May 2023 Security Updates
Security Update
secure@microsoft.com
The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc.
2023-May
2023-May
Final
1.0
65
2026-02-20T23:04:56
May 2023 Security Updates
2023-05-09T07:00:00
2026-02-20T23:04:56
<h2 id="this-release-consists-of-the-following-40-microsoft-cves">This release consists of the following 40 Microsoft CVEs:</h2>
<table>
<thead>
<tr>
<th>Tag</th>
<th>CVE</th>
<th>Base Score</th>
<th>CVSS Vector</th>
<th>Exploitability</th>
<th>FAQs?</th>
<th>Workarounds?</th>
<th>Mitigations?</th>
</tr>
</thead>
<tbody>
<tr>
<td>Microsoft Teams</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24881">CVE-2023-24881</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows SMB</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24898">CVE-2023-24898</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Graphics Component</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24899">CVE-2023-24899</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows NTLM</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24900">CVE-2023-24900</a></td>
<td>5.9</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows NFS Portmapper</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24901">CVE-2023-24901</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Win32K</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24902">CVE-2023-24902</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Secure Socket Tunneling Protocol (SSTP)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24903">CVE-2023-24903</a></td>
<td>8.1</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Installer</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24904">CVE-2023-24904</a></td>
<td>7.1</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Remote Desktop Client</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24905">CVE-2023-24905</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Secure Boot</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24932">CVE-2023-24932</a></td>
<td>6.2</td>
<td>CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows NFS Portmapper</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24939">CVE-2023-24939</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Reliable Multicast Transport Driver (RMCAST)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24940">CVE-2023-24940</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Network File System</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24941">CVE-2023-24941</a></td>
<td>9.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td><strong>Yes</strong></td>
</tr>
<tr>
<td>Windows Remote Procedure Call Runtime</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24942">CVE-2023-24942</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Reliable Multicast Transport Driver (RMCAST)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24943">CVE-2023-24943</a></td>
<td>9.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td><strong>Yes</strong></td>
</tr>
<tr>
<td>Microsoft Bluetooth Driver</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24944">CVE-2023-24944</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows iSCSI Target Service</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24945">CVE-2023-24945</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Backup Engine</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24946">CVE-2023-24946</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Bluetooth Driver</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24947">CVE-2023-24947</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Bluetooth Driver</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24948">CVE-2023-24948</a></td>
<td>7.4</td>
<td>CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kernel</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24949">CVE-2023-24949</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24950">CVE-2023-24950</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24953">CVE-2023-24953</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24954">CVE-2023-24954</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24955">CVE-2023-24955</a></td>
<td>7.2</td>
<td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Secure Boot</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28251">CVE-2023-28251</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows LDAP - Lightweight Directory Access Protocol</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28283">CVE-2023-28283</a></td>
<td>8.1</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows RDP Client</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28290">CVE-2023-28290</a></td>
<td>5.5</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows MSHTML Platform</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29324">CVE-2023-29324</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows OLE</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29325">CVE-2023-29325</a></td>
<td>8.1</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td><strong>Yes</strong></td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Access</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29333">CVE-2023-29333</a></td>
<td>3.3</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Word</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29335">CVE-2023-29335</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Win32K</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29336">CVE-2023-29336</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Detected</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Visual Studio Code</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29338">CVE-2023-29338</a></td>
<td>5.0</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Windows Codecs Library</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29340">CVE-2023-29340</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Windows Codecs Library</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29341">CVE-2023-29341</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>SysInternals</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29343">CVE-2023-29343</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29344">CVE-2023-29344</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29350">CVE-2023-29350</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29354">CVE-2023-29354</a></td>
<td>4.7</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
</tbody>
</table>
<h2 id="we-are-republishing-9-non-microsoft-cves">We are republishing 9 non-Microsoft CVEs:</h2>
<table>
<thead>
<tr>
<th>CNA</th>
<th>Tag</th>
<th>CVE</th>
<th>FAQs?</th>
<th>Workarounds?</th>
<th>Mitigations?</th>
</tr>
</thead>
<tbody>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-2459">CVE-2023-2459</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-2460">CVE-2023-2460</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-2462">CVE-2023-2462</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-2463">CVE-2023-2463</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-2464">CVE-2023-2464</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-2465">CVE-2023-2465</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-2466">CVE-2023-2466</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-2467">CVE-2023-2467</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-2468">CVE-2023-2468</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
</tbody>
</table>
<h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2>
<table>
<thead>
<tr>
<th>Date</th>
<th>Blog Post</th>
</tr>
</thead>
<tbody>
<tr>
<td>January 11, 2022</td>
<td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td>
</tr>
<tr>
<td>February 9, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td>
</tr>
<tr>
<td>January 13, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td>
</tr>
<tr>
<td>December 8, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td>
</tr>
<tr>
<td>November 9, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td>
</tr>
</tbody>
</table>
<h2 id="relevant-resources">Relevant Resources</h2>
<ul>
<li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li>
<li>Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li>
<li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li>
<li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li>
<li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li>
<li>Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li>
</ul>
<h2 id="known-issues">Known Issues</h2>
<p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p>
<p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p>
<table>
<thead>
<tr>
<th>KB Article</th>
<th>Applies To</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://support.microsoft.com/help/5026361">5026361</a></td>
<td>Windows 10, version 20H2, Windows 10, version 21H2, Windows 10, version 22H2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5026362">5026362</a></td>
<td>Windows 10, Version 1809, Windows Server 2019</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5026368">5026368</a></td>
<td>Windows 11 version 21H2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5026370">5026370</a></td>
<td>Windows Server 2022</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5026372">5026372</a></td>
<td>Windows 11 version 22H2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5026408">5026408</a></td>
<td>Windows Server 2008 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5026413">5026413</a></td>
<td>Windows Server 2008 R2 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5026426">5026426</a></td>
<td>Windows Server 2008 R2 (Security-only update)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5026427">5026427</a></td>
<td>Windows Server 2008 (Security-only update)</td>
</tr>
</tbody>
</table>
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
AV1 Video Extension
Microsoft Remote Desktop
Windows Server 2025 (Server Core installation)
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Windows Server 2025
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Microsoft SharePoint Server Subscription Edition
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for Mac
Microsoft Office Online Server
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office LTSC for Mac 2021
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Teams
Visual Studio Code
Windows Sysmon
Microsoft Edge (Chromium-based)
Microsoft Edge (Chromium-based) Extended Stable
CBL Mariner 1.0 x64
CBL Mariner 1.0 ARM
CBL Mariner 2.0 x64
CBL Mariner 2.0 ARM
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Windows Server 2016
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016 (Server Core installation)
Microsoft SharePoint Enterprise Server 2016
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for Mac
Microsoft SharePoint Server 2019
Microsoft Office Online Server
Visual Studio Code
Microsoft Edge (Chromium-based)
Microsoft Teams
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
AV1 Video Extension
Microsoft Remote Desktop
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 11 version 21H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Microsoft Office LTSC for Mac 2021
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft SharePoint Server Subscription Edition
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows Sysmon
CBL Mariner 1.0 x64
CBL Mariner 1.0 ARM
CBL Mariner 2.0 x64
CBL Mariner 2.0 ARM
Microsoft Edge (Chromium-based) Extended Stable
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Windows Server 2025
Windows Server 2025 (Server Core installation)
azl3 shim-unsigned-x64 15.8-5 on Azure Linux 3.0
azl3 shim-unsigned-aarch64 15.8-5 on Azure Linux 3.0
cbl2 qemu 6.2.0-24 on CBL Mariner 2.0
cbl2 hvloader 1.0.1-9 on CBL Mariner 2.0
cbl2 golang 1.21.6-1 on CBL Mariner 2.0
cbl2 qt5-qtbase 5.12.11-15 on CBL Mariner 2.0
cbl2 python-gevent 21.1.2-3 on CBL Mariner 2.0
azl3 golang 1.23.7-1 on Azure Linux 3.0
azl3 avahi 0.8-5 on Azure Linux 3.0
azl3 tensorflow 2.16.1-9 on Azure Linux 3.0
azl3 libreswan 4.15-1 on Azure Linux 3.0
cm1 kernel 5.10.188.1-1 on CBL Mariner 1.0
cbl2 kernel 5.15.122.1-2 on CBL Mariner 2.0
cbl2 hyperv-daemons 5.15.118.1-1 on CBL Mariner 2.0
cbl2 kernel 5.15.116.1-2 on CBL Mariner 2.0
cm1 kernel 5.10.183.1-1 on CBL Mariner 1.0
cbl2 kernel 5.15.116.1-1 on CBL Mariner 2.0
cm1 openssl 1.1.1k-16 on CBL Mariner 1.0
cbl2 edk2 20230301gitf80f052277c8-37 on CBL Mariner 2.0
cbl2 kata-containers-cc 0.4.1-2 on CBL Mariner 2.0
cbl2 openssl 1.1.1k-25 on CBL Mariner 2.0
azl3 edk2 20230301gitf80f052277c8-37 on Azure Linux 3.0
cm1 python-requests 2.22.0-3 on CBL Mariner 1.0
cbl2 python-requests 2.27.1-6 on CBL Mariner 2.0
cm1 c-ares 1.19.1-1 on CBL Mariner 1.0
cm1 kernel 5.10.181.1-1 on CBL Mariner 1.0
cm1 qt5-qtbase 5.12.11-7 on CBL Mariner 1.0
cbl2 qt5-qtbase 5.12.11-8 on CBL Mariner 2.0
cbl2 nodejs18 18.17.1-2 on CBL Mariner 2.0
cbl2 nodejs 16.20.1-2 on CBL Mariner 2.0
cbl2 grpc 1.42.0-11 on CBL Mariner 2.0
cbl2 fluent-bit 2.1.10-1 on CBL Mariner 2.0
cbl2 c-ares 1.19.1-1 on CBL Mariner 2.0
azl3 grpc 1.62.0-2 on Azure Linux 3.0
cbl2 grpc 1.42.0-8 on CBL Mariner 2.0
cbl2 kernel 5.15.112.1-2 on CBL Mariner 2.0
cbl2 grpc 1.42.0-10 on CBL Mariner 2.0
cm1 curl 7.88.1-2 on CBL Mariner 1.0
cbl2 curl 8.0.1-2 on CBL Mariner 2.0
cbl2 cmake 3.21.4-6 on CBL Mariner 2.0
azl3 tensorflow 2.16.1-1 on Azure Linux 3.0
azl3 cmake 3.21.4-10 on Azure Linux 3.0
cm1 libtiff 4.5.0-3 on CBL Mariner 1.0
cbl2 libtiff 4.5.0-3 on CBL Mariner 2.0
cm1 vim 9.0.1562-1 on CBL Mariner 1.0
cbl2 vim 9.0.1562-1 on CBL Mariner 2.0
cbl2 kernel 5.15.112.1-1 on CBL Mariner 2.0
cm1 hyperv-daemons 5.10.179.1-1 on CBL Mariner 1.0
cm1 qt5-qtsvg 5.12.11-4 on CBL Mariner 1.0
cbl2 qt5-qtsvg 5.15.9-1 on CBL Mariner 2.0
cbl2 kernel 5.15.111.1-1 on CBL Mariner 2.0
cm1 yasm 1.3.0-14 on CBL Mariner 1.0
cbl2 yasm 1.3.0-14 on CBL Mariner 2.0
azl3 yasm 1.3.0-14 on Azure Linux 3.0
cm1 kernel 5.10.179.1-1 on CBL Mariner 1.0
cbl2 rust 1.72.0-2 on CBL Mariner 2.0
azl3 cmake 3.28.2-1 on Azure Linux 3.0
cbl2 msft-golang 1.20.11-1 on CBL Mariner 2.0
cbl2 golang 1.20.7-1 on CBL Mariner 2.0
cbl2 msft-golang 1.20.7-1 on CBL Mariner 2.0
azl3 golang 1.20.7-1 on Azure Linux 3.0
cbl2 mysql 8.0.34-1 on CBL Mariner 2.0
azl3 tensorflow 2.11.1-1 on Azure Linux 3.0
azl3 gcc 13.2.0-7 on Azure Linux 3.0
cbl2 qt5-qtbase 5.12.11-9 on CBL Mariner 2.0
cbl2 curl 8.2.1-1 on CBL Mariner 2.0
cbl2 openldap 2.4.57-9 on CBL Mariner 2.0
cbl2 skopeo 1.12.0-3 on CBL Mariner 2.0
cbl2 libreswan 4.14-1 on CBL Mariner 2.0
cbl2 cmake 3.21.4-11 on CBL Mariner 2.0
cbl2 avahi 0.8-2 on CBL Mariner 2.0
azl3 avahi 0.8-3 on Azure Linux 3.0
cbl2 sysstat 12.7.1-2 on CBL Mariner 2.0
cbl2 binutils 2.37-10 on CBL Mariner 2.0
cbl2 libvirt 7.10.0-5 on CBL Mariner 2.0
azl3 libvirt 7.10.0-5 on Azure Linux 3.0
cbl2 frr 8.5.1-2 on CBL Mariner 2.0
cbl2 vitess 16.0.2-1 on CBL Mariner 2.0
cbl2 rust 1.72.0-1 on CBL Mariner 2.0
cbl2 clang16 16.0.0-2 on CBL Mariner 2.0
cbl2 etcd 3.5.3-10 on CBL Mariner 2.0
cbl2 llvm 12.0.1-8 on CBL Mariner 2.0
cbl2 llvm16 16.0.0-4 on CBL Mariner 2.0
azl3 python-tornado 6.3.3-11 on Azure Linux 3.0
azl3 yasm 1.3.0-16 on Azure Linux 3.0
azl3 mozjs 102.15.1-1 on Azure Linux 3.0
cbl2 qemu 6.2.0-24 on CBL Mariner 2.0
azl3 ceph 18.2.2-8 on Azure Linux 3.0
cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0
azl3 rust 1.75.0-14 on Azure Linux 3.0
cbl2 hvloader 1.0.1-11 on CBL Mariner 2.0
azl3 golang 1.23.9-1 on Azure Linux 3.0
azl3 rust 1.86.0-1 on Azure Linux 3.0
azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0
azl3 golang 1.24.3-1 on Azure Linux 3.0
cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0
cbl2 qt5-qtbase 5.12.11-15 on CBL Mariner 2.0
azl3 rubygem-mini_portile2 2.8.4-1 on Azure Linux 3.0
cbl2 golang 1.17.13-2 on CBL Mariner 2.0
cbl2 golang 1.18.8-7 on CBL Mariner 2.0
cbl2 ceph 16.2.10-7 on CBL Mariner 2.0
azl3 libreswan 4.7-7 on Azure Linux 3.0
azl3 grpc 1.42.0-7 on Azure Linux 3.0
azl3 rust 1.75.0-22 on Azure Linux 3.0
azl3 rust 1.90.0-1 on Azure Linux 3.0
azl3 rust 1.90.0-3 on Azure Linux 3.0
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL leading to an invalid pointer request.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-1195
Use After Free
17863-16820
17873-16823
17863-16820
17873-16823
Moderate
17863-16820
Moderate
17873-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17863-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17873-16823
CBL-Mariner Releases
17863-16820
No
Security Update
5.10.181.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17863-16820
CBL-Mariner Releases
CBL-Mariner Releases
17873-16823
No
Security Update
5.15.112.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17873-16823
CBL-Mariner Releases
1.0
2023-05-29T00:00:00
<p>Information published.</p>
1.1
2023-06-13T00:00:00
<p>Information published.</p>
A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem possibly leading to a kernel information leak.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-1859
Use After Free
17863-16820
17841-16823
17863-16820
17841-16823
Moderate
17863-16820
Moderate
17841-16823
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
17863-16820
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
17841-16823
CBL-Mariner Releases
17863-16820
No
Security Update
5.10.181.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17863-16820
CBL-Mariner Releases
CBL-Mariner Releases
17841-16823
No
Security Update
5.15.116.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17841-16823
CBL-Mariner Releases
1.0
2023-05-26T00:00:00
<p>Information published.</p>
1.1
2023-06-13T00:00:00
<p>Information published.</p>
A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call causing the avahi daemon to crash.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-1981
Uncontrolled Resource Consumption
17556-17084
18360-16823
18361-17084
17556-17084
18360-16823
18361-17084
Moderate
17556-17084
Moderate
18360-16823
Moderate
18361-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17556-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18360-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18361-17084
CBL-Mariner Releases
17556-17084
18361-17084
No
Security Update
0.8-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17556-17084
18361-17084
CBL-Mariner Releases
CBL-Mariner Releases
18360-16823
No
Security Update
0.8-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18360-16823
CBL-Mariner Releases
1.0
2024-11-09T00:00:00
<p>Information published.</p>
1.2
2026-02-18T15:01:30
<p>Information published.</p>
1.1
2024-12-12T00:00:00
<p>Added avahi to CBL-Mariner 2.0
Added avahi to Azure Linux 3.0</p>
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands compromising the confidentiality integrity and availability of Bluetooth communication.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-2002
Incorrect Authorization
17841-16823
17841-16823
Moderate
17841-16823
6.8
6.8
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
17841-16823
CBL-Mariner Releases
17841-16823
No
Security Update
5.15.116.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17841-16823
CBL-Mariner Releases
1.0
2023-06-09T00:00:00
<p>Information published.</p>
1.1
2023-07-17T00:00:00
<p>Information published.</p>
Use-after-free in Linux kernel's Performance Events subsystem
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Google
Yes
CVE-2023-2235
Use After Free
17889-16823
17889-16823
Important
17889-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17889-16823
CBL-Mariner Releases
17889-16823
No
Security Update
5.15.111.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17889-16823
CBL-Mariner Releases
1.0
2023-05-06T00:00:00
<p>Information published.</p>
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-2513
Use After Free
17863-16820
17885-16820
17884-16823
17863-16820
17885-16820
17884-16823
Moderate
17863-16820
Moderate
17885-16820
Moderate
17884-16823
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
17863-16820
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
17885-16820
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
17884-16823
CBL-Mariner Releases
17863-16820
No
Security Update
5.10.181.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17863-16820
CBL-Mariner Releases
CBL-Mariner Releases
17885-16820
No
Security Update
5.10.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17885-16820
CBL-Mariner Releases
CBL-Mariner Releases
17884-16823
No
Security Update
5.15.112.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17884-16823
CBL-Mariner Releases
1.0
2023-05-16T00:00:00
<p>Information published.</p>
Possible DoS translating ASN.1 object identifiers
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
openssl
Yes
CVE-2023-2650
Allocation of Resources Without Limits or Throttling
19678-17086
19662-17086
19686-17084
19671-17084
17855-16820
17374-16823
17856-16823
17857-16823
17858-16823
17859-17084
17013-17084
17012-17084
17093-17086
19678-17086
19662-17086
19686-17084
19671-17084
17855-16820
17374-16823
17856-16823
17857-16823
17858-16823
17859-17084
17013-17084
17012-17084
17093-17086
Moderate
19678-17086
19662-17086
Moderate
19686-17084
Moderate
19671-17084
Moderate
17855-16820
Moderate
17374-16823
Moderate
17856-16823
Moderate
17857-16823
Moderate
17858-16823
Moderate
17859-17084
Moderate
17013-17084
Moderate
17012-17084
Moderate
17093-17086
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
19678-17086
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
19662-17086
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
19686-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
19671-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17855-16820
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17374-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17856-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17857-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17858-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17859-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17013-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17012-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17093-17086
CBL-Mariner Releases
19678-17086
No
Security Update
1.0.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19678-17086
CBL-Mariner Releases
CBL-Mariner Releases
17855-16820
No
Security Update
1.1.1k-16
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17855-16820
CBL-Mariner Releases
CBL-Mariner Releases
17374-16823
No
Security Update
1.0.1-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17374-16823
CBL-Mariner Releases
CBL-Mariner Releases
17856-16823
17859-17084
No
Security Update
20230301gitf80f052277c8-37
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17856-16823
17859-17084
CBL-Mariner Releases
CBL-Mariner Releases
17857-16823
No
Security Update
0.4.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17857-16823
CBL-Mariner Releases
CBL-Mariner Releases
17858-16823
No
Security Update
1.1.1k-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17858-16823
CBL-Mariner Releases
1.0
2023-06-05T00:00:00
<p>Information published.</p>
1.1
2023-06-06T00:00:00
<p>Added rust to CBL-Mariner 2.0</p>
1.2
2023-10-11T00:00:00
<p>Added edk2 to CBL-Mariner 2.0</p>
1.3
2024-04-06T00:00:00
<p>Added hvloader to CBL-Mariner 2.0</p>
1.4
2024-06-30T07:00:00
<p>Information published.</p>
1.5
2024-09-11T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:49:13
<p>Information published.</p>
A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file resulting in a program crash or denial of service.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-2731
NULL Pointer Dereference
17880-16820
17881-16823
17880-16820
17881-16823
Moderate
17880-16820
Moderate
17881-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17880-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17881-16823
CBL-Mariner Releases
17880-16820
17881-16823
No
Security Update
4.5.0-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17880-16820
17881-16823
CBL-Mariner Releases
1.0
2023-05-23T00:00:00
<p>Information published.</p>
1.1
2023-06-03T00:00:00
<p>Information published.</p>
A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
hackerone
Yes
CVE-2023-28319
Use After Free
19686-17084
17953-16823
18287-16823
18337-16823
17878-17084
18295-17084
19668-17086
19671-17084
19686-17084
17953-16823
18287-16823
18337-16823
17878-17084
18295-17084
19668-17086
19671-17084
Important
19686-17084
Important
17953-16823
Important
18287-16823
Important
18337-16823
Important
17878-17084
Important
18295-17084
Important
19668-17086
Important
19671-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
19686-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
17953-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
18287-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
18337-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
17878-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
18295-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
19668-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
19671-17084
CBL-Mariner Releases
17953-16823
No
Security Update
1.72.0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17953-16823
CBL-Mariner Releases
CBL-Mariner Releases
18287-16823
No
Security Update
8.0.34-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18287-16823
CBL-Mariner Releases
CBL-Mariner Releases
18337-16823
No
Security Update
8.2.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18337-16823
CBL-Mariner Releases
CBL-Mariner Releases
17878-17084
18295-17084
No
Security Update
2.16.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17878-17084
18295-17084
CBL-Mariner Releases
1.2
2026-02-18T15:16:57
<p>Information published.</p>
1.0
2023-05-27T00:00:00
<p>Information published.</p>
1.1
2024-06-30T07:00:00
<p>Information published.</p>
A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names selected at build time. If it is built to use the synchronous resolver it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
hackerone
Yes
CVE-2023-28320
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
19668-17086
19686-17084
19671-17084
17953-16823
18287-16823
18337-16823
18359-16823
17878-17084
17957-17084
17879-17084
18295-17084
19668-17086
19686-17084
19671-17084
17953-16823
18287-16823
18337-16823
18359-16823
17878-17084
17957-17084
17879-17084
18295-17084
Moderate
19668-17086
Moderate
19686-17084
Moderate
19671-17084
Moderate
17953-16823
Moderate
18287-16823
Moderate
18337-16823
Moderate
18359-16823
Moderate
17878-17084
Moderate
17957-17084
Moderate
17879-17084
Moderate
18295-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
19668-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
19686-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
19671-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
17953-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
18287-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
18337-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
18359-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
17878-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
17957-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
17879-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
18295-17084
CBL-Mariner Releases
17953-16823
No
Security Update
1.72.0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17953-16823
CBL-Mariner Releases
CBL-Mariner Releases
18287-16823
No
Security Update
8.0.34-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18287-16823
CBL-Mariner Releases
CBL-Mariner Releases
18337-16823
No
Security Update
8.2.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18337-16823
CBL-Mariner Releases
CBL-Mariner Releases
18359-16823
No
Security Update
3.21.4-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18359-16823
CBL-Mariner Releases
CBL-Mariner Releases
17878-17084
18295-17084
No
Security Update
2.16.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17878-17084
18295-17084
CBL-Mariner Releases
CBL-Mariner Releases
17957-17084
17879-17084
No
Security Update
3.28.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17957-17084
17879-17084
CBL-Mariner Releases
1.0
2023-05-27T00:00:00
<p>Information published.</p>
1.1
2024-06-30T07:00:00
<p>Information published.</p>
1.2
2024-08-18T00:00:00
<p>Information published.</p>
1.3
2026-02-18T01:06:44
<p>Information published.</p>
llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-29941
Out-of-bounds Read
19668-17086
18377-16823
18374-16823
17878-17084
18295-17084
19668-17086
18377-16823
18374-16823
17878-17084
18295-17084
Moderate
19668-17086
Moderate
18377-16823
Moderate
18374-16823
Moderate
17878-17084
Moderate
18295-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
19668-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18377-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18374-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17878-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18295-17084
CBL-Mariner Releases
18377-16823
No
Security Update
16.0.0-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18377-16823
CBL-Mariner Releases
CBL-Mariner Releases
18374-16823
No
Security Update
16.0.0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18374-16823
CBL-Mariner Releases
CBL-Mariner Releases
17878-17084
18295-17084
No
Security Update
2.16.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17878-17084
18295-17084
CBL-Mariner Releases
1.1
2025-03-19T00:00:00
<p>Added llvm16 to CBL-Mariner 2.0
Added tensorflow to Azure Linux 3.0</p>
1.2
2025-03-28T00:00:00
<p>Added clang16 to CBL-Mariner 2.0
Added llvm16 to CBL-Mariner 2.0
Added tensorflow to Azure Linux 3.0</p>
1.3
2026-02-18T14:15:35
<p>Information published.</p>
1.0
2024-06-30T07:00:00
<p>Information published.</p>
Insufficient randomness in generation of DNS query IDs in c-ares
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2023-31147
Use of Insufficiently Random Values
20279-17084
19746-17084
19666-17084
17862-16820
17433-16823
17866-16823
17867-16823
17874-16823
17869-16823
17870-16823
17871-17084
19814-17086
17667-17084
20279-17084
19746-17084
19666-17084
17862-16820
17433-16823
17866-16823
17867-16823
17874-16823
17869-16823
17870-16823
17871-17084
19814-17086
17667-17084
Moderate
20279-17084
Moderate
19746-17084
Moderate
19666-17084
Moderate
17862-16820
Moderate
17433-16823
Moderate
17866-16823
Moderate
17867-16823
Moderate
17874-16823
Moderate
17869-16823
Moderate
17870-16823
Moderate
17871-17084
Moderate
19814-17086
Moderate
17667-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
20279-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
19746-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
19666-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
17862-16820
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
17433-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
17866-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
17867-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
17874-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
17869-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
17870-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
17871-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
19814-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
17667-17084
CBL-Mariner Releases
20279-17084
17871-17084
No
Security Update
1.62.0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20279-17084
17871-17084
CBL-Mariner Releases
CBL-Mariner Releases
19666-17084
No
Security Update
18.2.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19666-17084
CBL-Mariner Releases
CBL-Mariner Releases
17862-16820
17870-16823
No
Security Update
1.19.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17862-16820
17870-16823
CBL-Mariner Releases
CBL-Mariner Releases
17433-16823
No
Security Update
21.1.2-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17433-16823
CBL-Mariner Releases
CBL-Mariner Releases
17866-16823
No
Security Update
18.17.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17866-16823
CBL-Mariner Releases
CBL-Mariner Releases
17867-16823
No
Security Update
16.20.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17867-16823
CBL-Mariner Releases
CBL-Mariner Releases
17874-16823
No
Security Update
1.42.0-10
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17874-16823
CBL-Mariner Releases
CBL-Mariner Releases
17869-16823
No
Security Update
2.1.10-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17869-16823
CBL-Mariner Releases
1.3
2026-02-18T03:14:44
<p>Information published.</p>
1.0
2023-05-29T00:00:00
<p>Information published.</p>
1.1
2024-06-30T07:00:00
<p>Information published.</p>
1.2
2025-03-25T00:00:00
<p>Added grpc to CBL-Mariner 2.0
Added fluent-bit to CBL-Mariner 2.0
Added nodejs18 to CBL-Mariner 2.0
Added nodejs to CBL-Mariner 2.0
Added c-ares to CBL-Mariner 2.0
Added grpc to Azure Linux 3.0
Added c-ares to CBL-Mariner 1.0</p>
An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-31490
18371-16823
18371-16823
Important
18371-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18371-16823
CBL-Mariner Releases
18371-16823
No
Security Update
8.5.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18371-16823
CBL-Mariner Releases
1.0
2023-05-17T00:00:00
<p>Information published.</p>
1.1
2023-06-03T00:00:00
<p>Information published.</p>
yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-31975
Missing Release of Memory after Effective Lifetime
18417-17084
17890-16820
17891-16823
17892-17084
18417-17084
17890-16820
17891-16823
17892-17084
Low
18417-17084
Low
17890-16820
Low
17891-16823
Low
17892-17084
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
18417-17084
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
17890-16820
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
17891-16823
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
17892-17084
CBL-Mariner Releases
18417-17084
17890-16820
17891-16823
17892-17084
No
Security Update
1.3.0-14
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18417-17084
17890-16820
17891-16823
17892-17084
CBL-Mariner Releases
1.0
2023-05-12T00:00:00
<p>Information published.</p>
1.1
2024-06-30T07:00:00
<p>Information published.</p>
1.2
2026-02-20T23:04:56
<p>Information published.</p>
In Qt before 5.15.14 6.0.x through 6.2.x before 6.2.9 and 6.3.x through 6.5.x before 6.5.1 QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-32573
Divide By Zero
17384-17086
17886-16820
17887-16823
19737-17086
17384-17086
17886-16820
17887-16823
19737-17086
Moderate
17384-17086
Moderate
17886-16820
Moderate
17887-16823
19737-17086
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17384-17086
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17886-16820
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17887-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
19737-17086
CBL-Mariner Releases
17886-16820
No
Security Update
5.12.11-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17886-16820
CBL-Mariner Releases
CBL-Mariner Releases
17887-16823
No
Security Update
5.15.9-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17887-16823
CBL-Mariner Releases
CBL-Mariner Releases
19737-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19737-17086
CBL-Mariner Releases
2.0
2026-02-18T14:25:43
<p>Information published.</p>
1.0
2023-05-15T00:00:00
<p>Information published.</p>
Unintended leak of Proxy-Authorization header in requests
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2023-32681
Exposure of Sensitive Information to an Unauthorized Actor
17860-16820
17861-16823
17860-16820
17861-16823
Moderate
17860-16820
Moderate
17861-16823
6.1
6.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
17860-16820
6.1
6.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
17861-16823
CBL-Mariner Releases
17860-16820
No
Security Update
2.22.0-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17860-16820
CBL-Mariner Releases
CBL-Mariner Releases
17861-16823
No
Security Update
2.27.1-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17861-16823
CBL-Mariner Releases
1.0
2023-06-03T00:00:00
<p>Information published.</p>
1.1
2023-06-05T00:00:00
<p>Added python-requests to CBL-Mariner 2.0</p>
An issue was discovered in Qt before 5.15.14 6.x before 6.2.9 and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header allowing unencrypted connections to be established even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-32762
17864-16820
17865-16823
17864-16820
17865-16823
Moderate
17864-16820
Moderate
17865-16823
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
17864-16820
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
17865-16823
CBL-Mariner Releases
17864-16820
No
Security Update
5.12.11-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17864-16820
CBL-Mariner Releases
CBL-Mariner Releases
17865-16823
No
Security Update
5.12.11-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17865-16823
CBL-Mariner Releases
1.0
2023-05-30T00:00:00
<p>Information published.</p>
1.1
2023-05-31T00:00:00
<p>Added qt5-qtbase to CBL-Mariner 2.0</p>
1.2
2023-06-28T00:00:00
<p>Information published.</p>
malformed proposed intoto v0.0.2 entries can cause a panic in Rekor
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2023-33199
Reachable Assertion
18357-16823
18357-16823
Moderate
18357-16823
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
18357-16823
CBL-Mariner Releases
18357-16823
No
Security Update
1.12.0-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18357-16823
CBL-Mariner Releases
1.0
2023-05-31T00:00:00
<p>Information published.</p>
sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-33204
Integer Overflow or Wraparound
18362-16823
18362-16823
Important
18362-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18362-16823
CBL-Mariner Releases
18362-16823
No
Security Update
12.7.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18362-16823
CBL-Mariner Releases
1.0
2023-05-26T00:00:00
<p>Information published.</p>
1.1
2023-06-03T00:00:00
<p>Information published.</p>
An issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remove in drivers/power/supply/bq24190_charger.c. It could allow a local attacker to crash the system due to a race condition.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-33288
Use After Free
17863-16820
17873-16823
17863-16820
17873-16823
Moderate
17863-16820
Moderate
17873-16823
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
17863-16820
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
17873-16823
CBL-Mariner Releases
17863-16820
No
Security Update
5.10.181.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17863-16820
CBL-Mariner Releases
CBL-Mariner Releases
17873-16823
No
Security Update
5.15.112.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17873-16823
CBL-Mariner Releases
1.0
2023-05-26T00:00:00
<p>Information published.</p>
1.1
2023-06-13T00:00:00
<p>Information published.</p>
Improper sanitization of CSS values in html/template
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Go
Yes
CVE-2023-24539
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
19679-17084
19712-17086
17375-16823
18136-16823
18138-16823
18141-17084
18315-17084
19785-17086
19778-17086
19668-17086
19693-17084
17667-17084
17485-17084
19697-17084
19679-17084
19712-17086
17375-16823
18136-16823
18138-16823
18141-17084
18315-17084
19785-17086
19778-17086
19668-17086
19693-17084
17667-17084
17485-17084
19697-17084
Important
19679-17084
Important
19712-17086
Important
17375-16823
Important
18136-16823
Important
18138-16823
Important
18141-17084
Important
18315-17084
Important
19785-17086
Important
19778-17086
Important
19668-17086
Important
19693-17084
Important
17667-17084
Important
17485-17084
Important
19697-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19679-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19712-17086
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
17375-16823
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
18136-16823
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
18138-16823
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
18141-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
18315-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19785-17086
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19778-17086
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19668-17086
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19693-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
17667-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
17485-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19697-17084
CBL-Mariner Releases
17375-16823
No
Security Update
1.21.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17375-16823
CBL-Mariner Releases
CBL-Mariner Releases
18136-16823
No
Security Update
1.20.11-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18136-16823
CBL-Mariner Releases
CBL-Mariner Releases
18138-16823
18141-17084
No
Security Update
1.20.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18138-16823
18141-17084
CBL-Mariner Releases
CBL-Mariner Releases
19785-17086
19778-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19785-17086
19778-17086
CBL-Mariner Releases
1.0
2025-09-04T04:09:59
<p>Information published.</p>
1.1
2026-02-18T03:08:22
<p>Information published.</p>
An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-48502
Out-of-bounds Read
17823-16820
17824-16823
17823-16820
17824-16823
Important
17823-16820
Important
17824-16823
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
17823-16820
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
17824-16823
CBL-Mariner Releases
17823-16820
No
Security Update
5.10.188.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17823-16820
CBL-Mariner Releases
CBL-Mariner Releases
17824-16823
No
Security Update
5.15.122.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17824-16823
CBL-Mariner Releases
1.0
2023-06-08T00:00:00
<p>Information published.</p>
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
jpcert
Yes
CVE-2023-28370
URL Redirection to Untrusted Site ('Open Redirect')
18411-17084
18411-17084
Moderate
18411-17084
6.1
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
18411-17084
CBL-Mariner Releases
18411-17084
No
Security Update
6.3.3-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18411-17084
CBL-Mariner Releases
1.0
2025-03-14T00:00:00
<p>Information published.</p>
llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-29942
Out-of-bounds Read
18373-16823
18374-16823
18373-16823
18374-16823
Moderate
18373-16823
Moderate
18374-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18373-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18374-16823
CBL-Mariner Releases
18373-16823
No
Security Update
1.72.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18373-16823
CBL-Mariner Releases
CBL-Mariner Releases
18374-16823
No
Security Update
16.0.0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18374-16823
CBL-Mariner Releases
1.0
2025-03-28T00:00:00
<p>Information published.</p>
VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-32570
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
18469-17084
18469-17084
Moderate
18469-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
18469-17084
1.1
2026-02-18T15:15:32
<p>Information published.</p>
1.0
2025-09-03T21:44:01
<p>Information published.</p>
An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-31670
18469-17084
18469-17084
Important
18469-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18469-17084
1.1
2026-02-18T15:16:28
<p>Information published.</p>
1.0
2025-09-03T22:05:04
<p>Information published.</p>
Copy_from_user Spectre-V1 Gadget in Linux Kernel
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Google
Yes
CVE-2023-0459
Release of Invalid Pointer or Reference
17863-16820
17849-16823
17863-16820
17849-16823
Moderate
17863-16820
Moderate
17849-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
17863-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
17849-16823
CBL-Mariner Releases
17863-16820
No
Security Update
5.10.181.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17863-16820
CBL-Mariner Releases
CBL-Mariner Releases
17849-16823
No
Security Update
5.15.116.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17849-16823
CBL-Mariner Releases
1.0
2023-06-02T00:00:00
<p>Information published.</p>
A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Red Hat Inc.
Yes
CVE-2023-1972
Improper Restriction of Operations within the Bounds of a Memory Buffer
18365-16823
18365-16823
Moderate
18365-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18365-16823
CBL-Mariner Releases
18365-16823
No
Security Update
2.37-10
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18365-16823
CBL-Mariner Releases
1.0
2024-12-12T00:00:00
<p>Information published.</p>
In __efi_rt_asm_wrapper of efi-rt-wrapper.S there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-260821414References: Upstream kernel
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
google_android
Yes
CVE-2023-21102
Improper Check for Unusual or Exceptional Conditions
17835-16823
17835-16823
Important
17835-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17835-16823
CBL-Mariner Releases
17835-16823
No
Security Update
5.15.118.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17835-16823
CBL-Mariner Releases
1.0
2023-05-29T00:00:00
<p>Information published.</p>
1.1
2023-08-03T00:00:00
<p>Information published.</p>
An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-2124
Out-of-bounds Write
17823-16820
17824-16823
17823-16820
17824-16823
Important
17823-16820
Important
17824-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17823-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17824-16823
CBL-Mariner Releases
17823-16820
No
Security Update
5.10.188.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17823-16820
CBL-Mariner Releases
CBL-Mariner Releases
17824-16823
No
Security Update
5.15.122.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17824-16823
CBL-Mariner Releases
1.0
2023-05-26T00:00:00
<p>Information published.</p>
NULL Pointer Dereference in vim/vim
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
@huntr_ai
Yes
CVE-2023-2609
NULL Pointer Dereference
17882-16820
17883-16823
17882-16820
17883-16823
Moderate
17882-16820
Moderate
17883-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17882-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17883-16823
CBL-Mariner Releases
17882-16820
17883-16823
No
Security Update
9.0.1562-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17882-16820
17883-16823
CBL-Mariner Releases
1.0
2023-05-16T00:00:00
<p>Information published.</p>
Integer Overflow or Wraparound in vim/vim
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
@huntr_ai
Yes
CVE-2023-2610
17882-16820
17883-16823
17882-16820
17883-16823
Important
17882-16820
Important
17883-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
17882-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
17883-16823
CBL-Mariner Releases
17882-16820
17883-16823
No
Security Update
9.0.1562-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17882-16820
17883-16823
CBL-Mariner Releases
1.0
2023-05-13T00:00:00
<p>Information published.</p>
A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-2700
Missing Release of Memory after Effective Lifetime
18366-16823
18367-17084
18366-16823
18367-17084
Moderate
18366-16823
Moderate
18367-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18366-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18367-17084
CBL-Mariner Releases
18366-16823
18367-17084
No
Security Update
7.10.0-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18366-16823
18367-17084
CBL-Mariner Releases
1.0
2024-06-30T07:00:00
<p>Information published.</p>
An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match but the wildcard check in curl could still check for `x*` which would match even though the IDN name most likely contained nothing even resembling an `x`.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
hackerone
Yes
CVE-2023-28321
Improper Certificate Validation
19668-17086
18295-17084
17953-16823
18287-16823
18337-16823
17878-17084
19668-17086
18295-17084
17953-16823
18287-16823
18337-16823
17878-17084
Moderate
19668-17086
Moderate
18295-17084
Moderate
17953-16823
Moderate
18287-16823
Moderate
18337-16823
Moderate
17878-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
19668-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18295-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
17953-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18287-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18337-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
17878-17084
CBL-Mariner Releases
18295-17084
17878-17084
No
Security Update
2.16.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18295-17084
17878-17084
CBL-Mariner Releases
CBL-Mariner Releases
17953-16823
No
Security Update
1.72.0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17953-16823
CBL-Mariner Releases
CBL-Mariner Releases
18287-16823
No
Security Update
8.0.34-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18287-16823
CBL-Mariner Releases
CBL-Mariner Releases
18337-16823
No
Security Update
8.2.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18337-16823
CBL-Mariner Releases
1.2
2026-02-18T02:40:44
<p>Information published.</p>
1.0
2023-05-27T00:00:00
<p>Information published.</p>
1.1
2024-06-30T07:00:00
<p>Information published.</p>
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send even when the `CURLOPT_POSTFIELDS` option has been set if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
hackerone
Yes
CVE-2023-28322
Exposure of Sensitive Information to an Unauthorized Actor
19668-17086
18295-17084
19671-17084
17875-16820
17876-16823
17877-16823
17878-17084
17879-17084
19686-17084
19668-17086
18295-17084
19671-17084
17875-16820
17876-16823
17877-16823
17878-17084
17879-17084
19686-17084
Low
19668-17086
Low
18295-17084
Low
19671-17084
Low
17875-16820
Low
17876-16823
Low
17877-16823
Low
17878-17084
Low
17879-17084
Low
19686-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
19668-17086
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
18295-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
19671-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
17875-16820
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
17876-16823
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
17877-16823
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
17878-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
17879-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
19686-17084
CBL-Mariner Releases
18295-17084
17878-17084
No
Security Update
2.16.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18295-17084
17878-17084
CBL-Mariner Releases
CBL-Mariner Releases
17875-16820
No
Security Update
7.88.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17875-16820
CBL-Mariner Releases
CBL-Mariner Releases
17876-16823
No
Security Update
8.0.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17876-16823
CBL-Mariner Releases
CBL-Mariner Releases
17877-16823
No
Security Update
3.21.4-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17877-16823
CBL-Mariner Releases
CBL-Mariner Releases
17879-17084
No
Security Update
3.21.4-10
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17879-17084
CBL-Mariner Releases
1.0
2023-05-27T00:00:00
<p>Information published.</p>
1.1
2023-05-28T00:00:00
<p>Added curl to CBL-Mariner 1.0</p>
1.2
2024-06-30T07:00:00
<p>Information published.</p>
1.3
2026-02-18T15:12:11
<p>Information published.</p>
Vitess VTAdmin users that can create shards can deny access to other functions
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2023-29195
Improper Input Validation
18372-16823
18372-16823
Moderate
18372-16823
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
18372-16823
CBL-Mariner Releases
18372-16823
No
Security Update
16.0.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18372-16823
CBL-Mariner Releases
1.0
2023-05-16T00:00:00
<p>Information published.</p>
1.1
2023-06-03T00:00:00
<p>Information published.</p>
A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-2953
NULL Pointer Dereference
18356-16823
18356-16823
Important
18356-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18356-16823
CBL-Mariner Releases
18356-16823
No
Security Update
2.4.57-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18356-16823
CBL-Mariner Releases
1.0
2024-09-11T00:00:00
<p>Information published.</p>
llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-29932
Improper Restriction of Operations within the Bounds of a Memory Buffer
17093-17086
17953-16823
18376-16823
19662-17086
20744-17084
20822-17084
20865-17084
17093-17086
17953-16823
18376-16823
19662-17086
20744-17084
20822-17084
20865-17084
Moderate
17093-17086
Moderate
17953-16823
Moderate
18376-16823
19662-17086
Moderate
20744-17084
Moderate
20822-17084
Moderate
20865-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17953-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18376-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
19662-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
20744-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
20822-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
20865-17084
CBL-Mariner Releases
17953-16823
No
Security Update
1.72.0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17953-16823
CBL-Mariner Releases
CBL-Mariner Releases
18376-16823
No
Security Update
12.0.1-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18376-16823
CBL-Mariner Releases
3.0
2026-01-21T01:43:42
<p>Information published.</p>
1.0
2023-05-09T00:00:00
<p>Information published.</p>
1.1
2025-03-19T00:00:00
<p>Added llvm to CBL-Mariner 2.0
Added rust to CBL-Mariner 2.0</p>
2.0
2026-01-20T01:01:47
<p>Information published.</p>
4.0
2026-02-18T02:39:52
<p>Information published.</p>
pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-30570
Uncontrolled Resource Consumption
19899-17084
18358-16823
17755-17084
19899-17084
18358-16823
17755-17084
Important
19899-17084
Important
18358-16823
Important
17755-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19899-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18358-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17755-17084
CBL-Mariner Releases
19899-17084
17755-17084
No
Security Update
4.15-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19899-17084
17755-17084
CBL-Mariner Releases
CBL-Mariner Releases
18358-16823
No
Security Update
4.14-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18358-16823
CBL-Mariner Releases
1.0
2023-05-29T00:00:00
<p>Information published.</p>
1.1
2025-04-01T00:00:00
<p>Added libreswan to Azure Linux 3.0
Added libreswan to CBL-Mariner 2.0</p>
1.2
2026-02-19T01:17:40
<p>Information published.</p>
AutoTools does not set CARES_RANDOM_FILE during cross compilation
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2023-31124
Use of Insufficiently Random Values
17862-16820
17862-16820
Low
17862-16820
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
17862-16820
CBL-Mariner Releases
17862-16820
No
Security Update
1.19.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17862-16820
CBL-Mariner Releases
1.0
2023-06-03T00:00:00
<p>Information published.</p>
Buffer Underwrite in ares_inet_net_pton()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2023-31130
Out-of-bounds Write
19814-17086
17667-17084
17862-16820
17433-16823
17866-16823
17867-16823
17868-16823
17869-16823
17870-16823
17871-17084
20279-17084
19746-17084
19666-17084
19814-17086
17667-17084
17862-16820
17433-16823
17866-16823
17867-16823
17868-16823
17869-16823
17870-16823
17871-17084
20279-17084
19746-17084
19666-17084
Moderate
19814-17086
Moderate
17667-17084
Moderate
17862-16820
Moderate
17433-16823
Moderate
17866-16823
Moderate
17867-16823
Moderate
17868-16823
Moderate
17869-16823
Moderate
17870-16823
Moderate
17871-17084
Moderate
20279-17084
Moderate
19746-17084
Moderate
19666-17084
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
19814-17086
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
17667-17084
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
17862-16820
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
17433-16823
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
17866-16823
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
17867-16823
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
17868-16823
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
17869-16823
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
17870-16823
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
17871-17084
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
20279-17084
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
19746-17084
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
19666-17084
CBL-Mariner Releases
17862-16820
17870-16823
No
Security Update
1.19.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17862-16820
17870-16823
CBL-Mariner Releases
CBL-Mariner Releases
17433-16823
No
Security Update
21.1.2-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17433-16823
CBL-Mariner Releases
CBL-Mariner Releases
17866-16823
No
Security Update
18.17.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17866-16823
CBL-Mariner Releases
CBL-Mariner Releases
17867-16823
No
Security Update
16.20.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17867-16823
CBL-Mariner Releases
CBL-Mariner Releases
17868-16823
No
Security Update
1.42.0-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17868-16823
CBL-Mariner Releases
CBL-Mariner Releases
17869-16823
No
Security Update
2.1.10-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17869-16823
CBL-Mariner Releases
CBL-Mariner Releases
17871-17084
20279-17084
No
Security Update
1.62.0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17871-17084
20279-17084
CBL-Mariner Releases
CBL-Mariner Releases
19666-17084
No
Security Update
18.2.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19666-17084
CBL-Mariner Releases
1.3
2025-04-08T00:00:00
<p>Added grpc to CBL-Mariner 2.0
Added fluent-bit to CBL-Mariner 2.0
Added nodejs18 to CBL-Mariner 2.0
Added nodejs to CBL-Mariner 2.0
Added c-ares to CBL-Mariner 2.0
Added grpc to Azure Linux 3.0
Added c-ares to CBL-Mariner 1.0</p>
1.4
2026-02-18T03:15:20
<p>Information published.</p>
1.0
2023-05-30T00:00:00
<p>Information published.</p>
1.1
2023-05-31T00:00:00
<p>Added nodejs to CBL-Mariner 2.0</p>
1.2
2024-06-30T07:00:00
<p>Information published.</p>
0-byte UDP payload DoS in c-ares
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2023-32067
Uncontrolled Resource Consumption
20279-17084
19746-17084
17862-16820
17433-16823
17866-16823
17867-16823
17872-16823
17869-16823
17870-16823
17871-17084
17667-17084
20279-17084
19746-17084
17862-16820
17433-16823
17866-16823
17867-16823
17872-16823
17869-16823
17870-16823
17871-17084
17667-17084
Important
20279-17084
Important
19746-17084
Important
17862-16820
Important
17433-16823
Important
17866-16823
Important
17867-16823
Important
17872-16823
Important
17869-16823
Important
17870-16823
Important
17871-17084
Important
17667-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20279-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19746-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17862-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17433-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17866-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17867-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17872-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17869-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17870-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17871-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17667-17084
CBL-Mariner Releases
20279-17084
17871-17084
No
Security Update
1.62.0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20279-17084
17871-17084
CBL-Mariner Releases
CBL-Mariner Releases
17862-16820
17870-16823
No
Security Update
1.19.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17862-16820
17870-16823
CBL-Mariner Releases
CBL-Mariner Releases
17433-16823
No
Security Update
21.1.2-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17433-16823
CBL-Mariner Releases
CBL-Mariner Releases
17866-16823
No
Security Update
18.17.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17866-16823
CBL-Mariner Releases
CBL-Mariner Releases
17867-16823
No
Security Update
16.20.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17867-16823
CBL-Mariner Releases
CBL-Mariner Releases
17872-16823
No
Security Update
1.42.0-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17872-16823
CBL-Mariner Releases
CBL-Mariner Releases
17869-16823
No
Security Update
2.1.10-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17869-16823
CBL-Mariner Releases
1.4
2026-02-18T03:15:32
<p>Information published.</p>
1.0
2023-05-30T00:00:00
<p>Information published.</p>
1.1
2023-05-31T00:00:00
<p>Added nodejs to CBL-Mariner 2.0</p>
1.2
2024-06-30T07:00:00
<p>Information published.</p>
1.3
2024-12-27T00:00:00
<p>Added grpc to CBL-Mariner 2.0
Added python-gevent to CBL-Mariner 2.0
Added fluent-bit to CBL-Mariner 2.0
Added nodejs18 to CBL-Mariner 2.0
Added nodejs to CBL-Mariner 2.0
Added c-ares to CBL-Mariner 2.0
Added grpc to Azure Linux 3.0
Added c-ares to CBL-Mariner 1.0</p>
etcd key name can be accessed via LeaseTimeToLive API
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2023-32082
Exposure of Sensitive Information to an Unauthorized Actor
18375-16823
18375-16823
Moderate
18375-16823
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
18375-16823
CBL-Mariner Releases
18375-16823
No
Security Update
3.5.3-10
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18375-16823
CBL-Mariner Releases
1.0
2023-05-15T00:00:00
<p>Information published.</p>
In the Linux kernel through 6.3.1 a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-32233
Use After Free
17863-16820
17884-16823
17863-16820
17884-16823
Important
17863-16820
Important
17884-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17863-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17884-16823
CBL-Mariner Releases
17863-16820
No
Security Update
5.10.181.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17863-16820
CBL-Mariner Releases
CBL-Mariner Releases
17884-16823
No
Security Update
5.15.112.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17884-16823
CBL-Mariner Releases
1.0
2023-05-16T00:00:00
<p>Information published.</p>
1.1
2023-06-03T00:00:00
<p>Information published.</p>
An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However in order for an attacker to exploit this the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-32269
Use After Free
17863-16820
17884-16823
17863-16820
17884-16823
Moderate
17863-16820
Moderate
17884-16823
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
17863-16820
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
17884-16823
CBL-Mariner Releases
17863-16820
No
Security Update
5.10.181.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17863-16820
CBL-Mariner Releases
CBL-Mariner Releases
17884-16823
No
Security Update
5.15.112.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17884-16823
CBL-Mariner Releases
1.0
2023-05-12T00:00:00
<p>Information published.</p>
1.1
2023-06-03T00:00:00
<p>Information published.</p>
An issue was discovered in Qt before 5.15.15 6.x before 6.2.9 and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered a QTextLayout buffer overflow can be triggered.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-32763
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
17864-16820
17865-16823
17864-16820
17865-16823
Important
17864-16820
Important
17865-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17864-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17865-16823
CBL-Mariner Releases
17864-16820
No
Security Update
5.12.11-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17864-16820
CBL-Mariner Releases
CBL-Mariner Releases
17865-16823
No
Security Update
5.12.11-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17865-16823
CBL-Mariner Releases
1.0
2023-05-29T00:00:00
<p>Information published.</p>
1.1
2023-06-28T00:00:00
<p>Information published.</p>
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-33203
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
17863-16820
17873-16823
17863-16820
17873-16823
Moderate
17863-16820
Moderate
17873-16823
6.4
6.4
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
17863-16820
6.4
6.4
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
17873-16823
CBL-Mariner Releases
17863-16820
No
Security Update
5.10.181.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17863-16820
CBL-Mariner Releases
CBL-Mariner Releases
17873-16823
No
Security Update
5.15.112.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17873-16823
CBL-Mariner Releases
1.0
2023-05-29T00:00:00
<p>Information published.</p>
1.1
2023-06-13T00:00:00
<p>Information published.</p>
An issue was discovered in Qt 5.x before 5.15.14 6.x before 6.2.9 and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-33285
Out-of-bounds Read
18333-16823
18333-16823
Moderate
18333-16823
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
18333-16823
CBL-Mariner Releases
18333-16823
No
Security Update
5.12.11-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18333-16823
CBL-Mariner Releases
1.0
2023-05-31T00:00:00
<p>Information published.</p>
An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-34256
Out-of-bounds Read
17844-16820
17849-16823
17844-16820
17849-16823
Moderate
17844-16820
Moderate
17849-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17844-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17849-16823
CBL-Mariner Releases
17844-16820
No
Security Update
5.10.183.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17844-16820
CBL-Mariner Releases
CBL-Mariner Releases
17849-16823
No
Security Update
5.15.116.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17849-16823
CBL-Mariner Releases
1.0
2023-06-08T00:00:00
<p>Information published.</p>
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was the duplicate of CVE-2023-31436.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Google
Yes
CVE-2023-2248
17893-16820
17889-16823
17893-16820
17889-16823
Important
17893-16820
Important
17889-16823
CBL-Mariner Releases
17893-16820
No
Security Update
5.10.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17893-16820
CBL-Mariner Releases
CBL-Mariner Releases
17889-16823
No
Security Update
5.15.111.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17889-16823
CBL-Mariner Releases
1.0
2025-10-01T23:11:28
<p>Information published.</p>
Improper handling of JavaScript whitespace in html/template
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Go
Yes
CVE-2023-24540
18315-17084
19679-17084
19785-17086
19778-17086
19668-17086
19712-17086
19693-17084
17485-17084
19697-17084
17375-16823
18136-16823
17667-17084
18315-17084
19679-17084
19785-17086
19778-17086
19668-17086
19712-17086
19693-17084
17485-17084
19697-17084
17375-16823
18136-16823
17667-17084
Critical
18315-17084
Critical
19679-17084
Critical
19785-17086
Critical
19778-17086
Critical
19668-17086
Critical
19712-17086
Critical
19693-17084
Critical
17485-17084
Critical
19697-17084
Critical
17375-16823
Critical
18136-16823
Critical
17667-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18315-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19679-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19785-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19778-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19668-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19712-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19693-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17485-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19697-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17375-16823
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18136-16823
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17667-17084
CBL-Mariner Releases
19785-17086
19778-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19785-17086
19778-17086
CBL-Mariner Releases
CBL-Mariner Releases
17375-16823
No
Security Update
1.21.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17375-16823
CBL-Mariner Releases
CBL-Mariner Releases
18136-16823
No
Security Update
1.20.11-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18136-16823
CBL-Mariner Releases
1.0
2025-09-04T03:33:46
<p>Information published.</p>
1.1
2026-02-18T03:05:43
<p>Information published.</p>
Improper handling of empty HTML attributes in html/template
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Go
Yes
CVE-2023-29400
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
19668-17086
19712-17086
17667-17084
17375-16823
18140-16823
18138-16823
18141-17084
18315-17084
19785-17086
19778-17086
19693-17084
19697-17084
19668-17086
19712-17086
17667-17084
17375-16823
18140-16823
18138-16823
18141-17084
18315-17084
19785-17086
19778-17086
19693-17084
19697-17084
Important
19668-17086
Important
19712-17086
Important
17667-17084
Important
17375-16823
Important
18140-16823
Important
18138-16823
Important
18141-17084
Important
18315-17084
Important
19785-17086
Important
19778-17086
Important
19693-17084
Important
19697-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19668-17086
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19712-17086
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
17667-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
17375-16823
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
18140-16823
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
18138-16823
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
18141-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
18315-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19785-17086
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19778-17086
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19693-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19697-17084
CBL-Mariner Releases
17375-16823
No
Security Update
1.21.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17375-16823
CBL-Mariner Releases
CBL-Mariner Releases
18140-16823
18138-16823
18141-17084
No
Security Update
1.20.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18140-16823
18138-16823
18141-17084
CBL-Mariner Releases
CBL-Mariner Releases
19785-17086
19778-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19785-17086
19778-17086
CBL-Mariner Releases
1.0
2025-09-04T00:39:00
<p>Information published.</p>
1.1
2026-02-18T02:44:34
<p>Information published.</p>
llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-29933
Out-of-bounds Read
18377-16823
18374-16823
18377-16823
18374-16823
Moderate
18377-16823
Moderate
18374-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18377-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18374-16823
CBL-Mariner Releases
18377-16823
No
Security Update
16.0.0-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18377-16823
CBL-Mariner Releases
CBL-Mariner Releases
18374-16823
No
Security Update
16.0.0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18374-16823
CBL-Mariner Releases
1.0
2025-03-19T00:00:00
<p>Information published.</p>
2.0
2025-03-28T00:00:00
<p>Information published.</p>
llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-29935
Reachable Assertion
18373-16823
18374-16823
18373-16823
18374-16823
Moderate
18373-16823
Moderate
18374-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18373-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18374-16823
CBL-Mariner Releases
18373-16823
No
Security Update
1.72.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18373-16823
CBL-Mariner Releases
CBL-Mariner Releases
18374-16823
No
Security Update
16.0.0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18374-16823
CBL-Mariner Releases
1.0
2025-03-28T00:00:00
<p>Information published.</p>
Windows Driver Revocation List Security Feature Bypass Vulnerability
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could bypass the revocation list feature by modifying it and therefore impact the integrity of that list.</p>
Windows Secure Boot
Microsoft
Yes
CVE-2023-28251
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Security Feature Bypass
11568
Security Feature Bypass
11569
Security Feature Bypass
11570
Security Feature Bypass
11571
Security Feature Bypass
11572
Security Feature Bypass
11923
Security Feature Bypass
11924
Security Feature Bypass
11801
Security Feature Bypass
11802
Security Feature Bypass
11926
Security Feature Bypass
11927
Security Feature Bypass
11929
Security Feature Bypass
11930
Security Feature Bypass
11931
Security Feature Bypass
12085
Security Feature Bypass
12086
Security Feature Bypass
12097
Security Feature Bypass
12098
Security Feature Bypass
12099
Security Feature Bypass
10729
Security Feature Bypass
10735
Security Feature Bypass
10852
Security Feature Bypass
10853
Security Feature Bypass
10816
Security Feature Bypass
10855
Security Feature Bypass
9312
Security Feature Bypass
10287
Security Feature Bypass
9318
Security Feature Bypass
9344
Security Feature Bypass
10051
Security Feature Bypass
10049
Security Feature Bypass
10378
Security Feature Bypass
10379
Security Feature Bypass
10483
Security Feature Bypass
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11570
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11801
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11802
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11926
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11927
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10855
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
9312
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10287
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
9318
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
9344
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10051
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10049
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10378
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10379
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10483
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
10543
5026362
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026362
5025229
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.4377
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026362
5026362
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026370
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026370
5025230
11923
11924
Yes
Security Update
10.0.20348.1726
https://support.microsoft.com/help/5026370
11923
11924
5026370
5026370
https://support.microsoft.com/help/5026370
11923
11924
5026456
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.1724
https://support.microsoft.com/help/5026456
11923
11924
5026456
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11801
11802
Yes
Security Update
10.0.19042.2965
https://support.microsoft.com/help/5026361
11801
11802
5026361
5026361
https://support.microsoft.com/help/5026361
11801
11802
11929
11930
11931
12097
12098
12099
5026368
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026368
5025224
11926
11927
Yes
Security Update
10.0.22000.1936
https://support.microsoft.com/help/5026368
11926
11927
5026368
5026368
https://support.microsoft.com/help/5026368
11926
11927
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11929
11930
11931
Yes
Security Update
10.0.19044.2965
https://support.microsoft.com/help/5026361
11929
11930
11931
5026361
5026372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026372
5025239
12085
12086
Yes
Security Update
10.0.22621.1702
https://support.microsoft.com/help/5026372
12085
12086
5026372
5026372
https://support.microsoft.com/help/5026372
12085
12086
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
12097
12098
12099
Yes
Security Update
10.0.19045.2965
https://support.microsoft.com/help/5026361
12097
12098
12099
5026361
5026382
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026382
5025234
10729
10735
Yes
Security Update
10.0.10240.19926
https://support.microsoft.com/help/5026382
10729
10735
5026382
5026363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026363
5025228
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5921
https://support.microsoft.com/help/5026363
10852
10853
10816
10855
5026363
5026408
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026408
5025271
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22070
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026408
5026408
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22070
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026427
5026427
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026413
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026413
5025279
10051
10049
Yes
Monthly Rollup
6.1.7601.26519
https://support.microsoft.com/help/5026413
10051
10049
5026413
5026413
https://support.microsoft.com/help/5026413
10051
10049
5026426
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026426
10051
10049
Yes
Security Only
6.1.7601.26519
https://support.microsoft.com/help/5026426
10051
10049
5026426
5026426
https://support.microsoft.com/help/5026426
10051
10049
5026419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026419
5025287
10378
10379
Yes
Monthly Rollup
6.2.9200.24266
https://support.microsoft.com/help/5026419
10378
10379
5026419
5026411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026411
10378
10379
Yes
Security Only
6.2.9200.24266
https://support.microsoft.com/help/5026411
10378
10379
5026411
5026415
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026415
5025285
10483
10543
Yes
Monthly Rollup
6.3.9600.20969
https://support.microsoft.com/help/5026415
10483
10543
5026415
5026409
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026409
10483
10543
Yes
Security Only
6.3.9600.20969
https://support.microsoft.com/help/5026409
10483
10543
5026409
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through a specially crafted set of LDAP calls to execute arbitrary code within the context of the LDAP service.</p>
Windows LDAP - Lightweight Directory Access Protocol
Microsoft
Yes
CVE-2023-28283
Sensitive Data Storage in Improperly Locked Memory
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11801
Critical
11802
Critical
11926
Critical
11927
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5026362
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026362
5025229
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.4377
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026362
5026362
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026370
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026370
5025230
11923
11924
Yes
Security Update
10.0.20348.1726
https://support.microsoft.com/help/5026370
11923
11924
5026370
5026370
https://support.microsoft.com/help/5026370
11923
11924
5026456
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.1724
https://support.microsoft.com/help/5026456
11923
11924
5026456
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11801
11802
Yes
Security Update
10.0.19042.2965
https://support.microsoft.com/help/5026361
11801
11802
5026361
5026361
https://support.microsoft.com/help/5026361
11801
11802
11929
11930
11931
12097
12098
12099
5026368
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026368
5025224
11926
11927
Yes
Security Update
10.0.22000.1936
https://support.microsoft.com/help/5026368
11926
11927
5026368
5026368
https://support.microsoft.com/help/5026368
11926
11927
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11929
11930
11931
Yes
Security Update
10.0.19044.2965
https://support.microsoft.com/help/5026361
11929
11930
11931
5026361
5026372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026372
5025239
12085
12086
Yes
Security Update
10.0.22621.1702
https://support.microsoft.com/help/5026372
12085
12086
5026372
5026372
https://support.microsoft.com/help/5026372
12085
12086
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
12097
12098
12099
Yes
Security Update
10.0.19045.2965
https://support.microsoft.com/help/5026361
12097
12098
12099
5026361
5026382
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026382
5025234
10729
10735
Yes
Security Update
10.0.10240.19926
https://support.microsoft.com/help/5026382
10729
10735
5026382
5026363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026363
5025228
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5921
https://support.microsoft.com/help/5026363
10852
10853
10816
10855
5026363
5026408
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026408
5025271
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22070
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026408
5026408
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22070
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026427
5026427
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026413
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026413
5025279
10051
10049
Yes
Monthly Rollup
6.1.7601.26519
https://support.microsoft.com/help/5026413
10051
10049
5026413
5026413
https://support.microsoft.com/help/5026413
10051
10049
5026426
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026426
10051
10049
Yes
Security Only
6.1.7601.26519
https://support.microsoft.com/help/5026426
10051
10049
5026426
5026426
https://support.microsoft.com/help/5026426
10051
10049
5026419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026419
5025287
10378
10379
Yes
Monthly Rollup
6.2.9200.24266
https://support.microsoft.com/help/5026419
10378
10379
5026419
5026411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026411
10378
10379
Yes
Security Only
6.2.9200.24266
https://support.microsoft.com/help/5026411
10378
10379
5026411
5026415
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026415
5025285
10483
10543
Yes
Monthly Rollup
6.3.9600.20969
https://support.microsoft.com/help/5026415
10483
10543
5026415
5026409
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026409
10483
10543
Yes
Security Only
6.3.9600.20969
https://support.microsoft.com/help/5026409
10483
10543
5026409
<a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a>
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Windows SMB Denial of Service Vulnerability
<p><strong>What version of Windows Server 2022 is affected by this vulnerability?</strong></p>
<p>This vulnerability only affects the hotpatch version of Windows Server 2022. If you are not running this version of the operating system, no action is required for this vulnerability.</p>
<p><strong>What is SMB over QUIC?</strong></p>
<p>SMB over QUIC introduces an alternative to the TCP network transport, providing secure, reliable connectivity to edge file servers over untrusted networks like the Internet. QUIC is an IETF-standardized protocol with many benefits when compared to TCP. For more information, please visit: <a href="https://aka.ms/smboverquic">SMB over QUIC</a>.</p>
Windows SMB
Microsoft
Yes
CVE-2023-24898
11923
11924
Denial of Service
11923
Denial of Service
11924
Important
11923
Important
11924
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
5026456
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.1724
https://support.microsoft.com/help/5026456
11923
11924
5026456
<a href="https://twitter.com/nachoskrnl">Ben Barnea</a> with <a href="https://www.akamai.com/">Akamai Technologies</a>
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Windows Graphics Component Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.</p>
Microsoft Graphics Component
Microsoft
Yes
CVE-2023-24899
Sensitive Data Storage in Improperly Locked Memory
11923
11924
11926
11927
12085
12086
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
12085
Elevation of Privilege
12086
Important
11923
Important
11924
Important
11926
Important
11927
Important
12085
Important
12086
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
5026370
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026370
5025230
11923
11924
Yes
Security Update
10.0.20348.1726
https://support.microsoft.com/help/5026370
11923
11924
5026370
5026370
https://support.microsoft.com/help/5026370
11923
11924
5026456
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.1724
https://support.microsoft.com/help/5026456
11923
11924
5026456
5026368
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026368
5025224
11926
11927
Yes
Security Update
10.0.22000.1936
https://support.microsoft.com/help/5026368
11926
11927
5026368
5026368
https://support.microsoft.com/help/5026368
11926
11927
5026372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026372
5025239
12085
12086
Yes
Security Update
10.0.22621.1702
https://support.microsoft.com/help/5026372
12085
12086
5026372
5026372
https://support.microsoft.com/help/5026372
12085
12086
<a href="https://twitter.com/hillstone_lab">Zhang WangJunJie, He YiSheng, Li WenYue, QinFu Xu</a> with <a href="https://www.hillstonenet.com.cn/">Hillstone Network Security Research Institute</a>
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Server for NFS Denial of Service Vulnerability
Windows NFS Portmapper
Microsoft
Yes
CVE-2023-24939
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11570
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11801
Denial of Service
11802
Denial of Service
11926
Denial of Service
11927
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11570
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11801
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11802
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11926
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11927
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5026362
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026362
5025229
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.4377
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026362
5026362
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026370
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026370
5025230
11923
11924
Yes
Security Update
10.0.20348.1726
https://support.microsoft.com/help/5026370
11923
11924
5026370
5026370
https://support.microsoft.com/help/5026370
11923
11924
5026456
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.1724
https://support.microsoft.com/help/5026456
11923
11924
5026456
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11801
11802
Yes
Security Update
10.0.19042.2965
https://support.microsoft.com/help/5026361
11801
11802
5026361
5026361
https://support.microsoft.com/help/5026361
11801
11802
11929
11930
11931
12097
12098
12099
5026368
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026368
5025224
11926
11927
Yes
Security Update
10.0.22000.1936
https://support.microsoft.com/help/5026368
11926
11927
5026368
5026368
https://support.microsoft.com/help/5026368
11926
11927
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11929
11930
11931
Yes
Security Update
10.0.19044.2965
https://support.microsoft.com/help/5026361
11929
11930
11931
5026361
5026372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026372
5025239
12085
12086
Yes
Security Update
10.0.22621.1702
https://support.microsoft.com/help/5026372
12085
12086
5026372
5026372
https://support.microsoft.com/help/5026372
12085
12086
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
12097
12098
12099
Yes
Security Update
10.0.19045.2965
https://support.microsoft.com/help/5026361
12097
12098
12099
5026361
5026382
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026382
5025234
10729
10735
Yes
Security Update
10.0.10240.19926
https://support.microsoft.com/help/5026382
10729
10735
5026382
5026363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026363
5025228
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5921
https://support.microsoft.com/help/5026363
10852
10853
10816
10855
5026363
5026419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026419
5025287
10378
10379
Yes
Monthly Rollup
6.2.9200.24266
https://support.microsoft.com/help/5026419
10378
10379
5026419
5026411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026411
10378
10379
Yes
Security Only
6.2.9200.24266
https://support.microsoft.com/help/5026411
10378
10379
5026411
5026415
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026415
5025285
10483
10543
Yes
Monthly Rollup
6.3.9600.20969
https://support.microsoft.com/help/5026415
10483
10543
5026415
5026409
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026409
10483
10543
Yes
Security Only
6.3.9600.20969
https://support.microsoft.com/help/5026409
10483
10543
5026409
Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a>
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Windows NTLM Security Support Provider Information Disclosure Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.</p>
Windows NTLM
Microsoft
Yes
CVE-2023-24900
Out-of-bounds Read
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11801
Information Disclosure
11802
Information Disclosure
11926
Information Disclosure
11927
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11801
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11802
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11926
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11927
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5026362
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026362
5025229
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.4377
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026362
5026362
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026370
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026370
5025230
11923
11924
Yes
Security Update
10.0.20348.1726
https://support.microsoft.com/help/5026370
11923
11924
5026370
5026370
https://support.microsoft.com/help/5026370
11923
11924
5026456
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.1724
https://support.microsoft.com/help/5026456
11923
11924
5026456
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11801
11802
Yes
Security Update
10.0.19042.2965
https://support.microsoft.com/help/5026361
11801
11802
5026361
5026361
https://support.microsoft.com/help/5026361
11801
11802
11929
11930
11931
12097
12098
12099
5026368
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026368
5025224
11926
11927
Yes
Security Update
10.0.22000.1936
https://support.microsoft.com/help/5026368
11926
11927
5026368
5026368
https://support.microsoft.com/help/5026368
11926
11927
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11929
11930
11931
Yes
Security Update
10.0.19044.2965
https://support.microsoft.com/help/5026361
11929
11930
11931
5026361
5026372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026372
5025239
12085
12086
Yes
Security Update
10.0.22621.1702
https://support.microsoft.com/help/5026372
12085
12086
5026372
5026372
https://support.microsoft.com/help/5026372
12085
12086
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
12097
12098
12099
Yes
Security Update
10.0.19045.2965
https://support.microsoft.com/help/5026361
12097
12098
12099
5026361
5026382
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026382
5025234
10729
10735
Yes
Security Update
10.0.10240.19926
https://support.microsoft.com/help/5026382
10729
10735
5026382
5026363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026363
5025228
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5921
https://support.microsoft.com/help/5026363
10852
10853
10816
10855
5026363
5026408
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026408
5025271
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22070
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026408
5026408
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22070
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026427
5026427
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026413
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026413
5025279
10051
10049
Yes
Monthly Rollup
6.1.7601.26519
https://support.microsoft.com/help/5026413
10051
10049
5026413
5026413
https://support.microsoft.com/help/5026413
10051
10049
5026426
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026426
10051
10049
Yes
Security Only
6.1.7601.26519
https://support.microsoft.com/help/5026426
10051
10049
5026426
5026426
https://support.microsoft.com/help/5026426
10051
10049
5026419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026419
5025287
10378
10379
Yes
Monthly Rollup
6.2.9200.24266
https://support.microsoft.com/help/5026419
10378
10379
5026419
5026411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026411
10378
10379
Yes
Security Only
6.2.9200.24266
https://support.microsoft.com/help/5026411
10378
10379
5026411
5026415
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026415
5025285
10483
10543
Yes
Monthly Rollup
6.3.9600.20969
https://support.microsoft.com/help/5026415
10483
10543
5026415
5026409
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026409
10483
10543
Yes
Security Only
6.3.9600.20969
https://support.microsoft.com/help/5026409
10483
10543
5026409
<a href="https://twitter.com/kkokkokye">JeongOh Kyea</a> with <a href="https://theori.io/">THEORI</a>
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability
Windows PGM
Microsoft
Yes
CVE-2023-24940
NULL Pointer Dereference
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11570
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11801
Denial of Service
11802
Denial of Service
11926
Denial of Service
11927
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
9312
Denial of Service
10287
Denial of Service
9318
Denial of Service
9344
Denial of Service
10051
Denial of Service
10049
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11570
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11801
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11802
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11926
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11927
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9312
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10287
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9318
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9344
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10051
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10049
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5026362
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026362
5025229
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.4377
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026362
5026362
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026370
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026370
5025230
11923
11924
Yes
Security Update
10.0.20348.1726
https://support.microsoft.com/help/5026370
11923
11924
5026370
5026370
https://support.microsoft.com/help/5026370
11923
11924
5026456
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.1724
https://support.microsoft.com/help/5026456
11923
11924
5026456
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11801
11802
Yes
Security Update
10.0.19042.2965
https://support.microsoft.com/help/5026361
11801
11802
5026361
5026361
https://support.microsoft.com/help/5026361
11801
11802
11929
11930
11931
12097
12098
12099
5026368
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026368
5025224
11926
11927
Yes
Security Update
10.0.22000.1936
https://support.microsoft.com/help/5026368
11926
11927
5026368
5026368
https://support.microsoft.com/help/5026368
11926
11927
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11929
11930
11931
Yes
Security Update
10.0.19044.2965
https://support.microsoft.com/help/5026361
11929
11930
11931
5026361
5026372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026372
5025239
12085
12086
Yes
Security Update
10.0.22621.1702
https://support.microsoft.com/help/5026372
12085
12086
5026372
5026372
https://support.microsoft.com/help/5026372
12085
12086
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
12097
12098
12099
Yes
Security Update
10.0.19045.2965
https://support.microsoft.com/help/5026361
12097
12098
12099
5026361
5026382
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026382
5025234
10729
10735
Yes
Security Update
10.0.10240.19926
https://support.microsoft.com/help/5026382
10729
10735
5026382
5026363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026363
5025228
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5921
https://support.microsoft.com/help/5026363
10852
10853
10816
10855
5026363
5026408
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026408
5025271
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22070
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026408
5026408
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22070
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026427
5026427
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026413
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026413
5025279
10051
10049
Yes
Monthly Rollup
6.1.7601.26519
https://support.microsoft.com/help/5026413
10051
10049
5026413
5026413
https://support.microsoft.com/help/5026413
10051
10049
5026426
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026426
10051
10049
Yes
Security Only
6.1.7601.26519
https://support.microsoft.com/help/5026426
10051
10049
5026426
5026426
https://support.microsoft.com/help/5026426
10051
10049
5026419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026419
5025287
10378
10379
Yes
Monthly Rollup
6.2.9200.24266
https://support.microsoft.com/help/5026419
10378
10379
5026419
5026411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026411
10378
10379
Yes
Security Only
6.2.9200.24266
https://support.microsoft.com/help/5026411
10378
10379
5026411
5026415
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026415
5025285
10483
10543
Yes
Monthly Rollup
6.3.9600.20969
https://support.microsoft.com/help/5026415
10483
10543
5026415
5026409
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026409
10483
10543
Yes
Security Only
6.3.9600.20969
https://support.microsoft.com/help/5026409
10483
10543
5026409
<p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p>
<p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p>
<p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p>
<a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a>
1.0
2023-05-09T07:00:00
<p>Information published.</p>
1.1
2023-05-10T07:00:00
<p>Added mitigation. This is an informational change only.</p>
Windows NFS Portmapper Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
Windows NFS Portmapper
Microsoft
Yes
CVE-2023-24901
Buffer Over-read
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11801
Information Disclosure
11802
Information Disclosure
11926
Information Disclosure
11927
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11801
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11802
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11926
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11927
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5026362
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026362
5025229
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.4377
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026362
5026362
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026370
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026370
5025230
11923
11924
Yes
Security Update
10.0.20348.1726
https://support.microsoft.com/help/5026370
11923
11924
5026370
5026370
https://support.microsoft.com/help/5026370
11923
11924
5026456
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.1724
https://support.microsoft.com/help/5026456
11923
11924
5026456
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11801
11802
Yes
Security Update
10.0.19042.2965
https://support.microsoft.com/help/5026361
11801
11802
5026361
5026361
https://support.microsoft.com/help/5026361
11801
11802
11929
11930
11931
12097
12098
12099
5026368
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026368
5025224
11926
11927
Yes
Security Update
10.0.22000.1936
https://support.microsoft.com/help/5026368
11926
11927
5026368
5026368
https://support.microsoft.com/help/5026368
11926
11927
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11929
11930
11931
Yes
Security Update
10.0.19044.2965
https://support.microsoft.com/help/5026361
11929
11930
11931
5026361
5026372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026372
5025239
12085
12086
Yes
Security Update
10.0.22621.1702
https://support.microsoft.com/help/5026372
12085
12086
5026372
5026372
https://support.microsoft.com/help/5026372
12085
12086
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
12097
12098
12099
Yes
Security Update
10.0.19045.2965
https://support.microsoft.com/help/5026361
12097
12098
12099
5026361
5026382
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026382
5025234
10729
10735
Yes
Security Update
10.0.10240.19926
https://support.microsoft.com/help/5026382
10729
10735
5026382
5026363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026363
5025228
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5921
https://support.microsoft.com/help/5026363
10852
10853
10816
10855
5026363
5026419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026419
5025287
10378
10379
Yes
Monthly Rollup
6.2.9200.24266
https://support.microsoft.com/help/5026419
10378
10379
5026419
5026411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026411
10378
10379
Yes
Security Only
6.2.9200.24266
https://support.microsoft.com/help/5026411
10378
10379
5026411
5026415
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026415
5025285
10483
10543
Yes
Monthly Rollup
6.3.9600.20969
https://support.microsoft.com/help/5026415
10483
10543
5026415
5026409
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026409
10483
10543
Yes
Security Only
6.3.9600.20969
https://support.microsoft.com/help/5026409
10483
10543
5026409
Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a>
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Windows Network File System Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).</p>
Windows Network File System
Microsoft
Yes
CVE-2023-24941
Use of Uninitialized Resource
11571
11572
11923
11924
10816
10855
10378
10379
10483
10543
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
10816
Critical
10855
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5026362
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026362
5025229
11571
11572
Yes
Security Update
10.0.17763.4377
https://support.microsoft.com/help/5026362
11571
11572
5026362
5026362
https://support.microsoft.com/help/5026362
11571
11572
5026370
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026370
5025230
11923
11924
Yes
Security Update
10.0.20348.1726
https://support.microsoft.com/help/5026370
11923
11924
5026370
5026370
https://support.microsoft.com/help/5026370
11923
11924
5026456
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.1724
https://support.microsoft.com/help/5026456
11923
11924
5026456
5026363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026363
5025228
10816
10855
Yes
Security Update
10.0.14393.5921
https://support.microsoft.com/help/5026363
10816
10855
5026363
5026419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026419
5025287
10378
10379
Yes
Monthly Rollup
6.2.9200.24266
https://support.microsoft.com/help/5026419
10378
10379
5026419
5026411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026411
10378
10379
Yes
Security Only
6.2.9200.24266
https://support.microsoft.com/help/5026411
10378
10379
5026411
5026415
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026415
5025285
10483
10543
Yes
Monthly Rollup
6.3.9600.20969
https://support.microsoft.com/help/5026415
10483
10543
5026415
5026409
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026409
10483
10543
Yes
Security Only
6.3.9600.20969
https://support.microsoft.com/help/5026409
10483
10543
5026409
<p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p>
<p>This vulnerability is not exploitable in NFSV2.0 or NFSV3.0. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV4.1. This could adversely affect your ecosystem and should only be used as a temporary mitigation.</p>
<p><strong>Warning</strong> You should NOT apply this mitigation unless you have installed the May 2022 Windows security updates. Those updates address <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26937">CVE-2022-26937</a> which is a Critical vulnerability in NFSV2.0 and NFSV3.0.</p>
<p>The following PowerShell command will disable those versions:</p>
<p><code>PS C:\Set-NfsServerConfiguration -EnableNFSV4 $false </code></p>
<p>After running the command, you will need to restart NFS server or reboot the machine.</p>
<p>To restart NFS server, start a <strong>cmd</strong> window with <strong>Run as Administrator</strong>, enter the following commands:</p>
<ul>
<li><strong>nfsadmin server stop</strong></li>
<li><strong>nfsadmin server start</strong></li>
</ul>
<p>To confirm that NFSv4.1 has been turned off, run the following command in a Powershell window:</p>
<p><code>PS C:\Get-NfsServerConfiguration</code></p>
<p>Here is the sample output. Notice the EnableNFSv4.1 is "False" now:</p>
<pre><code>State : Running
LogActivity :
CharacterTranslationFile : Not Configured
DirectoryCacheSize (KB) : 128
HideFilesBeginningInDot : Disabled
EnableNFSV2 : True
EnableNFSV3 : True
EnableNFSV4 : False
EnableAuthenticationRenewal : True
AuthenticationRenewalIntervalSec : 600
NlmGracePeriodSec : 45
MountProtocol : {TCP, UDP}
NfsProtocol : {TCP, UDP}
NisProtocol : {TCP, UDP}
NlmProtocol : {TCP, UDP}
NsmProtocol : {TCP, UDP}
PortmapProtocol : {TCP, UDP}
MapServerProtocol : {TCP, UDP}
PreserveInheritance : False
NetgroupCacheTimeoutSec : 30
UnmappedUserAccount :
WorldAccount : Everyone
AlwaysOpenByName : False
GracePeriodSec : 240
LeasePeriodSec : 120
OnlineTimeoutSec : 180
</code></pre>
<p>To re-enable NFSv4.1 after you have installed the security update, enter the following command:</p>
<p><code>Set-NfsServerConfiguration -EnableNFSV4 $True </code></p>
<p>Again, after running the command you will need to restart NFS server or reboot the machine.</p>
Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a>
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Win32k Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Win32K
Microsoft
Yes
CVE-2023-24902
Out-of-bounds Read
11926
11927
12085
12086
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
12085
Elevation of Privilege
12086
Important
11926
Important
11927
Important
12085
Important
12086
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
5026368
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026368
5025224
11926
11927
Yes
Security Update
10.0.22000.1936
https://support.microsoft.com/help/5026368
11926
11927
5026368
5026368
https://support.microsoft.com/help/5026368
11926
11927
5026372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026372
5025239
12085
12086
Yes
Security Update
10.0.22621.1702
https://support.microsoft.com/help/5026372
12085
12086
5026372
5026372
https://support.microsoft.com/help/5026372
12085
12086
<a href="https://twitter.com/bl1nnnk">Hou Xiantong(Bl1nnnk)</a> with <a href="https://src.bytedance.com/static/lab/index.html">Wuheng Lab of ByteDance</a>
<a href="https://twitter.com/arudd1ck">Andrew Ruddick</a> with Microsoft Security Response Center
1.0
2023-05-09T07:00:00
<p>Information published.</p>
1.1
2023-05-18T07:00:00
<p>Added acknowledgements. This is an informational change only.</p>
Remote Procedure Call Runtime Denial of Service Vulnerability
Windows Remote Procedure Call Runtime
Microsoft
Yes
CVE-2023-24942
Buffer Over-read
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11570
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11801
Denial of Service
11802
Denial of Service
11926
Denial of Service
11927
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
9312
Denial of Service
10287
Denial of Service
9318
Denial of Service
9344
Denial of Service
10051
Denial of Service
10049
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11570
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11801
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11802
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11926
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11927
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9312
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10287
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9318
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9344
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10051
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10049
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5026362
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026362
5025229
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.4377
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026362
5026362
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026370
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026370
5025230
11923
11924
Yes
Security Update
10.0.20348.1726
https://support.microsoft.com/help/5026370
11923
11924
5026370
5026370
https://support.microsoft.com/help/5026370
11923
11924
5026456
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.1724
https://support.microsoft.com/help/5026456
11923
11924
5026456
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11801
11802
Yes
Security Update
10.0.19042.2965
https://support.microsoft.com/help/5026361
11801
11802
5026361
5026361
https://support.microsoft.com/help/5026361
11801
11802
11929
11930
11931
12097
12098
12099
5026368
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026368
5025224
11926
11927
Yes
Security Update
10.0.22000.1936
https://support.microsoft.com/help/5026368
11926
11927
5026368
5026368
https://support.microsoft.com/help/5026368
11926
11927
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11929
11930
11931
Yes
Security Update
10.0.19044.2965
https://support.microsoft.com/help/5026361
11929
11930
11931
5026361
5026372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026372
5025239
12085
12086
Yes
Security Update
10.0.22621.1702
https://support.microsoft.com/help/5026372
12085
12086
5026372
5026372
https://support.microsoft.com/help/5026372
12085
12086
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
12097
12098
12099
Yes
Security Update
10.0.19045.2965
https://support.microsoft.com/help/5026361
12097
12098
12099
5026361
5026382
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026382
5025234
10729
10735
Yes
Security Update
10.0.10240.19926
https://support.microsoft.com/help/5026382
10729
10735
5026382
5026363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026363
5025228
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5921
https://support.microsoft.com/help/5026363
10852
10853
10816
10855
5026363
5026408
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026408
5025271
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22070
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026408
5026408
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22070
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026427
5026427
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026413
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026413
5025279
10051
10049
Yes
Monthly Rollup
6.1.7601.26519
https://support.microsoft.com/help/5026413
10051
10049
5026413
5026413
https://support.microsoft.com/help/5026413
10051
10049
5026426
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026426
10051
10049
Yes
Security Only
6.1.7601.26519
https://support.microsoft.com/help/5026426
10051
10049
5026426
5026426
https://support.microsoft.com/help/5026426
10051
10049
5026419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026419
5025287
10378
10379
Yes
Monthly Rollup
6.2.9200.24266
https://support.microsoft.com/help/5026419
10378
10379
5026419
5026411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026411
10378
10379
Yes
Security Only
6.2.9200.24266
https://support.microsoft.com/help/5026411
10378
10379
5026411
5026415
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026415
5025285
10483
10543
Yes
Monthly Rollup
6.3.9600.20969
https://support.microsoft.com/help/5026415
10483
10543
5026415
5026409
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026409
10483
10543
Yes
Security Only
6.3.9600.20969
https://support.microsoft.com/help/5026409
10483
10543
5026409
Microsoft Offensive Research & Security Engineering
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>To exploit this vulnerability, an attacker would need to send a specially crafted malicious SSTP packet to a SSTP server. This could result in remote code execution on the server side.</p>
Windows Secure Socket Tunneling Protocol (SSTP)
Microsoft
Yes
CVE-2023-24903
Double Free
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11801
Critical
11802
Critical
11926
Critical
11927
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5026362
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026362
5025229
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.4377
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026362
5026362
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026370
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026370
5025230
11923
11924
Yes
Security Update
10.0.20348.1726
https://support.microsoft.com/help/5026370
11923
11924
5026370
5026370
https://support.microsoft.com/help/5026370
11923
11924
5026456
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.1724
https://support.microsoft.com/help/5026456
11923
11924
5026456
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11801
11802
Yes
Security Update
10.0.19042.2965
https://support.microsoft.com/help/5026361
11801
11802
5026361
5026361
https://support.microsoft.com/help/5026361
11801
11802
11929
11930
11931
12097
12098
12099
5026368
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026368
5025224
11926
11927
Yes
Security Update
10.0.22000.1936
https://support.microsoft.com/help/5026368
11926
11927
5026368
5026368
https://support.microsoft.com/help/5026368
11926
11927
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11929
11930
11931
Yes
Security Update
10.0.19044.2965
https://support.microsoft.com/help/5026361
11929
11930
11931
5026361
5026372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026372
5025239
12085
12086
Yes
Security Update
10.0.22621.1702
https://support.microsoft.com/help/5026372
12085
12086
5026372
5026372
https://support.microsoft.com/help/5026372
12085
12086
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
12097
12098
12099
Yes
Security Update
10.0.19045.2965
https://support.microsoft.com/help/5026361
12097
12098
12099
5026361
5026382
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026382
5025234
10729
10735
Yes
Security Update
10.0.10240.19926
https://support.microsoft.com/help/5026382
10729
10735
5026382
5026363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026363
5025228
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5921
https://support.microsoft.com/help/5026363
10852
10853
10816
10855
5026363
5026408
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026408
5025271
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22070
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026408
5026408
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22070
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026427
5026427
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026413
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026413
5025279
10051
10049
Yes
Monthly Rollup
6.1.7601.26519
https://support.microsoft.com/help/5026413
10051
10049
5026413
5026413
https://support.microsoft.com/help/5026413
10051
10049
5026426
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026426
10051
10049
Yes
Security Only
6.1.7601.26519
https://support.microsoft.com/help/5026426
10051
10049
5026426
5026426
https://support.microsoft.com/help/5026426
10051
10049
5026419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026419
5025287
10378
10379
Yes
Monthly Rollup
6.2.9200.24266
https://support.microsoft.com/help/5026419
10378
10379
5026419
5026411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026411
10378
10379
Yes
Security Only
6.2.9200.24266
https://support.microsoft.com/help/5026411
10378
10379
5026411
5026415
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026415
5025285
10483
10543
Yes
Monthly Rollup
6.3.9600.20969
https://support.microsoft.com/help/5026415
10483
10543
5026415
5026409
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026409
10483
10543
Yes
Security Only
6.3.9600.20969
https://support.microsoft.com/help/5026409
10483
10543
5026409
<a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a>
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code.</p>
Windows PGM
Microsoft
Yes
CVE-2023-24943
Heap-based Buffer Overflow
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11801
Critical
11802
Critical
11926
Critical
11927
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
9.8
8.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5026362
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026362
5025229
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.4377
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026362
5026362
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026370
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026370
5025230
11923
11924
Yes
Security Update
10.0.20348.1726
https://support.microsoft.com/help/5026370
11923
11924
5026370
5026370
https://support.microsoft.com/help/5026370
11923
11924
5026456
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.1724
https://support.microsoft.com/help/5026456
11923
11924
5026456
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11801
11802
Yes
Security Update
10.0.19042.2965
https://support.microsoft.com/help/5026361
11801
11802
5026361
5026361
https://support.microsoft.com/help/5026361
11801
11802
11929
11930
11931
12097
12098
12099
5026368
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026368
5025224
11926
11927
Yes
Security Update
10.0.22000.1936
https://support.microsoft.com/help/5026368
11926
11927
5026368
5026368
https://support.microsoft.com/help/5026368
11926
11927
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11929
11930
11931
Yes
Security Update
10.0.19044.2965
https://support.microsoft.com/help/5026361
11929
11930
11931
5026361
5026372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026372
5025239
12085
12086
Yes
Security Update
10.0.22621.1702
https://support.microsoft.com/help/5026372
12085
12086
5026372
5026372
https://support.microsoft.com/help/5026372
12085
12086
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
12097
12098
12099
Yes
Security Update
10.0.19045.2965
https://support.microsoft.com/help/5026361
12097
12098
12099
5026361
5026382
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026382
5025234
10729
10735
Yes
Security Update
10.0.10240.19926
https://support.microsoft.com/help/5026382
10729
10735
5026382
5026363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026363
5025228
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5921
https://support.microsoft.com/help/5026363
10852
10853
10816
10855
5026363
5026408
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026408
5025271
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22070
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026408
5026408
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22070
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026427
5026427
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026413
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026413
5025279
10051
10049
Yes
Monthly Rollup
6.1.7601.26519
https://support.microsoft.com/help/5026413
10051
10049
5026413
5026413
https://support.microsoft.com/help/5026413
10051
10049
5026426
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026426
10051
10049
Yes
Security Only
6.1.7601.26519
https://support.microsoft.com/help/5026426
10051
10049
5026426
5026426
https://support.microsoft.com/help/5026426
10051
10049
5026419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026419
5025287
10378
10379
Yes
Monthly Rollup
6.2.9200.24266
https://support.microsoft.com/help/5026419
10378
10379
5026419
5026411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026411
10378
10379
Yes
Security Only
6.2.9200.24266
https://support.microsoft.com/help/5026411
10378
10379
5026411
5026415
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026415
5025285
10483
10543
Yes
Monthly Rollup
6.3.9600.20969
https://support.microsoft.com/help/5026415
10483
10543
5026415
5026409
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026409
10483
10543
Yes
Security Only
6.3.9600.20969
https://support.microsoft.com/help/5026409
10483
10543
5026409
<p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p>
<p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p>
<p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p>
<a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a>
1.0
2023-05-09T07:00:00
<p>Information published.</p>
1.1
2023-05-10T07:00:00
<p>Added mitigation. This is an informational change only.</p>
Remote Desktop Client Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send the user a malicious file and convince them to open it.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could host the malicious .rdp file on a file share, a user accessing the .rdp file from the share would be vulnerable to remote code execution.</p>
Remote Desktop Client
Microsoft
Yes
CVE-2023-24905
Improper Access Control
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11801
11802
Yes
Security Update
10.0.19042.2965
https://support.microsoft.com/help/5026361
11801
11802
5026361
5026361
https://support.microsoft.com/help/5026361
11801
11802
11929
11930
11931
12097
12098
12099
5026368
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026368
5025224
11926
11927
Yes
Security Update
10.0.22000.1936
https://support.microsoft.com/help/5026368
11926
11927
5026368
5026368
https://support.microsoft.com/help/5026368
11926
11927
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11929
11930
11931
Yes
Security Update
10.0.19044.2965
https://support.microsoft.com/help/5026361
11929
11930
11931
5026361
5026372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026372
5025239
12085
12086
Yes
Security Update
10.0.22621.1702
https://support.microsoft.com/help/5026372
12085
12086
5026372
5026372
https://support.microsoft.com/help/5026372
12085
12086
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
12097
12098
12099
Yes
Security Update
10.0.19045.2965
https://support.microsoft.com/help/5026361
12097
12098
12099
5026361
<a href="https://il.linkedin.com/in/dordali">Dor Dali</a> with Cyolo
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Windows Bluetooth Driver Information Disclosure Vulnerability
<p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p>
<p>Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>Exploiting this vulnerability could allow the disclosure of certain kernel memory content.</p>
Microsoft Bluetooth Driver
Microsoft
Yes
CVE-2023-24944
Access of Resource Using Incompatible Type ('Type Confusion')
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11801
Information Disclosure
11802
Information Disclosure
11926
Information Disclosure
11927
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11801
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11802
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11926
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11927
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5026362
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026362
5025229
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.4377
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026362
5026362
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026370
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026370
5025230
11923
11924
Yes
Security Update
10.0.20348.1726
https://support.microsoft.com/help/5026370
11923
11924
5026370
5026370
https://support.microsoft.com/help/5026370
11923
11924
5026456
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.1724
https://support.microsoft.com/help/5026456
11923
11924
5026456
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11801
11802
Yes
Security Update
10.0.19042.2965
https://support.microsoft.com/help/5026361
11801
11802
5026361
5026361
https://support.microsoft.com/help/5026361
11801
11802
11929
11930
11931
12097
12098
12099
5026368
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026368
5025224
11926
11927
Yes
Security Update
10.0.22000.1936
https://support.microsoft.com/help/5026368
11926
11927
5026368
5026368
https://support.microsoft.com/help/5026368
11926
11927
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11929
11930
11931
Yes
Security Update
10.0.19044.2965
https://support.microsoft.com/help/5026361
11929
11930
11931
5026361
5026372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026372
5025239
12085
12086
Yes
Security Update
10.0.22621.1702
https://support.microsoft.com/help/5026372
12085
12086
5026372
5026372
https://support.microsoft.com/help/5026372
12085
12086
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
12097
12098
12099
Yes
Security Update
10.0.19045.2965
https://support.microsoft.com/help/5026361
12097
12098
12099
5026361
Keqi Hu
Bryan Gonzalez from Ocelot Team @ Metabase Q
1.0
2023-05-09T07:00:00
<p>Information published.</p>
1.1
2023-05-12T07:00:00
<p>Added an acknowledgement. This is an informational change only.</p>
1.2
2023-05-18T07:00:00
<p>Updated FAQ information. This is an informational change only.</p>
Windows iSCSI Target Service Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.</p>
Windows iSCSI Target Service
Microsoft
Yes
CVE-2023-24945
Integer Overflow or Wraparound
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11801
Information Disclosure
11802
Information Disclosure
11926
Information Disclosure
11927
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11801
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11802
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11926
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11927
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5026362
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026362
5025229
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.4377
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026362
5026362
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026370
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026370
5025230
11923
11924
Yes
Security Update
10.0.20348.1726
https://support.microsoft.com/help/5026370
11923
11924
5026370
5026370
https://support.microsoft.com/help/5026370
11923
11924
5026456
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.1724
https://support.microsoft.com/help/5026456
11923
11924
5026456
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11801
11802
Yes
Security Update
10.0.19042.2965
https://support.microsoft.com/help/5026361
11801
11802
5026361
5026361
https://support.microsoft.com/help/5026361
11801
11802
11929
11930
11931
12097
12098
12099
5026368
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026368
5025224
11926
11927
Yes
Security Update
10.0.22000.1936
https://support.microsoft.com/help/5026368
11926
11927
5026368
5026368
https://support.microsoft.com/help/5026368
11926
11927
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11929
11930
11931
Yes
Security Update
10.0.19044.2965
https://support.microsoft.com/help/5026361
11929
11930
11931
5026361
5026372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026372
5025239
12085
12086
Yes
Security Update
10.0.22621.1702
https://support.microsoft.com/help/5026372
12085
12086
5026372
5026372
https://support.microsoft.com/help/5026372
12085
12086
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
12097
12098
12099
Yes
Security Update
10.0.19045.2965
https://support.microsoft.com/help/5026361
12097
12098
12099
5026361
5026382
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026382
5025234
10729
10735
Yes
Security Update
10.0.10240.19926
https://support.microsoft.com/help/5026382
10729
10735
5026382
5026363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026363
5025228
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5921
https://support.microsoft.com/help/5026363
10852
10853
10816
10855
5026363
5026408
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026408
5025271
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22070
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026408
5026408
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22070
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026427
5026427
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026413
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026413
5025279
10051
10049
Yes
Monthly Rollup
6.1.7601.26519
https://support.microsoft.com/help/5026413
10051
10049
5026413
5026413
https://support.microsoft.com/help/5026413
10051
10049
5026426
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026426
10051
10049
Yes
Security Only
6.1.7601.26519
https://support.microsoft.com/help/5026426
10051
10049
5026426
5026426
https://support.microsoft.com/help/5026426
10051
10049
5026419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026419
5025287
10378
10379
Yes
Monthly Rollup
6.2.9200.24266
https://support.microsoft.com/help/5026419
10378
10379
5026419
5026411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026411
10378
10379
Yes
Security Only
6.2.9200.24266
https://support.microsoft.com/help/5026411
10378
10379
5026411
5026415
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026415
5025285
10483
10543
Yes
Monthly Rollup
6.3.9600.20969
https://support.microsoft.com/help/5026415
10483
10543
5026415
5026409
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026409
10483
10543
Yes
Security Only
6.3.9600.20969
https://support.microsoft.com/help/5026409
10483
10543
5026409
B1aN
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Windows Backup Service Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Backup Engine
Microsoft
Yes
CVE-2023-24946
Sensitive Data Storage in Improperly Locked Memory
11568
11569
11570
11571
11572
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10051
10049
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10051
Elevation of Privilege
10049
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10051
Important
10049
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
5026362
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026362
5025229
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.4377
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026362
5026362
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11801
11802
Yes
Security Update
10.0.19042.2965
https://support.microsoft.com/help/5026361
11801
11802
5026361
5026361
https://support.microsoft.com/help/5026361
11801
11802
11929
11930
11931
12097
12098
12099
5026368
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026368
5025224
11926
11927
Yes
Security Update
10.0.22000.1936
https://support.microsoft.com/help/5026368
11926
11927
5026368
5026368
https://support.microsoft.com/help/5026368
11926
11927
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11929
11930
11931
Yes
Security Update
10.0.19044.2965
https://support.microsoft.com/help/5026361
11929
11930
11931
5026361
5026372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026372
5025239
12085
12086
Yes
Security Update
10.0.22621.1702
https://support.microsoft.com/help/5026372
12085
12086
5026372
5026372
https://support.microsoft.com/help/5026372
12085
12086
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
12097
12098
12099
Yes
Security Update
10.0.19045.2965
https://support.microsoft.com/help/5026361
12097
12098
12099
5026361
5026382
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026382
5025234
10729
10735
Yes
Security Update
10.0.10240.19926
https://support.microsoft.com/help/5026382
10729
10735
5026382
5026363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026363
5025228
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5921
https://support.microsoft.com/help/5026363
10852
10853
10816
10855
5026363
5026413
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026413
5025279
10051
10049
Yes
Monthly Rollup
6.1.7601.26519
https://support.microsoft.com/help/5026413
10051
10049
5026413
5026413
https://support.microsoft.com/help/5026413
10051
10049
5026426
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026426
10051
10049
Yes
Security Only
6.1.7601.26519
https://support.microsoft.com/help/5026426
10051
10049
5026426
5026426
https://support.microsoft.com/help/5026426
10051
10049
<a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a>
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Windows Bluetooth Driver Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p>
<p>Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An unauthorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to remote code execution on the Bluetooth component.</p>
Microsoft Bluetooth Driver
Microsoft
Yes
CVE-2023-24947
Use After Free
11568
11569
11570
11571
11572
11801
11802
11929
11930
11931
12097
12098
12099
10852
10853
10816
10855
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11801
Important
11802
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5026362
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026362
5025229
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.4377
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026362
5026362
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11801
11802
Yes
Security Update
10.0.19042.2965
https://support.microsoft.com/help/5026361
11801
11802
5026361
5026361
https://support.microsoft.com/help/5026361
11801
11802
11929
11930
11931
12097
12098
12099
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11929
11930
11931
Yes
Security Update
10.0.19044.2965
https://support.microsoft.com/help/5026361
11929
11930
11931
5026361
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
12097
12098
12099
Yes
Security Update
10.0.19045.2965
https://support.microsoft.com/help/5026361
12097
12098
12099
5026361
5026363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026363
5025228
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5921
https://support.microsoft.com/help/5026363
10852
10853
10816
10855
5026363
Keqi Hu
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Windows Bluetooth Driver Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>In order to exploit this vulnerability, the victim must pair with the attacker's Bluetooth device.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p>
<p>Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An authorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to elevation of privilege on the Bluetooth component.</p>
Microsoft Bluetooth Driver
Microsoft
Yes
CVE-2023-24948
Heap-based Buffer Overflow
11568
11569
11570
11571
11572
11801
11802
11926
11927
11929
11930
11931
12097
12098
12099
10729
10735
10852
10853
10816
10855
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.4
6.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5026362
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026362
5025229
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.4377
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026362
5026362
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11801
11802
Yes
Security Update
10.0.19042.2965
https://support.microsoft.com/help/5026361
11801
11802
5026361
5026361
https://support.microsoft.com/help/5026361
11801
11802
11929
11930
11931
12097
12098
12099
5026368
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026368
5025224
11926
11927
Yes
Security Update
10.0.22000.1936
https://support.microsoft.com/help/5026368
11926
11927
5026368
5026368
https://support.microsoft.com/help/5026368
11926
11927
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11929
11930
11931
Yes
Security Update
10.0.19044.2965
https://support.microsoft.com/help/5026361
11929
11930
11931
5026361
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
12097
12098
12099
Yes
Security Update
10.0.19045.2965
https://support.microsoft.com/help/5026361
12097
12098
12099
5026361
5026382
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026382
5025234
10729
10735
Yes
Security Update
10.0.10240.19926
https://support.microsoft.com/help/5026382
10729
10735
5026382
5026363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026363
5025228
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5921
https://support.microsoft.com/help/5026363
10852
10853
10816
10855
5026363
5026419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026419
5025287
10378
10379
Yes
Monthly Rollup
6.2.9200.24266
https://support.microsoft.com/help/5026419
10378
10379
5026419
5026411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026411
10378
10379
Yes
Security Only
6.2.9200.24266
https://support.microsoft.com/help/5026411
10378
10379
5026411
5026415
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026415
5025285
10483
10543
Yes
Monthly Rollup
6.3.9600.20969
https://support.microsoft.com/help/5026415
10483
10543
5026415
5026409
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026409
10483
10543
Yes
Security Only
6.3.9600.20969
https://support.microsoft.com/help/5026409
10483
10543
5026409
Anonymous with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
Keqi Hu
1.0
2023-05-09T07:00:00
<p>Information published.</p>
1.1
2024-05-06T07:00:00
<p>Added an acknowledgement. This is an informational change only.</p>
Windows Kernel Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Kernel
Microsoft
Yes
CVE-2023-24949
Integer Overflow or Wraparound
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
5026362
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026362
5025229
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.4377
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026362
5026362
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026370
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026370
5025230
11923
11924
Yes
Security Update
10.0.20348.1726
https://support.microsoft.com/help/5026370
11923
11924
5026370
5026370
https://support.microsoft.com/help/5026370
11923
11924
5026456
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.1724
https://support.microsoft.com/help/5026456
11923
11924
5026456
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11801
11802
Yes
Security Update
10.0.19042.2965
https://support.microsoft.com/help/5026361
11801
11802
5026361
5026361
https://support.microsoft.com/help/5026361
11801
11802
11929
11930
11931
12097
12098
12099
5026368
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026368
5025224
11926
11927
Yes
Security Update
10.0.22000.1936
https://support.microsoft.com/help/5026368
11926
11927
5026368
5026368
https://support.microsoft.com/help/5026368
11926
11927
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11929
11930
11931
Yes
Security Update
10.0.19044.2965
https://support.microsoft.com/help/5026361
11929
11930
11931
5026361
5026372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026372
5025239
12085
12086
Yes
Security Update
10.0.22621.1702
https://support.microsoft.com/help/5026372
12085
12086
5026372
5026372
https://support.microsoft.com/help/5026372
12085
12086
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
12097
12098
12099
Yes
Security Update
10.0.19045.2965
https://support.microsoft.com/help/5026361
12097
12098
12099
5026361
Anonymous working with Trend Micro Zero Day Initiative
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Microsoft SharePoint Server Spoofing Vulnerability
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>In a network-based attack an attacker who has privileges to create a site on a vulnerable SharePoint server could use this vulnerability to cause the server to leak its NTLM hash.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2023-24950
Improper Input Validation
10950
11585
11961
Spoofing
10950
Spoofing
11585
Spoofing
11961
Important
10950
Important
11585
Important
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10950
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11585
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11961
5002397
https://www.microsoft.com/download/details.aspx?familyid=7a299fb3-33f2-4417-809d-7bf31da6d14e
5002385
10950
Maybe
Security Update
16.0.5395.1000
https://support.microsoft.com/help/5002397
10950
5002397
5002389
https://www.microsoft.com/download/details.aspx?familyid=c9190144-e85b-4ded-9b6f-cc9b295054f3
5002373
11585
Maybe
Security Update
16.0.10398.20000
https://support.microsoft.com/help/5002389
11585
5002389
5002390
https://www.microsoft.com/download/details.aspx?familyid=1aac4804-a1a0-4d40-8d9a-a1ac25def0b0
5002375
11961
Maybe
Security Update
16.0.16130.20420
https://support.microsoft.com/help/5002390
11961
5002390
<a href="https://www.twitter.com/chudypb">Piotr Bazydlo (@chudypb)</a> of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p><strong>Are the updates for the Microsoft Office for Mac currently available?</strong></p>
<p>The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2023-24953
Use After Free
11573
11574
11575
11605
11762
11763
11951
11952
11953
10739
10740
10656
10654
10655
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11575
Remote Code Execution
11605
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
10739
Remote Code Execution
10740
Remote Code Execution
10656
Remote Code Execution
10654
Remote Code Execution
10655
Important
11573
Important
11574
Important
11575
Important
11605
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
10739
Important
10740
Important
10656
Important
10654
Important
10655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11575
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11605
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10656
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10654
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10655
Click to Run
11573
11574
11762
11763
11952
11953
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11575
11951
Maybe
Security Update
16.73.23051401
https://go.microsoft.com/fwlink/p/?linkid=831049
11575
11951
Release Notes
5002372
https://www.microsoft.com/download/details.aspx?familyid=878994f4-26ae-4aa7-89d7-450c0f588de5
5002356
11605
Maybe
Security Update
16.0.10398.20000
https://support.microsoft.com/help/5002372
11605
5002372
5002386
https://www.microsoft.com/download/details.aspx?familyid=b08077f4-7571-4061-86cc-88c7e79d4cbe
5002351
10739
Maybe
Security Update
16.0.5395.1000
https://support.microsoft.com/help/5002386
10739
5002386
5002386
https://www.microsoft.com/download/details.aspx?familyid=f04a6476-dca6-4716-a14d-8f392999cbf2
5002351
10740
Maybe
Security Update
16.0.5395.1000
https://support.microsoft.com/help/5002386
10740
5002386
5002384
5002348
10656
Maybe
Security Update
15.0.5553.1000
https://support.microsoft.com/help/5002384
10656
5002384
5002384
https://www.microsoft.com/download/details.aspx?familyid=5c55d47e-7cb5-446c-a67d-5c06b1f01fd3
5002348
10654
Maybe
Security Update
15.0.5563.1000
https://support.microsoft.com/help/5002384
10654
5002384
5002384
https://www.microsoft.com/download/details.aspx?familyid=22c421ea-7b94-4c31-b0f8-c2255bcce1b6
5002348
10655
Maybe
Security Update
15.0.5563.1000
https://support.microsoft.com/help/5002384
10655
5002384
<a href="https://twitter.com/tecr0c">Rocco Calvi (@TecR0c)</a> with <a href="https://tecsecurity.io/">TecSecurity</a>
1.0
2023-05-09T07:00:00
<p>Information published.</p>
1.1
2023-05-15T07:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p>
Microsoft SharePoint Server Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is user tokens and other potentially sensitive information.</p>
<p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability?</strong></p>
<p>A successful attacker could gain the Domain SID prefix for the targeted site.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>The attacker must be authenticated to be able to exploit this vulnerability.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2023-24954
Server-Side Request Forgery (SSRF)
10950
11585
11961
Information Disclosure
10950
Information Disclosure
11585
Information Disclosure
11961
Important
10950
Important
11585
Important
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10950
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11585
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11961
5002397
https://www.microsoft.com/download/details.aspx?familyid=7a299fb3-33f2-4417-809d-7bf31da6d14e
5002385
10950
Maybe
Security Update
16.0.5395.1000
https://support.microsoft.com/help/5002397
10950
5002397
5002389
https://www.microsoft.com/download/details.aspx?familyid=c9190144-e85b-4ded-9b6f-cc9b295054f3
5002373
11585
Maybe
Security Update
16.0.10398.20000
https://support.microsoft.com/help/5002389
11585
5002389
5002390
https://www.microsoft.com/download/details.aspx?familyid=1aac4804-a1a0-4d40-8d9a-a1ac25def0b0
5002375
11961
Maybe
Security Update
16.0.16130.20420
https://support.microsoft.com/help/5002390
11961
5002390
<a href="https://twitter.com/testanull">Jang (Nguyễn Tiến Giang) of StarLabs SG</a> working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Microsoft SharePoint Server Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>In a network-based attack, an authenticated attacker as a Site Owner could execute code remotely on the SharePoint Server.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2023-24955
Improper Control of Generation of Code ('Code Injection')
10950
11585
11961
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
11961
Critical
10950
Critical
11585
Critical
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
7.2
6.3
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
7.2
6.3
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
7.2
6.3
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
5002397
https://www.microsoft.com/download/details.aspx?familyid=7a299fb3-33f2-4417-809d-7bf31da6d14e
5002385
10950
Maybe
Security Update
16.0.5395.1000
https://support.microsoft.com/help/5002397
10950
5002397
5002389
https://www.microsoft.com/download/details.aspx?familyid=c9190144-e85b-4ded-9b6f-cc9b295054f3
5002373
11585
Maybe
Security Update
16.0.10398.20000
https://support.microsoft.com/help/5002389
11585
5002389
5002390
https://www.microsoft.com/download/details.aspx?familyid=1aac4804-a1a0-4d40-8d9a-a1ac25def0b0
5002375
11961
Maybe
Security Update
16.0.16130.20420
https://support.microsoft.com/help/5002390
11961
5002390
<a href="https://twitter.com/testanull">Jang (Nguyễn Tiến Giang) of StarLabs SG</a> working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Windows MSHTML Platform Security Feature Bypass Vulnerability
<p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p>
<p>An attacker who successfully exploits the vulnerability could craft a malicious URL that would evade zone checks, resulting in a limited loss of integrity and availability on the victim machine.</p>
<p><strong>Are there additional steps that I need to take to be protected from this vulnerability?</strong></p>
<p>Yes. Customers must install the updates for CVE-2023-23397 and CVE-2023-29324 to be fully protected. For more information, please see the MSRC Blog Post relating to CVE-2023-23397 here: <a href="https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/">Microsoft Mitigates Outlook Elevation of Privilege Vulnerability</a>.</p>
<p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?</strong></p>
<p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p>
<p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p>
Windows MSHTML Platform
Microsoft
Yes
CVE-2023-29324
External Control of File Name or Path
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Security Feature Bypass
11568
Security Feature Bypass
11569
Security Feature Bypass
11570
Security Feature Bypass
11571
Security Feature Bypass
11572
Security Feature Bypass
11923
Security Feature Bypass
11924
Security Feature Bypass
11801
Security Feature Bypass
11802
Security Feature Bypass
11926
Security Feature Bypass
11927
Security Feature Bypass
11929
Security Feature Bypass
11930
Security Feature Bypass
11931
Security Feature Bypass
12085
Security Feature Bypass
12086
Security Feature Bypass
12097
Security Feature Bypass
12098
Security Feature Bypass
12099
Security Feature Bypass
10729
Security Feature Bypass
10735
Security Feature Bypass
10852
Security Feature Bypass
10853
Security Feature Bypass
10816
Security Feature Bypass
10855
Security Feature Bypass
9312
Security Feature Bypass
10287
Security Feature Bypass
9318
Security Feature Bypass
9344
Security Feature Bypass
10051
Security Feature Bypass
10049
Security Feature Bypass
10378
Security Feature Bypass
10379
Security Feature Bypass
10483
Security Feature Bypass
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
11570
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
11801
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
11802
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
11926
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
11927
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
12085
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
12086
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
10729
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
10735
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C
10855
5026362
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026362
5025229
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.4377
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026362
5026362
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026370
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026370
5025230
11923
11924
Yes
Security Update
10.0.20348.1726
https://support.microsoft.com/help/5026370
11923
11924
5026370
5026370
https://support.microsoft.com/help/5026370
11923
11924
5026456
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.1724
https://support.microsoft.com/help/5026456
11923
11924
5026456
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11801
11802
Yes
Security Update
10.0.19042.2965
https://support.microsoft.com/help/5026361
11801
11802
5026361
5026361
https://support.microsoft.com/help/5026361
11801
11802
11929
11930
11931
12097
12098
12099
5026368
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026368
5025224
11926
11927
Yes
Security Update
10.0.22000.1936
https://support.microsoft.com/help/5026368
11926
11927
5026368
5026368
https://support.microsoft.com/help/5026368
11926
11927
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11929
11930
11931
Yes
Security Update
10.0.19044.2965
https://support.microsoft.com/help/5026361
11929
11930
11931
5026361
5026372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026372
5025239
12085
12086
Yes
Security Update
10.0.22621.1702
https://support.microsoft.com/help/5026372
12085
12086
5026372
5026372
https://support.microsoft.com/help/5026372
12085
12086
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
12097
12098
12099
Yes
Security Update
10.0.19045.2965
https://support.microsoft.com/help/5026361
12097
12098
12099
5026361
5026382
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026382
5025234
10729
10735
Yes
Security Update
10.0.10240.19926
https://support.microsoft.com/help/5026382
10729
10735
5026382
5026363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026363
5025228
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5921
https://support.microsoft.com/help/5026363
10852
10853
10816
10855
5026363
5026408
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026408
5025271
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22070
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026408
5026408
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22070
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026427
5026427
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026366
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026366
5022835
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Yes
IE Cumulative
1.1.0.0
https://support.microsoft.com/help/5026366
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
5026366
5026413
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026413
5025279
10051
10049
Yes
Monthly Rollup
6.1.7601.26519
https://support.microsoft.com/help/5026413
10051
10049
5026413
5026413
https://support.microsoft.com/help/5026413
10051
10049
5026426
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026426
10051
10049
Yes
Security Only
6.1.7601.26519
https://support.microsoft.com/help/5026426
10051
10049
5026426
5026426
https://support.microsoft.com/help/5026426
10051
10049
5026419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026419
5025287
10378
10379
Yes
Monthly Rollup
6.2.9200.24266
https://support.microsoft.com/help/5026419
10378
10379
5026419
5026411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026411
10378
10379
Yes
Security Only
6.2.9200.24266
https://support.microsoft.com/help/5026411
10378
10379
5026411
5026415
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026415
5025285
10483
10543
Yes
Monthly Rollup
6.3.9600.20969
https://support.microsoft.com/help/5026415
10483
10543
5026415
5026409
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026409
10483
10543
Yes
Security Only
6.3.9600.20969
https://support.microsoft.com/help/5026409
10483
10543
5026409
<a href="https://twitter.com/nachoskrnl">Ben Barnea</a> with <a href="https://www.akamai.com/">Akamai Technologies</a>
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Microsoft Word Security Feature Bypass Vulnerability
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>This vulnerability could allow an attacker to bypass specific functionality of the Office Protected View.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p>
<ul>
<li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li>
<li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li>
</ul>
<p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
Microsoft Office Word
Microsoft
Yes
CVE-2023-29335
Improper Input Validation
11573
11574
11762
11763
11952
11953
10746
10747
10606
10604
10605
Security Feature Bypass
11573
Security Feature Bypass
11574
Security Feature Bypass
11762
Security Feature Bypass
11763
Security Feature Bypass
11952
Security Feature Bypass
11953
Security Feature Bypass
10746
Security Feature Bypass
10747
Security Feature Bypass
10606
Security Feature Bypass
10604
Security Feature Bypass
10605
Important
11573
Important
11574
Important
11762
Important
11763
Important
11952
Important
11953
Important
10746
Important
10747
Important
10606
Important
10604
Important
10605
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10746
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10747
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10606
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10604
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10605
Click to Run
11573
11574
11762
11763
11952
11953
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
Click to Run
5002369
https://www.microsoft.com/download/details.aspx?familyid=54834ad2-4176-4e8d-b0dc-85e51eb35245
5002323
10746
Maybe
Security Update
16.0.5395.1000
https://support.microsoft.com/help/5002369
10746
5002369
5002369
https://www.microsoft.com/download/details.aspx?familyid=4bf36666-8bde-49e3-8678-131f82b1c81d
5002323
10747
Maybe
Security Update
16.0.5395.1000
https://support.microsoft.com/help/5002369
10747
5002369
5002365
10606
Maybe
Security Update
15.0.5553.1000
https://support.microsoft.com/help/5002365
10606
5002365
5002365
https://www.microsoft.com/download/details.aspx?familyid=2e63168a-f2b2-490d-b211-de7ae61fad16
5002316
10604
Maybe
Security Update
15.0.5553.1000
https://support.microsoft.com/help/5002365
10604
5002365
5002365
https://www.microsoft.com/download/details.aspx?familyid=468b2bcf-481a-4aba-973a-46c92b708b73
5002316
10605
Maybe
Security Update
15.0.5553.1000
https://support.microsoft.com/help/5002365
10605
5002365
Felix Boulet
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Win32k Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Win32K
Microsoft
Yes
CVE-2023-29336
Use After Free
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5026382
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026382
5025234
10729
10735
Yes
Security Update
10.0.10240.19926
https://support.microsoft.com/help/5026382
10729
10735
5026382
5026363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026363
5025228
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5921
https://support.microsoft.com/help/5026363
10852
10853
10816
10855
5026363
5026408
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026408
5025271
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22070
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026408
5026408
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22070
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026427
5026427
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026413
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026413
5025279
10051
10049
Yes
Monthly Rollup
6.1.7601.26519
https://support.microsoft.com/help/5026413
10051
10049
5026413
5026413
https://support.microsoft.com/help/5026413
10051
10049
5026426
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026426
10051
10049
Yes
Security Only
6.1.7601.26519
https://support.microsoft.com/help/5026426
10051
10049
5026426
5026426
https://support.microsoft.com/help/5026426
10051
10049
5026419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026419
5025287
10378
10379
Yes
Monthly Rollup
6.2.9200.24266
https://support.microsoft.com/help/5026419
10378
10379
5026419
5026411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026411
10378
10379
Yes
Security Only
6.2.9200.24266
https://support.microsoft.com/help/5026411
10378
10379
5026411
5026415
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026415
5025285
10483
10543
Yes
Monthly Rollup
6.3.9600.20969
https://support.microsoft.com/help/5026415
10483
10543
5026415
5026409
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026409
10483
10543
Yes
Security Only
6.3.9600.20969
https://support.microsoft.com/help/5026409
10483
10543
5026409
Jan Vojtěšek, Milánek, and Luigino Camastra with Avast
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Visual Studio Code Spoofing Vulnerability
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required  is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>An authorized attacker must send the user a malicious file and convince the user to open it.</p>
Visual Studio Code
Microsoft
Yes
CVE-2023-29338
Improper Authorization
11622
Spoofing
11622
Important
11622
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
6.6
5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
11622
Release Notes
https://code.visualstudio.com/Download
11622
Maybe
Security Update
1.78.1
https://code.visualstudio.com/updates/v1_78
11622
Release Notes
<a href="https://blog.xlab.app/">xinyue.hu</a> with <a href="https://www.chaitin.cn/">Chaitin</a>
<a href="https://blog.xlab.app/">xinyue.hu</a> with <a href="https://www.chaitin.cn/">Chaitin</a>
1.0
2023-05-09T07:00:00
<p>Information published.</p>
AV1 Video Extension Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is Windows vulnerable in the default configuration?</strong></p>
<p>No. Only customers who have installed this app from the Microsoft Store may be vulnerable.</p>
<p><strong>How do I get the updated app?</strong></p>
<p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p>
<p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.</p>
<p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p>
<p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p>
<p><strong>How can I check if the update is installed?</strong></p>
<p>App package versions <strong>1.1.60961.0</strong> and later contain this update.</p>
<p>You can check the package version in PowerShell:</p>
<p><code>Get-AppxPackage -Name Microsoft.AV1VideoExtension</code></p>
<p>You can also check the package version by clicking the <strong>Start Menu</strong> - <strong>Settings</strong> - <strong>Apps</strong> - <strong>AV1 Video Extension</strong> - <strong>Advanced options</strong></p>
Microsoft Windows Codecs Library
Microsoft
Yes
CVE-2023-29340
11807
Remote Code Execution
11807
Important
11807
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11807
Information
https://apps.microsoft.com/store/detail/av1-video-extension/9MVZQVXJBQ9V?hl=en-us&gl=US
11807
Maybe
Security Update
1.1.60961.0
https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11
11807
Information
Anonymous
1.0
2023-05-09T07:00:00
<p>Information published.</p>
1.1
2023-05-17T07:00:00
<p>Updated the build numbers. This is an informational update only.</p>
AV1 Video Extension Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is Windows vulnerable in the default configuration?</strong></p>
<p>No. Only customers who have installed this app from the Microsoft Store may be vulnerable.</p>
<p><strong>How do I get the updated app?</strong></p>
<p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p>
<p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.</p>
<p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p>
<p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p>
<p><strong>How can I check if the update is installed?</strong></p>
<p>App package versions <strong>1.1.60961.0</strong> and later contain this update.</p>
<p>You can check the package version in PowerShell:</p>
<p><code>Get-AppxPackage -Name Microsoft.AV1VideoExtension</code></p>
<p>You can also check the package version by clicking the <strong>Start Menu</strong> - <strong>Settings</strong> - <strong>Apps</strong> - <strong>AV1 Video Extension</strong> - <strong>Advanced options</strong></p>
Microsoft Windows Codecs Library
Microsoft
Yes
CVE-2023-29341
Heap-based Buffer Overflow
11807
Remote Code Execution
11807
Important
11807
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11807
Information
https://apps.microsoft.com/store/detail/av1-video-extension/9MVZQVXJBQ9V?hl=en-us&gl=US
11807
Maybe
Security Update
1.1.60961.0
https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11
11807
Information
Anonymous
1.0
2023-05-09T07:00:00
<p>Information published.</p>
1.1
2023-05-17T07:00:00
<p>Updated the build numbers. This is an informational update only.</p>
SysInternals Sysmon for Windows Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
SysInternals
Microsoft
Yes
CVE-2023-29343
Improper Link Resolution Before File Access ('Link Following')
12114
Elevation of Privilege
12114
Important
12114
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12114
Information
https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon
12114
Maybe
Security Update
14.16
https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon
12114
Information
<a href="https://twitter.com/filip_dragovic">Filip Dragović</a>
1.0
2023-05-09T07:00:00
<p>Information published.</p>
1.1
2023-10-12T07:00:00
<p>Updated FAQ information. This is an informational change only.</p>
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>113.0.1774.35</td>
<td>113.0.5672.63/.64</td>
<td>5/5/2023</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>112.0.1722.71</td>
<td>112.0.5615.179</td>
<td>5/4/2023</td>
</tr>
</tbody>
</table>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p>
<p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of Integrity (I:L)? What does that mean for this vulnerability?</strong></p>
<p>Attacker is able to bypass Content Security Policy (CSP) and Pop-up blocker this this vulnerability, but cannot modify additional content of the browser itself.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>This vulnerability could lead to a browser iFrame sandbox escape, but not a full browser sandbox escape.</p>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2023-29354
11655
Security Feature Bypass
11655
Moderate
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
4.7
4.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
113.0.1774.35
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
<a href="https://twitter.com/shhnjk">Jun Kokatsu</a>
1.0
2023-05-05T07:00:00
<p>Information published.</p>
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and (A:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability could lead to a full compromise of the browser.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>113.0.1774.35</td>
<td>113.0.5672.63/.64</td>
<td>5/5/2023</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>112.0.1722.71</td>
<td>112.0.5615.179</td>
<td>5/4/2023</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2023-29350
11655
Elevation of Privilege
11655
Important
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
113.0.1774.35
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
Anonymous
1.0
2023-05-05T07:00:00
<p>Information published.</p>
Chromium: CVE-2023-2468 Inappropriate implementation in PictureInPicture
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>113.0.1774.35</td>
<td>113.0.5672.63/.64</td>
<td>5/5/2023</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>112.0.1722.71</td>
<td>112.0.5615.179</td>
<td>5/4/2023</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-2468
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
113.0.1774.35
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2023-05-05T07:00:00
<p>Information published.</p>
Chromium: CVE-2023-2460 Insufficient validation of untrusted input in Extensions
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>113.0.1774.35</td>
<td>113.0.5672.63/.64</td>
<td>5/5/2023</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>112.0.1722.71</td>
<td>112.0.5615.179</td>
<td>5/4/2023</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-2460
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
113.0.1774.35
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2023-05-05T07:00:00
<p>Information published.</p>
Chromium: CVE-2023-2462 Inappropriate implementation in Prompts
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>113.0.1774.35</td>
<td>113.0.5672.63/.64</td>
<td>5/5/2023</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>112.0.1722.71</td>
<td>112.0.5615.179</td>
<td>5/4/2023</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-2462
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
113.0.1774.35
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2023-05-05T07:00:00
<p>Information published.</p>
Chromium: CVE-2023-2463 Inappropriate implementation in Full Screen Mode
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>113.0.1774.35</td>
<td>113.0.5672.63/.64</td>
<td>5/5/2023</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>112.0.1722.71</td>
<td>112.0.5615.179</td>
<td>5/4/2023</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-2463
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
113.0.1774.35
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2023-05-05T07:00:00
<p>Information published.</p>
Chromium: CVE-2023-2464 Inappropriate implementation in PictureInPicture
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>113.0.1774.35</td>
<td>113.0.5672.63/.64</td>
<td>5/5/2023</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>112.0.1722.71</td>
<td>112.0.5615.179</td>
<td>5/4/2023</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-2464
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
113.0.1774.35
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2023-05-05T07:00:00
<p>Information published.</p>
Chromium: CVE-2023-2465 Inappropriate implementation in CORS
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>113.0.1774.35</td>
<td>113.0.5672.63/.64</td>
<td>5/5/2023</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>112.0.1722.71</td>
<td>112.0.5615.179</td>
<td>5/4/2023</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-2465
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
113.0.1774.35
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2023-05-05T07:00:00
<p>Information published.</p>
Chromium: CVE-2023-2466 Inappropriate implementation in Prompts
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>113.0.1774.35</td>
<td>113.0.5672.63/.64</td>
<td>5/5/2023</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>112.0.1722.71</td>
<td>112.0.5615.179</td>
<td>5/4/2023</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-2466
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
113.0.1774.35
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2023-05-05T07:00:00
<p>Information published.</p>
Chromium: CVE-2023-2467 Inappropriate implementation in Prompts
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>113.0.1774.35</td>
<td>113.0.5672.63/.64</td>
<td>5/5/2023</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>112.0.1722.71</td>
<td>112.0.5615.179</td>
<td>5/4/2023</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-2467
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
113.0.1774.35
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2023-05-05T07:00:00
<p>Information published.</p>
Chromium: CVE-2023-2459 Inappropriate implementation in Prompts
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>113.0.1774.35</td>
<td>113.0.5672.63/.64</td>
<td>5/5/2023</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>112.0.1722.71</td>
<td>112.0.5615.179</td>
<td>5/4/2023</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-2459
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
113.0.1774.35
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2023-05-05T07:00:00
<p>Information published.</p>
Chromium: CVE-2023-2726 Inappropriate implementation in WebApp Installs
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>113.0.1774.50</td>
<td>113.0.5672.126/.127</td>
<td>5/18/2023</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>112.0.1722.84</td>
<td>112.0.5615.204</td>
<td>5/18/2023</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-2726
11655
12142
11655
12142
11655
12142
DOS:N/A
Release Notes
11655
No
Security Update
113.0.1774.50
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
Release Notes
12142
No
Security Update
112.0.1722.84
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
12142
Release Notes
1.0
2023-05-18T20:38:53
<p>Information published.</p>
Chromium: CVE-2023-2721 Use after free in Navigation
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>113.0.1774.50</td>
<td>113.0.5672.126/.127</td>
<td>5/18/2023</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>112.0.1722.84</td>
<td>112.0.5615.204</td>
<td>5/18/2023</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-2721
11655
12142
11655
12142
11655
12142
DOS:N/A
Release Notes
11655
No
Security Update
113.0.1774.50
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
Release Notes
12142
No
Security Update
112.0.1722.84
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
12142
Release Notes
1.0
2023-05-18T20:38:36
<p>Information published.</p>
Chromium: CVE-2023-2722 Use after free in Autofill UI
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>113.0.1774.50</td>
<td>113.0.5672.126/.127</td>
<td>5/18/2023</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>112.0.1722.84</td>
<td>112.0.5615.204</td>
<td>5/18/2023</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-2722
11655
12142
11655
12142
11655
12142
DOS:N/A
Release Notes
11655
No
Security Update
113.0.1774.50
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
Release Notes
12142
No
Security Update
112.0.1722.84
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
12142
Release Notes
1.0
2023-05-18T20:38:39
<p>Information published.</p>
Chromium: CVE-2023-2723 Use after free in DevTools
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>113.0.1774.50</td>
<td>113.0.5672.126/.127</td>
<td>5/18/2023</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>112.0.1722.84</td>
<td>112.0.5615.204</td>
<td>5/18/2023</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-2723
11655
12142
11655
12142
11655
12142
DOS:N/A
Release Notes
11655
No
Security Update
113.0.1774.50
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
Release Notes
12142
No
Security Update
112.0.1722.84
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
12142
Release Notes
1.0
2023-05-18T20:38:43
<p>Information published.</p>
Chromium: CVE-2023-2724 Type Confusion in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>113.0.1774.50</td>
<td>113.0.5672.126/.127</td>
<td>5/18/2023</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>112.0.1722.84</td>
<td>112.0.5615.204</td>
<td>5/18/2023</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-2724
11655
12142
11655
12142
11655
12142
DOS:N/A
Release Notes
11655
No
Security Update
113.0.1774.50
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
Release Notes
12142
No
Security Update
112.0.1722.84
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
12142
Release Notes
1.0
2023-05-18T20:38:47
<p>Information published.</p>
Chromium: CVE-2023-2725 Use after free in Guest View
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>113.0.1774.50</td>
<td>113.0.5672.126/.127</td>
<td>5/18/2023</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>112.0.1722.84</td>
<td>112.0.5615.204</td>
<td>5/18/2023</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-2725
11655
12142
11655
12142
11655
12142
DOS:N/A
Release Notes
11655
No
Security Update
113.0.1774.50
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
Release Notes
12142
No
Security Update
112.0.1722.84
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
12142
Release Notes
1.0
2023-05-18T20:38:50
<p>Information published.</p>
Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>When an Microsoft Remote Desktop app for Windows client connects to the server and the user saves the self-signed certificate, the serial number is used to compare the certificate for future use. An attacker could swap out a forged certificate with the same serial number resulting in a machine-in-the-middle (MITM) attack.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could recover plaintext from TLS-protected data.</p>
<p><strong>How do I get the update for a Windows App?</strong></p>
<p>The Microsoft Store will automatically update affected customers.</p>
<p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a>. Be sure to select the tab for the operating system installed on your device to search for updates.</p>
Windows RDP Client
Microsoft
Yes
CVE-2023-28290
11850
Information Disclosure
11850
Important
11850
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11850
Release Notes
https://go.microsoft.com/fwlink/?LinkID=616709
11850
Maybe
Security Update
10.2.3006.0
https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-microsoft-store
11850
Release Notes
<a href="https://github.com/dscheg">dscheg</a>
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Microsoft Teams Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>This vulnerability could disclose sensitive information, which might include a user's full trust token.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>In a network-based attack, an attacker could host a site containing malicious code. When a target accesses that site, it could force open a full trust application and potentially obtain a user's full trust token.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of the vulnerability requires that a user navigate to a malicious site hosted on *.sharepoint.com.</p>
Microsoft Teams
Microsoft
Yes
CVE-2023-24881
Exposure of Sensitive Information to an Unauthorized Actor
11686
Information Disclosure
11686
Important
11686
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11686
Release Notes
https://docs.microsoft.com/en-us/microsoftteams/teams-client-update
11686
Maybe
Security Update
2.10.1
https://docs.microsoft.com/en-us/microsoftteams/teams-client-update
11686
Release Notes
Dan Saunders with <a href="https://www.microsoft.com/">Microsoft</a>
Trevor Harris with <a href="https://www.microsoft.com/">Microsoft</a>
1.0
2023-05-09T07:00:00
<p>Information published.</p>
1.1
2023-07-21T07:00:00
<p>Removed one of the FAQs. This is an information change only.</p>
Windows Installer Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p>
<p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.</p>
Windows Installer
Microsoft
Yes
CVE-2023-24904
Improper Link Resolution Before File Access ('Link Following')
9312
10287
9318
9344
10051
10049
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
9312
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10287
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
9318
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
9344
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10051
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10049
5026408
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026408
5025271
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22070
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026408
5026408
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22070
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026427
5026427
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026413
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026413
5025279
10051
10049
Yes
Monthly Rollup
6.1.7601.26519
https://support.microsoft.com/help/5026413
10051
10049
5026413
5026413
https://support.microsoft.com/help/5026413
10051
10049
5026426
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026426
10051
10049
Yes
Security Only
6.1.7601.26519
https://support.microsoft.com/help/5026426
10051
10049
5026426
5026426
https://support.microsoft.com/help/5026426
10051
10049
Naceri with MSRC V&M
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Windows OLE Remote Code Execution Vulnerability
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim's Outlook application displaying a preview of a specially crafted email . This could result in the attacker executing remote code on the victim's machine.</p>
Windows OLE
Microsoft
Yes
CVE-2023-29325
Use After Free
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11801
Critical
11802
Critical
11926
Critical
11927
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11568
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11569
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11570
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11571
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11572
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11923
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11924
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11801
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11802
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11926
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11927
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11929
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11930
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11931
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
12085
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
12086
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
12097
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
12098
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
12099
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10729
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10735
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10852
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10853
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10816
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10855
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
9312
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10287
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
9318
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
9344
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10051
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10049
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10378
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10379
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10483
8.1
7.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10543
5026362
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026362
5025229
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.4377
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026362
5026362
https://support.microsoft.com/help/5026362
11568
11569
11570
11571
11572
5026370
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026370
5025230
11923
11924
Yes
Security Update
10.0.20348.1726
https://support.microsoft.com/help/5026370
11923
11924
5026370
5026370
https://support.microsoft.com/help/5026370
11923
11924
5026456
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026456
11923
11924
Yes
Security Hotpatch Update
10.0.20348.1724
https://support.microsoft.com/help/5026456
11923
11924
5026456
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11801
11802
Yes
Security Update
10.0.19042.2965
https://support.microsoft.com/help/5026361
11801
11802
5026361
5026361
https://support.microsoft.com/help/5026361
11801
11802
11929
11930
11931
12097
12098
12099
5026368
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026368
5025224
11926
11927
Yes
Security Update
10.0.22000.1936
https://support.microsoft.com/help/5026368
11926
11927
5026368
5026368
https://support.microsoft.com/help/5026368
11926
11927
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11929
11930
11931
Yes
Security Update
10.0.19044.2965
https://support.microsoft.com/help/5026361
11929
11930
11931
5026361
5026372
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026372
5025239
12085
12086
Yes
Security Update
10.0.22621.1702
https://support.microsoft.com/help/5026372
12085
12086
5026372
5026372
https://support.microsoft.com/help/5026372
12085
12086
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
12097
12098
12099
Yes
Security Update
10.0.19045.2965
https://support.microsoft.com/help/5026361
12097
12098
12099
5026361
5026382
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026382
5025234
10729
10735
Yes
Security Update
10.0.10240.19926
https://support.microsoft.com/help/5026382
10729
10735
5026382
5026363
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026363
5025228
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5921
https://support.microsoft.com/help/5026363
10852
10853
10816
10855
5026363
5026408
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026408
5025271
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.22070
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026408
5026408
https://support.microsoft.com/help/5026408
9312
10287
9318
9344
5026427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026427
9312
10287
9318
9344
Yes
Security Only
6.0.6003.22070
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026427
5026427
https://support.microsoft.com/help/5026427
9312
10287
9318
9344
5026413
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026413
5025279
10051
10049
Yes
Monthly Rollup
6.1.7601.26519
https://support.microsoft.com/help/5026413
10051
10049
5026413
5026413
https://support.microsoft.com/help/5026413
10051
10049
5026426
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026426
10051
10049
Yes
Security Only
6.1.7601.26519
https://support.microsoft.com/help/5026426
10051
10049
5026426
5026426
https://support.microsoft.com/help/5026426
10051
10049
5026419
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026419
5025287
10378
10379
Yes
Monthly Rollup
6.2.9200.24266
https://support.microsoft.com/help/5026419
10378
10379
5026419
5026411
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026411
10378
10379
Yes
Security Only
6.2.9200.24266
https://support.microsoft.com/help/5026411
10378
10379
5026411
5026415
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026415
5025285
10483
10543
Yes
Monthly Rollup
6.3.9600.20969
https://support.microsoft.com/help/5026415
10483
10543
5026415
5026409
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026409
10483
10543
Yes
Security Only
6.3.9600.20969
https://support.microsoft.com/help/5026409
10483
10543
5026409
<p><strong>Use Microsoft Outlook to reduce the risk of users opening RTF Files from unknown or untrusted sources</strong></p>
<p>To help protect against this vulnerability, we recommend users read email messages in plain text format.</p>
<p>For guidance on how to configure Microsoft Outlook to read all standard mail in plain text, please refer to <a href="https://support.microsoft.com/en-us/office/read-email-messages-in-plain-text-16dfe54a-fadc-4261-b2ce-19ad072ed7e3">Read email messages in plain text</a>.</p>
<p><strong>Impact of workaround:</strong> Email messages that are viewed in plain text format will not contain pictures, specialized fonts, animations, or other rich content. In addition, the following behavior may be experienced:</p>
<ul>
<li>The changes are applied to the preview pane and to open messages.</li>
<li>Pictures become attachments so that they are not lost.</li>
<li>Because the message is still in Rich Text or HTML format in the store, the object model (custom code solutions) may behave unexpectedly.</li>
</ul>
<a href="https://twitter.com/wdormann">Will Dormann</a> with Vul Labs
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Microsoft Access Denial of Service Vulnerability
<p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability?</strong></p>
<p>The performance can be interrupted and/or reduced, but the attacker cannot fully deny service.</p>
Microsoft Office Access
Microsoft
Yes
CVE-2023-29333
11573
11574
11762
11763
11952
11953
Denial of Service
11573
Denial of Service
11574
Denial of Service
11762
Denial of Service
11763
Denial of Service
11952
Denial of Service
11953
Important
11573
Important
11574
Important
11762
Important
11763
Important
11952
Important
11953
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
11573
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
11574
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
11762
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
11763
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
11952
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
11953
Click to Run
11573
11574
11762
11763
11952
11953
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
Click to Run
Baris Reyhan with <a href="https://www.netpack.nl/">Netpack B.V.</a>
1.0
2023-05-09T07:00:00
<p>Information published.</p>
Microsoft Office Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>A user needs to be tricked into running malicious files.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
<p><strong>Are the updates for the Microsoft Office for Mac currently available?</strong></p>
<p>The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p>
Microsoft Office
Microsoft
Yes
CVE-2023-29344
Heap-based Buffer Overflow
11575
11762
11763
11951
Remote Code Execution
11575
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Important
11575
Important
11762
Important
11763
Important
11951
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11575
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11575
11951
Maybe
Security Update
16.73.23051401
https://go.microsoft.com/fwlink/p/?linkid=831049
11575
11951
Release Notes
Click to Run
11762
11763
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates
11762
11763
Click to Run
Kai Lu with Zscaler's ThreatLabz
1.1
2023-05-15T07:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p>
1.0
2023-05-09T07:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-2426
https://nvd.nist.gov/vuln/detail/CVE-2023-2426
https://nvd.nist.gov/vuln/detail/CVE-2023-2426
https://nvd.nist.gov/vuln/detail/CVE-2023-2426
Mariner
security@huntr.dev
Yes
CVE-2023-2426
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12138
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12139
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12140
vim
12137
vim-9.0.1562-1.cm1.x86_64.rpm
0001-01-01T00:00:00
vim-extra-9.0.1562-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
9.0.1562-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2426
12137
vim
vim
12138
vim-9.0.1562-1.cm1.aarch64.rpm
0001-01-01T00:00:00
vim-extra-9.0.1562-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
9.0.1562-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2426
12138
vim
vim
12139
vim-9.0.1562-1.cm2.x86_64.rpm
0001-01-01T00:00:00
vim-extra-9.0.1562-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
9.0.1562-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2426
12139
vim
vim
12140
vim-9.0.1562-1.cm2.aarch64.rpm
0001-01-01T00:00:00
vim-extra-9.0.1562-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
9.0.1562-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2426
12140
vim
1.0
2023-05-08T00:00:00
<p>Information published.</p>
1.1
2023-05-09T00:00:00
<p>Added vim to CBL-Mariner 1.0</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-1998
https://nvd.nist.gov/vuln/detail/CVE-2023-1998
https://nvd.nist.gov/vuln/detail/CVE-2023-1998
https://nvd.nist.gov/vuln/detail/CVE-2023-1998
https://nvd.nist.gov/vuln/detail/CVE-2023-1998
https://nvd.nist.gov/vuln/detail/CVE-2023-1998
https://nvd.nist.gov/vuln/detail/CVE-2023-1998
https://nvd.nist.gov/vuln/detail/CVE-2023-1998
Mariner
security@google.com
Yes
CVE-2023-1998
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
5.6
5.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
12137
5.6
5.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
12138
5.6
5.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
12139
5.6
5.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
12140
hyperv-daemons
12137
hyperv-daemons-5.10.189.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervkvpd-5.10.189.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervvssd-5.10.189.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.10.189.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.10.189.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.10.189.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.10.189.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.189.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1998
12137
hyperv-daemons
kernel
12137
kernel-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.179.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1998
12137
kernel
hyperv-daemons
12138
hyperv-daemons-5.10.189.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervkvpd-5.10.189.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervvssd-5.10.189.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.10.189.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.10.189.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.10.189.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.10.189.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.189.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1998
12138
hyperv-daemons
kernel
12138
kernel-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.179.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1998
12138
kernel
hyperv-daemons
12139
hyperv-daemons-5.15.118.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hypervkvpd-5.15.118.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hypervvssd-5.15.118.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.15.118.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.15.118.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.15.118.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.15.118.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.118.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1998
12139
hyperv-daemons
kernel
12139
kernel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1998
12139
kernel
hyperv-daemons
12140
hyperv-daemons-5.15.118.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hypervkvpd-5.15.118.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hypervvssd-5.15.118.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.15.118.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.15.118.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.15.118.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.15.118.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.118.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1998
12140
hyperv-daemons
kernel
12140
kernel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1998
12140
kernel
1.0
2023-05-04T00:00:00
<p>Information published.</p>
1.1
2023-05-05T00:00:00
<p>Added kernel to CBL-Mariner 1.0</p>
1.2
2023-04-24T00:00:00
<p>Information published.</p>
1.3
2023-04-25T00:00:00
<p>Added hyperv-daemons to CBL-Mariner 1.0</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-31436
https://nvd.nist.gov/vuln/detail/CVE-2023-31436
https://nvd.nist.gov/vuln/detail/CVE-2023-31436
https://nvd.nist.gov/vuln/detail/CVE-2023-31436
https://nvd.nist.gov/vuln/detail/CVE-2023-31436
https://nvd.nist.gov/vuln/detail/CVE-2023-31436
https://nvd.nist.gov/vuln/detail/CVE-2023-31436
https://nvd.nist.gov/vuln/detail/CVE-2023-31436
Mariner
cve@mitre.org
Yes
CVE-2023-31436
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12139
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12140
hyperv-daemons
12137
hyperv-daemons-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervkvpd-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervvssd-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.10.179.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.10.179.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.179.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-31436
12137
hyperv-daemons
kernel
12137
kernel-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.181.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-31436
12137
kernel
hyperv-daemons
12138
hyperv-daemons-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervkvpd-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervvssd-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.10.179.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.10.179.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.179.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-31436
12138
hyperv-daemons
kernel
12138
CBL-Mariner
5.10.181.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-31436
12138
kernel
hyperv-daemons
12139
hyperv-daemons-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hypervkvpd-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hypervvssd-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.15.111.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.15.111.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-31436
12139
hyperv-daemons
kernel
12139
kernel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-31436
12139
kernel
hyperv-daemons
12140
hyperv-daemons-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hypervkvpd-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hypervvssd-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.15.111.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.15.111.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-31436
12140
hyperv-daemons
kernel
12140
kernel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-31436
12140
kernel
1.0
2023-05-06T00:00:00
<p>Information published.</p>
1.1
2023-05-15T00:00:00
<p>Added hyperv-daemons to CBL-Mariner 1.0
Added hyperv-daemons to CBL-Mariner 2.0</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-0458
https://nvd.nist.gov/vuln/detail/CVE-2023-0458
https://nvd.nist.gov/vuln/detail/CVE-2023-0458
https://nvd.nist.gov/vuln/detail/CVE-2023-0458
Mariner
security@google.com
Yes
CVE-2023-0458
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
12137
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
12138
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
12139
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
12140
kernel
12137
kernel-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.179.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-0458
12137
kernel
kernel
12138
kernel-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.179.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-0458
12138
kernel
kernel
12139
kernel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-0458
12139
kernel
kernel
12140
kernel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-0458
12140
kernel
1.0
2023-05-10T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-2006
https://nvd.nist.gov/vuln/detail/CVE-2023-2006
https://nvd.nist.gov/vuln/detail/CVE-2023-2006
https://nvd.nist.gov/vuln/detail/CVE-2023-2006
Mariner
secalert@redhat.com
Yes
CVE-2023-2006
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
DOS:N/A
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
12139
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
12140
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
12137
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
12138
kernel
12139
kernel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2006
12139
kernel
kernel
12140
kernel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2006
12140
kernel
kernel
12137
kernel-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.181.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2006
12137
kernel
kernel
12138
CBL-Mariner
5.10.181.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2006
12138
kernel
1.0
2023-05-05T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-2019
https://nvd.nist.gov/vuln/detail/CVE-2023-2019
Mariner
secalert@redhat.com
Yes
CVE-2023-2019
12139
12140
12139
12140
12139
12140
DOS:N/A
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
12139
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
12140
kernel
12139
kernel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2019
12139
kernel
kernel
12140
kernel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2019
12140
kernel
1.0
2023-05-05T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-27404
https://nvd.nist.gov/vuln/detail/CVE-2022-27404
https://nvd.nist.gov/vuln/detail/CVE-2022-27404
https://nvd.nist.gov/vuln/detail/CVE-2022-27404
https://nvd.nist.gov/vuln/detail/CVE-2022-27404
https://nvd.nist.gov/vuln/detail/CVE-2022-27404
Mariner
cve@mitre.org
Yes
CVE-2022-27404
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
12137
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
12138
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
12139
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
12140
freetype
12137
freetype-2.11.1-2.cm1.x86_64.rpm
0001-01-01T00:00:00
freetype-devel-2.11.1-2.cm1.x86_64.rpm
0001-01-01T00:00:00
freetype-debuginfo-2.11.1-2.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.11.1-2
https://nvd.nist.gov/vuln/detail/CVE-2022-27404
12137
freetype
freetype
12138
freetype-2.11.1-2.cm1.aarch64.rpm
0001-01-01T00:00:00
freetype-devel-2.11.1-2.cm1.aarch64.rpm
0001-01-01T00:00:00
freetype-debuginfo-2.11.1-2.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.11.1-2
https://nvd.nist.gov/vuln/detail/CVE-2022-27404
12138
freetype
freetype
12139
freetype-2.11.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
freetype-devel-2.11.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
freetype-debuginfo-2.11.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.11.1-2
https://nvd.nist.gov/vuln/detail/CVE-2022-27404
12139
freetype
qt5-qtbase
12139
qt5-qtbase-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-common-5.15.9-1.cm2.noarch.rpm
0001-01-01T00:00:00
qt5-qtbase-devel-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-private-devel-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-examples-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-static-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-gui-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-debuginfo-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.9-1
https://nvd.nist.gov/vuln/detail/CVE-2022-27404
12139
qt5-qtbase
freetype
12140
freetype-2.11.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
freetype-devel-2.11.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
freetype-debuginfo-2.11.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.11.1-2
https://nvd.nist.gov/vuln/detail/CVE-2022-27404
12140
freetype
qt5-qtbase
12140
qt5-qtbase-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-common-5.15.9-1.cm2.noarch.rpm
0001-01-01T00:00:00
qt5-qtbase-devel-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-private-devel-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-examples-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-static-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-gui-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-debuginfo-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.9-1
https://nvd.nist.gov/vuln/detail/CVE-2022-27404
12140
qt5-qtbase
1.0
2022-05-04T00:00:00
<p>Information published.</p>
1.1
2022-05-11T00:00:00
<p>Added freetype to CBL-Mariner 1.0</p>
1.2
2023-05-23T00:00:00
<p>Added qt5-qtbase to CBL-Mariner 2.0</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-27406
https://nvd.nist.gov/vuln/detail/CVE-2022-27406
https://nvd.nist.gov/vuln/detail/CVE-2022-27406
https://nvd.nist.gov/vuln/detail/CVE-2022-27406
https://nvd.nist.gov/vuln/detail/CVE-2022-27406
https://nvd.nist.gov/vuln/detail/CVE-2022-27406
Mariner
cve@mitre.org
Yes
CVE-2022-27406
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12137
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12138
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12139
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12140
freetype
12137
freetype-2.12.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
freetype-devel-2.12.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
freetype-debuginfo-2.12.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.12.1-1
https://nvd.nist.gov/vuln/detail/CVE-2022-27406
12137
freetype
freetype
12138
freetype-2.12.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
freetype-devel-2.12.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
freetype-debuginfo-2.12.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.12.1-1
https://nvd.nist.gov/vuln/detail/CVE-2022-27406
12138
freetype
freetype
12139
freetype-2.12.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
freetype-devel-2.12.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
freetype-debuginfo-2.12.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.12.1-1
https://nvd.nist.gov/vuln/detail/CVE-2022-27406
12139
freetype
qt5-qtbase
12139
qt5-qtbase-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-common-5.15.9-1.cm2.noarch.rpm
0001-01-01T00:00:00
qt5-qtbase-devel-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-private-devel-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-examples-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-static-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-gui-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-debuginfo-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.9-1
https://nvd.nist.gov/vuln/detail/CVE-2022-27406
12139
qt5-qtbase
freetype
12140
freetype-2.12.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
freetype-devel-2.12.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
freetype-debuginfo-2.12.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.12.1-1
https://nvd.nist.gov/vuln/detail/CVE-2022-27406
12140
freetype
qt5-qtbase
12140
qt5-qtbase-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-common-5.15.9-1.cm2.noarch.rpm
0001-01-01T00:00:00
qt5-qtbase-devel-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-private-devel-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-examples-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-static-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-gui-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-debuginfo-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.9-1
https://nvd.nist.gov/vuln/detail/CVE-2022-27406
12140
qt5-qtbase
1.0
2022-05-06T00:00:00
<p>Information published.</p>
1.1
2022-05-11T00:00:00
<p>Added freetype to CBL-Mariner 1.0</p>
1.2
2023-05-23T00:00:00
<p>Added qt5-qtbase to CBL-Mariner 2.0</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-4095
https://nvd.nist.gov/vuln/detail/CVE-2022-4095
https://nvd.nist.gov/vuln/detail/CVE-2022-4095
https://nvd.nist.gov/vuln/detail/CVE-2022-4095
Mariner
secalert@redhat.com
Yes
CVE-2022-4095
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12139
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12140
kernel
12137
kernel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2022-4095
12137
kernel
kernel
12138
kernel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2022-4095
12138
kernel
kernel
12139
kernel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2022-4095
12139
kernel
kernel
12140
kernel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2022-4095
12140
kernel
1.0
2023-03-25T00:00:00
<p>Information published.</p>
1.1
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-0590
https://nvd.nist.gov/vuln/detail/CVE-2023-0590
https://nvd.nist.gov/vuln/detail/CVE-2023-0590
https://nvd.nist.gov/vuln/detail/CVE-2023-0590
Mariner
secalert@redhat.com
Yes
CVE-2023-0590
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
12137
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
12138
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
12139
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
12140
kernel
12137
kernel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-0590
12137
kernel
kernel
12138
kernel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-0590
12138
kernel
kernel
12139
kernel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-0590
12139
kernel
kernel
12140
kernel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-0590
12140
kernel
1.0
2023-03-30T00:00:00
<p>Information published.</p>
1.1
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-1252
https://nvd.nist.gov/vuln/detail/CVE-2023-1252
https://nvd.nist.gov/vuln/detail/CVE-2023-1252
https://nvd.nist.gov/vuln/detail/CVE-2023-1252
Mariner
secalert@redhat.com
Yes
CVE-2023-1252
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12139
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12140
kernel
12137
kernel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1252
12137
kernel
kernel
12138
kernel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1252
12138
kernel
kernel
12139
kernel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-1252
12139
kernel
kernel
12140
kernel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-1252
12140
kernel
1.0
2023-03-30T00:00:00
<p>Information published.</p>
1.1
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-0179
https://nvd.nist.gov/vuln/detail/CVE-2023-0179
https://nvd.nist.gov/vuln/detail/CVE-2023-0179
https://nvd.nist.gov/vuln/detail/CVE-2023-0179
Mariner
secalert@redhat.com
Yes
CVE-2023-0179
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12139
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12140
kernel
12137
kernel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-0179
12137
kernel
kernel
12138
kernel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-0179
12138
kernel
kernel
12139
kernel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-0179
12139
kernel
kernel
12140
kernel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-0179
12140
kernel
1.0
2023-04-04T00:00:00
<p>Information published.</p>
1.1
2023-04-05T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
1.2
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-30456
https://nvd.nist.gov/vuln/detail/CVE-2023-30456
https://nvd.nist.gov/vuln/detail/CVE-2023-30456
https://nvd.nist.gov/vuln/detail/CVE-2023-30456
Mariner
cve@mitre.org
Yes
CVE-2023-30456
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
6.5
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
12137
6.5
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
12138
6.5
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
12139
6.5
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
12140
kernel
12137
kernel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-30456
12137
kernel
kernel
12138
kernel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-30456
12138
kernel
kernel
12139
kernel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-30456
12139
kernel
kernel
12140
kernel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-30456
12140
kernel
1.0
2023-04-15T00:00:00
<p>Information published.</p>
1.1
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-1855
https://nvd.nist.gov/vuln/detail/CVE-2023-1855
https://nvd.nist.gov/vuln/detail/CVE-2023-1855
https://nvd.nist.gov/vuln/detail/CVE-2023-1855
https://nvd.nist.gov/vuln/detail/CVE-2023-1855
https://nvd.nist.gov/vuln/detail/CVE-2023-1855
https://nvd.nist.gov/vuln/detail/CVE-2023-1855
https://nvd.nist.gov/vuln/detail/CVE-2023-1855
Mariner
secalert@redhat.com
Yes
CVE-2023-1855
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
6.3
6.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
12137
6.3
6.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
12138
6.3
6.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
12139
6.3
6.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
12140
hyperv-daemons
12137
hyperv-daemons-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervkvpd-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervvssd-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.10.177.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.10.177.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1855
12137
hyperv-daemons
kernel
12137
kernel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1855
12137
kernel
hyperv-daemons
12138
hyperv-daemons-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervkvpd-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervvssd-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.10.177.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.10.177.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1855
12138
hyperv-daemons
kernel
12138
kernel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1855
12138
kernel
hyperv-daemons
12139
hyperv-daemons-5.15.107.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hypervkvpd-5.15.107.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hypervvssd-5.15.107.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.15.107.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.15.107.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.15.107.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.15.107.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1855
12139
hyperv-daemons
kernel
12139
kernel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-1855
12139
kernel
hyperv-daemons
12140
hyperv-daemons-5.15.107.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hypervkvpd-5.15.107.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hypervvssd-5.15.107.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.15.107.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.15.107.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.15.107.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.15.107.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1855
12140
hyperv-daemons
kernel
12140
kernel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-1855
12140
kernel
1.0
2023-04-13T00:00:00
<p>Information published.</p>
1.1
2023-04-15T00:00:00
<p>Added kernel to CBL-Mariner 1.0</p>
1.2
2023-04-18T00:00:00
<p>Added hyperv-daemons to CBL-Mariner 1.0
Added hyperv-daemons to CBL-Mariner 2.0</p>
1.3
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-1838
https://nvd.nist.gov/vuln/detail/CVE-2023-1838
https://nvd.nist.gov/vuln/detail/CVE-2023-1838
https://nvd.nist.gov/vuln/detail/CVE-2023-1838
Mariner
secalert@redhat.com
Yes
CVE-2023-1838
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
12137
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
12138
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
12139
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
12140
kernel
12137
kernel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1838
12137
kernel
kernel
12138
kernel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1838
12138
kernel
kernel
12139
kernel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-1838
12139
kernel
kernel
12140
kernel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-1838
12140
kernel
1.0
2023-04-13T00:00:00
<p>Information published.</p>
1.1
2023-04-15T00:00:00
<p>Added kernel to CBL-Mariner 1.0</p>
1.2
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-1829
https://nvd.nist.gov/vuln/detail/CVE-2023-1829
https://nvd.nist.gov/vuln/detail/CVE-2023-1829
https://nvd.nist.gov/vuln/detail/CVE-2023-1829
Mariner
security@google.com
Yes
CVE-2023-1829
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12139
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12140
kernel
12137
kernel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1829
12137
kernel
kernel
12138
kernel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1829
12138
kernel
kernel
12139
kernel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-1829
12139
kernel
kernel
12140
kernel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-1829
12140
kernel
1.0
2023-04-20T00:00:00
<p>Information published.</p>
1.1
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-30772
https://nvd.nist.gov/vuln/detail/CVE-2023-30772
https://nvd.nist.gov/vuln/detail/CVE-2023-30772
https://nvd.nist.gov/vuln/detail/CVE-2023-30772
https://nvd.nist.gov/vuln/detail/CVE-2023-30772
https://nvd.nist.gov/vuln/detail/CVE-2023-30772
Mariner
cve@mitre.org
Yes
CVE-2023-30772
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
6.4
6.4
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
12137
6.4
6.4
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
12138
6.4
6.4
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
12139
6.4
6.4
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
12140
hyperv-daemons
12137
hyperv-daemons-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervkvpd-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervvssd-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.10.177.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.10.177.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-30772
12137
hyperv-daemons
kernel
12137
kernel-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.179.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.179.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-30772
12137
kernel
hyperv-daemons
12138
hyperv-daemons-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervkvpd-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervvssd-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.10.177.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.10.177.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-30772
12138
hyperv-daemons
kernel
12138
kernel-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.179.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.179.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-30772
12138
kernel
kernel
12139
kernel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-30772
12139
kernel
kernel
12140
kernel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-30772
12140
kernel
1.0
2023-04-25T00:00:00
<p>Information published.</p>
1.1
2023-04-27T00:00:00
<p>Added kernel to CBL-Mariner 1.0
Added kernel to CBL-Mariner 2.0</p>
1.2
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-26917
https://nvd.nist.gov/vuln/detail/CVE-2023-26917
Mariner
cve@mitre.org
Yes
CVE-2023-26917
12139
12140
12139
12140
12139
12140
DOS:N/A
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12139
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12140
libyang
12139
libyang-2.1.55-1.cm2.x86_64.rpm
0001-01-01T00:00:00
libyang-devel-2.1.55-1.cm2.x86_64.rpm
0001-01-01T00:00:00
libyang-devel-doc-2.1.55-1.cm2.x86_64.rpm
0001-01-01T00:00:00
libyang-tools-2.1.55-1.cm2.x86_64.rpm
0001-01-01T00:00:00
libyang-debuginfo-2.1.55-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.1.55-1
https://nvd.nist.gov/vuln/detail/CVE-2023-26917
12139
libyang
libyang
12140
libyang-2.1.55-1.cm2.aarch64.rpm
0001-01-01T00:00:00
libyang-devel-2.1.55-1.cm2.aarch64.rpm
0001-01-01T00:00:00
libyang-devel-doc-2.1.55-1.cm2.aarch64.rpm
0001-01-01T00:00:00
libyang-tools-2.1.55-1.cm2.aarch64.rpm
0001-01-01T00:00:00
libyang-debuginfo-2.1.55-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.1.55-1
https://nvd.nist.gov/vuln/detail/CVE-2023-26917
12140
libyang
1.0
2023-04-19T00:00:00
<p>Information published.</p>
1.1
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-21972
https://nvd.nist.gov/vuln/detail/CVE-2023-21972
Mariner
secalert_us@oracle.com
Yes
CVE-2023-21972
12139
12140
12139
12140
12139
12140
DOS:N/A
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
12139
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
12140
mysql
12139
mysql-8.0.33-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mysql-devel-8.0.33-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mysql-debuginfo-8.0.33-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.0.33-1
https://nvd.nist.gov/vuln/detail/CVE-2023-21972
12139
mysql
mysql
12140
mysql-8.0.33-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mysql-devel-8.0.33-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mysql-debuginfo-8.0.33-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.0.33-1
https://nvd.nist.gov/vuln/detail/CVE-2023-21972
12140
mysql
1.0
2023-04-20T00:00:00
<p>Information published.</p>
1.1
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-21976
https://nvd.nist.gov/vuln/detail/CVE-2023-21976
Mariner
secalert_us@oracle.com
Yes
CVE-2023-21976
12139
12140
12139
12140
12139
12140
DOS:N/A
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
12139
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
12140
mysql
12139
mysql-8.0.33-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mysql-devel-8.0.33-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mysql-debuginfo-8.0.33-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.0.33-1
https://nvd.nist.gov/vuln/detail/CVE-2023-21976
12139
mysql
mysql
12140
mysql-8.0.33-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mysql-devel-8.0.33-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mysql-debuginfo-8.0.33-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.0.33-1
https://nvd.nist.gov/vuln/detail/CVE-2023-21976
12140
mysql
1.0
2023-04-20T00:00:00
<p>Information published.</p>
1.1
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-21977
https://nvd.nist.gov/vuln/detail/CVE-2023-21977
Mariner
secalert_us@oracle.com
Yes
CVE-2023-21977
12139
12140
12139
12140
12139
12140
DOS:N/A
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
12139
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
12140
mysql
12139
mysql-8.0.33-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mysql-devel-8.0.33-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mysql-debuginfo-8.0.33-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.0.33-1
https://nvd.nist.gov/vuln/detail/CVE-2023-21977
12139
mysql
mysql
12140
mysql-8.0.33-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mysql-devel-8.0.33-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mysql-debuginfo-8.0.33-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.0.33-1
https://nvd.nist.gov/vuln/detail/CVE-2023-21977
12140
mysql
1.0
2023-04-20T00:00:00
<p>Information published.</p>
1.1
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-24607
https://nvd.nist.gov/vuln/detail/CVE-2023-24607
https://nvd.nist.gov/vuln/detail/CVE-2023-24607
https://nvd.nist.gov/vuln/detail/CVE-2023-24607
Mariner
cve@mitre.org
Yes
CVE-2023-24607
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12137
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12138
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12139
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12140
qt5-qtbase
12137
qt5-qtbase-5.12.11-4.cm1.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-common-5.12.11-4.cm1.noarch.rpm
0001-01-01T00:00:00
qt5-qtbase-devel-5.12.11-4.cm1.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-private-devel-5.12.11-4.cm1.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-examples-5.12.11-4.cm1.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-static-5.12.11-4.cm1.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-gui-5.12.11-4.cm1.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-debuginfo-5.12.11-4.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.12.11-4
https://nvd.nist.gov/vuln/detail/CVE-2023-24607
12137
qt5-qtbase
qt5-qtbase
12138
qt5-qtbase-5.12.11-4.cm1.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-common-5.12.11-4.cm1.noarch.rpm
0001-01-01T00:00:00
qt5-qtbase-devel-5.12.11-4.cm1.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-private-devel-5.12.11-4.cm1.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-examples-5.12.11-4.cm1.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-static-5.12.11-4.cm1.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-gui-5.12.11-4.cm1.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-debuginfo-5.12.11-4.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.12.11-4
https://nvd.nist.gov/vuln/detail/CVE-2023-24607
12138
qt5-qtbase
qt5-qtbase
12139
qt5-qtbase-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-common-5.15.9-1.cm2.noarch.rpm
0001-01-01T00:00:00
qt5-qtbase-devel-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-private-devel-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-examples-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-static-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-gui-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-debuginfo-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.9-1
https://nvd.nist.gov/vuln/detail/CVE-2023-24607
12139
qt5-qtbase
qt5-qtbase
12140
qt5-qtbase-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-common-5.15.9-1.cm2.noarch.rpm
0001-01-01T00:00:00
qt5-qtbase-devel-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-private-devel-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-examples-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-static-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-gui-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-debuginfo-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.9-1
https://nvd.nist.gov/vuln/detail/CVE-2023-24607
12140
qt5-qtbase
1.0
2023-04-15T00:00:00
<p>Information published.</p>
1.1
2023-05-05T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2021-46878
https://nvd.nist.gov/vuln/detail/CVE-2021-46878
Mariner
cve@mitre.org
Yes
CVE-2021-46878
12137
12138
12137
12138
12137
12138
DOS:N/A
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12138
fluent-bit
12137
fluent-bit-1.5.2-3.cm1.x86_64.rpm
0001-01-01T00:00:00
fluent-bit-devel-1.5.2-3.cm1.x86_64.rpm
0001-01-01T00:00:00
fluent-bit-debuginfo-1.5.2-3.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
1.5.2-3
https://nvd.nist.gov/vuln/detail/CVE-2021-46878
12137
fluent-bit
fluent-bit
12138
fluent-bit-1.5.2-3.cm1.aarch64.rpm
0001-01-01T00:00:00
fluent-bit-devel-1.5.2-3.cm1.aarch64.rpm
0001-01-01T00:00:00
fluent-bit-debuginfo-1.5.2-3.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
1.5.2-3
https://nvd.nist.gov/vuln/detail/CVE-2021-46878
12138
fluent-bit
1.0
2023-04-18T00:00:00
<p>Information published.</p>
1.1
2023-05-25T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2021-46879
https://nvd.nist.gov/vuln/detail/CVE-2021-46879
Mariner
cve@mitre.org
Yes
CVE-2021-46879
12137
12138
12137
12138
12137
12138
DOS:N/A
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12138
fluent-bit
12137
fluent-bit-1.5.2-3.cm1.x86_64.rpm
0001-01-01T00:00:00
fluent-bit-devel-1.5.2-3.cm1.x86_64.rpm
0001-01-01T00:00:00
fluent-bit-debuginfo-1.5.2-3.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
1.5.2-3
https://nvd.nist.gov/vuln/detail/CVE-2021-46879
12137
fluent-bit
fluent-bit
12138
fluent-bit-1.5.2-3.cm1.aarch64.rpm
0001-01-01T00:00:00
fluent-bit-devel-1.5.2-3.cm1.aarch64.rpm
0001-01-01T00:00:00
fluent-bit-debuginfo-1.5.2-3.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
1.5.2-3
https://nvd.nist.gov/vuln/detail/CVE-2021-46879
12138
fluent-bit
1.0
2023-04-18T00:00:00
<p>Information published.</p>
1.1
2023-05-25T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-29491
https://nvd.nist.gov/vuln/detail/CVE-2023-29491
https://nvd.nist.gov/vuln/detail/CVE-2023-29491
https://nvd.nist.gov/vuln/detail/CVE-2023-29491
Mariner
cve@mitre.org
Yes
CVE-2023-29491
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12139
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12140
ncurses
12137
ncurses-6.4-1.cm1.x86_64.rpm
0001-01-01T00:00:00
ncurses-libs-6.4-1.cm1.x86_64.rpm
0001-01-01T00:00:00
ncurses-compat-6.4-1.cm1.x86_64.rpm
0001-01-01T00:00:00
ncurses-devel-6.4-1.cm1.x86_64.rpm
0001-01-01T00:00:00
ncurses-term-6.4-1.cm1.x86_64.rpm
0001-01-01T00:00:00
ncurses-debuginfo-6.4-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.4-1
https://nvd.nist.gov/vuln/detail/CVE-2023-29491
12137
ncurses
ncurses
12138
ncurses-6.4-1.cm1.aarch64.rpm
0001-01-01T00:00:00
ncurses-libs-6.4-1.cm1.aarch64.rpm
0001-01-01T00:00:00
ncurses-compat-6.4-1.cm1.aarch64.rpm
0001-01-01T00:00:00
ncurses-devel-6.4-1.cm1.aarch64.rpm
0001-01-01T00:00:00
ncurses-term-6.4-1.cm1.aarch64.rpm
0001-01-01T00:00:00
ncurses-debuginfo-6.4-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.4-1
https://nvd.nist.gov/vuln/detail/CVE-2023-29491
12138
ncurses
ncurses
12139
ncurses-6.4-1.cm2.x86_64.rpm
0001-01-01T00:00:00
ncurses-libs-6.4-1.cm2.x86_64.rpm
0001-01-01T00:00:00
ncurses-compat-6.4-1.cm2.x86_64.rpm
0001-01-01T00:00:00
ncurses-devel-6.4-1.cm2.x86_64.rpm
0001-01-01T00:00:00
ncurses-term-6.4-1.cm2.x86_64.rpm
0001-01-01T00:00:00
ncurses-debuginfo-6.4-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.4-1
https://nvd.nist.gov/vuln/detail/CVE-2023-29491
12139
ncurses
ncurses
12140
ncurses-6.4-1.cm2.aarch64.rpm
0001-01-01T00:00:00
ncurses-libs-6.4-1.cm2.aarch64.rpm
0001-01-01T00:00:00
ncurses-compat-6.4-1.cm2.aarch64.rpm
0001-01-01T00:00:00
ncurses-devel-6.4-1.cm2.aarch64.rpm
0001-01-01T00:00:00
ncurses-term-6.4-1.cm2.aarch64.rpm
0001-01-01T00:00:00
ncurses-debuginfo-6.4-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.4-1
https://nvd.nist.gov/vuln/detail/CVE-2023-29491
12140
ncurses
1.0
2023-04-24T00:00:00
<p>Information published.</p>
1.1
2023-05-25T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-28856
https://nvd.nist.gov/vuln/detail/CVE-2023-28856
https://nvd.nist.gov/vuln/detail/CVE-2023-28856
https://nvd.nist.gov/vuln/detail/CVE-2023-28856
Mariner
security-advisories@github.com
Yes
CVE-2023-28856
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12137
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12138
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12139
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12140
redis
12137
redis-6.2.12-1.cm1.x86_64.rpm
0001-01-01T00:00:00
redis-debuginfo-6.2.12-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.2.12-1
https://nvd.nist.gov/vuln/detail/CVE-2023-28856
12137
redis
redis
12138
redis-6.2.12-1.cm1.aarch64.rpm
0001-01-01T00:00:00
redis-debuginfo-6.2.12-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.2.12-1
https://nvd.nist.gov/vuln/detail/CVE-2023-28856
12138
redis
redis
12139
redis-6.2.12-1.cm2.x86_64.rpm
0001-01-01T00:00:00
redis-debuginfo-6.2.12-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.2.12-1
https://nvd.nist.gov/vuln/detail/CVE-2023-28856
12139
redis
redis
12140
redis-6.2.12-1.cm2.aarch64.rpm
0001-01-01T00:00:00
redis-debuginfo-6.2.12-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
6.2.12-1
https://nvd.nist.gov/vuln/detail/CVE-2023-28856
12140
redis
1.0
2023-04-25T00:00:00
<p>Information published.</p>
1.1
2023-05-25T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2019-9210
https://nvd.nist.gov/vuln/detail/CVE-2019-9210
Mariner
cve@mitre.org
Yes
CVE-2019-9210
12139
12140
12139
12140
12139
12140
DOS:N/A
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12139
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
12140
advancecomp
12139
advancecomp-2.4-2.cm2.x86_64.rpm
0001-01-01T00:00:00
advancecomp-debuginfo-2.4-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.1-14
https://nvd.nist.gov/vuln/detail/CVE-2019-9210
12139
advancecomp
advancecomp
12140
advancecomp-2.4-2.cm2.aarch64.rpm
0001-01-01T00:00:00
advancecomp-debuginfo-2.4-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.1-14
https://nvd.nist.gov/vuln/detail/CVE-2019-9210
12140
advancecomp
1.0
2021-12-16T00:00:00
<p>Information published.</p>
1.1
2023-05-25T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2020-0569
https://nvd.nist.gov/vuln/detail/CVE-2020-0569
Mariner
secure@intel.com
Yes
CVE-2020-0569
12139
12140
12139
12140
12139
12140
DOS:N/A
5.7
5.7
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12139
5.7
5.7
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12140
qt5-qtsvg
12139
qt5-qtsvg-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtsvg-devel-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtsvg-examples-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtsvg-debuginfo-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.9-1
https://nvd.nist.gov/vuln/detail/CVE-2020-0569
12139
qt5-qtsvg
qt5-qtsvg
12140
qt5-qtsvg-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtsvg-devel-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtsvg-examples-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtsvg-debuginfo-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.9-1
https://nvd.nist.gov/vuln/detail/CVE-2020-0569
12140
qt5-qtsvg
1.0
2022-10-20T00:00:00
<p>Information published.</p>
1.1
2023-05-25T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-22795
https://nvd.nist.gov/vuln/detail/CVE-2023-22795
Mariner
support@hackerone.com
Yes
CVE-2023-22795
12139
12140
12139
12140
12139
12140
DOS:N/A
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12139
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12140
ruby
12139
ruby-3.1.4-1.cm2.x86_64.rpm
0001-01-01T00:00:00
rubygems-3.3.26-1.cm2.noarch.rpm
0001-01-01T00:00:00
rubygems-devel-3.3.26-1.cm2.noarch.rpm
0001-01-01T00:00:00
ruby-debuginfo-3.1.4-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
3.1.4-1
https://nvd.nist.gov/vuln/detail/CVE-2023-22795
12139
ruby
ruby
12140
ruby-3.1.4-1.cm2.aarch64.rpm
0001-01-01T00:00:00
rubygems-3.3.26-1.cm2.noarch.rpm
0001-01-01T00:00:00
rubygems-devel-3.3.26-1.cm2.noarch.rpm
0001-01-01T00:00:00
ruby-debuginfo-3.1.4-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
3.1.4-1
https://nvd.nist.gov/vuln/detail/CVE-2023-22795
12140
ruby
1.0
2023-02-18T00:00:00
<p>Information published.</p>
1.1
2023-05-25T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-27477
https://nvd.nist.gov/vuln/detail/CVE-2023-27477
Mariner
security-advisories@github.com
Yes
CVE-2023-27477
12139
12140
12139
12140
12139
12140
DOS:N/A
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
12139
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
12140
rust
12139
rust-1.68.2-2.cm2.x86_64.rpm
0001-01-01T00:00:00
rust-doc-1.68.2-2.cm2.noarch.rpm
0001-01-01T00:00:00
rust-debuginfo-1.68.2-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
1.68.2-2
https://nvd.nist.gov/vuln/detail/CVE-2023-27477
12139
rust
rust
12140
rust-1.68.2-2.cm2.aarch64.rpm
0001-01-01T00:00:00
rust-doc-1.68.2-2.cm2.noarch.rpm
0001-01-01T00:00:00
rust-debuginfo-1.68.2-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
1.68.2-2
https://nvd.nist.gov/vuln/detail/CVE-2023-27477
12140
rust
1.0
2023-04-03T00:00:00
<p>Information published.</p>
1.1
2023-05-25T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-2008
https://nvd.nist.gov/vuln/detail/CVE-2023-2008
https://nvd.nist.gov/vuln/detail/CVE-2023-2008
https://nvd.nist.gov/vuln/detail/CVE-2023-2008
Mariner
secalert@redhat.com
Yes
CVE-2023-2008
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
DOS:N/A
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12139
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12140
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12138
kernel
12139
kernel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2008
12139
kernel
kernel
12140
kernel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2008
12140
kernel
kernel
12137
kernel-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.181.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2008
12137
kernel
kernel
12138
CBL-Mariner
5.10.181.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2008
12138
kernel
1.0
2023-04-25T00:00:00
<p>Information published.</p>
1.1
2023-05-25T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-26463
https://nvd.nist.gov/vuln/detail/CVE-2023-26463
Mariner
cve@mitre.org
Yes
CVE-2023-26463
12139
12140
12139
12140
12139
12140
DOS:N/A
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
12139
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
12140
strongswan
12139
strongswan-5.9.10-1.cm2.x86_64.rpm
0001-01-01T00:00:00
strongswan-debuginfo-5.9.10-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.9.10-1
https://nvd.nist.gov/vuln/detail/CVE-2023-26463
12139
strongswan
strongswan
12140
strongswan-5.9.10-1.cm2.aarch64.rpm
0001-01-01T00:00:00
strongswan-debuginfo-5.9.10-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.9.10-1
https://nvd.nist.gov/vuln/detail/CVE-2023-26463
12140
strongswan
1.0
2023-04-26T00:00:00
<p>Information published.</p>
1.1
2023-05-25T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-2177
https://nvd.nist.gov/vuln/detail/CVE-2023-2177
https://nvd.nist.gov/vuln/detail/CVE-2023-2177
https://nvd.nist.gov/vuln/detail/CVE-2023-2177
Mariner
secalert@redhat.com
Yes
CVE-2023-2177
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
DOS:N/A
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12139
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12140
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12138
kernel
12139
kernel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2177
12139
kernel
kernel
12140
kernel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2177
12140
kernel
kernel
12137
kernel-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.181.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2177
12137
kernel
kernel
12138
CBL-Mariner
5.10.181.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2177
12138
kernel
1.0
2023-04-28T00:00:00
<p>Information published.</p>
1.1
2023-05-25T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-2194
https://nvd.nist.gov/vuln/detail/CVE-2023-2194
https://nvd.nist.gov/vuln/detail/CVE-2023-2194
https://nvd.nist.gov/vuln/detail/CVE-2023-2194
Mariner
secalert@redhat.com
Yes
CVE-2023-2194
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
DOS:N/A
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
12139
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
12140
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
12137
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
12138
kernel
12139
kernel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2194
12139
kernel
kernel
12140
kernel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2194
12140
kernel
kernel
12137
kernel-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.181.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2194
12137
kernel
kernel
12138
CBL-Mariner
5.10.181.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2194
12138
kernel
1.0
2023-04-28T00:00:00
<p>Information published.</p>
1.1
2023-05-25T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-28328
https://nvd.nist.gov/vuln/detail/CVE-2023-28328
https://nvd.nist.gov/vuln/detail/CVE-2023-28328
https://nvd.nist.gov/vuln/detail/CVE-2023-28328
Mariner
secalert@redhat.com
Yes
CVE-2023-28328
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
DOS:N/A
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12139
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12140
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12138
kernel
12139
kernel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-28328
12139
kernel
kernel
12140
kernel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-28328
12140
kernel
kernel
12137
kernel-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.181.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-28328
12137
kernel
kernel
12138
CBL-Mariner
5.10.181.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-28328
12138
kernel
1.0
2023-04-30T00:00:00
<p>Information published.</p>
1.1
2023-05-25T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-2166
https://nvd.nist.gov/vuln/detail/CVE-2023-2166
https://nvd.nist.gov/vuln/detail/CVE-2023-2166
https://nvd.nist.gov/vuln/detail/CVE-2023-2166
Mariner
secalert@redhat.com
Yes
CVE-2023-2166
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
DOS:N/A
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12139
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12140
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12138
kernel
12139
kernel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2166
12139
kernel
kernel
12140
kernel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2166
12140
kernel
kernel
12137
kernel-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.181.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2166
12137
kernel
kernel
12138
CBL-Mariner
5.10.181.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2166
12138
kernel
1.0
2023-04-30T00:00:00
<p>Information published.</p>
1.1
2023-05-25T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-2162
https://nvd.nist.gov/vuln/detail/CVE-2023-2162
https://nvd.nist.gov/vuln/detail/CVE-2023-2162
https://nvd.nist.gov/vuln/detail/CVE-2023-2162
Mariner
secalert@redhat.com
Yes
CVE-2023-2162
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
DOS:N/A
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
12139
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
12140
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
12138
kernel
12139
kernel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2162
12139
kernel
kernel
12140
kernel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2162
12140
kernel
kernel
12137
kernel-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.181.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2162
12137
kernel
kernel
12138
CBL-Mariner
5.10.181.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2162
12138
kernel
1.0
2023-04-30T00:00:00
<p>Information published.</p>
1.1
2023-05-25T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-2989
https://nvd.nist.gov/vuln/detail/CVE-2022-2989
Mariner
secalert@redhat.com
Yes
CVE-2022-2989
12139
12140
12139
12140
12139
12140
DOS:N/A
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
12139
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
12140
podman
12139
podman-4.1.1-10.cm2.x86_64.rpm
0001-01-01T00:00:00
podman-docker-4.1.1-10.cm2.noarch.rpm
0001-01-01T00:00:00
podman-tests-4.1.1-10.cm2.x86_64.rpm
0001-01-01T00:00:00
podman-remote-4.1.1-10.cm2.x86_64.rpm
0001-01-01T00:00:00
podman-plugins-4.1.1-10.cm2.x86_64.rpm
0001-01-01T00:00:00
podman-gvproxy-4.1.1-10.cm2.x86_64.rpm
0001-01-01T00:00:00
podman-debuginfo-4.1.1-10.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
4.1.1-10
https://nvd.nist.gov/vuln/detail/CVE-2022-2989
12139
podman
podman
12140
podman-4.1.1-10.cm2.aarch64.rpm
0001-01-01T00:00:00
podman-docker-4.1.1-10.cm2.noarch.rpm
0001-01-01T00:00:00
podman-tests-4.1.1-10.cm2.aarch64.rpm
0001-01-01T00:00:00
podman-remote-4.1.1-10.cm2.aarch64.rpm
0001-01-01T00:00:00
podman-plugins-4.1.1-10.cm2.aarch64.rpm
0001-01-01T00:00:00
podman-gvproxy-4.1.1-10.cm2.aarch64.rpm
0001-01-01T00:00:00
podman-debuginfo-4.1.1-10.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
4.1.1-10
https://nvd.nist.gov/vuln/detail/CVE-2022-2989
12140
podman
1.0
2022-09-17T00:00:00
<p>Information published.</p>
1.1
2023-05-25T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-20958
https://nvd.nist.gov/vuln/detail/CVE-2023-20958
Mariner
security@android.com
Yes
CVE-2023-20958
12139
12140
12139
12140
12139
12140
DOS:N/A
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
12139
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
12140
qt5-qtbase
12139
qt5-qtbase-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-common-5.15.9-1.cm2.noarch.rpm
0001-01-01T00:00:00
qt5-qtbase-devel-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-private-devel-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-examples-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-static-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-gui-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
qt5-qtbase-debuginfo-5.15.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.12.11-5
https://nvd.nist.gov/vuln/detail/CVE-2023-20958
12139
qt5-qtbase
qt5-qtbase
12140
qt5-qtbase-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-common-5.15.9-1.cm2.noarch.rpm
0001-01-01T00:00:00
qt5-qtbase-devel-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-private-devel-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-examples-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-static-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-gui-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
qt5-qtbase-debuginfo-5.15.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.12.11-5
https://nvd.nist.gov/vuln/detail/CVE-2023-20958
12140
qt5-qtbase
1.0
2023-05-23T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-28466
https://nvd.nist.gov/vuln/detail/CVE-2023-28466
https://nvd.nist.gov/vuln/detail/CVE-2023-28466
https://nvd.nist.gov/vuln/detail/CVE-2023-28466
Mariner
cve@mitre.org
Yes
CVE-2023-28466
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
12137
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
12138
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
12139
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
12140
kernel
12137
kernel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-28466
12137
kernel
kernel
12138
kernel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-28466
12138
kernel
kernel
12139
kernel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-28466
12139
kernel
kernel
12140
kernel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-28466
12140
kernel
1.0
2023-03-22T00:00:00
<p>Information published.</p>
1.1
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-1249
https://nvd.nist.gov/vuln/detail/CVE-2023-1249
https://nvd.nist.gov/vuln/detail/CVE-2023-1249
https://nvd.nist.gov/vuln/detail/CVE-2023-1249
Mariner
secalert@redhat.com
Yes
CVE-2023-1249
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12138
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12139
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12140
kernel
12137
kernel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1249
12137
kernel
kernel
12138
kernel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1249
12138
kernel
kernel
12139
kernel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-1249
12139
kernel
kernel
12140
kernel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-1249
12140
kernel
1.0
2023-03-30T00:00:00
<p>Information published.</p>
1.1
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2021-3923
https://nvd.nist.gov/vuln/detail/CVE-2021-3923
Mariner
secalert@redhat.com
Yes
CVE-2021-3923
12137
12138
12137
12138
12137
12138
DOS:N/A
2.3
2.3
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
12137
2.3
2.3
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
12138
kernel
12137
kernel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2021-3923
12137
kernel
kernel
12138
kernel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2021-3923
12138
kernel
1.0
2023-04-04T00:00:00
<p>Information published.</p>
1.1
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-1670
https://nvd.nist.gov/vuln/detail/CVE-2023-1670
https://nvd.nist.gov/vuln/detail/CVE-2023-1670
https://nvd.nist.gov/vuln/detail/CVE-2023-1670
Mariner
secalert@redhat.com
Yes
CVE-2023-1670
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12138
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12139
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12140
hyperv-daemons
12137
hyperv-daemons-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervkvpd-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervvssd-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.10.177.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.10.177.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1670
12137
hyperv-daemons
hyperv-daemons
12138
hyperv-daemons-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervkvpd-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervvssd-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.10.177.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.10.177.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1670
12138
hyperv-daemons
hyperv-daemons
12139
hyperv-daemons-5.15.107.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hypervkvpd-5.15.107.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hypervvssd-5.15.107.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.15.107.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.15.107.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.15.107.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.15.107.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1670
12139
hyperv-daemons
hyperv-daemons
12140
hyperv-daemons-5.15.107.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hypervkvpd-5.15.107.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hypervvssd-5.15.107.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.15.107.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.15.107.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.15.107.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.15.107.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1670
12140
hyperv-daemons
1.0
2023-04-04T00:00:00
<p>Information published.</p>
1.1
2023-04-10T00:00:00
<p>Added hyperv-daemons to CBL-Mariner 1.0</p>
1.2
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-1652
https://nvd.nist.gov/vuln/detail/CVE-2023-1652
https://nvd.nist.gov/vuln/detail/CVE-2023-1652
https://nvd.nist.gov/vuln/detail/CVE-2023-1652
https://nvd.nist.gov/vuln/detail/CVE-2023-1652
https://nvd.nist.gov/vuln/detail/CVE-2023-1652
Mariner
secalert@redhat.com
Yes
CVE-2023-1652
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
12137
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
12138
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
12139
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
12140
hyperv-daemons
12137
hyperv-daemons-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervkvpd-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervvssd-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.10.177.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.10.177.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1652
12137
hyperv-daemons
kernel
12137
kernel-5.10.185.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.185.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.185.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.185.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.185.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.185.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.185.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.185.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.185.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.185.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1652
12137
kernel
hyperv-daemons
12138
hyperv-daemons-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervkvpd-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervvssd-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.10.177.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.10.177.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1652
12138
hyperv-daemons
kernel
12138
kernel-5.10.185.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.185.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.185.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.185.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.185.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.185.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.10.185.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.10.185.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.185.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.185.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1652
12138
kernel
kernel
12139
kernel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-1652
12139
kernel
kernel
12140
kernel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-1652
12140
kernel
1.0
2023-04-08T00:00:00
<p>Information published.</p>
1.1
2023-04-11T00:00:00
<p>Added hyperv-daemons to CBL-Mariner 1.0</p>
1.2
2023-04-09T00:00:00
<p>Added kernel to CBL-Mariner 1.0</p>
1.3
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-1872
https://nvd.nist.gov/vuln/detail/CVE-2023-1872
https://nvd.nist.gov/vuln/detail/CVE-2023-1872
https://nvd.nist.gov/vuln/detail/CVE-2023-1872
Mariner
security@google.com
Yes
CVE-2023-1872
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
12137
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
12138
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
12139
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
12140
kernel
12137
kernel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1872
12137
kernel
kernel
12138
kernel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1872
12138
kernel
kernel
12139
kernel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1872
12139
kernel
kernel
12140
kernel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1872
12140
kernel
1.0
2023-04-20T00:00:00
<p>Information published.</p>
1.1
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-1990
https://nvd.nist.gov/vuln/detail/CVE-2023-1990
https://nvd.nist.gov/vuln/detail/CVE-2023-1990
https://nvd.nist.gov/vuln/detail/CVE-2023-1990
https://nvd.nist.gov/vuln/detail/CVE-2023-1990
https://nvd.nist.gov/vuln/detail/CVE-2023-1990
Mariner
secalert@redhat.com
Yes
CVE-2023-1990
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
12137
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
12138
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
12139
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
12140
hyperv-daemons
12137
hyperv-daemons-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervkvpd-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervvssd-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.10.177.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.10.177.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1990
12137
hyperv-daemons
kernel
12137
kernel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1990
12137
kernel
hyperv-daemons
12138
hyperv-daemons-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervkvpd-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervvssd-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.10.177.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.10.177.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1990
12138
hyperv-daemons
kernel
12138
kernel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.177.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.177.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1990
12138
kernel
kernel
12139
kernel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-1990
12139
kernel
kernel
12140
kernel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-1990
12140
kernel
1.0
2023-04-20T00:00:00
<p>Information published.</p>
1.1
2023-04-24T00:00:00
<p>Added hyperv-daemons to CBL-Mariner 1.0</p>
1.2
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-0386
https://nvd.nist.gov/vuln/detail/CVE-2023-0386
https://nvd.nist.gov/vuln/detail/CVE-2023-0386
https://nvd.nist.gov/vuln/detail/CVE-2023-0386
https://nvd.nist.gov/vuln/detail/CVE-2023-0386
https://nvd.nist.gov/vuln/detail/CVE-2023-0386
Mariner
secalert@redhat.com
Yes
CVE-2023-0386
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
DOS:N/A
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12139
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12140
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12137
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
12138
kernel
12139
kernel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-0386
12139
kernel
kernel
12140
kernel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.107.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.107.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-0386
12140
kernel
hyperv-daemons
12137
hyperv-daemons-5.10.189.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervkvpd-5.10.189.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervvssd-5.10.189.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.10.189.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.10.189.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.10.189.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.10.189.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.188.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-0386
12137
hyperv-daemons
kernel
12137
kernel-5.10.185.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.185.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.185.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.185.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.185.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.185.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.185.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.185.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.185.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.185.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-0386
12137
kernel
hyperv-daemons
12138
hyperv-daemons-5.10.189.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervkvpd-5.10.189.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervvssd-5.10.189.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.10.189.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.10.189.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.10.189.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.10.189.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.188.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-0386
12138
hyperv-daemons
kernel
12138
kernel-5.10.185.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.185.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.185.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.185.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.185.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.185.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.10.185.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.10.185.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.185.1-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.185.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-0386
12138
kernel
1.0
2023-03-30T00:00:00
<p>Information published.</p>
1.1
2023-04-04T00:00:00
<p>Added hyperv-daemons to CBL-Mariner 1.0</p>
1.2
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-48468
https://nvd.nist.gov/vuln/detail/CVE-2022-48468
https://nvd.nist.gov/vuln/detail/CVE-2022-48468
https://nvd.nist.gov/vuln/detail/CVE-2022-48468
Mariner
cve@mitre.org
Yes
CVE-2022-48468
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
DOS:N/A
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12139
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12140
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12138
protobuf-c
12139
protobuf-c-1.4.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
protobuf-c-devel-1.4.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
protobuf-c-static-1.4.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
protobuf-c-debuginfo-1.4.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
1.4.1-1
https://nvd.nist.gov/vuln/detail/CVE-2022-48468
12139
protobuf-c
protobuf-c
12140
protobuf-c-1.4.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
protobuf-c-devel-1.4.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
protobuf-c-static-1.4.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
protobuf-c-debuginfo-1.4.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
1.4.1-1
https://nvd.nist.gov/vuln/detail/CVE-2022-48468
12140
protobuf-c
protobuf-c
12137
protobuf-c-1.3.2-2.cm1.x86_64.rpm
0001-01-01T00:00:00
protobuf-c-devel-1.3.2-2.cm1.x86_64.rpm
0001-01-01T00:00:00
protobuf-c-static-1.3.2-2.cm1.x86_64.rpm
0001-01-01T00:00:00
protobuf-c-debuginfo-1.3.2-2.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
1.3.2-2
https://nvd.nist.gov/vuln/detail/CVE-2022-48468
12137
protobuf-c
protobuf-c
12138
protobuf-c-1.3.2-2.cm1.aarch64.rpm
0001-01-01T00:00:00
protobuf-c-devel-1.3.2-2.cm1.aarch64.rpm
0001-01-01T00:00:00
protobuf-c-static-1.3.2-2.cm1.aarch64.rpm
0001-01-01T00:00:00
protobuf-c-debuginfo-1.3.2-2.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
1.3.2-2
https://nvd.nist.gov/vuln/detail/CVE-2022-48468
12138
protobuf-c
1.0
2023-04-19T00:00:00
<p>Information published.</p>
1.1
2023-04-17T00:00:00
<p>Information published.</p>
1.2
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-21982
https://nvd.nist.gov/vuln/detail/CVE-2023-21982
Mariner
secalert_us@oracle.com
Yes
CVE-2023-21982
12139
12140
12139
12140
12139
12140
DOS:N/A
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
12139
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
12140
mysql
12139
mysql-8.0.33-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mysql-devel-8.0.33-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mysql-debuginfo-8.0.33-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.0.33-1
https://nvd.nist.gov/vuln/detail/CVE-2023-21982
12139
mysql
mysql
12140
mysql-8.0.33-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mysql-devel-8.0.33-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mysql-debuginfo-8.0.33-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.0.33-1
https://nvd.nist.gov/vuln/detail/CVE-2023-21982
12140
mysql
1.0
2023-04-20T00:00:00
<p>Information published.</p>
1.1
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-21980
https://nvd.nist.gov/vuln/detail/CVE-2023-21980
Mariner
secalert_us@oracle.com
Yes
CVE-2023-21980
12139
12140
12139
12140
12139
12140
DOS:N/A
7.1
7.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
12139
7.1
7.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
12140
mysql
12139
mysql-8.0.33-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mysql-devel-8.0.33-1.cm2.x86_64.rpm
0001-01-01T00:00:00
mysql-debuginfo-8.0.33-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.0.33-1
https://nvd.nist.gov/vuln/detail/CVE-2023-21980
12139
mysql
mysql
12140
mysql-8.0.33-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mysql-devel-8.0.33-1.cm2.aarch64.rpm
0001-01-01T00:00:00
mysql-debuginfo-8.0.33-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
8.0.33-1
https://nvd.nist.gov/vuln/detail/CVE-2023-21980
12140
mysql
1.0
2023-04-22T00:00:00
<p>Information published.</p>
1.1
2023-05-03T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-2004
https://nvd.nist.gov/vuln/detail/CVE-2023-2004
https://nvd.nist.gov/vuln/detail/CVE-2023-2004
https://nvd.nist.gov/vuln/detail/CVE-2023-2004
Mariner
secalert@redhat.com
Yes
CVE-2023-2004
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12137
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12138
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12139
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12140
freetype
12137
freetype-2.13.0-1.cm1.x86_64.rpm
0001-01-01T00:00:00
freetype-devel-2.13.0-1.cm1.x86_64.rpm
0001-01-01T00:00:00
freetype-debuginfo-2.13.0-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.13.0-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2004
12137
freetype
freetype
12138
freetype-2.13.0-1.cm1.aarch64.rpm
0001-01-01T00:00:00
freetype-devel-2.13.0-1.cm1.aarch64.rpm
0001-01-01T00:00:00
freetype-debuginfo-2.13.0-1.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.13.0-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2004
12138
freetype
freetype
12139
freetype-2.13.0-1.cm2.x86_64.rpm
0001-01-01T00:00:00
freetype-devel-2.13.0-1.cm2.x86_64.rpm
0001-01-01T00:00:00
freetype-debuginfo-2.13.0-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.13.0-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2004
12139
freetype
freetype
12140
freetype-2.13.0-1.cm2.aarch64.rpm
0001-01-01T00:00:00
freetype-devel-2.13.0-1.cm2.aarch64.rpm
0001-01-01T00:00:00
freetype-debuginfo-2.13.0-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.13.0-1
https://nvd.nist.gov/vuln/detail/CVE-2023-2004
12140
freetype
1.0
2023-04-17T00:00:00
<p>Information published.</p>
1.1
2023-04-18T00:00:00
<p>Added freetype to CBL-Mariner 2.0</p>
1.2
2023-05-25T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-23000
https://nvd.nist.gov/vuln/detail/CVE-2023-23000
https://nvd.nist.gov/vuln/detail/CVE-2023-23000
https://nvd.nist.gov/vuln/detail/CVE-2023-23000
https://nvd.nist.gov/vuln/detail/CVE-2023-23000
https://nvd.nist.gov/vuln/detail/CVE-2023-23000
Mariner
cve@mitre.org
Yes
CVE-2023-23000
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
DOS:N/A
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12139
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12140
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12138
hyperv-daemons
12139
hyperv-daemons-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hypervkvpd-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hypervvssd-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.15.111.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.15.111.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-23000
12139
hyperv-daemons
kernel
12139
kernel-5.15.135.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.135.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.135.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.135.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.135.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.135.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.135.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.135.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.135.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.135.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.135.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-23000
12139
kernel
hyperv-daemons
12140
hyperv-daemons-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hypervkvpd-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hypervvssd-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.15.111.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.15.111.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-23000
12140
hyperv-daemons
kernel
12140
kernel-5.15.135.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.135.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.135.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.135.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.135.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.135.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.135.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.135.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.135.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.135.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.135.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.135.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-23000
12140
kernel
hyperv-daemons
12137
hyperv-daemons-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervkvpd-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervvssd-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.10.181.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.10.181.1-1.cm1.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.181.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-23000
12137
hyperv-daemons
hyperv-daemons
12138
CBL-Mariner
5.10.181.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-23000
12138
hyperv-daemons
1.0
2023-04-04T00:00:00
<p>Information published.</p>
1.1
2023-04-03T00:00:00
<p>Information published.</p>
1.2
2023-03-09T00:00:00
<p>Information published.</p>
1.3
2023-05-25T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-1382
https://nvd.nist.gov/vuln/detail/CVE-2023-1382
https://nvd.nist.gov/vuln/detail/CVE-2023-1382
https://nvd.nist.gov/vuln/detail/CVE-2023-1382
Mariner
secalert@redhat.com
Yes
CVE-2023-1382
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
DOS:N/A
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
12139
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
12140
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
12137
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
12138
kernel
12139
kernel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1382
12139
kernel
kernel
12140
kernel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1382
12140
kernel
kernel
12137
kernel-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-oprofile-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.10.181.1-1.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.10.181.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1382
12137
kernel
kernel
12138
CBL-Mariner
5.10.181.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-1382
12138
kernel
1.0
2023-04-28T00:00:00
<p>Information published.</p>
1.1
2023-05-25T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2023-28327
https://nvd.nist.gov/vuln/detail/CVE-2023-28327
Mariner
secalert@redhat.com
Yes
CVE-2023-28327
12139
12140
12139
12140
12139
12140
DOS:N/A
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12139
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12140
kernel
12139
kernel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-28327
12139
kernel
kernel
12140
kernel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.111.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.111.1-1
https://nvd.nist.gov/vuln/detail/CVE-2023-28327
12140
kernel
1.0
2023-04-30T00:00:00
<p>Information published.</p>
1.1
2023-05-25T00:00:00
<p>Information published.</p>
Secure Boot Security Feature Bypass Vulnerability
<p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device.</p>
<p><strong>How can an attacker successfully exploit this vulnerability?</strong></p>
<p>To exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device could install an affected boot policy.</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p>
<p><strong>Are there additional steps I need to take to be protected from this vulnerability?</strong></p>
<p>The security update addresses the vulnerability by updating the Windows Boot Manager, but is not enabled by default. Additional steps are required at this time to mitigate the vulnerability. Please refer to the following for steps to determine impact on your environment: <a href="https://support.microsoft.com/help/5025885">KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932</a>.</p>
<p><strong>I am running Window 11 23H2 or Server 2022, 23H2 Edition, What do I need to do to be protected from this vulnerability?</strong></p>
<p>Protections for the Secure Boot bypass were included in Windows 11 Version 23H3 and Windows Server 2022, 23H2 Edition at the time of their release; however, these protections are not enabled by default. Customers running these versions of Windows must enable the protections as outlined in <a href="https://support.microsoft.com/help/5025885">KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932</a>.</p>
Windows Secure Boot
Microsoft
Yes
CVE-2023-24932
12437
12389
12390
12436
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
12242
12243
12244
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Security Feature Bypass
12437
Security Feature Bypass
12389
Security Feature Bypass
12390
Security Feature Bypass
12436
Security Feature Bypass
11568
Security Feature Bypass
11569
Security Feature Bypass
11570
Security Feature Bypass
11571
Security Feature Bypass
11572
Security Feature Bypass
11923
Security Feature Bypass
11924
Security Feature Bypass
11801
Security Feature Bypass
11802
Security Feature Bypass
11926
Security Feature Bypass
11927
Security Feature Bypass
11929
Security Feature Bypass
11930
Security Feature Bypass
11931
Security Feature Bypass
12085
Security Feature Bypass
12086
Security Feature Bypass
12097
Security Feature Bypass
12098
Security Feature Bypass
12099
Security Feature Bypass
12242
Security Feature Bypass
12243
Security Feature Bypass
12244
Security Feature Bypass
10729
Security Feature Bypass
10735
Security Feature Bypass
10852
Security Feature Bypass
10853
Security Feature Bypass
10816
Security Feature Bypass
10855
Security Feature Bypass
9312
Security Feature Bypass
10287
Security Feature Bypass
9318
Security Feature Bypass
9344
Security Feature Bypass
10051
Security Feature Bypass
10049
Security Feature Bypass
10378
Security Feature Bypass
10379
Security Feature Bypass
10483
Security Feature Bypass
10543
Important
12437
Important
12389
Important
12390
Important
12436
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12242
Important
12243
Important
12244
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12437
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12389
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12390
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12436
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11568
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11569
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11570
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11571
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11572
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11923
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11924
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11801
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11802
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11926
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11927
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11929
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11930
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11931
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12085
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12086
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12097
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12098
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12099
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12242
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12243
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12244
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10729
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10735
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10852
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10853
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10816
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10855
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9312
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10287
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9318
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9344
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10051
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10049
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10378
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10379
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10483
6.7
6.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10543
5062553
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553
5060842
12437
12389
12436
Yes
Security Update
10.0.26100.4652
https://support.microsoft.com/help/5062553
12437
12389
12436
5062553
5062553
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553
5060842
12390
Yes
Security Update
0.0.26200.4652
https://support.microsoft.com/help/5062553
12390
5062553
5062557
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557
5060531
11568
11569
11571
11572
Yes
Security Update
10.0.17763.7558
https://support.microsoft.com/help/5062557
11568
11569
11571
11572
5062557
5040430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430
5039217
11570
Yes
Security Update
10.0.17763.6054
https://support.microsoft.com/help/5040430
11570
5040430
5040430
https://support.microsoft.com/help/5040430
11570
5062572
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572
5060526
11923
11924
Yes
Security Update
10.0.20348.3932
https://support.microsoft.com/help/5062572
11923
11924
5062572
5026361
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5026361
5025221
11801
11802
Yes
Security Update
10.0.19042.2965
https://support.microsoft.com/help/5026361
11801
11802
5026361
5026361
https://support.microsoft.com/help/5026361
11801
11802
5040431
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431
5039213
11926
11927
Yes
Security Update
10.0.22000.3079
https://support.microsoft.com/help/5040431
11926
11927
5040431
5040431
https://support.microsoft.com/help/5040431
11926
11927
5062554
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554
5060533
11929
11930
11931
Yes
Security Update
10.0.19044.6093
https://support.microsoft.com/help/5062554
11929
11930
11931
5062554
5062554
https://support.microsoft.com/help/5062554
11929
11930
11931
12097
12098
12099
5062552
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552
5060999
12085
12086
Yes
Security Update
10.0.22621.5624
https://support.microsoft.com/help/5062552
12085
12086
5062552
5062554
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554
5060533
12097
12098
12099
Yes
Security Update
10.0.19045.6093
https://support.microsoft.com/help/5062554
12097
12098
12099
5062554
5062552
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552
5060999
12242
12243
Yes
Security Update
10.0.22631.5624
https://support.microsoft.com/help/5062552
12242
12243
5062552
5062570
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570
5060118
12244
Yes
Security Update
10.0.25398.1732
https://support.microsoft.com/help/5062570
12244
5062570
5062561
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561
5060998
10729
10735
Yes
Security Update
10.0.10240.21073
https://support.microsoft.com/help/5062561
10729
10735
5062561
5062560
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560
5061010
10852
10853
10816
10855
Yes
Security Update
10.0.14393.8246
https://support.microsoft.com/help/5062560
10852
10853
10816
10855
5062560
5062624
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624
5061026
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23418
https://support.microsoft.com/help/5062624
9312
10287
9318
9344
5062624
5062624
https://support.microsoft.com/help/5062624
9312
10287
9318
9344
5062618
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23418
https://support.microsoft.com/help/5062618
9312
10287
9318
9344
5062618
5062618
https://support.microsoft.com/help/5062618
9312
10287
9318
9344
5062632
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632
5061078
10051
10049
Yes
Monthly Rollup
6.1.7601.27820
https://support.microsoft.com/help/5062632
10051
10049
5062632
5062619
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619
10051
10049
Yes
Security Only
6.1.7601.27820
https://support.microsoft.com/help/5062619
10051
10049
5062619
5062592
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592
5061059
10378
10379
Yes
Monthly Rollup
6.2.9200.25573
https://support.microsoft.com/help/5062592
10378
10379
5062592
5062597
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597
5061018
10483
10543
Yes
Monthly Rollup
6.3.9600.22676
https://support.microsoft.com/help/5062597
10483
10543
5062597
Tomer Sne-or with SentinelOne
Martin Smolar with ESET
Zammis Clark
2.2
2023-07-18T07:00:00
<p>Removed the Security Hotpatch Update for the July 2023 revision as that package doesn't exist for this release cycle. You must install the Security Update to get the updated software.</p>
4.0
2024-07-09T07:00:00
<p>Updated the Security Updates table to include the July 9, 2024 updates. These updates include support for opting into an updated Secure Version Number to block older boot managers.</p>
5.0
2025-02-11T08:00:00
<p>The following updates have been made to CVE-2023-24932: 1) In the Security Updates table, added all supported versions of the following as they are affected by this vulnerability: Windows 11 24H2 and Windows Server 2025. 2) Further, to comprehensively address this vulnerability, Microsoft has released February 2025 security updates for all affected versions of Windows 11 version 22H2 and Windows 11 version 23H2.</p>
<p>Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p>
6.0
2025-07-10T07:00:00
<p>Microsoft has released July 8, 2025 security updates for all supported versions of Windows that provide new mitigations to protect against this vulnerability; however, these mitigations are not enabled by default. After you have installed the updates, follow the steps outlined in <a href="https://support.microsoft.com/help/5025885">KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932</a> to enable these protections.</p>
<p>All Windows devices should have the the July 8, 2025 security updates installed regardless of your plan to enable the mitigations.</p>
1.0
2023-05-09T07:00:00
<p>Information published.</p>
2.0
2023-07-11T07:00:00
<p>In the Security Updates table, added all supported versions of all supported versions of .NET Framework, Visual Studio 2022 version 17.0, Visual Studio 2022 version 17.2, and Visual Studio 2022 version 17.4 because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p>
2.1
2023-07-14T07:00:00
<p>CORRECTED REVISION: To comprehensively address CVE-2023-24932, Microsoft has released July 2023 security updates for all affected versions of Microsoft Windows. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Additional steps are required after the update is installed. See <a href="https://support.microsoft.com/help/5025885">KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932</a> for more information.</p>
2.3
2024-01-26T08:00:00
<p>Updated FAQs to include information on how to be protected from this vulnerability for customers running Windows 11 23H2 or Windows Server 2022, 23H2 Edition. This is an informational change only.</p>
3.0
2024-04-09T07:00:00
<p>In the Security Updates table, added Windows 11 version 23H2 for x64-based systems and Windows 11 version 23H2 for ARM-based systems because the April 2024 security updates provide the latest mitigations. Note that these mitigations are off by default. Customers who should take additional steps to implement security mitigations for a publicly disclosed Secure Boot bypass leveraged by the BlackLotus UEFI bootkit and who would like to take a proactive security stance or to begin preparing for the rollout, please refer to <a href="https://support.microsoft.com/help/5025885">KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 - Microsoft Support</a>.</p>