:00:00
<p>Information published.</p>
1.1
2024-09-11T00:00:00
<p>Information published.</p>
1.2
2026-02-20T23:38:03
<p>Information published.</p>
An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-51780
Use After Free
19673-17086
17452-16823
17828-16823
19874-17086
17095-17086
19673-17086
17452-16823
17828-16823
19874-17086
17095-17086
19673-17086
Important
17452-16823
Important
17828-16823
Important
19874-17086
Important
17095-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19673-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17452-16823
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17828-16823
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19874-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17095-17086
CBL-Mariner Releases
19673-17086
17452-16823
17095-17086
No
Security Update
5.15.148.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19673-17086
17452-16823
17095-17086
CBL-Mariner Releases
CBL-Mariner Releases
17828-16823
19874-17086
No
Security Update
5.15.145.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17828-16823
19874-17086
CBL-Mariner Releases
1.0
2024-01-16T00:00:00
<p>Information published.</p>
1.1
2024-01-19T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
2.0
2026-02-18T02:18:20
<p>Information published.</p>
An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-51782
Use After Free
17095-17086
17452-16823
19673-17086
17095-17086
17452-16823
19673-17086
Important
17095-17086
Important
17452-16823
19673-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17095-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17452-16823
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19673-17086
CBL-Mariner Releases
17095-17086
17452-16823
19673-17086
No
Security Update
5.15.148.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17095-17086
17452-16823
19673-17086
CBL-Mariner Releases
1.0
2024-01-19T00:00:00
<p>Information published.</p>
2.0
2026-02-18T02:52:36
<p>Information published.</p>
Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-52284
Double Free
19701-17086
19701-17086
Moderate
19701-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
19701-17086
CBL-Mariner Releases
19701-17086
No
Security Update
2.1.10-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19701-17086
CBL-Mariner Releases
1.1
2026-02-18T01:53:36
<p>Information published.</p>
1.0
2024-01-02T00:00:00
<p>Information published.</p>
Ansible: template injection
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-5764
Improper Neutralization of Special Elements Used in a Template Engine
19716-17084
17445-16823
17822-17084
19716-17084
17445-16823
17822-17084
Important
19716-17084
Important
17445-16823
Important
17822-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19716-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17445-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17822-17084
CBL-Mariner Releases
19716-17084
17822-17084
No
Security Update
2.17.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19716-17084
17822-17084
CBL-Mariner Releases
CBL-Mariner Releases
17445-16823
No
Security Update
2.14.12-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17445-16823
CBL-Mariner Releases
1.3
2026-02-18T14:56:25
<p>Information published.</p>
1.0
2023-12-21T00:00:00
<p>Information published.</p>
1.1
2024-06-30T07:00:00
<p>Information published.</p>
1.2
2024-09-11T00:00:00
<p>Information published.</p>
Postgresql: buffer overrun from integer overflow in array modification
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-5869
Integer Overflow or Wraparound
18239-16823
18239-16823
Important
18239-16823
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18239-16823
CBL-Mariner Releases
18239-16823
No
Security Update
14.10-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18239-16823
CBL-Mariner Releases
1.0
2023-12-11T00:00:00
<p>Information published.</p>
Postgresql: role pg_signal_backend can signal certain superuser processes.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-5870
Uncontrolled Resource Consumption
19262-17084
17174-16823
19262-17084
17174-16823
Moderate
19262-17084
Moderate
17174-16823
4.4
4.4
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
19262-17084
4.4
4.4
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
17174-16823
CBL-Mariner Releases
19262-17084
No
Security Update
16.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19262-17084
CBL-Mariner Releases
CBL-Mariner Releases
17174-16823
No
Security Update
14.14-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17174-16823
CBL-Mariner Releases
1.0
2024-11-23T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:28:35
<p>Information published.</p>
Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
HashiCorp
Yes
CVE-2023-6337
Allocation of Resources Without Limits or Throttling
17766-17084
19817-17086
19863-17084
17766-17084
19817-17086
19863-17084
Important
17766-17084
Important
19817-17086
Important
19863-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17766-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19817-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19863-17084
CBL-Mariner Releases
17766-17084
19863-17084
No
Security Update
1.12.12-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17766-17084
19863-17084
CBL-Mariner Releases
1.1
2026-02-18T02:46:33
<p>Information published.</p>
1.0
2024-09-11T00:00:00
<p>Information published.</p>
Xorg-x11-server: out-of-bounds memory read in rrchangeoutputproperty and rrchangeproviderproperty
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-6478
Integer Overflow or Wraparound
18226-16823
18226-16823
Important
18226-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
18226-16823
CBL-Mariner Releases
18226-16823
No
Security Update
1.20.10-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18226-16823
CBL-Mariner Releases
1.0
2023-12-22T00:00:00
<p>Information published.</p>
Kernel: gsm multiplexing race condition leads to privilege escalation
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-6546
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
17452-16823
19673-17086
17095-17086
17452-16823
19673-17086
17095-17086
Important
17452-16823
19673-17086
Important
17095-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17452-16823
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19673-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17095-17086
CBL-Mariner Releases
17452-16823
19673-17086
17095-17086
No
Security Update
5.15.148.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17452-16823
19673-17086
17095-17086
CBL-Mariner Releases
1.0
2024-01-04T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:56:22
<p>Information published.</p>
Kernel: io_uring out of boundary memory access in __io_uaddr_map()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-6560
Improper Restriction of Operations within the Bounds of a Memory Buffer
16838-16823
16838-16823
Moderate
16838-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
16838-16823
CBL-Mariner Releases
16838-16823
No
Security Update
5.15.153.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16838-16823
CBL-Mariner Releases
1.0
2023-12-22T00:00:00
<p>Information published.</p>
Libssh: missing checks for return values for digests
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-6918
Unchecked Return Value
20073-17084
18208-16823
18214-17084
20073-17084
18208-16823
18214-17084
Low
20073-17084
Moderate
18208-16823
Moderate
18214-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
20073-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
18208-16823
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
18214-17084
CBL-Mariner Releases
20073-17084
18208-16823
18214-17084
No
Security Update
0.10.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20073-17084
18208-16823
18214-17084
CBL-Mariner Releases
1.0
2023-12-25T00:00:00
<p>Information published.</p>
1.1
2025-03-27T00:00:00
<p>Added libssh to Azure Linux 3.0
Added libssh to CBL-Mariner 2.0</p>
1.2
2026-02-19T01:19:00
<p>Information published.</p>
Use-after-free in Linux kernel's ipv4: igmp component
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Google
Yes
CVE-2023-6932
Use After Free
18220-16823
17062-17084
19529-17084
18220-16823
17062-17084
19529-17084
Important
18220-16823
Important
17062-17084
Important
19529-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
18220-16823
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17062-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19529-17084
CBL-Mariner Releases
18220-16823
No
Security Update
5.15.143.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18220-16823
CBL-Mariner Releases
CBL-Mariner Releases
17062-17084
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17062-17084
CBL-Mariner Releases
CBL-Mariner Releases
19529-17084
No
Security Update
6.6.29.1-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
CBL-Mariner Releases
1.2
2026-02-19T01:11:17
<p>Information published.</p>
1.0
2023-12-29T00:00:00
<p>Information published.</p>
1.1
2024-06-30T07:00:00
<p>Information published.</p>
SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2023-7104
Improper Restriction of Operations within the Bounds of a Memory Buffer
19759-17086
19759-17086
Moderate
19759-17086
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19759-17086
CBL-Mariner Releases
19759-17086
No
Security Update
3.39.2-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19759-17086
CBL-Mariner Releases
1.1
2026-02-18T02:01:02
<p>Information published.</p>
1.0
2024-01-06T00:00:00
<p>Information published.</p>
Denial of service via chunk extensions in net/http
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Go
Yes
CVE-2023-39326
19718-17086
18315-17084
19785-17086
19778-17086
19668-17086
19693-17084
19697-17084
18447-17086
17375-16823
18145-16823
18146-16823
19712-17086
17667-17084
19718-17086
18315-17084
19785-17086
19778-17086
19668-17086
19693-17084
19697-17084
18447-17086
17375-16823
18145-16823
18146-16823
19712-17086
17667-17084
19718-17086
Moderate
18315-17084
Moderate
19785-17086
Moderate
19778-17086
Moderate
19668-17086
Moderate
19693-17084
Moderate
19697-17084
Moderate
18447-17086
Moderate
17375-16823
Moderate
18145-16823
Moderate
18146-16823
Moderate
19712-17086
Moderate
17667-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
19718-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
18315-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
19785-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
19778-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
19668-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
19693-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
19697-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
18447-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
17375-16823
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
18145-16823
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
18146-16823
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
19712-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
17667-17084
CBL-Mariner Releases
19785-17086
19778-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19785-17086
19778-17086
CBL-Mariner Releases
CBL-Mariner Releases
17375-16823
No
Security Update
1.21.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17375-16823
CBL-Mariner Releases
CBL-Mariner Releases
18145-16823
18146-16823
No
Security Update
1.21.5-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18145-16823
18146-16823
CBL-Mariner Releases
1.0
2025-09-03T23:35:43
<p>Information published.</p>
2.0
2026-02-18T03:09:08
<p>Information published.</p>
Command 'go get' may unexpectedly fallback to insecure git in cmd/go
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Go
Yes
CVE-2023-45285
17667-17084
19693-17084
19697-17084
17375-16823
18147-16823
18315-17084
19785-17086
19778-17086
19668-17086
17667-17084
19693-17084
19697-17084
17375-16823
18147-16823
18315-17084
19785-17086
19778-17086
19668-17086
Important
17667-17084
Important
19693-17084
Important
19697-17084
Important
17375-16823
Important
18147-16823
Important
18315-17084
Important
19785-17086
Important
19778-17086
Important
19668-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
17667-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
19693-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
19697-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
17375-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
18147-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
18315-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
19785-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
19778-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
19668-17086
CBL-Mariner Releases
17375-16823
No
Security Update
1.21.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17375-16823
CBL-Mariner Releases
CBL-Mariner Releases
18147-16823
No
Security Update
1.22.3-1.
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18147-16823
CBL-Mariner Releases
CBL-Mariner Releases
19785-17086
19778-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19785-17086
19778-17086
CBL-Mariner Releases
1.0
2025-09-04T01:31:42
<p>Information published.</p>
1.1
2026-02-18T02:51:57
<p>Information published.</p>
Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-49991
Out-of-bounds Write
18420-17084
18421-17084
18420-17084
18421-17084
Moderate
18420-17084
Moderate
18421-17084
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
18420-17084
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
18421-17084
CBL-Mariner Releases
18420-17084
18421-17084
No
Security Update
1.52.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18420-17084
18421-17084
CBL-Mariner Releases
1.1
2026-02-18T02:03:17
<p>Information published.</p>
1.0
2025-05-05T00:00:00
<p>Information published.</p>
Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-49992
Out-of-bounds Write
18420-17084
18421-17084
18420-17084
18421-17084
Moderate
18420-17084
Moderate
18421-17084
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
18420-17084
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
18421-17084
CBL-Mariner Releases
18420-17084
18421-17084
No
Security Update
1.52.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18420-17084
18421-17084
CBL-Mariner Releases
1.0
2025-05-05T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:05:24
<p>Information published.</p>
Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-7008
Channel Accessible by Non-Endpoint
19661-17086
18413-17084
19667-17086
19687-17084
19692-17084
19661-17086
18413-17084
19667-17086
19687-17084
19692-17084
Moderate
19661-17086
Moderate
18413-17084
Moderate
19667-17086
Moderate
19687-17084
Moderate
19692-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
19661-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18413-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
19667-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
19687-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
19692-17084
CBL-Mariner Releases
19661-17086
No
Security Update
250.3-22
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19661-17086
CBL-Mariner Releases
CBL-Mariner Releases
18413-17084
19692-17084
No
Security Update
255-20
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18413-17084
19692-17084
CBL-Mariner Releases
CBL-Mariner Releases
19667-17086
No
Security Update
250.3-13
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19667-17086
CBL-Mariner Releases
CBL-Mariner Releases
19687-17084
No
Security Update
250.3-18
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19687-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:52:31
<p>Information published.</p>
The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mozilla
Yes
CVE-2023-6856
Out-of-bounds Write
18469-17084
18469-17084
Important
18469-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18469-17084
1.1
2026-02-18T14:46:26
<p>Information published.</p>
1.0
2025-09-03T22:54:52
<p>Information published.</p>
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Cloud Files Mini Filter Driver
Microsoft
Yes
CVE-2023-36696
Out-of-bounds Read
11568
11569
11570
11571
11572
11923
11924
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
12244
12243
12242
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12244
Elevation of Privilege
12243
Elevation of Privilege
12242
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12244
Important
12243
Important
12242
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
5033371
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033371
5032196
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.5206
5033371
https://support.microsoft.com/help/5033371
11568
11569
11570
11571
11572
5033118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033118
5032198
11923
11924
Yes
Security Update
10.0.20348.2159
5033464
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033464
11923
11924
Yes
Security Hotpatch Update
10.0.20348.2144
5033369
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033369
5032192
11926
11927
Yes
Security Update
10.0.22000.2652
5033369
https://support.microsoft.com/help/5033369
11926
11927
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
11929
11930
11931
Yes
Security Update
10.0.19041.3803
5033372
https://support.microsoft.com/help/5033372
11929
11930
11931
12097
12098
12099
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12085
12086
12242
Yes
Security Update
10.0.22621.2861
5033375
https://support.microsoft.com/help/5033375
12085
12086
12243
12242
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
12097
12098
12099
Yes
Security Update
10.0.19045.3803
5033383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033383
5032202
12244
Yes
Security Update
10.0.25398.584
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12243
Yes
Security Update
10.0.22631.2861
<a href="https://twitter.com/ranchoice">RanchoIce</a>
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
<p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p>
<p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p>
Microsoft Dynamics
Microsoft
Yes
CVE-2023-36020
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
11921
11664
Spoofing
11921
Spoofing
11664
Important
11921
Important
11664
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.6
6.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
11921
7.6
6.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
11664
5032297
https://www.microsoft.com/en-us/download/details.aspx?id=105717
11921
Maybe
Security Update
9.1.23.10
5032298
https://www.microsoft.com/en-us/download/details.aspx?id=105716
11664
Maybe
Security Update
9.0.51.06
<a href="https://batr.am/">batram</a>
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Microsoft Word Information Disclosure Vulnerability
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>A user needs to be tricked into running malicious files.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system.</p>
Microsoft Office Word
Microsoft
Yes
CVE-2023-36009
11573
11574
11762
11763
11951
11952
11953
10753
10754
Information Disclosure
11573
Information Disclosure
11574
Information Disclosure
11762
Information Disclosure
11763
Information Disclosure
11951
Information Disclosure
11952
Information Disclosure
11953
Information Disclosure
10753
Information Disclosure
10754
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
10753
Important
10754
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11573
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11574
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11762
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11763
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11951
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11952
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11953
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10753
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10754
Click to Run
11573
11574
11762
11763
11952
11953
No
Security Update
https://aka.ms/OfficeSecurityReleases
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
Maybe
Security Update
16.80.23121017
5002520
https://www.microsoft.com/download/details.aspx?familyid=bda5c443-d654-4c9a-9a31-9f629661ad9a
10753
Maybe
Security Update
16.0.5426.1000
5002520
https://www.microsoft.com/download/details.aspx?familyid=89300b5c-782a-4450-9781-31598ff82d40
10754
Maybe
Security Update
16.0.5426.1000
<a href="https://erpaciocco.github.io/">ErPaciocco</a>
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Win32k Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Win32K
Microsoft
Yes
CVE-2023-36011
Untrusted Pointer Dereference
11568
11569
11570
11571
11572
11923
11924
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
12242
12243
12244
10729
10735
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12242
Important
12243
Important
12244
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5033371
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033371
5032196
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.5206
5033371
https://support.microsoft.com/help/5033371
11568
11569
11570
11571
11572
5033118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033118
5032198
11923
11924
Yes
Security Update
10.0.20348.2159
5033464
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033464
11923
11924
Yes
Security Hotpatch Update
10.0.20348.2144
5033369
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033369
5032192
11926
11927
Yes
Security Update
10.0.22000.2652
5033369
https://support.microsoft.com/help/5033369
11926
11927
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
11929
11930
11931
Yes
Security Update
10.0.19041.3803
5033372
https://support.microsoft.com/help/5033372
11929
11930
11931
12097
12098
12099
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12085
12086
12242
Yes
Security Update
10.0.22621.2861
5033375
https://support.microsoft.com/help/5033375
12085
12086
12242
12243
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
12097
12098
12099
Yes
Security Update
10.0.19045.3803
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12243
Yes
Security Update
10.0.22631.2861
5033383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033383
5032202
12244
Yes
Security Update
10.0.25398.584
5033379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033379
5032199
10729
10735
Yes
Security Update
10.0.10240.20345
5033373
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033373
5032197
10852
10853
10816
10855
Yes
Security Update
10.0.14393.6529
5033429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033429
5032247
10378
10379
Yes
Monthly Rollup
6.2.9200.24614
5033420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033420
5032249
10483
10543
Yes
Monthly Rollup
6.3.9600.21715
guopengfei with QiAnXin Group
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p>
<p><strong>Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal?</strong></p>
<p><a href="https://www.microsoft.com/en-us/msrc/bounty-new-edge">Per our severity guidelines</a>, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, "If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded". The CVSS scoring system doesn't allow for this type of nuance.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could allow the attacker to gain the privileges needed to perform code execution.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>This vulnerability could lead to a browser sandbox escape.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>120.0.2210.61</td>
<td>12/7/2023</td>
<td>120.0.6099.62/.63</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2023-35618
Use After Free
11655
Elevation of Privilege
11655
Moderate
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
9.6
8.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
120.0.2210.61
Anonymous
1.0
2023-12-07T08:00:00
<p>Information published.</p>
1.1
2023-12-14T08:00:00
<p>Added FAQ to indicate the version numbers for this CVE. This is an informational change only.</p>
Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does this mean for this vulnerability?</strong></p>
<p>The vulnerability enables data leakage only when a user's script is improperly used and triggers specific errors. The conditions required for triggering the error are not easily met making the complexity high.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The Azure Machine Learning (ML) training data associated with user accounts will be disclosed. This data primarily consists of information used for ML model training purposes within the Azure ML system.</p>
Azure Machine Learning
Microsoft
Yes
CVE-2023-35625
Exposure of Sensitive Information to an Unauthorized Actor
12266
Information Disclosure
12266
Important
12266
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12266
Release Notes
https://pypi.org/project/mltable/1.5.0/
12266
Maybe
Security Update
1.5.0
Fei Deng
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Windows Media Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p>
<ul>
<li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li>
<li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li>
</ul>
<p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
Windows Media
Microsoft
Yes
CVE-2023-21740
Heap-based Buffer Overflow
11568
11569
11570
11571
11572
11923
11924
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
12242
12243
12244
10729
10735
10852
10853
10816
10855
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12242
Important
12243
Important
12244
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5033371
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033371
5032196
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.5206
5033371
https://support.microsoft.com/help/5033371
11568
11569
11570
11571
11572
5033118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033118
5032198
11923
11924
Yes
Security Update
10.0.20348.2159
5033464
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033464
11923
11924
Yes
Security Hotpatch Update
10.0.20348.2144
5033369
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033369
5032192
11926
11927
Yes
Security Update
10.0.22000.2652
5033369
https://support.microsoft.com/help/5033369
11926
11927
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
11929
11930
11931
Yes
Security Update
10.0.19041.3803
5033372
https://support.microsoft.com/help/5033372
11929
11930
11931
12097
12098
12099
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12085
12086
12242
Yes
Security Update
10.0.22621.2861
5033375
https://support.microsoft.com/help/5033375
12085
12086
12242
12243
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
12097
12098
12099
Yes
Security Update
10.0.19045.3803
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12243
Yes
Security Update
10.0.22631.2861
5033383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033383
5032202
12244
Yes
Security Update
10.0.25398.584
5033379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033379
5032199
10729
10735
Yes
Security Update
10.0.10240.20345
5033373
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033373
5032197
10852
10853
10816
10855
Yes
Security Update
10.0.14393.6529
5033433
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033433
5032252
10051
10049
Yes
Monthly Rollup
6.1.7601.26864
5033433
https://support.microsoft.com/help/5033433
10051
10049
5033424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033424
10051
10049
Yes
Security Only
6.1.7601.26864
5033424
https://support.microsoft.com/help/5033424
10051
10049
5033429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033429
5032247
10378
10379
Yes
Monthly Rollup
6.2.9200.24614
5033420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033420
5032249
10483
10543
Yes
Monthly Rollup
6.3.9600.21715
<a href="https://twitter.com/quangnh89">Nguyễn Hồng Quang (@quangnh89)</a> with <a href="https://viettelcybersecurity.com/">Viettel Cyber Security</a>
<a href="https://twitter.com/tacbliw">Lê Trần Hải Tùng (@tacbliw)</a> with <a href="https://viettelcybersecurity.com/">Viettel Cyber Security</a>
1.0
2023-12-12T08:00:00
<p>Information published.</p>
AMD: CVE-2023-20588 AMD Speculative Leaks Security Notice
<p><strong>Why is this AMD CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability.</p>
<p>Please see the following for more information:</p>
<ul>
<li><a href="https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7007.html">AMD-SB-7007</a></li>
</ul>
Chipsets
AMD
Yes
CVE-2023-20588
11568
11569
11570
11571
11572
11923
11924
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
12242
12243
12244
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11926
Information Disclosure
11927
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
12242
Information Disclosure
12243
Information Disclosure
12244
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12242
Important
12243
Important
12244
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
5033371
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033371
5032196
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.5206
5033371
https://support.microsoft.com/help/5033371
11568
11569
11570
11571
11572
5033118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033118
5032198
11923
11924
Yes
Security Update
10.0.20348.2159
5033464
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033464
11923
11924
Yes
Security Hotpatch Update
10.0.20348.2144
5033369
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033369
5032192
11926
11927
Yes
Security Update
10.0.22000.2652
5033369
https://support.microsoft.com/help/5033369
11926
11927
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
11929
11930
11931
Yes
Security Update
10.0.19041.3803
5033372
https://support.microsoft.com/help/5033372
11929
11930
11931
12097
12098
12099
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12085
12086
12242
Yes
Security Update
10.0.22621.2861
5033375
https://support.microsoft.com/help/5033375
12085
12086
12242
12243
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
12097
12098
12099
Yes
Security Update
10.0.19045.3803
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12243
Yes
Security Update
10.0.22631.2861
5033383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033383
5032202
12244
Yes
Security Update
10.0.25398.584
5033379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033379
5032199
10729
10735
Yes
Security Update
10.0.10240.20345
5033373
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033373
5032197
10852
10853
10816
10855
Yes
Security Update
10.0.14393.6529
5033422
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033422
5032254
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22413
5033422
https://support.microsoft.com/help/5033422
9312
10287
9318
9344
5033427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22413
5033427
https://support.microsoft.com/help/5033427
9312
10287
9318
9344
5033433
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033433
5032252
10051
10049
Yes
Monthly Rollup
6.1.7601.26864
5033433
https://support.microsoft.com/help/5033433
10051
10049
5033424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033424
10051
10049
Yes
Security Only
6.1.7601.26864
5033424
https://support.microsoft.com/help/5033424
10051
10049
5033429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033429
5032247
10378
10379
Yes
Monthly Rollup
6.2.9200.24614
5033420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033420
5032249
10483
10543
Yes
Monthly Rollup
6.3.9600.21715
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Chromium: CVE-2023-7024 Heap buffer overflow in WebRTC
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p>Google is aware that an exploit for CVE-2023-7024 exists in the wild.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>120.0.2210.91</td>
<td>12/21/2023</td>
<td>120.0.6099.130</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-7024
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
120.0.2210.91
1.0
2023-12-21T18:16:53
<p>Information published.</p>
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
<p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p>
<p>Exploitation of this vulnerability only discloses limited information, no sensitive information can be obtained.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>120.0.2210.61</td>
<td>12/7/2023</td>
<td>120.0.6099.62/.63</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2023-38174
11655
Information Disclosure
11655
Low
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
120.0.2210.61
Josef Haji Karimian
1.1
2023-12-14T08:00:00
<p>Added FAQ to indicate the version numbers for this CVE. This is an informational change only.</p>
1.0
2023-12-07T08:00:00
<p>Information published.</p>
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Local Security Authority Subsystem Service (LSASS)
Microsoft
Yes
CVE-2023-36391
Improper Link Resolution Before File Access ('Link Following')
12242
12243
Elevation of Privilege
12242
Elevation of Privilege
12243
Important
12242
Important
12243
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12242
Yes
Security Update
10.0.22621.2861
5033375
https://support.microsoft.com/help/5033375
12242
12243
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12243
Yes
Security Update
10.0.22631.2861
<a href="https://twitter.com/filip_dragovic">Filip Dragović</a>
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Microsoft Power Platform Connector Spoofing Vulnerability
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p>
<p><strong>How do I know if my connector does not have a per-connector redirect URI?</strong></p>
<p>Microsoft notified affected customers about this change in behavior via Microsoft 365 Admin Center (MC690931) or Service Health in the Azure Portal (3_SH-LTG) starting on November 17th, 2023. You will need to validate your custom connectors and follow the guidance to make the switch to the per-connector URI.</p>
<p><strong>How do I know if a notification was sent to my organization?</strong></p>
<p>Notifications were sent to customers via the Microsoft 365 Admin Center using a Data Privacy tag. This means that only users with a global administrator role or a Message center privacy reader role can view the notification. These roles are appointed by your organization. You can learn more about these roles and how to assign them at <a href="https://azure.microsoft.com/en-us/blog/understanding-service-health-communications-for-azure-vulnerabilities/">https://azure.microsoft.com/en-us/blog/understanding-service-health-communications-for-azure-vulnerabilities/</a>. If you are a Logic Apps customer, a notification was sent via Service Health in the Azure Portal under tracking ID 3_SH-LTG.</p>
<p><strong>What is the nature of the spoofing?</strong></p>
<p>An attacker could manipulate a malicious link, application, or file to disguise it as a legitimate link or file to trick the victim.</p>
Microsoft Power Platform Connector
Microsoft
Yes
CVE-2023-36019
External Control of File Name or Path
12263
12228
Spoofing
12263
Spoofing
12228
Critical
12263
Critical
12228
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
9.6
8.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12263
9.6
8.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12228
Release Notes
https://learn.microsoft.com/en-us/connectors/custom-connectors/#21-oauth-20
12263
12228
Maybe
Security Update
3.23113
<p><strong>The following mitigation has been applied to address this vulnerability:</strong></p>
<p>As of November 17, 2023, newly created custom connectors that use OAuth 2.0 to authenticate will automatically have a per connector redirect URI. Existing OAuth 2.0 connectors must be updated to use a per-connector redirect URI by February 19, 2024. Microsoft will start updating the custom connectors to use the per connector redirect URLs on February 19, 2024. Between February 19, 2024 - March 29, 2024, custom connectors without a per-connector redirect URI will gradually become deprecated. After March 29, 2024, users will no longer be able to create connections to or use existing OAuth 2.0 custom connectors that have not been updated. For more information see <a href="https://learn.microsoft.com/en-us/connectors/custom-connectors/#21-oauth-20">https://learn.microsoft.com/en-us/connectors/custom-connectors/#21-oauth-20</a>.</p>
Kaixuan Luo with Summer Intern @ Samsung Research America, PhD Student @ The Chinese University of Hong Kong
Adonis Fung with Samsung Research America
<a href="https://twitter.com/sanebow">Xianbo Wang (@sanebow)</a> with The Chinese University of Hong Kong
Wing Cheong Lau with The Chinese University of Hong Kong
1.1
2024-02-13T08:00:00
<p>Updated the mitigation to inform customers with existing OAuth 2.0 connectors that these connectors must be updated to use a per-connector redirect URI by March 29, 2024. After March 29, 2024, users will no longer be able to create connections to or use existing OAuth 2.0 custom connectors that have not been updated. For more information see <a href="https://learn.microsoft.com/en-us/connectors/custom-connectors/#21-oauth-20">https://learn.microsoft.com/en-us/connectors/custom-connectors/#21-oauth-20</a>. This is an informational change only.</p>
1.2
2024-02-16T08:00:00
<p>Added clarifying information to the mitigation. This is an informational change only.</p>
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Microsoft Defender Denial of Service Vulnerability
Windows Defender
Microsoft
Yes
CVE-2023-36010
12183
Denial of Service
12183
Important
12183
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12183
Release Notes
12183
Maybe
Security Update
4.18.23110.3
Tomer Bar with <a href="https://safebreach.com/">SafeBreach</a> and Shmuel Cohen with <a href="https://safebreach.com/">SafeBreach</a>
1.0
2023-12-12T08:00:00
<p>Information published.</p>
DHCP Server Service Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p>
<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p>
Windows DHCP Server
Microsoft
Yes
CVE-2023-36012
Use of Uninitialized Resource
11571
11572
11923
11924
12244
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
12244
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11571
Important
11572
Important
11923
Important
11924
Important
12244
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11571
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11572
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11923
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11924
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12244
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10816
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10855
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
9312
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10287
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
9318
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
9344
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10051
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10049
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10378
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10379
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10483
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10543
5033371
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033371
5032196
11571
11572
Yes
Security Update
10.0.17763.5206
5033371
https://support.microsoft.com/help/5033371
11571
11572
5033118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033118
5032198
11923
11924
Yes
Security Update
10.0.20348.2159
5033464
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033464
11923
11924
Yes
Security Hotpatch Update
10.0.20348.2144
5033383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033383
5032202
12244
Yes
Security Update
10.0.25398.584
5033373
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033373
5032197
10816
10855
Yes
Security Update
10.0.14393.6529
5033422
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033422
5032254
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22413
5033422
https://support.microsoft.com/help/5033422
9312
10287
9318
9344
5033427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22413
5033427
https://support.microsoft.com/help/5033427
9312
10287
9318
9344
5033433
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033433
5032252
10051
10049
Yes
Monthly Rollup
6.1.7601.26864
5033433
https://support.microsoft.com/help/5033433
10051
10049
5033424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033424
10051
10049
Yes
Security Only
6.1.7601.26864
5033424
https://support.microsoft.com/help/5033424
10051
10049
5033429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033429
5032247
10378
10379
Yes
Monthly Rollup
6.2.9200.24614
5033420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033420
5032249
10483
10543
Yes
Monthly Rollup
6.3.9600.21715
Anonymous
1.0
2023-12-12T08:00:00
<p>Information published.</p>
XAML Diagnostics Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>An authorized attacker with regular user privileges may be able to inject a malicious file and then convince a user to execute a UWP application.</p>
XAML Diagnostics
Microsoft
Yes
CVE-2023-36003
Untrusted Search Path
11568
11569
11570
11571
11572
11923
11924
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
12242
12243
12244
10729
10735
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12242
Important
12243
Important
12244
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
6.7
5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5033371
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033371
5032196
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.5206
5033371
https://support.microsoft.com/help/5033371
11568
11569
11570
11571
11572
5033118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033118
5032198
11923
11924
Yes
Security Update
10.0.20348.2159
5033464
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033464
11923
11924
Yes
Security Hotpatch Update
10.0.20348.2144
5033369
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033369
5032192
11926
11927
Yes
Security Update
10.0.22000.2652
5033369
https://support.microsoft.com/help/5033369
11926
11927
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
11929
11930
11931
Yes
Security Update
10.0.19041.3803
5033372
https://support.microsoft.com/help/5033372
11929
11930
11931
12097
12098
12099
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12085
12086
12242
Yes
Security Update
10.0.22621.2861
5033375
https://support.microsoft.com/help/5033375
12085
12086
12242
12243
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
12097
12098
12099
Yes
Security Update
10.0.19045.3803
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12243
Yes
Security Update
10.0.22631.2861
5033383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033383
5032202
12244
Yes
Security Update
10.0.25398.584
5033379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033379
5032199
10729
10735
Yes
Security Update
10.0.10240.20345
5033373
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033373
5032197
10852
10853
10816
10855
Yes
Security Update
10.0.14393.6529
<a href="https://twitter.com/m417z">Michael Maltsev</a> with <a href="https://www.island.io/">Island</a>
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p>
<p>An unauthorized attacker must wait for a user to initiate a connection.</p>
<p><strong>What is the attack vector for this vulnerability?</strong></p>
<p>To exploit this vulnerability, an attacker would need to launch a machine-in-the-middle (MITM) attack against the traffic passing between a domain controller and the target machine.</p>
Windows DPAPI (Data Protection Application Programming Interface)
Microsoft
Yes
CVE-2023-36004
Improper Authentication
11568
11569
11570
11571
11572
11923
11924
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
12242
12243
12244
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Spoofing
11568
Spoofing
11569
Spoofing
11570
Spoofing
11571
Spoofing
11572
Spoofing
11923
Spoofing
11924
Spoofing
11926
Spoofing
11927
Spoofing
11929
Spoofing
11930
Spoofing
11931
Spoofing
12085
Spoofing
12086
Spoofing
12097
Spoofing
12098
Spoofing
12099
Spoofing
12242
Spoofing
12243
Spoofing
12244
Spoofing
10729
Spoofing
10735
Spoofing
10852
Spoofing
10853
Spoofing
10816
Spoofing
10855
Spoofing
9312
Spoofing
10287
Spoofing
9318
Spoofing
9344
Spoofing
10051
Spoofing
10049
Spoofing
10378
Spoofing
10379
Spoofing
10483
Spoofing
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12242
Important
12243
Important
12244
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5033371
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033371
5032196
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.5206
5033371
https://support.microsoft.com/help/5033371
11568
11569
11570
11571
11572
5033118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033118
5032198
11923
11924
Yes
Security Update
10.0.20348.2159
5033464
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033464
11923
11924
Yes
Security Hotpatch Update
10.0.20348.2144
5033369
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033369
5032192
11926
11927
Yes
Security Update
10.0.22000.2652
5033369
https://support.microsoft.com/help/5033369
11926
11927
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
11929
11930
11931
Yes
Security Update
10.0.19041.3803
5033372
https://support.microsoft.com/help/5033372
11929
11930
11931
12097
12098
12099
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12085
12086
12242
Yes
Security Update
10.0.22621.2861
5033375
https://support.microsoft.com/help/5033375
12085
12086
12242
12243
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
12097
12098
12099
Yes
Security Update
10.0.19045.3803
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12243
Yes
Security Update
10.0.22631.2861
5033383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033383
5032202
12244
Yes
Security Update
10.0.25398.584
5033379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033379
5032199
10729
10735
Yes
Security Update
10.0.10240.20345
5033373
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033373
5032197
10852
10853
10816
10855
Yes
Security Update
10.0.14393.6529
5033422
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033422
5032254
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22413
5033422
https://support.microsoft.com/help/5033422
9312
10287
9318
9344
5033427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22413
5033427
https://support.microsoft.com/help/5033427
9312
10287
9318
9344
5033433
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033433
5032252
10051
10049
Yes
Monthly Rollup
6.1.7601.26864
5033433
https://support.microsoft.com/help/5033433
10051
10049
5033424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033424
10051
10049
Yes
Security Only
6.1.7601.26864
5033424
https://support.microsoft.com/help/5033424
10051
10049
5033429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033429
5032247
10378
10379
Yes
Monthly Rollup
6.2.9200.24614
5033420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033420
5032249
10483
10543
Yes
Monthly Rollup
6.3.9600.21715
Jeremy Asbury with <a href="https://www.mandiant.com/">Mandiant</a>
<a href="https://twitter.com/andrewoliveau">Andrew Oliveau</a> with <a href="https://www.mandiant.com/">Mandiant</a>
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Windows Telephony Server Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could execute code in the security context of the “NT AUTHORITY\Network Service” account.</p>
Windows Telephony Server
Microsoft
Yes
CVE-2023-36005
Sensitive Data Storage in Improperly Locked Memory
11568
11569
11570
11571
11572
11923
11924
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
12242
12243
12244
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12242
Important
12243
Important
12244
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5033371
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033371
5032196
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.5206
5033371
https://support.microsoft.com/help/5033371
11568
11569
11570
11571
11572
5033118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033118
5032198
11923
11924
Yes
Security Update
10.0.20348.2159
5033464
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033464
11923
11924
Yes
Security Hotpatch Update
10.0.20348.2144
5033369
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033369
5032192
11926
11927
Yes
Security Update
10.0.22000.2652
5033369
https://support.microsoft.com/help/5033369
11926
11927
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
11929
11930
11931
Yes
Security Update
10.0.19041.3803
5033372
https://support.microsoft.com/help/5033372
11929
11930
11931
12097
12098
12099
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12085
12086
12242
Yes
Security Update
10.0.22621.2861
5033375
https://support.microsoft.com/help/5033375
12085
12086
12242
12243
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
12097
12098
12099
Yes
Security Update
10.0.19045.3803
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12243
Yes
Security Update
10.0.22631.2861
5033383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033383
5032202
12244
Yes
Security Update
10.0.25398.584
5033379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033379
5032199
10729
10735
Yes
Security Update
10.0.10240.20345
5033373
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033373
5032197
10852
10853
10816
10855
Yes
Security Update
10.0.14393.6529
5033422
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033422
5032254
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22413
5033422
https://support.microsoft.com/help/5033422
9312
10287
9318
9344
5033427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22413
5033427
https://support.microsoft.com/help/5033427
9312
10287
9318
9344
5033433
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033433
5032252
10051
10049
Yes
Monthly Rollup
6.1.7601.26864
5033433
https://support.microsoft.com/help/5033433
10051
10049
5033424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033424
10051
10049
Yes
Security Only
6.1.7601.26864
5033424
https://support.microsoft.com/help/5033424
10051
10049
5033429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033429
5032247
10378
10379
Yes
Monthly Rollup
6.2.9200.24614
5033420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033420
5032249
10483
10543
Yes
Monthly Rollup
6.3.9600.21715
<a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a>
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable).</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p>
Microsoft WDAC OLE DB provider for SQL
Microsoft
Yes
CVE-2023-36006
Stack-based Buffer Overflow
11568
11569
11570
11571
11572
11923
11924
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
12242
12243
12244
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12242
Important
12243
Important
12244
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5033371
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033371
5032196
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.5206
5033371
https://support.microsoft.com/help/5033371
11568
11569
11570
11571
11572
5033118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033118
5032198
11923
11924
Yes
Security Update
10.0.20348.2159
5033464
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033464
11923
11924
Yes
Security Hotpatch Update
10.0.20348.2144
5033369
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033369
5032192
11926
11927
Yes
Security Update
10.0.22000.2652
5033369
https://support.microsoft.com/help/5033369
11926
11927
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
11929
11930
11931
Yes
Security Update
10.0.19041.3803
5033372
https://support.microsoft.com/help/5033372
11929
11930
11931
12097
12098
12099
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12085
12086
12242
Yes
Security Update
10.0.22621.2861
5033375
https://support.microsoft.com/help/5033375
12085
12086
12242
12243
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
12097
12098
12099
Yes
Security Update
10.0.19045.3803
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12243
Yes
Security Update
10.0.22631.2861
5033383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033383
5032202
12244
Yes
Security Update
10.0.25398.584
5033379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033379
5032199
10729
10735
Yes
Security Update
10.0.10240.20345
5033373
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033373
5032197
10852
10853
10816
10855
Yes
Security Update
10.0.14393.6529
5033422
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033422
5032254
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22413
5033422
https://support.microsoft.com/help/5033422
9312
10287
9318
9344
5033427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22413
5033427
https://support.microsoft.com/help/5033427
9312
10287
9318
9344
5033433
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033433
5032252
10051
10049
Yes
Monthly Rollup
6.1.7601.26864
5033433
https://support.microsoft.com/help/5033433
10051
10049
5033424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033424
10051
10049
Yes
Security Only
6.1.7601.26864
5033424
https://support.microsoft.com/help/5033424
10051
10049
5033429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033429
5032247
10378
10379
Yes
Monthly Rollup
6.2.9200.24614
5033420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033420
5032249
10483
10543
Yes
Monthly Rollup
6.3.9600.21715
<a href=https://www.twitter.com/guhe120>Yuki Chen</a> with <a href=https://www.cyberkl.com/>Cyber KunLun</a>
<a href=https://www.twitter.com/guhe120>Yuki Chen</a> with <a href=https://www.cyberkl.com/>Cyber KunLun</a>
<a href=https://www.twitter.com/guhe120>Yuki Chen</a> with <a href=https://www.cyberkl.com/>Cyber KunLun</a>
<a href=https://www.twitter.com/guhe120>Yuki Chen</a> with <a href=https://www.cyberkl.com/>Cyber KunLun</a>
Anonymous
<a href=https://www.twitter.com/guhe120>Yuki Chen</a> with <a href=https://www.cyberkl.com/>Cyber KunLun</a>
<a href=https://www.twitter.com/guhe120>Yuki Chen</a> with <a href=https://www.cyberkl.com/>Cyber KunLun</a>
<a href=https://www.twitter.com/guhe120>Yuki Chen</a> with <a href=https://www.cyberkl.com/>Cyber KunLun</a>
<a href=https://www.twitter.com/guhe120>Yuki Chen</a> with <a href=https://www.cyberkl.com/>Cyber KunLun</a>
<a href=https://www.twitter.com/guhe120>Yuki Chen</a> with <a href=https://www.cyberkl.com/>Cyber KunLun</a>
<a href="https://twitter.com/20brokensp">Sam Pope</a> with MSRC Vulnerabilities & Mitigations
1.0
2023-12-12T08:00:00
<p>Information published.</p>
DHCP Server Service Denial of Service Vulnerability
Windows DHCP Server
Microsoft
Yes
CVE-2023-35638
Buffer Over-read
11571
11572
11923
11924
12244
10816
10855
10378
10379
10483
10543
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
12244
Denial of Service
10816
Denial of Service
10855
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11571
Important
11572
Important
11923
Important
11924
Important
12244
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5033371
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033371
5032196
11571
11572
Yes
Security Update
10.0.17763.5206
5033371
https://support.microsoft.com/help/5033371
11571
11572
5033118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033118
5032198
11923
11924
Yes
Security Update
10.0.20348.2159
5033464
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033464
11923
11924
Yes
Security Hotpatch Update
10.0.20348.2144
5033383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033383
5032202
12244
Yes
Security Update
10.0.25398.584
5033373
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033373
5032197
10816
10855
Yes
Security Update
10.0.14393.6529
5033429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033429
5032247
10378
10379
Yes
Monthly Rollup
6.2.9200.24614
5033420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033420
5032249
10483
10543
Yes
Monthly Rollup
6.3.9600.21715
YanZiShuang@BigCJTeam of cyberkl
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Microsoft ODBC Driver Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable).</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p>
Windows ODBC Driver
Microsoft
Yes
CVE-2023-35639
Heap-based Buffer Overflow
11568
11569
11570
11571
11572
11923
11924
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
12242
12243
12244
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12242
Important
12243
Important
12244
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5033371
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033371
5032196
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.5206
5033371
https://support.microsoft.com/help/5033371
11568
11569
11570
11571
11572
5033118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033118
5032198
11923
11924
Yes
Security Update
10.0.20348.2159
5033464
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033464
11923
11924
Yes
Security Hotpatch Update
10.0.20348.2144
5033369
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033369
5032192
11926
11927
Yes
Security Update
10.0.22000.2652
5033369
https://support.microsoft.com/help/5033369
11926
11927
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
11929
11930
11931
Yes
Security Update
10.0.19041.3803
5033372
https://support.microsoft.com/help/5033372
11929
11930
11931
12097
12098
12099
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12085
12086
12242
Yes
Security Update
10.0.22621.2861
5033375
https://support.microsoft.com/help/5033375
12085
12086
12242
12243
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
12097
12098
12099
Yes
Security Update
10.0.19045.3803
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12243
Yes
Security Update
10.0.22631.2861
5033383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033383
5032202
12244
Yes
Security Update
10.0.25398.584
5033379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033379
5032199
10729
10735
Yes
Security Update
10.0.10240.20345
5033373
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033373
5032197
10852
10853
10816
10855
Yes
Security Update
10.0.14393.6529
5033422
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033422
5032254
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22413
5033422
https://support.microsoft.com/help/5033422
9312
10287
9318
9344
5033427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22413
5033427
https://support.microsoft.com/help/5033427
9312
10287
9318
9344
5033433
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033433
5032252
10051
10049
Yes
Monthly Rollup
6.1.7601.26864
5033433
https://support.microsoft.com/help/5033433
10051
10049
5033424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033424
10051
10049
Yes
Security Only
6.1.7601.26864
5033424
https://support.microsoft.com/help/5033424
10051
10049
5033429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033429
5032247
10378
10379
Yes
Monthly Rollup
6.2.9200.24614
5033420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033420
5032249
10483
10543
Yes
Monthly Rollup
6.3.9600.21715
<a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a>
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>To exploit this vulnerability, an attacker would need to send a maliciously crafted DHCP message to a server that runs the Internet Connection Sharing service.</p>
<p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p>
<p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p>
Windows Internet Connection Sharing (ICS)
Microsoft
Yes
CVE-2023-35641
Incorrect Calculation
11568
11569
11570
11571
11572
11923
11924
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
12242
12243
12244
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11926
Critical
11927
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
12242
Critical
12243
Critical
12244
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5033371
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033371
5032196
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.5206
5033371
https://support.microsoft.com/help/5033371
11568
11569
11570
11571
11572
5033118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033118
5032198
11923
11924
Yes
Security Update
10.0.20348.2159
5033464
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033464
11923
11924
Yes
Security Hotpatch Update
10.0.20348.2144
5033369
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033369
5032192
11926
11927
Yes
Security Update
10.0.22000.2652
5033369
https://support.microsoft.com/help/5033369
11926
11927
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
11929
11930
11931
Yes
Security Update
10.0.19041.3803
5033372
https://support.microsoft.com/help/5033372
11929
11930
11931
12097
12098
12099
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12085
12086
12242
Yes
Security Update
10.0.22621.2861
5033375
https://support.microsoft.com/help/5033375
12085
12086
12242
12243
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
12097
12098
12099
Yes
Security Update
10.0.19045.3803
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12243
Yes
Security Update
10.0.22631.2861
5033383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033383
5032202
12244
Yes
Security Update
10.0.25398.584
5033379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033379
5032199
10729
10735
Yes
Security Update
10.0.10240.20345
5033373
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033373
5032197
10852
10853
10816
10855
Yes
Security Update
10.0.14393.6529
5033422
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033422
5032254
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22413
5033422
https://support.microsoft.com/help/5033422
9312
10287
9318
9344
5033427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22413
5033427
https://support.microsoft.com/help/5033427
9312
10287
9318
9344
5033433
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033433
5032252
10051
10049
Yes
Monthly Rollup
6.1.7601.26864
5033433
https://support.microsoft.com/help/5033433
10051
10049
5033424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033424
10051
10049
Yes
Security Only
6.1.7601.26864
5033424
https://support.microsoft.com/help/5033424
10051
10049
5033429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033429
5032247
10378
10379
Yes
Monthly Rollup
6.2.9200.24614
5033420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033420
5032249
10483
10543
Yes
Monthly Rollup
6.3.9600.21715
<p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factors</a> might be helpful in your situation:</p>
<p>Exploitation of this vulnerability requires that the Internet Connection Sharing (ICS) is enabled.</p>
Anonymous
<a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a>
Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a>
<a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a>
1.1
2023-12-13T08:00:00
<p>Added mitigation. This is an informational change only.</p>
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Internet Connection Sharing (ICS) Denial of Service Vulnerability
<p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p>
<p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p>
Windows Internet Connection Sharing (ICS)
Microsoft
Yes
CVE-2023-35642
Incorrect Calculation
11568
11569
11570
11571
11572
11923
11924
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
12242
12243
12244
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11570
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11926
Denial of Service
11927
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
9312
Denial of Service
10287
Denial of Service
9318
Denial of Service
9344
Denial of Service
10051
Denial of Service
10049
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12242
Important
12243
Important
12244
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11570
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11926
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11927
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9312
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10287
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9318
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9344
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10051
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10049
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5033371
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033371
5032196
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.5206
5033371
https://support.microsoft.com/help/5033371
11568
11569
11570
11571
11572
5033118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033118
5032198
11923
11924
Yes
Security Update
10.0.20348.2159
5033464
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033464
11923
11924
Yes
Security Hotpatch Update
10.0.20348.2144
5033369
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033369
5032192
11926
11927
Yes
Security Update
10.0.22000.2652
5033369
https://support.microsoft.com/help/5033369
11926
11927
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
11929
11930
11931
Yes
Security Update
10.0.19041.3803
5033372
https://support.microsoft.com/help/5033372
11929
11930
11931
12097
12098
12099
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12085
12086
12242
Yes
Security Update
10.0.22621.2861
5033375
https://support.microsoft.com/help/5033375
12085
12086
12242
12243
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
12097
12098
12099
Yes
Security Update
10.0.19045.3803
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12243
Yes
Security Update
10.0.22631.2861
5033383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033383
5032202
12244
Yes
Security Update
10.0.25398.584
5033379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033379
5032199
10729
10735
Yes
Security Update
10.0.10240.20345
5033373
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033373
5032197
10852
10853
10816
10855
Yes
Security Update
10.0.14393.6529
5033422
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033422
5032254
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22413
5033422
https://support.microsoft.com/help/5033422
9312
10287
9318
9344
5033427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22413
5033427
https://support.microsoft.com/help/5033427
9312
10287
9318
9344
5033433
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033433
5032252
10051
10049
Yes
Monthly Rollup
6.1.7601.26864
5033433
https://support.microsoft.com/help/5033433
10051
10049
5033424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033424
10051
10049
Yes
Security Only
6.1.7601.26864
5033424
https://support.microsoft.com/help/5033424
10051
10049
5033429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033429
5032247
10378
10379
Yes
Monthly Rollup
6.2.9200.24614
5033420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033420
5032249
10483
10543
Yes
Monthly Rollup
6.3.9600.21715
Anonymous
1.0
2023-12-12T08:00:00
<p>Information published.</p>
DHCP Server Service Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is remote heap memory.</p>
Windows DHCP Server
Microsoft
Yes
CVE-2023-35643
Buffer Over-read
11571
11572
11923
11924
12244
10816
10855
10378
10379
10483
10543
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
12244
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11571
Important
11572
Important
11923
Important
11924
Important
12244
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5033371
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033371
5032196
11571
11572
Yes
Security Update
10.0.17763.5206
5033371
https://support.microsoft.com/help/5033371
11571
11572
5033118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033118
5032198
11923
11924
Yes
Security Update
10.0.20348.2159
5033464
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033464
11923
11924
Yes
Security Hotpatch Update
10.0.20348.2144
5033383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033383
5032202
12244
Yes
Security Update
10.0.25398.584
5033373
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033373
5032197
10816
10855
Yes
Security Update
10.0.14393.6529
5033429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033429
5032247
10378
10379
Yes
Monthly Rollup
6.2.9200.24614
5033420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033420
5032249
10483
10543
Yes
Monthly Rollup
6.3.9600.21715
Anonymous
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Windows Sysmain Service Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Kernel-Mode Drivers
Microsoft
Yes
CVE-2023-35644
Integer Overflow or Wraparound
11568
11569
11570
11571
11572
11923
11924
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
12242
12243
12244
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12242
Important
12243
Important
12244
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
5033371
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033371
5032196
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.5206
5033371
https://support.microsoft.com/help/5033371
11568
11569
11570
11571
11572
5033118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033118
5032198
11923
11924
Yes
Security Update
10.0.20348.2159
5033464
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033464
11923
11924
Yes
Security Hotpatch Update
10.0.20348.2144
5033369
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033369
5032192
11926
11927
Yes
Security Update
10.0.22000.2652
5033369
https://support.microsoft.com/help/5033369
11926
11927
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
11929
11930
11931
Yes
Security Update
10.0.19041.3803
5033372
https://support.microsoft.com/help/5033372
11929
11930
11931
12097
12098
12099
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12085
12086
12242
Yes
Security Update
10.0.22621.2861
5033375
https://support.microsoft.com/help/5033375
12085
12086
12242
12243
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
12097
12098
12099
Yes
Security Update
10.0.19045.3803
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12243
Yes
Security Update
10.0.22631.2861
5033383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033383
5032202
12244
Yes
Security Update
10.0.25398.584
Anonymous
<a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a>
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Windows MSHTML Platform Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>Exploitation of this vulnerability requires that an attacker send a malicious link to the victim via email, or that they convince the user to click the link, typically by way of an enticement in an email or Instant Messenger message. In the worst-case email attack scenario, an attacker could send a specially crafted email to the user without a requirement that the victim open, read, or click on the link. This could result in the attacker executing remote code on the victim's machine. When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk (UI:N).</p>
<p><strong>According to the CVSS Metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability would rely upon complex memory shaping techniques to attempt an attack.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane.</p>
Windows MSHTML Platform
Microsoft
Yes
CVE-2023-35628
Use After Free
12243
12242
12244
11568
11569
11570
11571
11572
11923
11924
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10051
10049
10378
10379
10483
10543
Remote Code Execution
12243
Remote Code Execution
12242
Remote Code Execution
12244
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
12243
Critical
12242
Critical
12244
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11926
Critical
11927
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12243
Yes
Security Update
10.0.22631.2861
5033375
https://support.microsoft.com/help/5033375
12243
12242
12085
12086
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12242
12085
12086
Yes
Security Update
10.0.22621.2861
5033383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033383
5032202
12244
Yes
Security Update
10.0.25398.584
5033371
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033371
5032196
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.5206
5033371
https://support.microsoft.com/help/5033371
11568
11569
11570
11571
11572
5033118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033118
5032198
11923
11924
Yes
Security Update
10.0.20348.2159
5033464
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033464
11923
11924
Yes
Security Hotpatch Update
10.0.20348.2144
5033369
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033369
5032192
11926
11927
Yes
Security Update
10.0.22000.2652
5033369
https://support.microsoft.com/help/5033369
11926
11927
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
11929
11930
11931
Yes
Security Update
10.0.19041.3803
5033372
https://support.microsoft.com/help/5033372
11929
11930
11931
12097
12098
12099
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
12097
12098
12099
Yes
Security Update
10.0.19045.3803
5033379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033379
5032199
10729
10735
Yes
Security Update
10.0.10240.20345
5033373
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033373
5032197
10852
10853
10816
10855
Yes
Security Update
10.0.14393.6529
5033433
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033433
5032252
10051
10049
Yes
Monthly Rollup
6.1.7601.26864
5033433
https://support.microsoft.com/help/5033433
10051
10049
5033424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033424
10051
10049
Yes
Security Only
6.1.7601.26864
5033424
https://support.microsoft.com/help/5033424
10051
10049
5033376
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033376
5032191
10051
10049
10378
10379
10543
Yes
IE Cumulative
1.001
5033429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033429
5032247
10378
10379
Yes
Monthly Rollup
6.2.9200.24614
5033420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033420
5032249
10483
10543
Yes
Monthly Rollup
6.3.9600.21715
5033376
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033376
5032191
10483
Yes
IE Cumulative
1.002
<a href="https://twitter.com/nachoskrnl">Ben Barnea</a> with <a href="https://www.akamai.com/">Akamai Technologies</a>
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability
Windows USB Mass Storage Class Driver
Microsoft
Yes
CVE-2023-35629
Out-of-bounds Read
10729
10735
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
10729
Important
10735
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5033379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033379
5032199
10729
10735
Yes
Security Update
10.0.10240.20345
5033422
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033422
5032254
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22413
5033422
https://support.microsoft.com/help/5033422
9312
10287
9318
9344
5033427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22413
5033427
https://support.microsoft.com/help/5033427
9312
10287
9318
9344
5033433
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033433
5032252
10051
10049
Yes
Monthly Rollup
6.1.7601.26864
5033433
https://support.microsoft.com/help/5033433
10051
10049
5033424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033424
10051
10049
Yes
Security Only
6.1.7601.26864
5033424
https://support.microsoft.com/help/5033424
10051
10049
5033429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033429
5032247
10378
10379
Yes
Monthly Rollup
6.2.9200.24614
5033420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033420
5032249
10483
10543
Yes
Monthly Rollup
6.3.9600.21715
Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a>
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
<p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p>
<p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires the attacker to modify an option->length field in a DHCPv6 DHCPV6_MESSAGE_INFORMATION_REQUEST input message.</p>
Windows Internet Connection Sharing (ICS)
Microsoft
Yes
CVE-2023-35630
Heap-based Buffer Overflow
11568
11569
11570
11571
11572
11923
11924
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
12242
12243
12244
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11926
Critical
11927
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
12242
Critical
12243
Critical
12244
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5033371
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033371
5032196
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.5206
5033371
https://support.microsoft.com/help/5033371
11568
11569
11570
11571
11572
5033118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033118
5032198
11923
11924
Yes
Security Update
10.0.20348.2159
5033464
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033464
11923
11924
Yes
Security Hotpatch Update
10.0.20348.2144
5033369
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033369
5032192
11926
11927
Yes
Security Update
10.0.22000.2652
5033369
https://support.microsoft.com/help/5033369
11926
11927
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
11929
11930
11931
Yes
Security Update
10.0.19041.3803
5033372
https://support.microsoft.com/help/5033372
11929
11930
11931
12097
12098
12099
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12085
12086
12242
Yes
Security Update
10.0.22621.2861
5033375
https://support.microsoft.com/help/5033375
12085
12086
12242
12243
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
12097
12098
12099
Yes
Security Update
10.0.19045.3803
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12243
Yes
Security Update
10.0.22631.2861
5033383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033383
5032202
12244
Yes
Security Update
10.0.25398.584
5033379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033379
5032199
10729
10735
Yes
Security Update
10.0.10240.20345
5033373
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033373
5032197
10852
10853
10816
10855
Yes
Security Update
10.0.14393.6529
5033422
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033422
5032254
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22413
5033422
https://support.microsoft.com/help/5033422
9312
10287
9318
9344
5033427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22413
5033427
https://support.microsoft.com/help/5033427
9312
10287
9318
9344
5033433
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033433
5032252
10051
10049
Yes
Monthly Rollup
6.1.7601.26864
5033433
https://support.microsoft.com/help/5033433
10051
10049
5033424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033424
10051
10049
Yes
Security Only
6.1.7601.26864
5033424
https://support.microsoft.com/help/5033424
10051
10049
5033429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033429
5032247
10378
10379
Yes
Monthly Rollup
6.2.9200.24614
5033420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033420
5032249
10483
10543
Yes
Monthly Rollup
6.3.9600.21715
Anonymous
<a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a>
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Win32k Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Win32K
Microsoft
Yes
CVE-2023-35631
11926
11927
12085
12086
12242
12243
12244
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Important
11926
Important
11927
Important
12085
Important
12086
Important
12242
Important
12243
Important
12244
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
5033369
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033369
5032192
11926
11927
Yes
Security Update
10.0.22000.2652
5033369
https://support.microsoft.com/help/5033369
11926
11927
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12085
12086
12242
Yes
Security Update
10.0.22621.2861
5033375
https://support.microsoft.com/help/5033375
12085
12086
12242
12243
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12243
Yes
Security Update
10.0.22631.2861
5033383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033383
5032202
12244
Yes
Security Update
10.0.25398.584
Microsoft Offensive Research & Security Engineering
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Internet Connection Sharing (ICS)
Microsoft
Yes
CVE-2023-35632
Integer Overflow or Wraparound
11568
11569
11570
11571
11572
11929
11930
11931
12097
12098
12099
10729
10735
10852
10853
10816
10855
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5033371
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033371
5032196
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.5206
5033371
https://support.microsoft.com/help/5033371
11568
11569
11570
11571
11572
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
11929
11931
Yes
Security Update
10.0.19044.3803
5033372
https://support.microsoft.com/help/5033372
11929
11930
11931
12097
12098
12099
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
11930
Yes
Security Update
10.0.19041.3803
5033372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033372
5032189
12097
12098
12099
Yes
Security Update
10.0.19045.3803
5033379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033379
5032199
10729
10735
Yes
Security Update
10.0.10240.20345
5033373
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033373
5032197
10852
10853
10816
10855
Yes
Security Update
10.0.14393.6529
5033433
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033433
5032252
10051
10049
Yes
Monthly Rollup
6.1.7601.26864
5033433
https://support.microsoft.com/help/5033433
10051
10049
5033424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033424
10051
10049
Yes
Security Only
6.1.7601.26864
5033424
https://support.microsoft.com/help/5033424
10051
10049
5033429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033429
5032247
10378
10379
Yes
Monthly Rollup
6.2.9200.24614
5033420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033420
5032249
10483
10543
Yes
Monthly Rollup
6.3.9600.21715
Microsoft Threat Intelligence
Microsoft Security Response Center
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Windows Kernel Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Kernel
Microsoft
Yes
CVE-2023-35633
Improper Link Resolution Before File Access ('Link Following')
10729
10735
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
10729
Important
10735
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5033379
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033379
5032199
10729
10735
Yes
Security Update
10.0.10240.20345
5033422
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033422
5032254
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22413
5033422
https://support.microsoft.com/help/5033422
9312
10287
9318
9344
5033427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22413
5033427
https://support.microsoft.com/help/5033427
9312
10287
9318
9344
5033433
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033433
5032252
10051
10049
Yes
Monthly Rollup
6.1.7601.26864
5033433
https://support.microsoft.com/help/5033433
10051
10049
5033424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033424
10051
10049
Yes
Security Only
6.1.7601.26864
5033424
https://support.microsoft.com/help/5033424
10051
10049
5033429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033429
5032247
10378
10379
Yes
Monthly Rollup
6.2.9200.24614
5033420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033420
5032249
10483
10543
Yes
Monthly Rollup
6.3.9600.21715
Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a>
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Windows Bluetooth Driver Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An unauthorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to remote code execution on the Bluetooth component.</p>
<p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p>
<p>Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.</p>
Microsoft Bluetooth Driver
Microsoft
Yes
CVE-2023-35634
Stack-based Buffer Overflow
11926
11927
12085
12086
12242
12243
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12242
Remote Code Execution
12243
Important
11926
Important
11927
Important
12085
Important
12086
Important
12242
Important
12243
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
5033369
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033369
5032192
11926
11927
Yes
Security Update
10.0.22000.2652
5033369
https://support.microsoft.com/help/5033369
11926
11927
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12085
12086
12242
Yes
Security Update
10.0.22621.2861
5033375
https://support.microsoft.com/help/5033375
12085
12086
12242
12243
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12243
Yes
Security Update
10.0.22631.2861
Irwin Villalobos and Geoffrey Antos with Microsoft
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Windows Kernel Denial of Service Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>This vulnerability could be exploited if an authenticated user opens a specially crafted file locally or browses to that file on a network share when running an unpatched version of Windows. When the user browses or lists the maliciously crafted file that action could cause a crash of the operating system.</p>
Windows Kernel
Microsoft
Yes
CVE-2023-35635
Out-of-bounds Read
12085
12086
12242
12243
Denial of Service
12085
Denial of Service
12086
Denial of Service
12242
Denial of Service
12243
Important
12085
Important
12086
Important
12242
Important
12243
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12085
12086
12242
Yes
Security Update
10.0.22621.2861
5033375
https://support.microsoft.com/help/5033375
12085
12086
12242
12243
5033375
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033375
5032190
12243
Yes
Security Update
10.0.22631.2861
<a href="https://twitter.com/_l4ys">Shih-Fong Peng (@_L4ys)</a> with <a href="https://trapa.tw/">TRAPA Security</a>
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Microsoft Outlook Information Disclosure Vulnerability
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p>
<ul>
<li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li>
<li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li>
</ul>
<p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>Exploiting this vulnerability could allow the disclosure of NTLM hashes.</p>
Microsoft Office Outlook
Microsoft
Yes
CVE-2023-35636
Exposure of Sensitive Information to an Unauthorized Actor
11573
11574
11762
11763
11952
11953
10753
10754
Information Disclosure
11573
Information Disclosure
11574
Information Disclosure
11762
Information Disclosure
11763
Information Disclosure
11952
Information Disclosure
11953
Information Disclosure
10753
Information Disclosure
10754
Important
11573
Important
11574
Important
11762
Important
11763
Important
11952
Important
11953
Important
10753
Important
10754
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11573
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11574
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11762
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11763
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11952
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11953
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10753
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10754
Click to Run
11573
11574
11762
11763
11952
11953
No
Security Update
https://aka.ms/OfficeSecurityReleases
5002529
https://www.microsoft.com/download/details.aspx?familyid=c3eb9d94-5256-4ae0-b2da-8cbf2d451408
10753
Maybe
Security Update
16.0.5426.1000
5002529
https://www.microsoft.com/download/details.aspx?familyid=c5890da5-b002-4ba2-85be-8e8b19b8504b
10754
Maybe
Security Update
16.0.5426.1000
Dolev Taler with <a href="https://www.varonis.com/">Varonis</a>
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Microsoft Outlook for Mac Spoofing Vulnerability
<p><strong>What is the nature of the spoofing?</strong></p>
<p>An attacker could appear as a trusted user when they should not be. This could cause a user to mistakenly trust a signed email message as if it came from a legitimate user.</p>
<p><strong>According to the CVSS metric, Integrity (I:L) is Low. What does that mean for this vulnerability?</strong></p>
<p>The attacker who successfully exploits the vulnerability could inject CSS (Cascading Style Sheets) into an email, which is rendered at the victim’s side when they view the email.</p>
Microsoft Office Outlook
Microsoft
Yes
CVE-2023-35619
Improper Input Validation
11951
Spoofing
11951
Important
11951
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
11951
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
Maybe
Security Update
16.80.23121017
<a href="https://www.linkedin.com/in/rme-infosec/">Ryan Emmons</a> with <a href="https://convergetp.com/cybersecurity/">Converge Technology Solutions</a>
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability
Microsoft Dynamics
Microsoft
Yes
CVE-2023-35621
Improper Control of Interaction Frequency
12268
12267
12269
Denial of Service
12268
Denial of Service
12267
Denial of Service
12269
Important
12268
Important
12267
Important
12269
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12268
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12267
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12269
Release Notes
https://docs.microsoft.com/en-us/dynamics365/fin-ops-core/dev-itpro/migration-upgrade/download-hotfix-lcs
12268
Maybe
Security Update
7.0.7120.46
Release Notes
https://docs.microsoft.com/en-us/dynamics365/fin-ops-core/dev-itpro/migration-upgrade/download-hotfix-lcs
12267
Maybe
Security Update
7.0.7068.109
Release Notes
https://docs.microsoft.com/en-us/dynamics365/fin-ops-core/dev-itpro/migration-upgrade/download-hotfix-lcs
12269
Maybe
Security Update
7.0.7036.133
Andreas with <a href="https://microsoft.com/">Microsoft</a>
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Windows DNS Spoofing Vulnerability
Microsoft Windows DNS
Microsoft
Yes
CVE-2023-35622
11571
11572
11923
11924
12244
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Spoofing
11571
Spoofing
11572
Spoofing
11923
Spoofing
11924
Spoofing
12244
Spoofing
10816
Spoofing
10855
Spoofing
9312
Spoofing
10287
Spoofing
9318
Spoofing
9344
Spoofing
10051
Spoofing
10049
Spoofing
10378
Spoofing
10379
Spoofing
10483
Spoofing
10543
Important
11571
Important
11572
Important
11923
Important
11924
Important
12244
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
9312
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10287
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
9318
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
9344
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10051
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10049
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10543
5033371
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033371
5032196
11571
11572
Yes
Security Update
10.0.17763.5206
5033371
https://support.microsoft.com/help/5033371
11571
11572
5033118
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033118
5032198
11923
11924
Yes
Security Update
10.0.20348.2159
5033464
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033464
11923
11924
Yes
Security Hotpatch Update
10.0.20348.2144
5033383
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033383
5032202
12244
Yes
Security Update
10.0.25398.584
5033373
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033373
5032197
10816
10855
Yes
Security Update
10.0.14393.6529
5033422
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033422
5032254
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22413
5033422
https://support.microsoft.com/help/5033422
9312
10287
9318
9344
5033427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22413
5033427
https://support.microsoft.com/help/5033427
9312
10287
9318
9344
5033433
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033433
5032252
10051
10049
Yes
Monthly Rollup
6.1.7601.26864
5033433
https://support.microsoft.com/help/5033433
10051
10049
5033424
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033424
10051
10049
Yes
Security Only
6.1.7601.26864
5033424
https://support.microsoft.com/help/5033424
10051
10049
5033429
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033429
5032247
10378
10379
Yes
Monthly Rollup
6.2.9200.24614
5033420
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033420
5032249
10483
10543
Yes
Monthly Rollup
6.3.9600.21715
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Azure Connected Machine Agent Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>A non-admin local user who has sufficient permissions to create symbolic links on a Windows computer that has Azure Connected Machine Agent installed (or before the agent is installed) could create links from a directory used by the agent to other privileged files on the computer. If the administrator later installs virtual machine extensions on the machine, those files could be deleted.</p>
<p><strong>What privileges could an attacker gain with successful exploitation?</strong></p>
<p>An attacker who successfully exploited the vulnerability could add symlinks and cause an arbitrary file delete as SYSTEM.</p>
Azure Connected Machine Agent
Microsoft
Yes
CVE-2023-35624
Improper Link Resolution Before File Access ('Link Following')
12264
Elevation of Privilege
12264
Important
12264
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12264
Release Notes
https://learn.microsoft.com/en-us/azure/azure-arc/servers/manage-agent?tabs=windows#upgrade-the-agent
12264
Maybe
Security Update
1.37
R4nger & Zhiniang Peng
1.0
2023-12-12T08:00:00
<p>Information published.</p>
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p>
<p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p>
<p>Exploitation of this vulnerability only discloses limited information, no sensitive information can be obtained.</p>
<p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L). What does that mean for this vulnerability?</strong></p>
<p>The attacker who successfully exploited the vulnerability could have limited ability to perform code execution.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>120.0.2210.61</td>
<td>12/7/2023</td>
<td>120.0.6099.62/.63</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2023-36880
11655
Information Disclosure
11655
Low
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
4.8
4.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
120.0.2210.61
<a href="https://www.chromium.org/">Alex Gough</a> with Chrome Security Team
1.1
2023-12-14T08:00:00
<p>Added FAQ to indicate the version numbers for this CVE. This is an informational change only.</p>
1.0
2023-12-07T08:00:00
<p>Information published.</p>
Chromium: CVE-2023-6512 Inappropriate implementation in Web Browser UI
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>120.0.2210.61</td>
<td>12/7/2023</td>
<td>120.0.6099.62/.63</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-6512
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
120.0.2210.61
1.0
2023-12-07T18:59:06
<p>Information published.</p>
Chromium: CVE-2023-6511 Inappropriate implementation in Autofill
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>120.0.2210.61</td>
<td>12/7/2023</td>
<td>120.0.6099.62/.63</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-6511
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
120.0.2210.61
1.0
2023-12-07T18:59:04
<p>Information published.</p>
Chromium: CVE-2023-6508 Use after free in Media Stream
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>120.0.2210.61</td>
<td>12/7/2023</td>
<td>120.0.6099.62/.63</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-6508
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
120.0.2210.61
1.0
2023-12-07T18:58:56
<p>Information published.</p>
Chromium: CVE-2023-6510 Use after free in Media Capture
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>120.0.2210.61</td>
<td>12/7/2023</td>
<td>120.0.6099.62/.63</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-6510
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
120.0.2210.61
1.0
2023-12-07T18:59:02
<p>Information published.</p>
Chromium: CVE-2023-6509 Use after free in Side Panel Search
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>120.0.2210.61</td>
<td>12/7/2023</td>
<td>120.0.6099.62/.63</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-6509
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
120.0.2210.61
1.0
2023-12-07T18:59:00
<p>Information published.</p>
Azure DevOps Server Spoofing Vulnerability
<p><strong>According to the CVSS metric,privileges required is low(PR:L). What does that mean for this vulnerability?</strong></p>
<p>This means that an attacker needs to have a user account in the organization with the ability to run builds.</p>
<p><strong>According to the CVSS metric, successful exploitation of this vulnerability could impact the integrity(I:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation compromises the integrity of the build verification process, allowing an attacker to spoof and bypass verification.</p>
Azure DevOps
Microsoft
Yes
CVE-2023-21751
Improper Access Control
12270
12143
Spoofing
12270
Spoofing
12143
Important
12270
Important
12143
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12270
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12143
Release Notes
file://cpvsbuild/drops/mseng/tfs/Dev19/releases_M225.AzureDevOps2022.1/layouts/x86ret/Tfs2018Sgn_20231128.1/enu/devops/Patch
12270
Maybe
Security Update
20231128.1
Release Notes
12143
Maybe
Security Update
20231127.4
<a href="https://twitter.com/agdosil">Anton Garcia Dosil</a>
1.0
2023-12-13T08:00:00
<p>Information published. This CVE was addressed by updates that were released in December 2023, but the CVE was inadvertently omitted from the December 2023 Security Updates. Microsoft strongly recommends that customers running affected versions of Azure DevOps Server install the December 2023 updates to be protected from this vulnerability.</p>
Chromium: CVE-2023-6702 Type Confusion in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>120.0.2210.77</td>
<td>12/14/2023</td>
<td>120.0.6099.109</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-6702
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
120.0.2210.77
1.0
2023-12-14T08:00:00
<p>Information published.</p>
Chromium: CVE-2023-6704 Use after free in libavif
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>120.0.2210.77</td>
<td>12/14/2023</td>
<td>120.0.6099.109</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-6704
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
120.0.2210.77
1.0
2023-12-14T08:00:00
<p>Information published.</p>
Chromium: CVE-2023-6703 Use after free in Blink
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>120.0.2210.77</td>
<td>12/14/2023</td>
<td>120.0.6099.109</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-6703
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
120.0.2210.77
1.0
2023-12-14T08:00:00
<p>Information published.</p>
Chromium: CVE-2023-6705 Use after free in WebRTC
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>120.0.2210.77</td>
<td>12/14/2023</td>
<td>120.0.6099.109</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-6705
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
120.0.2210.77
1.0
2023-12-14T08:00:00
<p>Information published.</p>
Chromium: CVE-2023-6706 Use after free in FedCM
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>120.0.2210.77</td>
<td>12/14/2023</td>
<td>120.0.6099.109</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-6706
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
120.0.2210.77
1.0
2023-12-14T08:00:00
<p>Information published.</p>
Chromium: CVE-2023-6707 Use after free in CSS
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>120.0.2210.77</td>
<td>12/14/2023</td>
<td>120.0.6099.109</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-6707
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
120.0.2210.77
1.0
2023-12-14T08:00:00
<p>Information published.</p>
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong> The attacker would be able to bypass the protection in Edge that does not block <code><img></code> tags which may contain blocked websites to be loaded. If an attacker successfully exploited this vulnerability it could load a malicious image file.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>
<p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>120.0.2210.77</td>
<td>12/14/2023</td>
<td>120.0.6099.109</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2023-36878
11655
Security Feature Bypass
11655
Low
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
120.0.2210.77
<a href="https://www.onecategory.com">Khiem Tran</a>
1.0
2023-12-14T08:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-48105
https://nvd.nist.gov/vuln/detail/CVE-2023-48105
Mariner
cve@mitre.org
Yes
CVE-2023-48105
12139
12140
12139
12140
12139
12140
DOS:N/A
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12139
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12140
fluent-bit
12139
fluent-bit-2.1.10-2.cm2.x86_64.rpm
0001-01-01T00:00:00
fluent-bit-devel-2.1.10-2.cm2.x86_64.rpm
0001-01-01T00:00:00
fluent-bit-debuginfo-2.1.10-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.1.10-2
fluent-bit
12140
fluent-bit-2.1.10-2.cm2.aarch64.rpm
0001-01-01T00:00:00
fluent-bit-devel-2.1.10-2.cm2.aarch64.rpm
0001-01-01T00:00:00
fluent-bit-debuginfo-2.1.10-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.1.10-2
1.0
2023-12-05T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-26592
https://nvd.nist.gov/vuln/detail/CVE-2022-26592
Mariner
cve@mitre.org
Yes
CVE-2022-26592
12139
12140
12139
12140
12139
12140
DOS:N/A
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12139
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12140
reaper
12139
reaper-3.1.1-9.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
3.1.1-9
reaper
12140
CBL-Mariner
3.1.1-9
1.0
2023-12-27T00:00:00
<p>Information published.</p>