January 2024 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2024-Jan 2024-Jan Final 1.0 350 2026-05-17T14:38:41 January 2024 Security Updates 2024-01-09T08:00:00 2026-05-17T14:38:41 <h2 id="this-release-consists-of-the-following-57-microsoft-cves">This release consists of the following 57 Microsoft CVEs:</h2> <table> <thead> <tr> <th>Tag</th> <th>CVE</th> <th>Base Score</th> <th>CVSS Vector</th> <th>Exploitability</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-0056">CVE-2024-0056</a></td> <td>8.7</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET and Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-0057">CVE-2024-0057</a></td> <td>9.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Scripting</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20652">CVE-2024-20652</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Common Log File System Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20653">CVE-2024-20653</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows ODBC Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20654">CVE-2024-20654</a></td> <td>8.0</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Online Certificate Status Protocol (OCSP) SnapIn</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20655">CVE-2024-20655</a></td> <td>6.6</td> <td>CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20656">CVE-2024-20656</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Group Policy</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20657">CVE-2024-20657</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Virtual Hard Drive</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20658">CVE-2024-20658</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20660">CVE-2024-20660</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20661">CVE-2024-20661</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Online Certificate Status Protocol (OCSP) SnapIn</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20662">CVE-2024-20662</a></td> <td>4.9</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20663">CVE-2024-20663</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20664">CVE-2024-20664</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows BitLocker</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20666">CVE-2024-20666</a></td> <td>6.6</td> <td>CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20672">CVE-2024-20672</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Authentication Methods</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20674">CVE-2024-20674</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20675">CVE-2024-20675</a></td> <td>6.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Storage Mover</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20676">CVE-2024-20676</a></td> <td>8.0</td> <td>CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20677">CVE-2024-20677</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20680">CVE-2024-20680</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Subsystem for Linux</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20681">CVE-2024-20681</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cryptographic Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20682">CVE-2024-20682</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20683">CVE-2024-20683</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32 Kernel Subsystem</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20686">CVE-2024-20686</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows AllJoyn API</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20687">CVE-2024-20687</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Nearby Sharing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20690">CVE-2024-20690</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Themes</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20691">CVE-2024-20691</a></td> <td>4.7</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Local Security Authority Subsystem Service (LSASS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20692">CVE-2024-20692</a></td> <td>5.7</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Collaborative Translation Framework</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20694">CVE-2024-20694</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Libarchive</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20696">CVE-2024-20696</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Libarchive</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20697">CVE-2024-20697</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20698">CVE-2024-20698</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20699">CVE-2024-20699</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20700">CVE-2024-20700</a></td> <td>7.5</td> <td>CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Unified Extensible Firmware Interface</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21305">CVE-2024-21305</a></td> <td>4.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Bluetooth Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21306">CVE-2024-21306</a></td> <td>5.7</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Remote Desktop Client</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21307">CVE-2024-21307</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel-Mode Drivers</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21309">CVE-2024-21309</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cloud Files Mini Filter Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21310">CVE-2024-21310</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cryptographic Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21311">CVE-2024-21311</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET Framework</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21312">CVE-2024-21312</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows TCP/IP</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21313">CVE-2024-21313</a></td> <td>5.3</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21314">CVE-2024-21314</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Server Key Distribution Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21316">CVE-2024-21316</a></td> <td>6.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21318">CVE-2024-21318</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Identity Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21319">CVE-2024-21319</a></td> <td>6.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Themes</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21320">CVE-2024-21320</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Microsoft Devices</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21325">CVE-2024-21325</a></td> <td></td> <td></td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21326">CVE-2024-21326</a></td> <td>9.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21336">CVE-2024-21336</a></td> <td>2.5</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21337">CVE-2024-21337</a></td> <td>5.2</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge for Android</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21382">CVE-2024-21382</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21383">CVE-2024-21383</a></td> <td>3.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21385">CVE-2024-21385</a></td> <td>8.3</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge for Android</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21387">CVE-2024-21387</a></td> <td>5.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21388">CVE-2024-21388</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="we-are-republishing-22-non-microsoft-cves">We are republishing 22 non-Microsoft CVEs:</h2> <table> <thead> <tr> <th>CNA</th> <th>Tag</th> <th>CVE</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>MITRE Corporation</td> <td>SQLite</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35737">CVE-2022-35737</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-0222">CVE-2024-0222</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-0223">CVE-2024-0223</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-0224">CVE-2024-0224</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-0225">CVE-2024-0225</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-0333">CVE-2024-0333</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-0517">CVE-2024-0517</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-0518">CVE-2024-0518</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-0519">CVE-2024-0519</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-0804">CVE-2024-0804</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-0805">CVE-2024-0805</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-0806">CVE-2024-0806</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-0807">CVE-2024-0807</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-0808">CVE-2024-0808</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-0809">CVE-2024-0809</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-0810">CVE-2024-0810</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-0811">CVE-2024-0811</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-0812">CVE-2024-0812</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-0813">CVE-2024-0813</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-0814">CVE-2024-0814</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Adobe Systems Incorporated</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20709">CVE-2024-20709</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Adobe Systems Incorporated</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20721">CVE-2024-20721</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-resources">Relevant Resources</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5034121">5034121</a></td> <td>Windows 11, version 21H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5034122">5034122</a></td> <td>Windows 10, version 21H2, Windows 10, version 22H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5034123">5034123</a></td> <td>Windows 11, version 22H2, Windows 11, version 23H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5034167">5034167</a></td> <td>Windows Server 2008 R2 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5034169">5034169</a></td> <td>Windows Server 2008 R2 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5034173">5034173</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5034176">5034176</a></td> <td>Windows Server 2008 (Security-only update)</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Azure Storage Mover Agent Microsoft Identity Model v6.0.0 for Nuget Microsoft Identity Model v7.0.0 for Nuget Microsoft Identity Model v6.0.0 Microsoft Identity Model v5.0.0 Microsoft Identity Model v7.0.0 Microsoft Identity Model v5.0.0 for Nuget Microsoft Edge (Chromium-based) Microsoft Edge (Chromium-based) Extended Stable Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Remote Desktop client for Windows Desktop Microsoft Printer Metadata Troubleshooter Tool Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) 3D Viewer Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 Microsoft SharePoint Server Subscription Edition CBL Mariner 1.0 ARM CBL Mariner 1.0 x64 CBL Mariner 2.0 ARM CBL Mariner 2.0 x64 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft Visual Studio 2022 version 17.2 Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Visual Studio 2022 version 17.4 Microsoft Visual Studio 2022 version 17.6 Microsoft Visual Studio 2015 Update 3 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2016 Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 R2 Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 on Windows Server 2012 Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5 on Windows Server 2012 R2 Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) .NET 6.0 .NET 7.0 .NET 8.0 Microsoft Visual Studio 2022 version 17.8 Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation) Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 NuGet 5.11.0 NuGet 17.4.0 Nuget 17.6.0 NuGet 17.8.0 PowerShell 7.2 PowerShell 7.3 PowerShell 7.4 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft SQL Server 2022 for x64-based Systems (GDR) Microsoft.Data.SqlClient 2.1 Microsoft.Data.SqlClient 3.1 Microsoft.Data.SqlClient 4.0 Microsoft.Data.SqlClient 5.1 System.Data.SqlClient Microsoft SQL Server 2022 for x64-based Systems (CU 10) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft Visual Studio 2015 Update 3 Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows Server 2016 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft SharePoint Enterprise Server 2016 Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft SharePoint Server 2019 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows Server 2012 Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 R2 Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2016 Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) Microsoft Edge (Chromium-based) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) 3D Viewer Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Remote Desktop client for Windows Desktop Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft SharePoint Server Subscription Edition PowerShell 7.2 .NET 6.0 Microsoft Visual Studio 2022 version 17.2 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Microsoft Visual Studio 2022 version 17.4 .NET 7.0 PowerShell 7.3 CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM Microsoft Edge (Chromium-based) Extended Stable Microsoft SQL Server 2022 for x64-based Systems (GDR) Microsoft Visual Studio 2022 version 17.6 Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) .NET 8.0 PowerShell 7.4 Azure Storage Mover Agent Microsoft Visual Studio 2022 version 17.8 Microsoft SQL Server 2022 for x64-based Systems (CU 10) Microsoft Printer Metadata Troubleshooter Tool Microsoft Identity Model v6.0.0 for Nuget Microsoft Identity Model v7.0.0 for Nuget Microsoft.Data.SqlClient 2.1 Microsoft.Data.SqlClient 3.1 Microsoft.Data.SqlClient 4.0 Microsoft.Data.SqlClient 5.1 System.Data.SqlClient Microsoft Identity Model v7.0.0 Microsoft Identity Model v6.0.0 Microsoft Identity Model v5.0.0 Microsoft Identity Model v5.0.0 for Nuget NuGet 5.11.0 NuGet 17.4.0 Nuget 17.6.0 NuGet 17.8.0 azl3 teckit 2.5.12-4 on Azure Linux 3.0 azl3 fltk 1.3.8-1 on Azure Linux 3.0 cbl2 kernel 5.15.153.1-1 on CBL Mariner 2.0 cbl2 kernel 5.15.148.2-2 on CBL Mariner 2.0 cbl2 cloud-hypervisor-cvm 38.0.72.2-1 on CBL Mariner 2.0 azl3 cloud-hypervisor-cvm 38.0.72.2-1 on Azure Linux 3.0 azl3 nodejs 20.14.0-1 on Azure Linux 3.0 azl3 shim-unsigned-x64 15.8-5 on Azure Linux 3.0 azl3 shim-unsigned-aarch64 15.8-5 on Azure Linux 3.0 azl3 kernel 6.6.29.1-4 on Azure Linux 3.0 azl3 kernel 6.6.35.1-4 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-1 on Azure Linux 3.0 cbl2 kernel 5.15.186.1-1 on CBL Mariner 2.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 kernel 5.15.180.1-1 on CBL Mariner 2.0 cbl2 hvloader 1.0.1-6 on CBL Mariner 2.0 cbl2 rust 1.72.0-10 on CBL Mariner 2.0 cbl2 kernel 5.15.162.2-1 on CBL Mariner 2.0 cbl2 mysql 8.0.36-1 on CBL Mariner 2.0 cbl2 hvloader 1.0.1-5 on CBL Mariner 2.0 cbl2 kernel 5.15.164.1-1 on CBL Mariner 2.0 cbl2 nodejs18 18.20.3-3 on CBL Mariner 2.0 cbl2 hvloader 1.0.1-3 on CBL Mariner 2.0 cbl2 kernel 5.15.158.1-1 on CBL Mariner 2.0 cbl2 kernel 5.15.158.1-1 on CBL Mariner 2.0 cbl2 hvloader 1.0.1-9 on CBL Mariner 2.0 cbl2 gnutls 3.7.11-1 on CBL Mariner 2.0 cbl2 nodejs 16.20.2-4 on CBL Mariner 2.0 cbl2 moby-compose 2.17.3-5 on CBL Mariner 2.0 cbl2 hyperv-daemons 5.15.153.1-1 on CBL Mariner 2.0 cbl2 xorg-x11-server 1.20.10-10 on CBL Mariner 2.0 cbl2 xorg-x11-server 1.20.10-12 on CBL Mariner 2.0 cbl2 opensc 0.23.0-4 on CBL Mariner 2.0 cbl2 moby-engine 20.10.27-3 on CBL Mariner 2.0 cbl2 moby-engine 20.10.27-4 on CBL Mariner 2.0 cbl2 moby-engine 24.0.9-14 on CBL Mariner 2.0 cbl2 moby-compose 2.17.2-7 on CBL Mariner 2.0 cbl2 moby-cli 20.10.27-3 on CBL Mariner 2.0 cbl2 moby-buildx 0.7.1-18 on CBL Mariner 2.0 cbl2 kernel 5.15.148.1-1 on CBL Mariner 2.0 cbl2 openssl 1.1.1k-29 on CBL Mariner 2.0 cbl2 nodejs 16.20.2-2 on CBL Mariner 2.0 cbl2 xorg-x11-server 1.20.10-14 on CBL Mariner 2.0 cbl2 python-jinja2 3.0.3-3 on CBL Mariner 2.0 cbl2 azure-iot-sdk-c 2022.01.21-2 on CBL Mariner 2.0 azl3 qemu 8.2.0-16 on Azure Linux 3.0 azl3 python-jinja2 3.1.2-2 on Azure Linux 3.0 azl3 edk2 20240524git3e722403cd16-8 on Azure Linux 3.0 azl3 virtiofsd 1.8.0-3 on Azure Linux 3.0 azl3 kernel 6.6.47.1-1 on Azure Linux 3.0 azl3 openssl 3.3.0-1 on Azure Linux 3.0 azl3 kata-containers 3.2.0.azl1-1 on Azure Linux 3.0 azl3 openssl 1.1.1k-29 on Azure Linux 3.0 azl3 nodejs 16.20.2-2 on Azure Linux 3.0 azl3 coredns 1.11.1-2 on Azure Linux 3.0 azl3 azure-iot-sdk-c 2024.03.04-1 on Azure Linux 3.0 azl3 opencryptoki 3.24.0-3 on Azure Linux 3.0 azl3 docker-compose 2.27.0-1 on Azure Linux 3.0 azl3 docker-buildx 0.14.0-1 on Azure Linux 3.0 azl3 moby-engine 25.0.3-1 on Azure Linux 3.0 azl3 xorg-x11-server 1.20.10-5 on Azure Linux 3.0 azl3 opensc 0.25.1-3 on Azure Linux 3.0 azl3 gnutls 3.8.3-1 on Azure Linux 3.0 azl3 edk2 20230301gitf80f052277c8-37 on Azure Linux 3.0 azl3 moby-engine 20.10.25-3 on Azure Linux 3.0 cbl2 shim-unsigned-x64 15.8-1 on CBL Mariner 2.0 cbl2 cri-o 1.22.3-10 on CBL Mariner 2.0 azl3 packer 1.9.5-1 on Azure Linux 3.0 cbl2 zlib 1.2.13-2 on CBL Mariner 2.0 azl3 zlib 1.3.1-1 on Azure Linux 3.0 cbl2 qemu 6.2.0-21 on CBL Mariner 2.0 azl3 qemu 8.2.0-13 on Azure Linux 3.0 cbl2 cri-o 1.22.3-12 on CBL Mariner 2.0 cbl2 packer 1.9.5-3 on CBL Mariner 2.0 azl3 edk2 20240223gitedc6681206c1-1 on Azure Linux 3.0 cbl2 edk2 20230301gitf80f052277c8-40 on CBL Mariner 2.0 cbl2 shim 15.8-1 on CBL Mariner 2.0 azl3 shim 15.8-5 on Azure Linux 3.0 cbl2 opensc 0.23.0-3 on CBL Mariner 2.0 cbl2 libtiff 4.6.0-2 on CBL Mariner 2.0 azl3 libtiff 4.6.0-2 on Azure Linux 3.0 azl3 jasper 4.2.1-1 on Azure Linux 3.0 cbl2 coredns 1.11.1-5 on CBL Mariner 2.0 cbl2 cloud-hypervisor 32.0-3 on CBL Mariner 2.0 azl3 libssh 0.10.6-1 on Azure Linux 3.0 cbl2 libtiff 4.6.0-6 on CBL Mariner 2.0 azl3 libtiff 4.6.0-6 on Azure Linux 3.0 azl3 glibc 2.38-6 on Azure Linux 3.0 azl3 kata-containers 3.2.0.azl0-2 on Azure Linux 3.0 azl3 yasm 1.3.0-16 on Azure Linux 3.0 azl3 mozjs 102.15.1-1 on Azure Linux 3.0 cbl2 kernel 5.15.182.1-1 on CBL Mariner 2.0 azl3 gdk-pixbuf2 2.42.10-2 on Azure Linux 3.0 cbl2 yasm 1.3.0-16 on CBL Mariner 2.0 cbl2 cpio 2.13-5 on CBL Mariner 2.0 cbl2 nodejs18 18.20.3-5 on CBL Mariner 2.0 azl3 python-jinja2 3.1.2-3 on Azure Linux 3.0 cbl2 moby-engine 24.0.9-16 on CBL Mariner 2.0 azl3 wireshark 4.4.7-1 on Azure Linux 3.0 azl3 yasm 1.3.0-17 on Azure Linux 3.0 azl3 kernel 6.6.92.2-1 on Azure Linux 3.0 azl3 nodejs 20.14.0-8 on Azure Linux 3.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 azl3 grub2 2.06-23 on Azure Linux 3.0 cbl2 kernel 5.15.164.1-1 on CBL Mariner 2.0 azl3 rust 1.75.0-14 on Azure Linux 3.0 cbl2 kernel 5.15.180.1-1 on CBL Mariner 2.0 cbl2 edk2 20230301gitf80f052277c8-41 on CBL Mariner 2.0 cbl2 hvloader 1.0.1-11 on CBL Mariner 2.0 cbl2 kernel 5.15.182.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 azl3 rust 1.86.0-1 on Azure Linux 3.0 cbl2 kata-containers 3.2.0.azl2-6 on CBL Mariner 2.0 azl3 python-tensorboard 2.11.0-3 on Azure Linux 3.0 cbl2 kata-containers-cc 3.2.0.azl2-6 on CBL Mariner 2.0 cbl2 virtiofsd 1.8.0-3 on CBL Mariner 2.0 cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0 cbl2 rust 1.72.0-10 on CBL Mariner 2.0 cbl2 kernel 5.15.162.2-1 on CBL Mariner 2.0 cbl2 edk2 20230301gitf80f052277c8-42 on CBL Mariner 2.0 azl3 nodejs 20.10.0-2 on Azure Linux 3.0 azl3 rubygem-mini_portile2 2.8.4-1 on Azure Linux 3.0 cbl2 nodejs18 18.18.2-7 on CBL Mariner 2.0 cbl2 gdk-pixbuf2 2.40.0-6 on CBL Mariner 2.0 cbl2 rubygem-mini_portile2 2.8.0-1 on CBL Mariner 2.0 azl3 glibc 2.38-10 on Azure Linux 3.0 cbl2 mariadb-connector-c 3.1.10-6 on CBL Mariner 2.0 cbl2 cloud-hypervisor 32.0-6 on CBL Mariner 2.0 cbl2 libtiff 4.6.0-6 on CBL Mariner 2.0 cbl2 cri-o 1.22.3-14 on CBL Mariner 2.0 azl3 kernel 6.6.14.1-4 on Azure Linux 3.0 azl3 cloud-hypervisor 37.0-2 on Azure Linux 3.0 cbl2 moby-buildx 0.7.1-24 on CBL Mariner 2.0 azl3 openssl 3.1.4-9 on Azure Linux 3.0 azl3 kata-containers 3.2.0.azl5-2 on Azure Linux 3.0 cbl2 moby-cli 20.10.27-5 on CBL Mariner 2.0 cbl2 kernel 5.15.148.2-2 on CBL Mariner 2.0 cbl2 moby-compose 2.17.3-10 on CBL Mariner 2.0 azl3 kata-containers-cc 3.2.0.azl5-2 on Azure Linux 3.0 cbl2 moby-engine 24.0.9-16 on CBL Mariner 2.0 cbl2 shim-unsigned-aarch64 15-5 on CBL Mariner 2.0 cbl2 cloud-hypervisor-cvm 38.0.72-1 on CBL Mariner 2.0 cbl2 reaper 3.1.1-8 on CBL Mariner 2.0 azl3 cloud-hypervisor-cvm 38.0.72-2 on Azure Linux 3.0 azl3 docker-buildx 0.12.1-1 on Azure Linux 3.0 cbl2 hvloader 1.0.1-5 on CBL Mariner 2.0 cbl2 openssl 1.1.1k-36 on CBL Mariner 2.0 azl3 docker-compose 2.24.6-2 on Azure Linux 3.0 cbl2 zlib 1.2.13-2 on CBL Mariner 2.0 cbl2 python-jinja2 3.0.3-7 on CBL Mariner 2.0 cbl2 nodejs18 18.20.3-5 on CBL Mariner 2.0 cbl2 opensc 0.23.0-4 on CBL Mariner 2.0 azl3 opensc 0.23.0-1 on Azure Linux 3.0 cbl2 azure-iot-sdk-c 2022.01.21-4 on CBL Mariner 2.0 azl3 azure-iot-sdk-c 2023.08.07-1 on Azure Linux 3.0 cbl2 coredns 1.11.1-18 on CBL Mariner 2.0 azl3 coredns 1.11.1-4 on Azure Linux 3.0 cbl2 shim-unsigned-x64 15.4-2 on CBL Mariner 2.0 cbl2 shim 15.4-2 on CBL Mariner 2.0 azl3 shim 15.4-2 on Azure Linux 3.0 azl3 shim-unsigned-aarch64 15.4-2 on Azure Linux 3.0 azl3 shim-unsigned-x64 15.4-3 on Azure Linux 3.0 cbl2 jasper 2.0.32-4 on CBL Mariner 2.0 azl3 jasper 2.0.32-3 on Azure Linux 3.0 cbl2 kernel 5.15.158.1-1 on CBL Mariner 2.0 cbl2 packer 1.8.7-2 on CBL Mariner 2.0 cbl2 nodejs 16.20.2-4 on CBL Mariner 2.0 azl3 packer 1.9.4-1 on Azure Linux 3.0 cbl2 xorg-x11-server 1.20.10-15 on CBL Mariner 2.0 cbl2 cpio 2.13-5 on CBL Mariner 2.0 cbl2 hyperv-daemons 5.15.148.2-1 on CBL Mariner 2.0 azl3 libssh 0.10.5-2 on Azure Linux 3.0 azl3 gnutls 3.8.2-1 on Azure Linux 3.0 cbl2 grub2 2.06-13 on CBL Mariner 2.0 cbl2 yasm 1.3.0-17 on CBL Mariner 2.0 cbl2 mysql 8.0.35-4 on CBL Mariner 2.0 azl3 kata-containers-cc 3.2.0.azl0-3 on Azure Linux 3.0 cbl2 kata-containers 3.2.0.azl0-2 on CBL Mariner 2.0 cbl2 kernel 5.15.148.2-1 on CBL Mariner 2.0 cbl2 yasm 1.3.0-16 on CBL Mariner 2.0 cbl2 kata-containers-cc 3.2.0.azl0-3 on CBL Mariner 2.0 azl3 kernel 6.6.64.2-2 on Azure Linux 3.0 azl3 kernel 6.6.96.2-2 on Azure Linux 3.0 azl3 kernel 6.6.104.2-4 on Azure Linux 3.0 cbl2 qemu 6.2.0-25 on CBL Mariner 2.0 azl3 kernel 6.6.112.1-2 on Azure Linux 3.0 cbl2 qemu 6.2.0-26 on CBL Mariner 2.0 azl3 kernel 6.6.117.1-1 on Azure Linux 3.0 azl3 kernel 6.6.119.3-1 on Azure Linux 3.0 azl3 kernel 6.6.119.3-3 on Azure Linux 3.0 azl3 kernel 6.6.121.1-1 on Azure Linux 3.0 cbl2 kernel 5.15.200.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.126.1-1 on Azure Linux 3.0 cbl2 kernel 5.15.202.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.130.1-3 on Azure Linux 3.0 azl3 kernel 6.6.134.1-2 on Azure Linux 3.0 azl3 kernel 6.6.137.1-2 on Azure Linux 3.0 azl3 kernel 6.6.138.1-1 on Azure Linux 3.0 azl3 kernel 6.6.139.1-1 on Azure Linux 3.0 Microsoft .NET Framework 3.5 on Windows Server 2012 Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5 on Windows Server 2012 R2 Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Kernel: information disclosure in vhost/vhost.c:vhost_new_msg() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-0340 Exposure of Sensitive Information to an Unauthorized Actor 16838-16823 19673-17086 17095-17086 16838-16823 19673-17086 17095-17086 Moderate 16838-16823 19673-17086 Moderate 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 16838-16823 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 19673-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 17095-17086 CBL-Mariner Releases 16838-16823 19673-17086 17095-17086 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16838-16823 19673-17086 17095-17086 CBL-Mariner Releases 1.0 2024-01-17T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:23:13 <p>Information published.</p> Xorg-x11-server: selinux context corruption <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-0409 Out-of-bounds Write 17431-16823 19982-17086 17431-16823 19982-17086 Important 17431-16823 Important 19982-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17431-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19982-17086 CBL-Mariner Releases 17431-16823 19982-17086 No Security Update 1.20.10-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17431-16823 19982-17086 CBL-Mariner Releases 1.1 2026-02-18T03:03:14 <p>Information published.</p> 1.0 2024-09-20T00:00:00 <p>Information published.</p> Kernel: use-after-free after removing device in wb_inode_writeback_end in mm/page-writeback.c <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-0562 Use After Free 16838-16823 19670-17086 17250-17086 16838-16823 19670-17086 17250-17086 Important 16838-16823 19670-17086 Important 17250-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16838-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19670-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17250-17086 CBL-Mariner Releases 16838-16823 19670-17086 17250-17086 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16838-16823 19670-17086 17250-17086 CBL-Mariner Releases 2.0 2026-02-18T03:20:18 <p>Information published.</p> 1.0 2024-01-24T00:00:00 <p>Information published.</p> Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-0565 Integer Underflow (Wrap or Wraparound) 17427-16823 16838-16823 17065-17084 19529-17084 19793-17086 20072-17086 17427-16823 16838-16823 17065-17084 19529-17084 19793-17086 20072-17086 Important 17427-16823 Important 16838-16823 Important 17065-17084 Moderate 19529-17084 Important 19793-17086 Important 20072-17086 7.4 7.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 17427-16823 7.4 7.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 16838-16823 7.4 7.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 17065-17084 6.8 6.8 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 19529-17084 6.8 6.8 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 19793-17086 6.8 6.8 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 20072-17086 CBL-Mariner Releases 17427-16823 16838-16823 19793-17086 20072-17086 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17427-16823 16838-16823 19793-17086 20072-17086 CBL-Mariner Releases CBL-Mariner Releases 17065-17084 19529-17084 No Security Update 6.6.35.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17065-17084 19529-17084 CBL-Mariner Releases 1.2 2024-08-15T00:00:00 <p>Information published.</p> 1.0 2024-01-24T00:00:00 <p>Information published.</p> 1.1 2024-02-12T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> 1.3 2026-02-18T03:20:32 <p>Information published.</p> Kernel: potential deadlock on &net->sctp.addr_wq_lock leading to dos <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-0639 Improper Locking 17452-16823 19673-17086 17095-17086 17452-16823 19673-17086 17095-17086 Moderate 17452-16823 19673-17086 Moderate 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17452-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 17452-16823 19673-17086 17095-17086 No Security Update 5.15.148.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17452-16823 19673-17086 17095-17086 CBL-Mariner Releases 1.0 2024-01-26T00:00:00 <p>Information published.</p> 2.0 2026-02-18T03:20:44 <p>Information published.</p> Kernel: deadlock leading to denial of service in tipc_crypto_key_revoke <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-0641 Improper Locking 17452-16823 19673-17086 17095-17086 17452-16823 19673-17086 17095-17086 Moderate 17452-16823 19673-17086 Moderate 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17452-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 17452-16823 19673-17086 17095-17086 No Security Update 5.15.148.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17452-16823 19673-17086 17095-17086 CBL-Mariner Releases 1.0 2024-01-26T00:00:00 <p>Information published.</p> 2.0 2026-02-18T03:20:38 <p>Information published.</p> PKCS12 Decoding crashes <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openssl Yes CVE-2024-0727 NULL Pointer Dereference 16977-16823 17374-16823 17453-16823 17454-16823 16982-17084 17716-17084 17717-17084 17718-17084 19768-17086 19674-17086 20361-17086 19813-17086 19721-17086 19800-17086 17627-17084 19740-17084 19678-17086 19801-17086 19807-17084 17459-17084 17183-17086 19951-17086 19748-17086 19783-17084 20273-17084 19786-17084 19671-17084 17013-17084 20276-17086 18370-17084 19662-17086 19686-17084 17389-17086 17093-17086 16977-16823 17374-16823 17453-16823 17454-16823 16982-17084 17716-17084 17717-17084 17718-17084 19768-17086 19674-17086 20361-17086 19813-17086 19721-17086 19800-17086 17627-17084 19740-17084 19678-17086 19801-17086 19807-17084 17459-17084 17183-17086 19951-17086 19748-17086 19783-17084 20273-17084 19786-17084 19671-17084 17013-17084 20276-17086 18370-17084 19662-17086 19686-17084 17389-17086 17093-17086 Moderate 16977-16823 Moderate 17374-16823 Moderate 17453-16823 Moderate 17454-16823 Moderate 16982-17084 Moderate 17716-17084 Moderate 17717-17084 Moderate 17718-17084 Moderate 19768-17086 Moderate 19674-17086 Moderate 20361-17086 Moderate 19813-17086 19721-17086 Moderate 19800-17086 Moderate 17627-17084 Moderate 19740-17084 Moderate 19678-17086 Moderate 19801-17086 Moderate 19807-17084 Moderate 17459-17084 Moderate 17183-17086 19951-17086 Moderate 19748-17086 Moderate 19783-17084 Moderate 20273-17084 Moderate 19786-17084 Moderate 19671-17084 Moderate 17013-17084 Moderate 20276-17086 Moderate 18370-17084 19662-17086 Moderate 19686-17084 Moderate 17389-17086 Moderate 17093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 16977-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17374-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17453-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17454-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 16982-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17716-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17717-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17718-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19768-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19674-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20361-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19813-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19721-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19800-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17627-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19740-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19678-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19801-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19807-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17459-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17183-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19951-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19748-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19783-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20273-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19786-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17013-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20276-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18370-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19662-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19686-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17389-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17093-17086 CBL-Mariner Releases 16977-16823 16982-17084 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16977-16823 16982-17084 CBL-Mariner Releases CBL-Mariner Releases 17374-16823 No Security Update 1.0.1-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17374-16823 CBL-Mariner Releases CBL-Mariner Releases 17453-16823 17717-17084 No Security Update 1.1.1k-29 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17453-16823 17717-17084 CBL-Mariner Releases CBL-Mariner Releases 17454-16823 17718-17084 No Security Update 16.20.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17454-16823 17718-17084 CBL-Mariner Releases CBL-Mariner Releases 17716-17084 20361-17086 20273-17084 20276-17086 18370-17084 No Security Update 3.2.0.azl1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17716-17084 20361-17086 20273-17084 20276-17086 18370-17084 CBL-Mariner Releases CBL-Mariner Releases 19813-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19813-17086 CBL-Mariner Releases CBL-Mariner Releases 19740-17084 No Security Update 20.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19740-17084 CBL-Mariner Releases CBL-Mariner Releases 19678-17086 No Security Update 1.0.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19678-17086 CBL-Mariner Releases CBL-Mariner Releases 19801-17086 19807-17084 No Security Update 38.0.72.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19801-17086 19807-17084 CBL-Mariner Releases CBL-Mariner Releases 19748-17086 No Security Update 18.20.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19748-17086 CBL-Mariner Releases CBL-Mariner Releases 19786-17084 No Security Update 3.3.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19786-17084 CBL-Mariner Releases 3.0 2026-02-18T03:22:42 <p>Information published.</p> 1.0 2024-01-29T00:00:00 <p>Information published.</p> 1.1 2024-03-07T00:00:00 <p>Added kata-containers to CBL-Mariner 2.0</p> 1.2 2024-04-06T00:00:00 <p>Added hvloader to CBL-Mariner 2.0</p> 1.3 2024-06-30T07:00:00 <p>Information published.</p> 1.4 2024-07-13T00:00:00 <p>Information published.</p> 1.5 2024-08-29T00:00:00 <p>Information published.</p> 1.6 2024-08-30T00:00:00 <p>Information published.</p> 1.7 2024-08-31T00:00:00 <p>Information published.</p> 1.8 2024-09-01T00:00:00 <p>Information published.</p> 1.9 2024-09-02T00:00:00 <p>Information published.</p> 2.0 2024-09-03T00:00:00 <p>Information published.</p> 2.1 2024-09-05T00:00:00 <p>Information published.</p> 2.2 2024-09-06T00:00:00 <p>Information published.</p> 2.3 2024-09-07T00:00:00 <p>Information published.</p> 2.4 2024-09-08T00:00:00 <p>Information published.</p> 2.5 2024-09-11T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-20963 17235-16823 20261-17086 17235-16823 20261-17086 Moderate 17235-16823 Moderate 20261-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17235-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20261-17086 CBL-Mariner Releases 17235-16823 20261-17086 No Security Update 8.0.36-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17235-16823 20261-17086 CBL-Mariner Releases 1.0 2024-07-10T00:00:00 <p>Information published.</p> 2.0 2025-06-23T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 2.1 2026-02-18T03:11:38 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-20969 17235-16823 20261-17086 17235-16823 20261-17086 Moderate 17235-16823 Moderate 20261-17086 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 17235-16823 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 20261-17086 CBL-Mariner Releases 17235-16823 20261-17086 No Security Update 8.0.36-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17235-16823 20261-17086 CBL-Mariner Releases 2.0 2025-06-23T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 2.1 2026-02-18T03:11:23 <p>Information published.</p> 1.0 2024-07-10T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-20971 17235-16823 20261-17086 17235-16823 20261-17086 Moderate 17235-16823 Moderate 20261-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17235-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20261-17086 CBL-Mariner Releases 17235-16823 20261-17086 No Security Update 8.0.36-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17235-16823 20261-17086 CBL-Mariner Releases 2.1 2026-02-18T03:10:23 <p>Information published.</p> 1.0 2024-07-10T00:00:00 <p>Information published.</p> 2.0 2025-06-23T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-20977 17235-16823 20261-17086 17235-16823 20261-17086 Moderate 17235-16823 Moderate 20261-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17235-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20261-17086 CBL-Mariner Releases 17235-16823 20261-17086 No Security Update 8.0.36-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17235-16823 20261-17086 CBL-Mariner Releases 2.1 2026-02-18T03:10:12 <p>Information published.</p> 1.0 2024-07-10T00:00:00 <p>Information published.</p> 2.0 2025-06-23T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-20985 17235-16823 20261-17086 17235-16823 20261-17086 Moderate 17235-16823 Moderate 20261-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17235-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20261-17086 CBL-Mariner Releases 17235-16823 20261-17086 No Security Update 8.0.36-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17235-16823 20261-17086 CBL-Mariner Releases 2.1 2026-02-18T03:11:15 <p>Information published.</p> 1.0 2024-07-10T00:00:00 <p>Information published.</p> 2.0 2025-06-23T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> Azure IoT Platform Device SDK Remote Code Execution Vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-21646 Integer Overflow or Wraparound 17457-16823 17778-17084 19861-17084 19859-17086 17457-16823 17778-17084 19861-17084 19859-17086 Critical 17457-16823 Critical 17778-17084 Critical 19861-17084 Critical 19859-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17457-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17778-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19861-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19859-17086 CBL-Mariner Releases 17457-16823 19859-17086 No Security Update 2022.01.21-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17457-16823 19859-17086 CBL-Mariner Releases CBL-Mariner Releases 17778-17084 19861-17084 No Security Update 2024.03.04-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17778-17084 19861-17084 CBL-Mariner Releases 1.0 2024-01-16T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2026-02-18T02:15:34 <p>Information published.</p> Jinja vulnerable to Cross-Site Scripting (XSS) <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-22195 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 17280-16823 17456-16823 17499-17084 16990-17084 19846-17086 19850-17086 19397-17086 19608-17084 19400-17084 18469-17084 17280-16823 17456-16823 17499-17084 16990-17084 19846-17086 19850-17086 19397-17086 19608-17084 19400-17084 18469-17084 Moderate 17280-16823 Moderate 17456-16823 Moderate 17499-17084 Moderate 16990-17084 Moderate 19846-17086 19850-17086 Moderate 19397-17086 Moderate 19608-17084 Moderate 19400-17084 Moderate 18469-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17280-16823 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17456-16823 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17499-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 16990-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19846-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19850-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19397-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19608-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19400-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 18469-17084 CBL-Mariner Releases 17280-16823 19850-17086 19397-17086 No Security Update 18.20.3-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17280-16823 19850-17086 19397-17086 CBL-Mariner Releases CBL-Mariner Releases 17456-16823 19846-17086 No Security Update 3.0.3-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17456-16823 19846-17086 CBL-Mariner Releases CBL-Mariner Releases 17499-17084 19400-17084 No Security Update 3.1.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17499-17084 19400-17084 CBL-Mariner Releases CBL-Mariner Releases 16990-17084 19608-17084 No Security Update 20.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16990-17084 19608-17084 CBL-Mariner Releases 1.1 2025-01-17T00:00:00 <p>Added python-jinja2 to Azure Linux 3.0 Added python-jinja2 to CBL-Mariner 2.0</p> 2.0 2026-02-18T02:25:44 <p>Information published.</p> 1.0 2024-01-17T00:00:00 <p>Information published.</p> 1.2 2025-02-14T00:00:00 <p>Added nodejs18 to CBL-Mariner 2.0 Added python-jinja2 to CBL-Mariner 2.0 Added nodejs to Azure Linux 3.0 Added python-jinja2 to Azure Linux 3.0</p> BuildKit possible race condition with accessing subpaths from cache mounts <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-23651 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17447-16823 17814-17084 19798-17086 17964-17084 19422-17086 17447-16823 17814-17084 19798-17086 17964-17084 19422-17086 Important 17447-16823 Important 17814-17084 19798-17086 Important 17964-17084 Important 19422-17086 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 17447-16823 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 17814-17084 8.7 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N 19798-17086 8.7 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N 17964-17084 8.7 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N 19422-17086 CBL-Mariner Releases 17447-16823 19798-17086 19422-17086 No Security Update 20.10.27-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17447-16823 19798-17086 19422-17086 CBL-Mariner Releases CBL-Mariner Releases 17814-17084 17964-17084 No Security Update 25.0.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17814-17084 17964-17084 CBL-Mariner Releases 1.0 2024-02-05T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 2.0 2026-02-18T14:09:29 <p>Information published.</p> BuildKit interactive containers API does not validate entitlements check <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-23653 Incorrect Authorization 17444-16823 17449-16823 17450-16823 17451-16823 17799-17084 17801-17084 17814-17084 19798-17086 19808-17084 19422-17086 19784-17086 19790-17086 19794-17086 17964-17084 19815-17084 17444-16823 17449-16823 17450-16823 17451-16823 17799-17084 17801-17084 17814-17084 19798-17086 19808-17084 19422-17086 19784-17086 19790-17086 19794-17086 17964-17084 19815-17084 Critical 17444-16823 Critical 17449-16823 Critical 17450-16823 Critical 17451-16823 Critical 17799-17084 Critical 17801-17084 Critical 17814-17084 19798-17086 Critical 19808-17084 Critical 19422-17086 Critical 19784-17086 Critical 19790-17086 Critical 19794-17086 Critical 17964-17084 Critical 19815-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17444-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17449-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17450-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17451-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17799-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17801-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17814-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19798-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19808-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19422-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19784-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19790-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19794-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17964-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19815-17084 CBL-Mariner Releases 17444-16823 17450-16823 No Security Update 20.10.27-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17444-16823 17450-16823 CBL-Mariner Releases CBL-Mariner Releases 17449-16823 No Security Update 2.17.2-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17449-16823 CBL-Mariner Releases CBL-Mariner Releases 17451-16823 No Security Update 0.7.1-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17451-16823 CBL-Mariner Releases CBL-Mariner Releases 17799-17084 19815-17084 No Security Update 2.27.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17799-17084 19815-17084 CBL-Mariner Releases CBL-Mariner Releases 17801-17084 19808-17084 No Security Update 0.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17801-17084 19808-17084 CBL-Mariner Releases CBL-Mariner Releases 17814-17084 17964-17084 No Security Update 25.0.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17814-17084 17964-17084 CBL-Mariner Releases CBL-Mariner Releases 19790-17086 No Security Update 24.0.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19790-17086 CBL-Mariner Releases 2.0 2026-02-18T14:07:15 <p>Information published.</p> 1.0 2024-02-05T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1 there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-23850 Reachable Assertion 16838-16823 17065-17084 17095-17086 19673-17086 19529-17084 16838-16823 17065-17084 17095-17086 19673-17086 19529-17084 Moderate 16838-16823 Moderate 17065-17084 Moderate 17095-17086 19673-17086 Moderate 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16838-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17065-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 CBL-Mariner Releases 16838-16823 17095-17086 19673-17086 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16838-16823 17095-17086 19673-17086 CBL-Mariner Releases CBL-Mariner Releases 17065-17084 19529-17084 No Security Update 6.6.35.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17065-17084 19529-17084 CBL-Mariner Releases 1.1 2024-08-16T00:00:00 <p>Information published.</p> 2.0 2026-02-18T03:23:44 <p>Information published.</p> 1.0 2024-01-30T00:00:00 <p>Information published.</p> Grub2: bypass the grub password protection feature <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-4001 Authentication Bypass by Spoofing 20082-17086 19663-17084 20082-17086 19663-17084 Moderate 20082-17086 Moderate 19663-17084 6.8 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20082-17086 6.8 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19663-17084 1.1 2026-02-18T02:51:58 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> Shim: interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-40548 Out-of-bounds Write 19883-17086 19887-17084 19890-17084 18174-16823 17980-16823 17012-17084 17013-17084 18175-17084 19800-17086 19879-17086 19885-17084 19883-17086 19887-17084 19890-17084 18174-16823 17980-16823 17012-17084 17013-17084 18175-17084 19800-17086 19879-17086 19885-17084 Important 19883-17086 Important 19887-17084 Important 19890-17084 Important 18174-16823 Important 17980-16823 Important 17012-17084 Important 17013-17084 Important 18175-17084 Important 19800-17086 Important 19879-17086 Important 19885-17084 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19883-17086 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19887-17084 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19890-17084 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 18174-16823 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17980-16823 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17012-17084 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17013-17084 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 18175-17084 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19800-17086 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19879-17086 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19885-17084 CBL-Mariner Releases 19883-17086 18174-16823 17980-16823 19879-17086 No Security Update 15.8-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19883-17086 18174-16823 17980-16823 19879-17086 CBL-Mariner Releases CBL-Mariner Releases 19887-17084 19890-17084 17012-17084 17013-17084 18175-17084 19885-17084 No Security Update 15.8-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19887-17084 19890-17084 17012-17084 17013-17084 18175-17084 19885-17084 CBL-Mariner Releases 1.1 2024-12-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.2 2024-12-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.5 2024-12-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.0 2024-12-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.1 2024-12-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.2 2024-12-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.3 2024-12-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.4 2024-12-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.5 2024-12-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.9 2024-12-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.5 2024-12-31T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.0 2025-01-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.5 2025-01-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.8 2025-01-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.3 2025-01-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.4 2025-01-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.6 2025-01-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.7 2025-01-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.8 2025-01-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.0 2025-01-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.2 2025-01-29T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.3 2025-01-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.4 2025-02-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.5 2025-02-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.8 2025-02-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.9 2025-02-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.0 2025-02-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.3 2025-02-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.4 2025-02-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.9 2025-02-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.0 2025-02-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.1 2025-02-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.6 2025-02-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.8 2025-02-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.9 2025-02-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.1 2025-03-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.2 2025-03-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.3 2025-03-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.6 2025-03-06T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.7 2025-03-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.8 2025-03-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.6 2025-03-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.7 2025-03-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.9 2025-03-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.2 2025-03-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.5 2025-03-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.6 2025-03-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.7 2025-03-29T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.8 2025-03-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.9 2025-03-31T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.0 2025-04-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.2 2025-04-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.4 2025-04-06T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.5 2025-04-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.6 2025-04-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.1 2025-04-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.2 2025-04-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.5 2025-04-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.7 2025-04-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.3 2025-04-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.4 2025-04-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.5 2025-04-29T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.6 2025-04-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.7 2025-05-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.9 2025-05-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.0 2025-05-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.1 2025-05-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.3 2025-05-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.4 2025-05-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.7 2025-05-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.4 2025-05-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.6 2025-05-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.7 2025-05-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.8 2025-05-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 17.0 2025-05-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 17.1 2025-05-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 17.3 2025-05-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 19.0 2025-05-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 21.0 2025-06-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 22.1 2026-02-18T14:13:39 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.3 2024-12-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.4 2024-12-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.6 2024-12-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.7 2024-12-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.8 2024-12-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.9 2024-12-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.6 2024-12-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.7 2024-12-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.8 2024-12-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.0 2024-12-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.1 2024-12-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.2 2024-12-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.3 2024-12-29T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.4 2024-12-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.6 2025-01-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.7 2025-01-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.8 2025-01-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.9 2025-01-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.1 2025-01-06T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.2 2025-01-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.3 2025-01-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.4 2025-01-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.6 2025-01-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.7 2025-01-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.9 2025-01-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.0 2025-01-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.1 2025-01-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.2 2025-01-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.5 2025-01-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.9 2025-01-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.1 2025-01-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.6 2025-02-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.7 2025-02-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.1 2025-02-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.2 2025-02-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.5 2025-02-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.6 2025-02-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.7 2025-02-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.8 2025-02-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.2 2025-02-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.3 2025-02-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.4 2025-02-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.5 2025-02-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.7 2025-02-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.0 2025-02-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.4 2025-03-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.5 2025-03-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.9 2025-03-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.0 2025-03-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.1 2025-03-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.2 2025-03-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.3 2025-03-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.4 2025-03-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.5 2025-03-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.8 2025-03-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.0 2025-03-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.1 2025-03-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.3 2025-03-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.4 2025-03-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.1 2025-04-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.3 2025-04-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.7 2025-04-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.8 2025-04-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.9 2025-04-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.0 2025-04-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.3 2025-04-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.4 2025-04-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.6 2025-04-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.8 2025-04-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.9 2025-04-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.0 2025-04-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.1 2025-04-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.2 2025-04-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.8 2025-05-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.2 2025-05-06T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.5 2025-05-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.6 2025-05-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.8 2025-05-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.9 2025-05-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.0 2025-05-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.1 2025-05-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.2 2025-05-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.3 2025-05-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.5 2025-05-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.9 2025-05-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 17.2 2025-05-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 18.0 2025-05-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 20.0 2025-05-31T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 22.0 2025-06-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> Shim: out-of-bound read in verify_buffer_sbat() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-40550 Out-of-bounds Read 19800-17086 19879-17086 19885-17084 19887-17084 18174-16823 17980-16823 17012-17084 17013-17084 18175-17084 19883-17086 19890-17084 19800-17086 19879-17086 19885-17084 19887-17084 18174-16823 17980-16823 17012-17084 17013-17084 18175-17084 19883-17086 19890-17084 Moderate 19800-17086 Moderate 19879-17086 Moderate 19885-17084 Moderate 19887-17084 Moderate 18174-16823 Moderate 17980-16823 Moderate 17012-17084 Moderate 17013-17084 Moderate 18175-17084 Moderate 19883-17086 Moderate 19890-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19800-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19879-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19885-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19887-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18174-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17980-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17012-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17013-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18175-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19883-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19890-17084 CBL-Mariner Releases 19879-17086 18174-16823 17980-16823 19883-17086 No Security Update 15.8-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19879-17086 18174-16823 17980-16823 19883-17086 CBL-Mariner Releases CBL-Mariner Releases 19885-17084 19887-17084 17012-17084 17013-17084 18175-17084 19890-17084 No Security Update 15.8-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19885-17084 19887-17084 17012-17084 17013-17084 18175-17084 19890-17084 CBL-Mariner Releases 1.2 2024-12-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.3 2024-12-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.6 2024-12-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.9 2024-12-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.0 2024-12-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.1 2024-12-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.2 2024-12-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.4 2024-12-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.5 2024-12-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.6 2024-12-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.7 2024-12-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.9 2024-12-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.4 2024-12-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.5 2024-12-31T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.6 2025-01-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.7 2025-01-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.2 2025-01-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.3 2025-01-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.5 2025-01-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.8 2025-01-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.4 2025-01-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.7 2025-01-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.8 2025-01-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.0 2025-01-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.1 2025-01-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.2 2025-01-29T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.3 2025-01-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.4 2025-02-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.5 2025-02-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.6 2025-02-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.8 2025-02-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.9 2025-02-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.0 2025-02-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.3 2025-02-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.9 2025-02-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.0 2025-02-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.1 2025-02-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.3 2025-02-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.5 2025-02-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.6 2025-02-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.8 2025-02-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.0 2025-02-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.1 2025-03-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.3 2025-03-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.4 2025-03-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.6 2025-03-06T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.0 2025-03-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.9 2025-03-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.1 2025-03-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.2 2025-03-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.6 2025-03-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.0 2025-04-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.2 2025-04-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.5 2025-04-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.6 2025-04-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.7 2025-04-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.1 2025-04-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.2 2025-04-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.0 2025-04-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.4 2025-04-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.6 2025-04-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.7 2025-05-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.9 2025-05-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.1 2025-05-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.3 2025-05-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.4 2025-05-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.7 2025-05-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.8 2025-05-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.0 2025-05-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.6 2025-05-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.7 2025-05-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 17.1 2025-05-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 17.2 2025-05-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 17.3 2025-05-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 19.0 2025-05-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 20.0 2025-05-31T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 22.1 2026-02-18T14:15:28 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-12-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.4 2024-12-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.5 2024-12-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.7 2024-12-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.8 2024-12-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.3 2024-12-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.8 2024-12-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.0 2024-12-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.1 2024-12-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.2 2024-12-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.3 2024-12-29T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.8 2025-01-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.9 2025-01-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.0 2025-01-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.1 2025-01-06T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.4 2025-01-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.6 2025-01-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.7 2025-01-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.9 2025-01-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.0 2025-01-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.1 2025-01-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.2 2025-01-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.3 2025-01-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.5 2025-01-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.6 2025-01-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.9 2025-01-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.7 2025-02-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.1 2025-02-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.2 2025-02-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.4 2025-02-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.5 2025-02-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.6 2025-02-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.7 2025-02-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.8 2025-02-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.2 2025-02-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.4 2025-02-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.7 2025-02-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.9 2025-02-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.2 2025-03-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.5 2025-03-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.7 2025-03-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.8 2025-03-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.9 2025-03-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.1 2025-03-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.2 2025-03-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.3 2025-03-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.4 2025-03-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.5 2025-03-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.6 2025-03-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.7 2025-03-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.8 2025-03-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.0 2025-03-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.3 2025-03-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.4 2025-03-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.5 2025-03-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.7 2025-03-29T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.8 2025-03-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.9 2025-03-31T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.1 2025-04-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.3 2025-04-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.4 2025-04-06T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.8 2025-04-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.9 2025-04-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.0 2025-04-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.3 2025-04-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.4 2025-04-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.5 2025-04-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.6 2025-04-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.7 2025-04-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.8 2025-04-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.9 2025-04-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.1 2025-04-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.2 2025-04-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.3 2025-04-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.5 2025-04-29T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.8 2025-05-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.0 2025-05-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.2 2025-05-06T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.5 2025-05-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.6 2025-05-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.9 2025-05-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.1 2025-05-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.2 2025-05-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.3 2025-05-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.4 2025-05-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.5 2025-05-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.8 2025-05-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.9 2025-05-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 17.0 2025-05-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 18.0 2025-05-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 21.0 2025-06-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 22.0 2025-06-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> Infinite loop in EDK II Network Package <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner TianoCore Yes CVE-2023-45232 Loop with Unreachable Exit Condition ('Infinite Loop') 17859-17084 19674-17086 19662-17086 17459-17084 17374-16823 18132-16823 18131-17084 19678-17086 17093-17086 17859-17084 19674-17086 19662-17086 17459-17084 17374-16823 18132-16823 18131-17084 19678-17086 17093-17086 Important 17859-17084 Important 19674-17086 19662-17086 Important 17459-17084 Important 17374-16823 Important 18132-16823 Important 18131-17084 Important 19678-17086 Important 17093-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17859-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19674-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19662-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17459-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17374-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18132-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18131-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19678-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17093-17086 CBL-Mariner Releases 17859-17084 18131-17084 No Security Update 20240223gitedc6681206c1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17859-17084 18131-17084 CBL-Mariner Releases CBL-Mariner Releases 19674-17086 18132-16823 No Security Update 20230301gitf80f052277c8-40 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19674-17086 18132-16823 CBL-Mariner Releases CBL-Mariner Releases 17374-16823 No Security Update 1.0.1-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17374-16823 CBL-Mariner Releases CBL-Mariner Releases 19678-17086 No Security Update 1.0.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19678-17086 CBL-Mariner Releases 2.0 2026-02-18T14:55:21 <p>Information published.</p> 1.0 2024-04-08T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-09-24T00:00:00 <p>Information published.</p> Infinite loop in EDK II Network Package <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner TianoCore Yes CVE-2023-45233 Loop with Unreachable Exit Condition ('Infinite Loop') 19662-17086 17459-17084 17093-17086 18132-16823 17374-16823 18131-17084 17859-17084 19678-17086 19674-17086 19662-17086 17459-17084 17093-17086 18132-16823 17374-16823 18131-17084 17859-17084 19678-17086 19674-17086 19662-17086 Important 17459-17084 Important 17093-17086 Important 18132-16823 Important 17374-16823 Important 18131-17084 Important 17859-17084 Important 19678-17086 Important 19674-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19662-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17459-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17093-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18132-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17374-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18131-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17859-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19678-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19674-17086 CBL-Mariner Releases 18132-16823 19674-17086 No Security Update 20230301gitf80f052277c8-40 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18132-16823 19674-17086 CBL-Mariner Releases CBL-Mariner Releases 17374-16823 No Security Update 1.0.1-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17374-16823 CBL-Mariner Releases CBL-Mariner Releases 18131-17084 17859-17084 No Security Update 20240223gitedc6681206c1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18131-17084 17859-17084 CBL-Mariner Releases CBL-Mariner Releases 19678-17086 No Security Update 1.0.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19678-17086 CBL-Mariner Releases 1.0 2024-04-08T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-09-24T00:00:00 <p>Information published.</p> 2.0 2026-02-18T14:24:54 <p>Information published.</p> Buffer Overflow in EDK II Network Package <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner TianoCore Yes CVE-2023-45235 Improper Restriction of Operations within the Bounds of a Memory Buffer 19678-17086 19674-17086 19662-17086 17093-17086 18132-16823 17374-16823 18131-17084 17859-17084 17459-17084 19678-17086 19674-17086 19662-17086 17093-17086 18132-16823 17374-16823 18131-17084 17859-17084 17459-17084 Important 19678-17086 Important 19674-17086 19662-17086 Important 17093-17086 Important 18132-16823 Important 17374-16823 Important 18131-17084 Important 17859-17084 Important 17459-17084 8.8 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19678-17086 8.8 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19674-17086 8.3 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H 19662-17086 8.3 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H 17093-17086 8.8 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18132-16823 8.8 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17374-16823 8.8 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18131-17084 8.8 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17859-17084 8.3 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H 17459-17084 CBL-Mariner Releases 19678-17086 No Security Update 1.0.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19678-17086 CBL-Mariner Releases CBL-Mariner Releases 19674-17086 18132-16823 No Security Update 20230301gitf80f052277c8-40 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19674-17086 18132-16823 CBL-Mariner Releases CBL-Mariner Releases 17374-16823 No Security Update 1.0.1-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17374-16823 CBL-Mariner Releases CBL-Mariner Releases 18131-17084 17859-17084 No Security Update 20240223gitedc6681206c1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18131-17084 17859-17084 CBL-Mariner Releases 2.0 2026-02-18T14:52:19 <p>Information published.</p> 1.0 2024-04-08T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-09-24T00:00:00 <p>Information published.</p> Use of a Weak PseudoRandom Number Generator in EDK II Network Package <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner TianoCore Yes CVE-2023-45237 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 17859-17084 19674-17086 19678-17086 19662-17086 17459-17084 17093-17086 17321-16823 18132-16823 18131-17084 17859-17084 19674-17086 19678-17086 19662-17086 17459-17084 17093-17086 17321-16823 18132-16823 18131-17084 Important 17859-17084 Important 19674-17086 Important 19678-17086 19662-17086 Moderate 17459-17084 Moderate 17093-17086 Important 17321-16823 Important 18132-16823 Important 18131-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17859-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19674-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19678-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19662-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 17459-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 17093-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17321-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 18132-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 18131-17084 CBL-Mariner Releases 17859-17084 18131-17084 No Security Update 20240223gitedc6681206c1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17859-17084 18131-17084 CBL-Mariner Releases CBL-Mariner Releases 19674-17086 18132-16823 No Security Update 20230301gitf80f052277c8-40 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19674-17086 18132-16823 CBL-Mariner Releases CBL-Mariner Releases 19678-17086 17321-16823 No Security Update 1.0.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19678-17086 17321-16823 CBL-Mariner Releases 2.0 2026-02-18T03:08:05 <p>Information published.</p> 1.0 2024-04-08T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-09-24T00:00:00 <p>Information published.</p> Linux: netback processing of zero-length transmit fragment <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner XEN Yes CVE-2023-46838 NULL Pointer Dereference 16838-16823 17065-17084 19670-17086 17651-17084 17250-17086 16838-16823 17065-17084 19670-17086 17651-17084 17250-17086 Important 16838-16823 Important 17065-17084 19670-17086 Important 17651-17084 Important 17250-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16838-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17065-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19670-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17651-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17250-17086 CBL-Mariner Releases 16838-16823 19670-17086 17250-17086 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16838-16823 19670-17086 17250-17086 CBL-Mariner Releases CBL-Mariner Releases 17065-17084 17651-17084 No Security Update 6.6.35.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17065-17084 17651-17084 CBL-Mariner Releases 2.0 2026-02-18T14:01:31 <p>Information published.</p> 1.0 2024-02-02T00:00:00 <p>Information published.</p> Maliciously crafted Git server replies can cause DoS on go-git clients <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Bitdefender Yes CVE-2023-49568 Improper Input Validation 19928-17086 18129-16823 18130-16823 18041-17084 19962-17084 19928-17086 18129-16823 18130-16823 18041-17084 19962-17084 Important 19928-17086 Important 18129-16823 Important 18130-16823 Important 18041-17084 Important 19962-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19928-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18129-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18130-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18041-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19962-17084 CBL-Mariner Releases 19928-17086 No Security Update 1.10.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19928-17086 CBL-Mariner Releases CBL-Mariner Releases 18129-16823 No Security Update 1.22.3-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18129-16823 CBL-Mariner Releases CBL-Mariner Releases 18130-16823 No Security Update 1.9.5-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18130-16823 CBL-Mariner Releases CBL-Mariner Releases 18041-17084 19962-17084 No Security Update 1.9.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18041-17084 19962-17084 CBL-Mariner Releases 1.1 2024-08-16T00:00:00 <p>Information published.</p> 1.0 2024-01-26T00:00:00 <p>Information published.</p> 1.2 2026-02-18T03:21:11 <p>Information published.</p> `serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-50711 Out-of-bounds Write 19768-17086 19700-17086 19788-17084 17649-17084 18195-16823 19695-17086 19703-17086 19783-17084 19795-17084 19768-17086 19700-17086 19788-17084 17649-17084 18195-16823 19695-17086 19703-17086 19783-17084 19795-17084 Critical 19768-17086 Critical 19700-17086 Critical 19788-17084 Critical 17649-17084 Critical 18195-16823 Critical 19695-17086 Critical 19703-17086 Moderate 19783-17084 Critical 19795-17084 5.7 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L 19768-17086 5.7 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L 19700-17086 5.7 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L 19788-17084 5.7 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L 17649-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18195-16823 5.7 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L 19695-17086 5.7 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L 19703-17086 5.7 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L 19783-17084 5.7 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L 19795-17084 CBL-Mariner Releases 19768-17086 18195-16823 No Security Update 32.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19768-17086 18195-16823 CBL-Mariner Releases CBL-Mariner Releases 19700-17086 19695-17086 No Security Update 3.2.0.azl2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19700-17086 19695-17086 CBL-Mariner Releases CBL-Mariner Releases 19788-17084 19795-17084 No Security Update 3.15.0.aks0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19788-17084 19795-17084 CBL-Mariner Releases 1.0 2024-01-08T00:00:00 <p>Information published.</p> 1.1 2025-05-27T00:00:00 <p>Added kata-containers to Azure Linux 3.0 Added kata-containers-cc to Azure Linux 3.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added cloud-hypervisor to CBL-Mariner 2.0</p> 1.2 2026-02-18T02:05:39 <p>Information published.</p> In the Linux kernel before 6.4.12 amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-51042 Use After Free 17095-17086 17452-16823 19673-17086 17095-17086 17452-16823 19673-17086 Important 17095-17086 Important 17452-16823 19673-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17095-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17452-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19673-17086 CBL-Mariner Releases 17095-17086 17452-16823 19673-17086 No Security Update 5.15.148.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17095-17086 17452-16823 19673-17086 CBL-Mariner Releases 1.0 2024-01-30T00:00:00 <p>Information published.</p> 2.0 2026-02-18T03:23:29 <p>Information published.</p> An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset the maximum negotiable TLS version is mishandled. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner MITRE Yes CVE-2023-52353 19809-17086 19662-17086 17459-17084 17238-17086 17093-17086 19809-17086 19662-17086 17459-17084 17238-17086 17093-17086 19809-17086 19662-17086 Important 17459-17084 Important 17238-17086 Important 17093-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19809-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19662-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 17459-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 17238-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 17093-17086 CBL-Mariner Releases 19809-17086 17238-17086 No Security Update 1.0.1-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19809-17086 17238-17086 CBL-Mariner Releases 1.0 2024-11-28T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:22:54 <p>Information published.</p> Kernel: gc's deletion of an skb races with unix_stream_read_generic() leading to uaf <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-6531 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 19673-17086 16960-16823 17065-17084 19529-17084 17095-17086 19673-17086 16960-16823 17065-17084 19529-17084 17095-17086 19673-17086 Important 16960-16823 Important 17065-17084 Important 19529-17084 Important 17095-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19673-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 16960-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17065-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19529-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17095-17086 CBL-Mariner Releases 19673-17086 16960-16823 17095-17086 No Security Update 5.15.148.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19673-17086 16960-16823 17095-17086 CBL-Mariner Releases CBL-Mariner Releases 17065-17084 19529-17084 No Security Update 6.6.35.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17065-17084 19529-17084 CBL-Mariner Releases 1.0 2024-01-30T00:00:00 <p>Information published.</p> 2.0 2026-02-18T03:23:07 <p>Information published.</p> Xorg-x11-server: heap buffer overflow in devicefocusevent and procxiquerypointer <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-6816 Out-of-bounds Write 19982-17086 17430-16823 17816-17084 19982-17086 17430-16823 17816-17084 Critical 19982-17086 Critical 17430-16823 Critical 17816-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19982-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17430-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17816-17084 CBL-Mariner Releases 19982-17086 17430-16823 No Security Update 1.20.10-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19982-17086 17430-16823 CBL-Mariner Releases 1.1 2026-02-18T03:04:29 <p>Information published.</p> 1.0 2024-01-19T00:00:00 <p>Information published.</p> Kernel: refcount leak in ctnetlink_create_conntrack() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-7192 Missing Release of Memory after Effective Lifetime 19673-17086 17452-16823 17095-17086 19673-17086 17452-16823 17095-17086 19673-17086 Moderate 17452-16823 Moderate 17095-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19673-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17452-16823 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 19673-17086 17452-16823 17095-17086 No Security Update 5.15.148.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19673-17086 17452-16823 17095-17086 CBL-Mariner Releases 1.0 2024-01-09T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:08:41 <p>Information published.</p> It was discovered that a nft object or expression could reference a nft set on a different nft table leading to a use-after-free once that table was deleted. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner canonical Yes CVE-2022-2586 Use After Free 16838-16823 19673-17086 17095-17086 16838-16823 19673-17086 17095-17086 Important 16838-16823 19673-17086 Moderate 17095-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16838-16823 5.3 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H 19673-17086 5.3 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H 17095-17086 CBL-Mariner Releases 16838-16823 19673-17086 17095-17086 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16838-16823 19673-17086 17095-17086 CBL-Mariner Releases 2.0 2026-02-18T02:12:25 <p>Information published.</p> 1.0 2024-01-13T00:00:00 <p>Information published.</p> It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner canonical Yes CVE-2022-2588 Double Free 16838-16823 17233-17086 19731-17086 16838-16823 17233-17086 19731-17086 Important 16838-16823 Important 17233-17086 19731-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16838-16823 5.3 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H 17233-17086 5.3 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H 19731-17086 CBL-Mariner Releases 16838-16823 17233-17086 19731-17086 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16838-16823 17233-17086 19731-17086 CBL-Mariner Releases 2.0 2026-02-18T02:13:22 <p>Information published.</p> 1.0 2024-01-13T00:00:00 <p>Information published.</p> Heap Buffer Overflow in Tcg2MeasurePeImage <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner TianoCore Yes CVE-2022-36764 Improper Restriction of Operations within the Bounds of a Memory Buffer 19674-17086 19662-17086 17459-17084 18131-17084 17859-17084 19678-17086 17093-17086 19674-17086 19662-17086 17459-17084 18131-17084 17859-17084 19678-17086 17093-17086 Important 19674-17086 19662-17086 Important 17459-17084 Important 18131-17084 Important 17859-17084 Important 19678-17086 Important 17093-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H 19674-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H 19662-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H 17459-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18131-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H 17859-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H 19678-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H 17093-17086 CBL-Mariner Releases 19674-17086 No Security Update 20230301gitf80f052277c8-40 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19674-17086 CBL-Mariner Releases CBL-Mariner Releases 18131-17084 17859-17084 No Security Update 20240223gitedc6681206c1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18131-17084 17859-17084 CBL-Mariner Releases CBL-Mariner Releases 19678-17086 No Security Update 1.0.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19678-17086 CBL-Mariner Releases 2.0 2026-02-18T14:45:58 <p>Information published.</p> 1.0 2024-04-08T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-09-24T00:00:00 <p>Information published.</p> Integer Overflow in CreateHob <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner TianoCore Yes CVE-2022-36765 Improper Restriction of Operations within the Bounds of a Memory Buffer 17459-17084 17093-17086 18131-17084 17859-17084 19678-17086 19674-17086 19662-17086 17459-17084 17093-17086 18131-17084 17859-17084 19678-17086 19674-17086 19662-17086 Important 17459-17084 Important 17093-17086 Important 18131-17084 Important 17859-17084 Important 19678-17086 Important 19674-17086 19662-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H 17459-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H 17093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18131-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H 17859-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H 19678-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H 19674-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H 19662-17086 CBL-Mariner Releases 18131-17084 17859-17084 No Security Update 20240223gitedc6681206c1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18131-17084 17859-17084 CBL-Mariner Releases CBL-Mariner Releases 19678-17086 No Security Update 1.0.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19678-17086 CBL-Mariner Releases CBL-Mariner Releases 19674-17086 No Security Update 20230301gitf80f052277c8-40 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19674-17086 CBL-Mariner Releases 1.0 2024-04-08T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-09-24T00:00:00 <p>Information published.</p> 2.0 2026-02-18T14:32:14 <p>Information published.</p> In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10 the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-48622 Out-of-bounds Write 18843-17084 19751-17086 18843-17084 19751-17086 Important 18843-17084 Important 19751-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18843-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19751-17086 CBL-Mariner Releases 18843-17084 No Security Update 2.42.10-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18843-17084 CBL-Mariner Releases CBL-Mariner Releases 19751-17086 No Security Update 2.40.0-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19751-17086 CBL-Mariner Releases 1.2 2024-10-15T00:00:00 <p>Added gdk-pixbuf2 to Azure Linux 3.0 Added gdk-pixbuf2 to CBL-Mariner 2.0</p> 1.3 2026-02-18T14:03:46 <p>Information published.</p> 1.0 2024-09-23T00:00:00 <p>Information published.</p> 1.1 2024-09-24T00:00:00 <p>Information published.</p> Opencryptoki: timing side-channel in handling of rsa pkcs#1 v1.5 padded ciphertexts (marvin) <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-0914 Observable Discrepancy 17779-17084 17779-17084 Moderate 17779-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17779-17084 CBL-Mariner Releases 17779-17084 No Security Update 3.24.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17779-17084 CBL-Mariner Releases 1.0 2025-05-15T00:00:00 <p>Information published.</p> A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the new_Token function in the modules/preprocs/nasm/nasm-pp:1512. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-51258 Missing Release of Memory after Effective Lifetime 18874-17086 18417-17084 20358-17086 18874-17086 18417-17084 20358-17086 Moderate 18874-17086 Moderate 18417-17084 20358-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18874-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18417-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20358-17086 CBL-Mariner Releases 18874-17086 18417-17084 20358-17086 No Security Update 1.3.0-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18874-17086 18417-17084 20358-17086 CBL-Mariner Releases 3.0 2026-02-18T03:21:25 <p>Information published.</p> 1.0 2025-05-27T00:00:00 <p>Information published.</p> 2.0 2025-07-11T00:00:00 <p>Added yasm to CBL-Mariner 2.0 Added yasm to Azure Linux 3.0</p> Qemu: vnc: null pointer dereference in qemu_clipboard_request() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-6683 NULL Pointer Dereference 17459-17084 17093-17086 18121-16823 18122-17084 19662-17086 17459-17084 17093-17086 18121-16823 18122-17084 19662-17086 Moderate 17459-17084 Moderate 17093-17086 Moderate 18121-16823 Moderate 18122-17084 19662-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17459-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17093-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18121-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18122-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19662-17086 CBL-Mariner Releases 17459-17084 18122-17084 No Security Update 8.2.0-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17459-17084 18122-17084 CBL-Mariner Releases CBL-Mariner Releases 17093-17086 18121-16823 19662-17086 No Security Update 6.2.0-21 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17093-17086 18121-16823 19662-17086 CBL-Mariner Releases 3.0 2026-02-18T02:48:05 <p>Information published.</p> 1.0 2025-03-26T00:00:00 <p>Information published.</p> 2.0 2025-04-22T00:00:00 <p>Information published.</p> Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-6693 Stack-based Buffer Overflow 19662-17086 17459-17084 18121-16823 18122-17084 17093-17086 19662-17086 17459-17084 18121-16823 18122-17084 17093-17086 19662-17086 Moderate 17459-17084 Moderate 18121-16823 Moderate 18122-17084 Moderate 17093-17086 4.9 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 19662-17086 4.9 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 17459-17084 4.9 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 18121-16823 4.9 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 18122-17084 4.9 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 17093-17086 CBL-Mariner Releases 19662-17086 18121-16823 17093-17086 No Security Update 6.2.0-21 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19662-17086 18121-16823 17093-17086 CBL-Mariner Releases CBL-Mariner Releases 17459-17084 18122-17084 No Security Update 8.2.0-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17459-17084 18122-17084 CBL-Mariner Releases 2.0 2025-04-22T00:00:00 <p>Information published.</p> 3.0 2026-02-18T01:01:46 <p>Information published.</p> 1.0 2025-03-26T00:00:00 <p>Information published.</p> Memory corruption issues is Cloudflare zlib implementation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner cloudflare Yes CVE-2023-6992 Improper Input Validation 19826-17086 19766-17086 19752-17086 19746-17084 18101-17086 16825-17084 16826-17084 18109-17084 19826-17086 19766-17086 19752-17086 19746-17084 18101-17086 16825-17084 16826-17084 18109-17084 19826-17086 Moderate 19766-17086 Moderate 19752-17086 Moderate 19746-17084 Moderate 18101-17086 Moderate 16825-17084 Moderate 16826-17084 Moderate 18109-17084 4.0 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L 19826-17086 4.0 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L 19766-17086 4.0 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L 19752-17086 4.0 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L 19746-17084 4.0 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L 18101-17086 4.0 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L 16825-17084 4.0 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L 16826-17084 4.0 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L 18109-17084 CBL-Mariner Releases 16825-17084 No Security Update 2.5.12-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16825-17084 CBL-Mariner Releases CBL-Mariner Releases 16826-17084 No Security Update 1.3.8-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16826-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:11:25 <p>Information published.</p> Improper Handling of Missing Values in Wireshark <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2024-0208 Improper Handling of Missing Values 19523-17084 19523-17084 Important 19523-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19523-17084 CBL-Mariner Releases 19523-17084 No Security Update 4.4.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19523-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-23744 19809-17086 17238-17086 19809-17086 17238-17086 19809-17086 Important 17238-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19809-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17238-17086 CBL-Mariner Releases 19809-17086 17238-17086 No Security Update 1.0.1-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19809-17086 17238-17086 CBL-Mariner Releases 1.0 2024-11-28T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:23:26 <p>Information published.</p> Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner canonical Yes CVE-2023-7207 Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;) 20057-17086 19221-17086 20057-17086 19221-17086 20057-17086 Moderate 19221-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 20057-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 19221-17086 1.0 2025-09-03T21:21:35 <p>Information published.</p> 2.0 2026-02-20T23:17:19 <p>Information published.</p> The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-0745 Out-of-bounds Write 18469-17084 18469-17084 Important 18469-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18469-17084 1.0 2025-09-03T21:46:31 <p>Information published.</p> 1.1 2026-02-18T15:15:37 <p>Information published.</p> An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-49557 20202-17086 19525-17084 20202-17086 19525-17084 Moderate 20202-17086 Moderate 19525-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20202-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19525-17084 1.0 2025-09-03T22:46:34 <p>Information published.</p> 1.1 2025-11-19T01:34:44 <p>Information published.</p> In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-0753 18469-17084 18469-17084 Moderate 18469-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 18469-17084 1.0 2025-09-03T22:47:46 <p>Information published.</p> 1.1 2026-02-18T15:18:06 <p>Information published.</p> Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-49556 20202-17086 19525-17084 20202-17086 19525-17084 Moderate 20202-17086 Moderate 19525-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20202-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19525-17084 1.0 2025-09-03T22:51:24 <p>Information published.</p> An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-49555 20202-17086 19525-17084 20202-17086 19525-17084 Moderate 20202-17086 Moderate 19525-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20202-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19525-17084 1.0 2025-09-03T22:55:23 <p>Information published.</p> 1.1 2025-11-19T01:35:17 <p>Information published.</p> Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-49554 Use After Free 19525-17084 20202-17086 19525-17084 20202-17086 Moderate 19525-17084 Moderate 20202-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19525-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20202-17086 1.0 2025-09-03T22:59:59 <p>Information published.</p> 1.1 2025-11-19T01:35:48 <p>Information published.</p> An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-49558 19525-17084 20202-17086 19525-17084 20202-17086 Moderate 19525-17084 Moderate 20202-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19525-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20202-17086 1.0 2025-09-03T23:05:13 <p>Information published.</p> aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-23829 Inconsistent Interpretation of HTTP Requests (&#39;HTTP Request/Response Smuggling&#39;) 18469-17084 18469-17084 Moderate 18469-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 18469-17084 1.0 2025-09-03T23:12:33 <p>Information published.</p> 1.1 2026-02-18T14:49:03 <p>Information published.</p> Kernel: aoe: improper reference count leads to use-after-free vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-6270 Use After Free 19682-17086 18490-17086 19529-17084 19682-17086 18490-17086 19529-17084 19682-17086 Important 18490-17086 Important 19529-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19682-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 18490-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19529-17084 1.0 2025-09-04T00:59:32 <p>Information published.</p> 2.0 2026-02-21T03:04:44 <p>Information published.</p> Gnutls: incomplete fix for cve-2023-5981 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-0553 Observable Discrepancy 17380-16823 17820-17084 20076-17084 17380-16823 17820-17084 20076-17084 Important 17380-16823 Important 17820-17084 Important 20076-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17380-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17820-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 20076-17084 CBL-Mariner Releases 17380-16823 No Security Update 3.7.11-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17380-16823 CBL-Mariner Releases CBL-Mariner Releases 17820-17084 20076-17084 No Security Update 3.8.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17820-17084 20076-17084 CBL-Mariner Releases 1.1 2026-02-18T02:51:20 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> Gnutls: rejects certificate chain with distributed trust <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-0567 Improper Verification of Cryptographic Signature 17380-16823 17820-17084 20076-17084 17380-16823 17820-17084 20076-17084 Important 17380-16823 Important 17820-17084 Important 20076-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17380-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17820-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20076-17084 CBL-Mariner Releases 17380-16823 No Security Update 3.7.11-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17380-16823 CBL-Mariner Releases CBL-Mariner Releases 17820-17084 20076-17084 No Security Update 3.8.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17820-17084 20076-17084 CBL-Mariner Releases 1.2 2026-02-18T02:50:48 <p>Information published.</p> 1.0 2024-01-19T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> Kernel: nf_tables: pointer math issue in nft_byteorder_eval() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-0607 Improper Handling of Values 17452-16823 17062-17084 19673-17086 19529-17084 17095-17086 17452-16823 17062-17084 19673-17086 19529-17084 17095-17086 Moderate 17452-16823 Moderate 17062-17084 19673-17086 Moderate 19529-17084 Moderate 17095-17086 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 17452-16823 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 17062-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 19673-17086 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 19529-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 17095-17086 CBL-Mariner Releases 17452-16823 19673-17086 17095-17086 No Security Update 5.15.148.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17452-16823 19673-17086 17095-17086 CBL-Mariner Releases CBL-Mariner Releases 17062-17084 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17062-17084 CBL-Mariner Releases CBL-Mariner Releases 19529-17084 No Security Update 6.6.29.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 CBL-Mariner Releases 1.0 2024-01-27T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 2.0 2026-02-18T03:21:33 <p>Information published.</p> Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-0646 Out-of-bounds Write 16838-16823 17065-17084 19670-17086 17651-17084 17250-17086 16838-16823 17065-17084 19670-17086 17651-17084 17250-17086 Important 16838-16823 Important 17065-17084 19670-17086 Important 17651-17084 Important 17250-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16838-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17065-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19670-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17651-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17250-17086 CBL-Mariner Releases 16838-16823 19670-17086 17250-17086 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16838-16823 19670-17086 17250-17086 CBL-Mariner Releases CBL-Mariner Releases 17065-17084 17651-17084 No Security Update 6.6.35.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17065-17084 17651-17084 CBL-Mariner Releases 1.1 2024-08-15T00:00:00 <p>Information published.</p> 1.0 2024-01-26T00:00:00 <p>Information published.</p> 2.0 2026-02-18T03:20:53 <p>Information published.</p> Kernel: use-after-free while changing the mount option in __ext4_remount leading <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-0775 Use After Free 16838-16823 19673-17086 17095-17086 16838-16823 19673-17086 17095-17086 Important 16838-16823 19673-17086 Moderate 17095-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 16838-16823 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 19673-17086 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 17095-17086 CBL-Mariner Releases 16838-16823 19673-17086 17095-17086 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16838-16823 19673-17086 17095-17086 CBL-Mariner Releases 1.0 2024-01-30T00:00:00 <p>Information published.</p> 2.0 2026-02-18T03:23:34 <p>Information published.</p> Use-after-free in Linux kernel's netfilter: nf_tables component <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2024-1086 Use After Free 16838-16823 19779-17084 17325-17086 19920-17086 16838-16823 19779-17084 17325-17086 19920-17086 Important 16838-16823 Important 19779-17084 Important 17325-17086 19920-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16838-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19779-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17325-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19920-17086 CBL-Mariner Releases 16838-16823 17325-17086 19920-17086 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16838-16823 17325-17086 19920-17086 CBL-Mariner Releases CBL-Mariner Releases 19779-17084 No Security Update 6.6.22.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19779-17084 CBL-Mariner Releases 1.0 2024-02-06T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 2.0 2026-02-18T14:18:54 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-20961 17235-16823 20261-17086 17235-16823 20261-17086 Moderate 17235-16823 Moderate 20261-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17235-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20261-17086 CBL-Mariner Releases 17235-16823 20261-17086 No Security Update 8.0.36-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17235-16823 20261-17086 CBL-Mariner Releases 2.1 2026-02-18T03:10:35 <p>Information published.</p> 1.0 2024-07-10T00:00:00 <p>Information published.</p> 2.0 2025-06-23T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-20965 17235-16823 20261-17086 17235-16823 20261-17086 Moderate 17235-16823 Moderate 20261-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17235-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20261-17086 CBL-Mariner Releases 17235-16823 20261-17086 No Security Update 8.0.36-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17235-16823 20261-17086 CBL-Mariner Releases 2.1 2026-02-18T03:11:30 <p>Information published.</p> 1.0 2024-07-10T00:00:00 <p>Information published.</p> 2.0 2025-06-23T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-20967 17235-16823 20261-17086 17235-16823 20261-17086 Moderate 17235-16823 Moderate 20261-17086 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 17235-16823 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 20261-17086 CBL-Mariner Releases 17235-16823 20261-17086 No Security Update 8.0.36-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17235-16823 20261-17086 CBL-Mariner Releases 2.0 2025-06-23T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.0 2024-07-10T00:00:00 <p>Information published.</p> 2.1 2026-02-18T03:11:06 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-20973 17235-16823 20261-17086 17235-16823 20261-17086 Moderate 17235-16823 Moderate 20261-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17235-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20261-17086 CBL-Mariner Releases 17235-16823 20261-17086 No Security Update 8.0.36-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17235-16823 20261-17086 CBL-Mariner Releases 2.1 2026-02-18T03:10:46 <p>Information published.</p> 1.0 2024-07-10T00:00:00 <p>Information published.</p> 2.0 2025-06-23T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-20981 17235-16823 20261-17086 17235-16823 20261-17086 Moderate 17235-16823 Moderate 20261-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17235-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20261-17086 CBL-Mariner Releases 17235-16823 20261-17086 No Security Update 8.0.36-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17235-16823 20261-17086 CBL-Mariner Releases 1.0 2024-07-10T00:00:00 <p>Information published.</p> 2.0 2025-06-23T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 2.1 2026-02-18T03:10:57 <p>Information published.</p> Possible UAF in bt_accept_poll in Linux kernel <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Anolis Yes CVE-2024-21803 Use After Free 17325-16823 17065-17084 19529-17084 17095-17086 19673-17086 17325-16823 17065-17084 19529-17084 17095-17086 19673-17086 Important 17325-16823 Important 17065-17084 Low 19529-17084 Low 17095-17086 19673-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17325-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17065-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19529-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17095-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19673-17086 CBL-Mariner Releases 17325-16823 17095-17086 19673-17086 No Security Update 5.15.158.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17325-16823 17095-17086 19673-17086 CBL-Mariner Releases CBL-Mariner Releases 17065-17084 19529-17084 No Security Update 6.6.35.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17065-17084 19529-17084 CBL-Mariner Releases 1.1 2024-08-15T00:00:00 <p>Information published.</p> 2.0 2026-02-18T14:22:17 <p>Information published.</p> 1.0 2024-02-08T00:00:00 <p>Information published.</p> An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-22705 Out-of-bounds Read 17452-16823 17095-17086 19673-17086 17452-16823 17095-17086 19673-17086 Important 17452-16823 Important 17095-17086 19673-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17452-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17095-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19673-17086 CBL-Mariner Releases 17452-16823 17095-17086 19673-17086 No Security Update 5.15.148.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17452-16823 17095-17086 19673-17086 CBL-Mariner Releases 1.0 2024-01-30T00:00:00 <p>Information published.</p> 2.0 2026-02-18T03:22:49 <p>Information published.</p> An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-23170 Observable Discrepancy 17178-16823 19662-17086 19809-17086 17459-17084 17238-17086 17093-17086 17178-16823 19662-17086 19809-17086 17459-17084 17238-17086 17093-17086 Moderate 17178-16823 19662-17086 19809-17086 Moderate 17459-17084 Moderate 17238-17086 Moderate 17093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17178-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19662-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19809-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17459-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17238-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17093-17086 CBL-Mariner Releases 17178-16823 19809-17086 17238-17086 No Security Update 1.0.1-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17178-16823 19809-17086 17238-17086 CBL-Mariner Releases 1.0 2024-11-28T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:22:19 <p>Information published.</p> Integer overflow in raid5_cache_count in Linux kernel <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Anolis Yes CVE-2024-23307 Integer Overflow or Wraparound 17065-17084 20362-17084 20925-17086 17087-17086 21093-17086 17065-17084 20362-17084 20925-17086 17087-17086 21093-17086 Important 17065-17084 Moderate 20362-17084 Important 20925-17086 Important 17087-17086 Important 21093-17086 4.4 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 17065-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20362-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20925-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21093-17086 CBL-Mariner Releases 17065-17084 20362-17084 No Security Update 6.6.35.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17065-17084 20362-17084 CBL-Mariner Releases 1.0 2024-08-15T00:00:00 <p>Information published.</p> 1.2 2026-02-18T03:24:29 <p>Information published.</p> 3.0 2026-03-31T14:36:21 <p>Information published.</p> 1.1 2025-11-19T01:36:51 <p>Information published.</p> 2.0 2026-03-03T14:35:31 <p>Information published.</p> BuildKit possible panic when incorrect parameters sent from frontend <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-23650 Improper Check for Unusual or Exceptional Conditions 17448-16823 17414-16823 17799-17084 17801-17084 17814-17084 19794-17086 19808-17084 19422-17086 19798-17086 17964-17084 19815-17084 17448-16823 17414-16823 17799-17084 17801-17084 17814-17084 19794-17086 19808-17084 19422-17086 19798-17086 17964-17084 19815-17084 Moderate 17448-16823 Moderate 17414-16823 Moderate 17799-17084 Moderate 17801-17084 Moderate 17814-17084 Moderate 19794-17086 Moderate 19808-17084 Moderate 19422-17086 19798-17086 Moderate 17964-17084 Moderate 19815-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17448-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17414-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17799-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17801-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17814-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19794-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19808-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19422-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19798-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17964-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19815-17084 CBL-Mariner Releases 17448-16823 19422-17086 19798-17086 No Security Update 24.0.9-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17448-16823 19422-17086 19798-17086 CBL-Mariner Releases CBL-Mariner Releases 17414-16823 19794-17086 No Security Update 2.17.3-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17414-16823 19794-17086 CBL-Mariner Releases CBL-Mariner Releases 17799-17084 19815-17084 No Security Update 2.27.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17799-17084 19815-17084 CBL-Mariner Releases CBL-Mariner Releases 17801-17084 19808-17084 No Security Update 0.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17801-17084 19808-17084 CBL-Mariner Releases CBL-Mariner Releases 17814-17084 17964-17084 No Security Update 25.0.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17814-17084 17964-17084 CBL-Mariner Releases 2.0 2026-02-18T14:08:46 <p>Information published.</p> 1.0 2024-02-05T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2025-02-16T00:00:00 <p>Added moby-engine to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added moby-engine to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0</p> BuildKit possible host system access from mount stub cleaner <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-23652 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 17447-16823 17814-17084 19798-17086 19422-17086 17964-17084 17447-16823 17814-17084 19798-17086 19422-17086 17964-17084 Critical 17447-16823 Critical 17814-17084 19798-17086 Critical 19422-17086 Critical 17964-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 17447-16823 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 17814-17084 10.0 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H 19798-17086 10.0 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H 19422-17086 10.0 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H 17964-17084 CBL-Mariner Releases 17447-16823 19798-17086 19422-17086 No Security Update 20.10.27-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17447-16823 19798-17086 19422-17086 CBL-Mariner Releases CBL-Mariner Releases 17814-17084 17964-17084 No Security Update 25.0.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17814-17084 17964-17084 CBL-Mariner Releases 1.0 2024-02-05T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 2.0 2026-02-18T14:10:11 <p>Information published.</p> Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2 allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-23775 17178-16823 19809-17086 17459-17084 19662-17086 17238-17086 17093-17086 17178-16823 19809-17086 17459-17084 19662-17086 17238-17086 17093-17086 Important 17178-16823 19809-17086 Important 17459-17084 19662-17086 Important 17238-17086 Important 17093-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17178-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19809-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17459-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19662-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17238-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17093-17086 CBL-Mariner Releases 17178-16823 19809-17086 17238-17086 No Security Update 1.0.1-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17178-16823 19809-17086 17238-17086 CBL-Mariner Releases 1.0 2024-11-28T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:21:29 <p>Information published.</p> In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1 there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison resulting in out-of-bounds access. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-23849 Off-by-one Error 16838-16823 17065-17084 19673-17086 17095-17086 19529-17084 16838-16823 17065-17084 19673-17086 17095-17086 19529-17084 Moderate 16838-16823 Moderate 17065-17084 19673-17086 Moderate 17095-17086 Moderate 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16838-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17065-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 CBL-Mariner Releases 16838-16823 19673-17086 17095-17086 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16838-16823 19673-17086 17095-17086 CBL-Mariner Releases CBL-Mariner Releases 17065-17084 19529-17084 No Security Update 6.6.35.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17065-17084 19529-17084 CBL-Mariner Releases 1.1 2024-08-15T00:00:00 <p>Information published.</p> 1.0 2024-01-30T00:00:00 <p>Information published.</p> 2.0 2026-02-18T03:22:58 <p>Information published.</p> copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes and crash because of a missing param_kernel->data_size check. This is related to ctl_ioctl. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-23851 16838-16823 17065-17084 19673-17086 19529-17084 17095-17086 16838-16823 17065-17084 19673-17086 19529-17084 17095-17086 Moderate 16838-16823 Moderate 17065-17084 19673-17086 Moderate 19529-17084 Moderate 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16838-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17065-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 16838-16823 19673-17086 17095-17086 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16838-16823 19673-17086 17095-17086 CBL-Mariner Releases CBL-Mariner Releases 17065-17084 19529-17084 No Security Update 6.6.35.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17065-17084 19529-17084 CBL-Mariner Releases 1.1 2024-08-16T00:00:00 <p>Information published.</p> 1.0 2024-01-30T00:00:00 <p>Information published.</p> 2.0 2026-02-18T03:23:16 <p>Information published.</p> Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site potentially leading to information disclosure phishing attacks or other security breaches. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner snyk Yes CVE-2023-26159 URL Redirection to Untrusted Site ('Open Redirect') 19712-17086 17080-17084 19806-17086 19696-17084 19712-17086 17080-17084 19806-17086 19696-17084 Moderate 19712-17086 Moderate 17080-17084 Moderate 19806-17086 Moderate 19696-17084 7.3 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 19712-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17080-17084 7.3 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 19806-17086 7.3 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 19696-17084 CBL-Mariner Releases 17080-17084 19696-17084 No Security Update 2.16.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17080-17084 19696-17084 CBL-Mariner Releases CBL-Mariner Releases 19806-17086 No Security Update 3.1.1-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19806-17086 CBL-Mariner Releases 1.2 2026-02-18T02:07:37 <p>Information published.</p> 1.0 2024-01-08T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> Shim: out-of-bounds read printing error messages <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-40546 NULL Pointer Dereference 19800-17086 19879-17086 19883-17086 19890-17084 18174-16823 17980-16823 17012-17084 17013-17084 18175-17084 19885-17084 19887-17084 19800-17086 19879-17086 19883-17086 19890-17084 18174-16823 17980-16823 17012-17084 17013-17084 18175-17084 19885-17084 19887-17084 Moderate 19800-17086 Moderate 19879-17086 Moderate 19883-17086 Moderate 19890-17084 Moderate 18174-16823 Moderate 17980-16823 Moderate 17012-17084 Moderate 17013-17084 Moderate 18175-17084 Moderate 19885-17084 Moderate 19887-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19800-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19879-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19883-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19890-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18174-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17980-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17012-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17013-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18175-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19885-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19887-17084 CBL-Mariner Releases 19879-17086 19883-17086 18174-16823 17980-16823 No Security Update 15.8-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19879-17086 19883-17086 18174-16823 17980-16823 CBL-Mariner Releases CBL-Mariner Releases 19890-17084 17012-17084 17013-17084 18175-17084 19885-17084 19887-17084 No Security Update 15.8-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19890-17084 17012-17084 17013-17084 18175-17084 19885-17084 19887-17084 CBL-Mariner Releases 1.3 2024-12-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.5 2024-12-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.6 2024-12-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.0 2024-12-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.1 2024-12-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.2 2024-12-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.3 2024-12-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.5 2024-12-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.7 2024-12-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.8 2024-12-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.9 2024-12-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.2 2024-12-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.4 2024-12-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.7 2025-01-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.8 2025-01-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.9 2025-01-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.0 2025-01-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.4 2025-01-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.0 2025-01-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.1 2025-01-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.3 2025-01-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.6 2025-01-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.7 2025-01-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.8 2025-01-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.0 2025-01-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.3 2025-01-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.4 2025-02-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.6 2025-02-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.7 2025-02-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.8 2025-02-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.9 2025-02-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.0 2025-02-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.7 2025-02-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.9 2025-02-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.0 2025-02-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.1 2025-02-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.5 2025-02-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.6 2025-02-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.8 2025-02-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.9 2025-02-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.2 2025-03-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.3 2025-03-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.5 2025-03-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.7 2025-03-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.8 2025-03-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.1 2025-03-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.2 2025-03-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.6 2025-03-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.9 2025-03-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.1 2025-03-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.2 2025-03-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.6 2025-03-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.2 2025-04-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.3 2025-04-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.4 2025-04-06T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.6 2025-04-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.7 2025-04-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.0 2025-04-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.1 2025-04-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.2 2025-04-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.4 2025-04-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.8 2025-04-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.0 2025-04-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.4 2025-04-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.6 2025-04-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.7 2025-05-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.9 2025-05-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.1 2025-05-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.3 2025-05-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.7 2025-05-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.3 2025-05-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.6 2025-05-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.7 2025-05-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.8 2025-05-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 17.0 2025-05-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 17.2 2025-05-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 17.3 2025-05-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 19.0 2025-05-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 20.0 2025-05-31T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 22.1 2026-02-18T03:24:18 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-12-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.2 2024-12-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.4 2024-12-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.7 2024-12-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.8 2024-12-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.9 2024-12-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.4 2024-12-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.6 2024-12-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.0 2024-12-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.1 2024-12-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.3 2024-12-29T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.5 2024-12-31T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.6 2025-01-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.1 2025-01-06T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.2 2025-01-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.3 2025-01-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.5 2025-01-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.6 2025-01-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.7 2025-01-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.8 2025-01-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.9 2025-01-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.2 2025-01-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.4 2025-01-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.5 2025-01-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.9 2025-01-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.1 2025-01-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.2 2025-01-29T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.5 2025-02-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.1 2025-02-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.2 2025-02-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.3 2025-02-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.4 2025-02-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.5 2025-02-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.6 2025-02-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.8 2025-02-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.2 2025-02-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.3 2025-02-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.4 2025-02-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.7 2025-02-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.0 2025-02-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.1 2025-03-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.4 2025-03-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.6 2025-03-06T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.9 2025-03-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.0 2025-03-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.3 2025-03-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.4 2025-03-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.5 2025-03-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.7 2025-03-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.8 2025-03-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.0 2025-03-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.3 2025-03-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.4 2025-03-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.5 2025-03-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.7 2025-03-29T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.8 2025-03-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.9 2025-03-31T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.0 2025-04-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.1 2025-04-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.5 2025-04-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.8 2025-04-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.9 2025-04-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.3 2025-04-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.5 2025-04-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.6 2025-04-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.7 2025-04-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.9 2025-04-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.1 2025-04-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.2 2025-04-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.3 2025-04-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.5 2025-04-29T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.8 2025-05-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.0 2025-05-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.2 2025-05-06T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.4 2025-05-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.5 2025-05-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.6 2025-05-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.8 2025-05-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.9 2025-05-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.0 2025-05-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.1 2025-05-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.2 2025-05-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.4 2025-05-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.5 2025-05-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.9 2025-05-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 17.1 2025-05-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 18.0 2025-05-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 21.0 2025-06-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 22.0 2025-06-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> Shim: out-of-bounds read in verify_buffer_authenticode() malformed pe file <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-40549 Out-of-bounds Read 19800-17086 19885-17084 19890-17084 18174-16823 17980-16823 17012-17084 17013-17084 18175-17084 19879-17086 19883-17086 19887-17084 19800-17086 19885-17084 19890-17084 18174-16823 17980-16823 17012-17084 17013-17084 18175-17084 19879-17086 19883-17086 19887-17084 Moderate 19800-17086 Moderate 19885-17084 Moderate 19890-17084 Moderate 18174-16823 Moderate 17980-16823 Moderate 17012-17084 Moderate 17013-17084 Moderate 18175-17084 Moderate 19879-17086 Moderate 19883-17086 Moderate 19887-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19800-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19885-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19890-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18174-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17980-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17012-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17013-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18175-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19879-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19883-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19887-17084 CBL-Mariner Releases 19885-17084 19890-17084 17012-17084 17013-17084 18175-17084 19887-17084 No Security Update 15.8-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19885-17084 19890-17084 17012-17084 17013-17084 18175-17084 19887-17084 CBL-Mariner Releases CBL-Mariner Releases 18174-16823 17980-16823 19879-17086 19883-17086 No Security Update 15.8-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18174-16823 17980-16823 19879-17086 19883-17086 CBL-Mariner Releases 1.3 2024-12-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.5 2024-12-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.6 2024-12-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.0 2024-12-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.1 2024-12-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.2 2024-12-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.3 2024-12-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.7 2024-12-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.8 2024-12-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.7 2025-01-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.0 2025-01-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.1 2025-01-06T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.2 2025-01-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.4 2025-01-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.5 2025-01-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.7 2025-01-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.8 2025-01-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.9 2025-01-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.1 2025-01-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.7 2025-01-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.8 2025-01-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.9 2025-01-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.0 2025-01-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.3 2025-01-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.4 2025-02-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.5 2025-02-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.6 2025-02-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.8 2025-02-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.9 2025-02-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.0 2025-02-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.3 2025-02-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.4 2025-02-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.9 2025-02-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.0 2025-02-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.1 2025-02-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.6 2025-02-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.8 2025-02-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.0 2025-02-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.3 2025-03-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.4 2025-03-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.5 2025-03-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.7 2025-03-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.1 2025-03-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.9 2025-03-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.0 2025-03-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.1 2025-03-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.2 2025-03-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.5 2025-03-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.6 2025-03-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.9 2025-03-31T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.1 2025-04-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.2 2025-04-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.4 2025-04-06T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.6 2025-04-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.0 2025-04-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.1 2025-04-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.3 2025-04-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.5 2025-04-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.1 2025-04-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.5 2025-04-29T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.6 2025-04-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.7 2025-05-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.9 2025-05-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.1 2025-05-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.3 2025-05-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.7 2025-05-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.0 2025-05-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.1 2025-05-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.6 2025-05-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.7 2025-05-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 17.1 2025-05-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 17.2 2025-05-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 19.0 2025-05-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-12-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.2 2024-12-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.4 2024-12-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.7 2024-12-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.8 2024-12-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 1.9 2024-12-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.4 2024-12-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.5 2024-12-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.6 2024-12-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 2.9 2024-12-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.0 2024-12-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.1 2024-12-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.2 2024-12-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.3 2024-12-29T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.4 2024-12-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.5 2024-12-31T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.6 2025-01-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.8 2025-01-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 3.9 2025-01-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.3 2025-01-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 4.6 2025-01-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.0 2025-01-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.2 2025-01-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.3 2025-01-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.4 2025-01-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.5 2025-01-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 5.6 2025-01-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.1 2025-01-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.2 2025-01-29T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 6.7 2025-02-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.1 2025-02-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.2 2025-02-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.5 2025-02-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.6 2025-02-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.7 2025-02-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 7.8 2025-02-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.2 2025-02-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.3 2025-02-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.4 2025-02-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.5 2025-02-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.7 2025-02-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 8.9 2025-02-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.1 2025-03-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.2 2025-03-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.6 2025-03-06T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.8 2025-03-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 9.9 2025-03-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.0 2025-03-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.2 2025-03-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.3 2025-03-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.4 2025-03-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.5 2025-03-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.6 2025-03-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.7 2025-03-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 10.8 2025-03-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.3 2025-03-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.4 2025-03-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.7 2025-03-29T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 11.8 2025-03-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.0 2025-04-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.3 2025-04-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.5 2025-04-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.7 2025-04-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.8 2025-04-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 12.9 2025-04-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.2 2025-04-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.4 2025-04-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.6 2025-04-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.7 2025-04-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.8 2025-04-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 13.9 2025-04-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.0 2025-04-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.2 2025-04-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.3 2025-04-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.4 2025-04-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 14.8 2025-05-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.0 2025-05-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.2 2025-05-06T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.4 2025-05-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.5 2025-05-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.6 2025-05-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.8 2025-05-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 15.9 2025-05-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.2 2025-05-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.3 2025-05-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.4 2025-05-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.5 2025-05-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.8 2025-05-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 16.9 2025-05-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 17.0 2025-05-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 17.3 2025-05-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 18.0 2025-05-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 20.0 2025-05-31T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 21.0 2025-06-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 22.0 2025-06-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0 Added shim-unsigned-x64 to CBL-Mariner 2.0</p> 22.1 2026-02-18T14:17:17 <p>Information published.</p> Shim: out of bounds read when parsing mz binaries <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-40551 Out-of-bounds Read 18174-16823 18175-17084 19883-17086 19885-17084 18174-16823 18175-17084 19883-17086 19885-17084 Moderate 18174-16823 Moderate 18175-17084 Moderate 19883-17086 Moderate 19885-17084 5.1 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H 18174-16823 5.1 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H 18175-17084 5.1 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H 19883-17086 5.1 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H 19885-17084 CBL-Mariner Releases 18174-16823 19883-17086 No Security Update 15.8-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18174-16823 19883-17086 CBL-Mariner Releases CBL-Mariner Releases 18175-17084 19885-17084 No Security Update 15.8-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18175-17084 19885-17084 CBL-Mariner Releases 1.3 2026-02-18T14:20:17 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-12-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 1.2 2025-03-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> Out-of-Bounds Read in EDK II Network Package <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner TianoCore Yes CVE-2023-45229 Out-of-bounds Read 19678-17086 19662-17086 17093-17086 20691-17086 17374-16823 18131-17084 17859-17084 19733-17086 17459-17084 20602-17086 19678-17086 19662-17086 17093-17086 20691-17086 17374-16823 18131-17084 17859-17084 19733-17086 17459-17084 20602-17086 Moderate 19678-17086 19662-17086 Moderate 17093-17086 Moderate 20691-17086 Moderate 17374-16823 Moderate 18131-17084 Moderate 17859-17084 Moderate 19733-17086 Moderate 17459-17084 Moderate 20602-17086 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19678-17086 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19662-17086 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17093-17086 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 20691-17086 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17374-16823 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 18131-17084 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17859-17084 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19733-17086 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17459-17084 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 20602-17086 CBL-Mariner Releases 19678-17086 No Security Update 1.0.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19678-17086 CBL-Mariner Releases CBL-Mariner Releases 17374-16823 No Security Update 1.0.1-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17374-16823 CBL-Mariner Releases CBL-Mariner Releases 18131-17084 17859-17084 No Security Update 20240223gitedc6681206c1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18131-17084 17859-17084 CBL-Mariner Releases CBL-Mariner Releases 19733-17086 No Security Update 20230301gitf80f052277c8-42 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19733-17086 CBL-Mariner Releases 1.0 2024-04-08T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 2.0 2025-08-06T00:00:00 <p>Added edk2 to CBL-Mariner 2.0 Added hvloader to CBL-Mariner 2.0 Added edk2 to Azure Linux 3.0</p> 3.0 2025-12-06T14:36:13 <p>Information published.</p> 3.1 2026-02-18T15:14:01 <p>Information published.</p> 4.0 2026-03-03T01:35:47 <p>Information published.</p> Buffer Overflow in EDK II Network Package <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner TianoCore Yes CVE-2023-45230 Improper Restriction of Operations within the Bounds of a Memory Buffer 17859-17084 19674-17086 19678-17086 19662-17086 17459-17084 17093-17086 17374-16823 18132-16823 18131-17084 17859-17084 19674-17086 19678-17086 19662-17086 17459-17084 17093-17086 17374-16823 18132-16823 18131-17084 Important 17859-17084 Important 19674-17086 Important 19678-17086 19662-17086 Important 17459-17084 Important 17093-17086 Important 17374-16823 Important 18132-16823 Important 18131-17084 8.8 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17859-17084 8.8 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19674-17086 8.8 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19678-17086 8.3 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H 19662-17086 8.3 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H 17459-17084 8.3 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H 17093-17086 8.8 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17374-16823 8.8 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18132-16823 8.8 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18131-17084 CBL-Mariner Releases 17859-17084 18131-17084 No Security Update 20240223gitedc6681206c1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17859-17084 18131-17084 CBL-Mariner Releases CBL-Mariner Releases 19674-17086 18132-16823 No Security Update 20230301gitf80f052277c8-40 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19674-17086 18132-16823 CBL-Mariner Releases CBL-Mariner Releases 19678-17086 No Security Update 1.0.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19678-17086 CBL-Mariner Releases CBL-Mariner Releases 17374-16823 No Security Update 1.0.1-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17374-16823 CBL-Mariner Releases 2.0 2026-02-18T15:18:30 <p>Information published.</p> 1.0 2024-04-08T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-09-24T00:00:00 <p>Information published.</p> Out-of-Bounds Read in EDK II Network Package <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner TianoCore Yes CVE-2023-45231 Out-of-bounds Read 17859-17084 19678-17086 19662-17086 17374-16823 18131-17084 19733-17086 17459-17084 17093-17086 20602-17086 20691-17086 17859-17084 19678-17086 19662-17086 17374-16823 18131-17084 19733-17086 17459-17084 17093-17086 20602-17086 20691-17086 Moderate 17859-17084 Moderate 19678-17086 19662-17086 Moderate 17374-16823 Moderate 18131-17084 Moderate 19733-17086 Moderate 17459-17084 Moderate 17093-17086 Moderate 20602-17086 Moderate 20691-17086 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17859-17084 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19678-17086 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19662-17086 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17374-16823 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 18131-17084 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19733-17086 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17459-17084 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17093-17086 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 20602-17086 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 20691-17086 CBL-Mariner Releases 17859-17084 18131-17084 No Security Update 20240223gitedc6681206c1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17859-17084 18131-17084 CBL-Mariner Releases CBL-Mariner Releases 19678-17086 No Security Update 1.0.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19678-17086 CBL-Mariner Releases CBL-Mariner Releases 17374-16823 No Security Update 1.0.1-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17374-16823 CBL-Mariner Releases CBL-Mariner Releases 19733-17086 No Security Update 20230301gitf80f052277c8-42 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19733-17086 CBL-Mariner Releases 2.0 2025-08-06T00:00:00 <p>Added edk2 to CBL-Mariner 2.0 Added hvloader to CBL-Mariner 2.0 Added edk2 to Azure Linux 3.0</p> 1.0 2024-04-08T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 3.0 2025-12-06T14:35:58 <p>Information published.</p> 3.1 2026-02-18T14:57:37 <p>Information published.</p> 4.0 2026-03-03T01:35:36 <p>Information published.</p> Buffer Overflow in EDK II Network Package <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner TianoCore Yes CVE-2023-45234 Improper Restriction of Operations within the Bounds of a Memory Buffer 19674-17086 19678-17086 19662-17086 17093-17086 17374-16823 18132-16823 18131-17084 17859-17084 17459-17084 19674-17086 19678-17086 19662-17086 17093-17086 17374-16823 18132-16823 18131-17084 17859-17084 17459-17084 Important 19674-17086 Important 19678-17086 19662-17086 Important 17093-17086 Important 17374-16823 Important 18132-16823 Important 18131-17084 Important 17859-17084 Important 17459-17084 8.8 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19674-17086 8.8 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19678-17086 8.3 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H 19662-17086 8.3 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H 17093-17086 8.8 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17374-16823 8.8 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18132-16823 8.8 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18131-17084 8.8 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17859-17084 8.3 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H 17459-17084 CBL-Mariner Releases 19674-17086 18132-16823 No Security Update 20230301gitf80f052277c8-40 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19674-17086 18132-16823 CBL-Mariner Releases CBL-Mariner Releases 19678-17086 No Security Update 1.0.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19678-17086 CBL-Mariner Releases CBL-Mariner Releases 17374-16823 No Security Update 1.0.1-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17374-16823 CBL-Mariner Releases CBL-Mariner Releases 18131-17084 17859-17084 No Security Update 20240223gitedc6681206c1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18131-17084 17859-17084 CBL-Mariner Releases 2.0 2026-02-18T14:12:43 <p>Information published.</p> 1.0 2024-04-08T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-09-24T00:00:00 <p>Information published.</p> Predictable TCP ISNs in EDK II Network Package <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner TianoCore Yes CVE-2023-45236 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 17859-17084 19678-17086 17093-17086 18132-16823 17321-16823 18131-17084 19674-17086 19662-17086 17459-17084 17859-17084 19678-17086 17093-17086 18132-16823 17321-16823 18131-17084 19674-17086 19662-17086 17459-17084 Important 17859-17084 Moderate 19678-17086 Moderate 17093-17086 Important 18132-16823 Moderate 17321-16823 Important 18131-17084 Important 19674-17086 19662-17086 Moderate 17459-17084 5.8 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N 17859-17084 5.8 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N 19678-17086 5.8 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N 17093-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 18132-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17321-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 18131-17084 5.8 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N 19674-17086 5.8 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N 19662-17086 5.8 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N 17459-17084 CBL-Mariner Releases 17859-17084 18131-17084 No Security Update 20240223gitedc6681206c1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17859-17084 18131-17084 CBL-Mariner Releases CBL-Mariner Releases 19678-17086 17321-16823 No Security Update 1.0.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19678-17086 17321-16823 CBL-Mariner Releases CBL-Mariner Releases 18132-16823 19674-17086 No Security Update 20230301gitf80f052277c8-40 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18132-16823 19674-17086 CBL-Mariner Releases 2.0 2026-02-18T15:12:57 <p>Information published.</p> 1.0 2024-04-08T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-09-24T00:00:00 <p>Information published.</p> In the Linux kernel before 6.5.9 there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-46343 NULL Pointer Dereference 17452-16823 19673-17086 17095-17086 17452-16823 19673-17086 17095-17086 Moderate 17452-16823 19673-17086 Moderate 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17452-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 17452-16823 19673-17086 17095-17086 No Security Update 5.15.148.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17452-16823 19673-17086 17095-17086 CBL-Mariner Releases 1.0 2024-01-30T00:00:00 <p>Information published.</p> 2.0 2026-02-18T03:23:55 <p>Information published.</p> quic-go's path validation mechanism can cause denial of service <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-49295 Uncontrolled Resource Consumption 19867-17086 18193-16823 17749-17084 19869-17084 19867-17086 18193-16823 17749-17084 19869-17084 Moderate 19867-17086 Moderate 18193-16823 Moderate 17749-17084 Moderate 19869-17084 6.4 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H 19867-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18193-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17749-17084 6.4 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H 19869-17084 CBL-Mariner Releases 19867-17086 18193-16823 No Security Update 1.11.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19867-17086 18193-16823 CBL-Mariner Releases CBL-Mariner Releases 17749-17084 19869-17084 No Security Update 1.11.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17749-17084 19869-17084 CBL-Mariner Releases 1.0 2024-01-16T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> 2.2 2026-02-18T02:16:52 <p>Information published.</p> Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Bitdefender Yes CVE-2023-49569 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 19962-17084 18129-16823 18130-16823 18041-17084 19928-17086 19962-17084 18129-16823 18130-16823 18041-17084 19928-17086 Critical 19962-17084 Critical 18129-16823 Critical 18130-16823 Critical 18041-17084 Critical 19928-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19962-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18129-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18130-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18041-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19928-17086 CBL-Mariner Releases 19962-17084 18041-17084 No Security Update 1.9.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19962-17084 18041-17084 CBL-Mariner Releases CBL-Mariner Releases 18129-16823 No Security Update 1.22.3-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18129-16823 CBL-Mariner Releases CBL-Mariner Releases 18130-16823 No Security Update 1.9.5-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18130-16823 CBL-Mariner Releases CBL-Mariner Releases 19928-17086 No Security Update 1.10.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19928-17086 CBL-Mariner Releases 1.1 2024-08-16T00:00:00 <p>Information published.</p> 1.2 2026-02-18T03:21:02 <p>Information published.</p> 1.0 2024-01-26T00:00:00 <p>Information published.</p> In the Linux kernel before 6.4.5 drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-51043 Use After Free 17095-17086 17452-16823 19673-17086 17095-17086 17452-16823 19673-17086 Important 17095-17086 Important 17452-16823 19673-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17095-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17452-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19673-17086 CBL-Mariner Releases 17095-17086 17452-16823 19673-17086 No Security Update 5.15.148.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17095-17086 17452-16823 19673-17086 CBL-Mariner Releases 1.0 2024-01-30T00:00:00 <p>Information published.</p> 2.0 2026-02-18T03:23:49 <p>Information published.</p> An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-51257 Improper Restriction of Operations within the Bounds of a Memory Buffer 18192-17084 19910-17086 19911-17084 18192-17084 19910-17086 19911-17084 Important 18192-17084 Important 19910-17086 Important 19911-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18192-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19910-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19911-17084 CBL-Mariner Releases 18192-17084 19911-17084 No Security Update 4.2.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18192-17084 19911-17084 CBL-Mariner Releases CBL-Mariner Releases 19910-17086 No Security Update 2.0.32-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19910-17086 CBL-Mariner Releases 1.5 2026-02-18T02:27:02 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2024-09-06T00:00:00 <p>Information published.</p> 1.2 2024-09-07T00:00:00 <p>Information published.</p> 1.3 2024-09-08T00:00:00 <p>Information published.</p> 1.4 2024-09-11T00:00:00 <p>Information published.</p> Libtiff: segment fault in libtiff in tiffreadrgbatileext() leading to denial of service <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-52356 Out-of-bounds Write 18229-17084 18228-17086 18177-16823 18178-17084 19773-17086 18229-17084 18228-17086 18177-16823 18178-17084 19773-17086 Important 18229-17084 Important 18228-17086 Important 18177-16823 Important 18178-17084 19773-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18229-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18228-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18177-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18178-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19773-17086 CBL-Mariner Releases 18229-17084 18228-17086 18177-16823 18178-17084 19773-17086 No Security Update 4.6.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18229-17084 18228-17086 18177-16823 18178-17084 19773-17086 CBL-Mariner Releases 1.1 2024-08-16T00:00:00 <p>Information published.</p> 2.0 2026-02-18T14:05:22 <p>Information published.</p> 1.0 2024-02-05T00:00:00 <p>Information published.</p> Opensc: side-channel leaks while stripping encryption pkcs#1 padding <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-5992 Observable Discrepancy 19857-17084 18176-16823 17819-17084 19853-17086 17437-17086 19857-17084 18176-16823 17819-17084 19853-17086 17437-17086 Moderate 19857-17084 Moderate 18176-16823 Moderate 17819-17084 19853-17086 Moderate 17437-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 19857-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 18176-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17819-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 19853-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17437-17086 CBL-Mariner Releases 19857-17084 17819-17084 No Security Update 0.25.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19857-17084 17819-17084 CBL-Mariner Releases CBL-Mariner Releases 18176-16823 19853-17086 17437-17086 No Security Update 0.23.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18176-16823 19853-17086 17437-17086 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2025-02-27T00:00:00 <p>Added opensc to CBL-Mariner 2.0 Added opensc to Azure Linux 3.0</p> 2.0 2026-02-18T14:10:55 <p>Information published.</p> An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family) <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner canonical Yes CVE-2023-6040 Out-of-bounds Read 16838-16823 19670-17086 17250-17086 16838-16823 19670-17086 17250-17086 Important 16838-16823 19670-17086 Important 17250-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16838-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19670-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17250-17086 CBL-Mariner Releases 16838-16823 19670-17086 17250-17086 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16838-16823 19670-17086 17250-17086 CBL-Mariner Releases 1.0 2024-01-23T00:00:00 <p>Information published.</p> 2.0 2026-02-18T03:12:46 <p>Information published.</p> POLY1305 MAC implementation corrupts vector registers on PowerPC <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openssl Yes CVE-2023-6129 Out-of-bounds Write 19786-17084 17178-16823 16977-16823 16982-17084 17715-17084 16990-17084 19748-17086 19740-17084 17627-17084 19801-17086 19807-17084 19809-17086 17459-17084 17238-17086 19786-17084 17178-16823 16977-16823 16982-17084 17715-17084 16990-17084 19748-17086 19740-17084 17627-17084 19801-17086 19807-17084 19809-17086 17459-17084 17238-17086 Moderate 19786-17084 Moderate 17178-16823 Moderate 16977-16823 Moderate 16982-17084 Moderate 17715-17084 Moderate 16990-17084 Moderate 19748-17086 Moderate 19740-17084 Moderate 17627-17084 Moderate 19801-17086 Moderate 19807-17084 19809-17086 Moderate 17459-17084 Moderate 17238-17086 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 19786-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 17178-16823 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 16977-16823 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 16982-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 17715-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 16990-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 19748-17086 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 19740-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 17627-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 19801-17086 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 19807-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 19809-17086 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 17459-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 17238-17086 CBL-Mariner Releases 19786-17084 17715-17084 No Security Update 3.3.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19786-17084 17715-17084 CBL-Mariner Releases CBL-Mariner Releases 17178-16823 19809-17086 17238-17086 No Security Update 1.0.1-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17178-16823 19809-17086 17238-17086 CBL-Mariner Releases CBL-Mariner Releases 16977-16823 16982-17084 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16977-16823 16982-17084 CBL-Mariner Releases CBL-Mariner Releases 16990-17084 19740-17084 No Security Update 20.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16990-17084 19740-17084 CBL-Mariner Releases CBL-Mariner Releases 19748-17086 No Security Update 18.20.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19748-17086 CBL-Mariner Releases CBL-Mariner Releases 19801-17086 19807-17084 No Security Update 38.0.72.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19801-17086 19807-17084 CBL-Mariner Releases 1.0 2024-01-16T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-07-13T00:00:00 <p>Information published.</p> 1.3 2024-08-29T00:00:00 <p>Information published.</p> 1.4 2024-08-30T00:00:00 <p>Information published.</p> 1.5 2024-08-31T00:00:00 <p>Information published.</p> 1.6 2024-09-01T00:00:00 <p>Information published.</p> 1.7 2024-09-02T00:00:00 <p>Information published.</p> 1.8 2024-09-03T00:00:00 <p>Information published.</p> 1.9 2024-09-05T00:00:00 <p>Information published.</p> 2.0 2024-09-06T00:00:00 <p>Information published.</p> 2.1 2024-09-07T00:00:00 <p>Information published.</p> 2.2 2024-09-08T00:00:00 <p>Information published.</p> 2.3 2024-09-11T00:00:00 <p>Information published.</p> 2.4 2024-11-28T00:00:00 <p>Added hvloader to CBL-Mariner 2.0 Added cloud-hypervisor-cvm to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0 Added cloud-hypervisor-cvm to Azure Linux 3.0 Added openssl to Azure Linux 3.0 Added nodejs to Azure Linux 3.0</p> 3.0 2026-02-18T02:22:21 <p>Information published.</p> Kernel: icmpv6 router advertisement packets aka linux tcp/ip remote code execution vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-6200 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 19529-17084 17095-17086 16838-16823 17065-17084 19673-17086 19529-17084 17095-17086 16838-16823 17065-17084 19673-17086 Important 19529-17084 Important 17095-17086 Important 16838-16823 Important 17065-17084 19673-17086 7.5 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19529-17084 7.5 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17095-17086 7.5 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 16838-16823 7.5 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17065-17084 7.5 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19673-17086 CBL-Mariner Releases 19529-17084 17065-17084 No Security Update 6.6.35.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 17065-17084 CBL-Mariner Releases CBL-Mariner Releases 17095-17086 16838-16823 19673-17086 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17095-17086 16838-16823 19673-17086 CBL-Mariner Releases 2.0 2026-02-18T14:02:20 <p>Information published.</p> 1.0 2024-02-04T00:00:00 <p>Information published.</p> Glibc: heap-based buffer overflow in __vsyslog_internal() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-6246 Out-of-bounds Write 18299-17084 19758-17084 18299-17084 19758-17084 Important 18299-17084 Important 19758-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18299-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19758-17084 CBL-Mariner Releases 18299-17084 19758-17084 No Security Update 2.38-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18299-17084 19758-17084 CBL-Mariner Releases 1.1 2026-02-18T03:10:29 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-6779 Out-of-bounds Write 19758-17084 18299-17084 19758-17084 18299-17084 Important 19758-17084 Important 18299-17084 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 19758-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18299-17084 CBL-Mariner Releases 19758-17084 18299-17084 No Security Update 2.38-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19758-17084 18299-17084 CBL-Mariner Releases 1.1 2026-02-18T14:04:15 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> Glibc: integer overflow in __vsyslog_internal() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-6780 Incorrect Calculation of Buffer Size 18299-17084 19758-17084 18299-17084 19758-17084 Moderate 18299-17084 Moderate 19758-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 18299-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19758-17084 CBL-Mariner Releases 18299-17084 19758-17084 No Security Update 2.38-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18299-17084 19758-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2026-02-18T14:04:41 <p>Information published.</p> Kernel: null pointer dereference vulnerability in ida_free in lib/idr.c <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-6915 NULL Pointer Dereference 19673-17086 17095-17086 16960-16823 17062-17084 19529-17084 19673-17086 17095-17086 16960-16823 17062-17084 19529-17084 19673-17086 Moderate 17095-17086 Moderate 16960-16823 Moderate 17062-17084 Moderate 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16960-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17062-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 CBL-Mariner Releases 19673-17086 17095-17086 16960-16823 No Security Update 5.15.148.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19673-17086 17095-17086 16960-16823 CBL-Mariner Releases CBL-Mariner Releases 17062-17084 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17062-17084 CBL-Mariner Releases CBL-Mariner Releases 19529-17084 No Security Update 6.6.29.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 CBL-Mariner Releases 2.0 2026-02-18T03:12:55 <p>Information published.</p> 1.0 2024-01-23T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> Rejected reason: Do not use this CVE as it is duplicate of CVE-2023-6932 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-0584 16838-16823 20353-17086 16838-16823 20353-17086 Low 16838-16823 20353-17086 CBL-Mariner Releases 16838-16823 20353-17086 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16838-16823 20353-17086 CBL-Mariner Releases 1.0 2025-09-04T05:37:15 <p>Information published.</p> It was discovered that when exec'ing from a non-leader thread armed POSIX CPU timers would be left on a list but freed leading to a use-after-free. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner canonical Yes CVE-2022-2585 Use After Free 16838-16823 19731-17086 17233-17086 16838-16823 19731-17086 17233-17086 Important 16838-16823 19731-17086 Important 17233-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16838-16823 5.3 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H 19731-17086 5.3 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H 17233-17086 CBL-Mariner Releases 16838-16823 19731-17086 17233-17086 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16838-16823 19731-17086 17233-17086 CBL-Mariner Releases 2.0 2026-02-18T03:09:47 <p>Information published.</p> 1.0 2024-01-21T00:00:00 <p>Information published.</p> io_uring UAF Unix SCM garbage collection <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner canonical Yes CVE-2022-2602 Use After Free 16838-16823 17095-17086 19673-17086 16838-16823 17095-17086 19673-17086 Important 16838-16823 Moderate 17095-17086 19673-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 16838-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17095-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19673-17086 CBL-Mariner Releases 16838-16823 17095-17086 19673-17086 No Security Update 5.15.153.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16838-16823 17095-17086 19673-17086 CBL-Mariner Releases 2.0 2026-02-18T02:14:18 <p>Information published.</p> 1.0 2024-01-13T00:00:00 <p>Information published.</p> Heap Buffer Overflow in Tcg2MeasureGptTable <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner TianoCore Yes CVE-2022-36763 Improper Restriction of Operations within the Bounds of a Memory Buffer 17859-17084 19674-17086 19662-17086 17459-17084 17093-17086 18131-17084 19678-17086 17859-17084 19674-17086 19662-17086 17459-17084 17093-17086 18131-17084 19678-17086 Important 17859-17084 Important 19674-17086 19662-17086 Important 17459-17084 Important 17093-17086 Important 18131-17084 Important 19678-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H 17859-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H 19674-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H 19662-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H 17459-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H 17093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18131-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H 19678-17086 CBL-Mariner Releases 17859-17084 18131-17084 No Security Update 20240223gitedc6681206c1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17859-17084 18131-17084 CBL-Mariner Releases CBL-Mariner Releases 19674-17086 No Security Update 20230301gitf80f052277c8-40 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19674-17086 CBL-Mariner Releases CBL-Mariner Releases 19678-17086 No Security Update 1.0.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19678-17086 CBL-Mariner Releases 1.0 2024-04-08T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-09-24T00:00:00 <p>Information published.</p> 2.0 2026-02-18T15:04:55 <p>Information published.</p> An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-48619 17452-16823 19673-17086 17095-17086 17452-16823 19673-17086 17095-17086 Moderate 17452-16823 19673-17086 Moderate 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17452-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 17452-16823 19673-17086 17095-17086 No Security Update 5.15.148.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17452-16823 19673-17086 17095-17086 CBL-Mariner Releases 2.0 2026-02-18T03:10:00 <p>Information published.</p> 1.0 2024-01-21T00:00:00 <p>Information published.</p> Xorg-x11-server: selinux unlabeled glx pbuffer <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-0408 Improper Neutralization of Null Byte or NUL Character 17455-16823 17816-17084 19982-17086 17455-16823 17816-17084 19982-17086 Moderate 17455-16823 Moderate 17816-17084 Moderate 19982-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17455-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17816-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19982-17086 CBL-Mariner Releases 17455-16823 19982-17086 No Security Update 1.20.10-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17455-16823 19982-17086 CBL-Mariner Releases CBL-Mariner Releases 17816-17084 No Security Update 1.20.10-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17816-17084 CBL-Mariner Releases 1.0 2025-02-17T00:00:00 <p>Information published.</p> 1.1 2026-02-18T03:03:51 <p>Information published.</p> Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-6004 Improper Neutralization of Special Elements in Output Used by a Downstream Component (&#39;Injection&#39;) 18214-17084 20073-17084 18214-17084 20073-17084 Moderate 18214-17084 Moderate 20073-17084 4.8 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 18214-17084 4.8 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 20073-17084 CBL-Mariner Releases 18214-17084 20073-17084 No Security Update 0.10.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18214-17084 20073-17084 CBL-Mariner Releases 1.0 2025-03-27T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:18:50 <p>Information published.</p> Cri-o: pods are able to break out of resource confinement on cgroupv2 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-6476 Allocation of Resources Without Limits or Throttling 19777-17086 18018-16823 19777-17086 18018-16823 Moderate 19777-17086 Moderate 18018-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19777-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18018-16823 CBL-Mariner Releases 19777-17086 18018-16823 No Security Update 1.22.3-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19777-17086 18018-16823 CBL-Mariner Releases 1.1 2026-02-19T01:01:31 <p>Information published.</p> 1.0 2025-09-03T21:08:27 <p>Information published.</p> NULL Pointer Dereference in Wireshark <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2024-0209 NULL Pointer Dereference 19523-17084 19523-17084 Important 19523-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19523-17084 CBL-Mariner Releases 19523-17084 No Security Update 4.4.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19523-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-0752 Use After Free 18469-17084 18469-17084 Moderate 18469-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18469-17084 1.1 2026-02-18T02:43:18 <p>Information published.</p> 1.0 2025-09-04T00:25:16 <p>Information published.</p> An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-0741 Out-of-bounds Write 18469-17084 18469-17084 Moderate 18469-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18469-17084 1.0 2025-09-04T06:10:17 <p>Information published.</p> 1.1 2026-02-18T03:21:16 <p>Information published.</p> In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-23848 Use After Free 17087-17086 19683-17084 20412-17084 20613-17084 20725-17084 20823-17084 20860-17084 20925-17086 21248-17084 20553-17084 20788-17084 20956-17084 21093-17086 21094-17084 21308-17084 21332-17084 21344-17084 17087-17086 19683-17084 20412-17084 20613-17084 20725-17084 20823-17084 20860-17084 20925-17086 21248-17084 20553-17084 20788-17084 20956-17084 21093-17086 21094-17084 21308-17084 21332-17084 21344-17084 Moderate 17087-17086 19683-17084 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 21248-17084 Moderate 20553-17084 Moderate 20788-17084 Moderate 20956-17084 Moderate 21093-17086 Moderate 21094-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-04T07:38:03 <p>Information published.</p> 2.0 2025-12-07T01:35:23 <p>Information published.</p> 4.0 2026-01-20T14:35:29 <p>Information published.</p> 5.0 2026-02-18T03:23:23 <p>Information published.</p> 7.0 2026-03-04T14:35:22 <p>Information published.</p> 9.0 2026-04-29T14:38:24 <p>Information published.</p> 11.0 2026-05-11T01:38:08 <p>Information published.</p> 1.1 2025-11-19T01:36:31 <p>Information published.</p> 3.0 2026-01-08T14:35:15 <p>Information published.</p> 6.0 2026-03-03T14:35:24 <p>Information published.</p> 8.0 2026-03-31T14:36:12 <p>Information published.</p> 10.0 2026-05-06T14:37:38 <p>Information published.</p> 12.0 2026-05-17T14:38:41 <p>Information published.</p> Azure Storage Mover Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this situation a successful exploit could let attacker gain access to the network where the agent is installed which could lead to accessing to other assets in that network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker who has performed the exploit successfully would be able to gain access to the installed agent and could perform remote code execution.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H) and the privileges required is high (PR:H). What does this mean for this vulnerability?</strong></p> <p>For a successful exploitation, the attacker would need some key information like ARMID and UUID of the installed agent as pre-requisite.</p> Azure Storage Mover Microsoft Yes CVE-2024-20676 Improper Neutralization of Special Elements used in a Command ('Command Injection') 12265 Remote Code Execution 12265 Important 12265 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12265 Release Notes https://www.microsoft.com/en-us/download/details.aspx?id=104590 12265 Maybe Security Update 3.0.430 https://learn.microsoft.com/en-us/azure/storage-mover/release-notes 12265 Release Notes <a href="https://www.linkedin.com/in/shahar-zelig-931b5a82/">Shahar Zelig</a> with Microsoft <a href="https://www.linkedin.com/in/oran-moyal-237821155/">Oran Moyal</a> with Microsoft 1.0 2024-01-09T08:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L) and user interaction is required (UI:R), what does that mean for this vulnerability?</strong></p> <p>The attack itself is carried out locally. For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to click on a local file path link or download and run a malicious application or file.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>120.0.2210.133</td> <td>120.0.6099.216/217</td> <td>1/11/2024</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?</strong></p> <p>While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a browser sandbox escape.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2024-21337 Heap-based Buffer Overflow 11655 12142 Elevation of Privilege 11655 Elevation of Privilege 12142 Moderate 11655 Moderate 12142 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.2 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C 11655 5.2 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C 12142 Release Notes 11655 No Security Update 120.0.2210.133 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Release Notes 12142 No Security Update 120.0.2210.160 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 12142 Release Notes <a href="https://twitter.com/jq0904">Quan Jin</a> with <a href="https://www.dbappsecurity.com.cn/product/cloud250.html">DBAPPSecurity WeBin Lab</a> 1.0 2024-01-11T08:00:00 <p>Information published.</p> 1.1 2024-01-18T08:00:00 <p>Updated FAQ information. This is an informational change only.</p> Windows Kerberos Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This vulnerability could be triggered when a user connects a Windows client to a malicious server.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk. In one such scenario for this vulnerability, the attacker could convince a victim to connect to an attacker controlled malicious application (for example, SMB) server. Upon connecting, the malicious server could compromise the protocol.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>The authentication feature could be bypassed as this vulnerability allows impersonation.</p> Windows Authentication Methods Microsoft Yes CVE-2024-20674 Authentication Bypass by Primary Weakness 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12242 Critical 12243 Critical 12244 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 5034134 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034134 5033379 10729 10735 Yes Security Update 10.0.10240.20402 https://support.microsoft.com/help/5034134 10729 10735 5034134 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 5034173 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034173 5033422 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22464 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034173 5034173 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034176 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034176 9312 10287 9318 9344 Yes Security Only 6.0.6003.22464 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034176 5034176 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034169 5033433 10051 10049 Yes Monthly Rollup 6.1.7601.26910 https://support.microsoft.com/help/5034169 10051 10049 5034169 5034169 https://support.microsoft.com/help/5034169 10051 10049 5034167 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034167 10051 10049 Yes Security Only 6.1.7601.26910 https://support.microsoft.com/help/5034167 10051 10049 5034167 5034167 https://support.microsoft.com/help/5034167 10051 10049 5034184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034184 5033429 10378 10379 Yes Monthly Rollup 6.2.9200.24664 https://support.microsoft.com/help/5034184 10378 10379 5034184 5034171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034171 5033420 10483 10543 Yes Monthly Rollup 6.3.9600.21765 https://support.microsoft.com/help/5034171 10483 10543 5034171 <a href="https://twitter.com/ldwilmore34">ldwilmore34</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> 1.2 2024-01-18T08:00:00 <p>Updated the following CVSS metrics and updated the FAQs that explain these metrics: AV:N, PR:N, UI:R. These are informational changes only.</p> 1.1 2024-01-09T08:00:00 <p>Updated FAQ information. This is an informational change only.</p> Microsoft Office Remote Code Execution Vulnerability <p>A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365. As of February 13, 2024, the ability to insert FBX files has also been disabled in 3D Viewer.</p> <p>3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time.</p> <p>This change is effective as of the January 9, 2024 security update.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>Are the updates for the Microsoft Office 2021 for Mac currently available?</strong></p> <p>The security update for Microsoft Office 2021 for Mac is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE information.</p> <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.</p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>App package versions <strong>7.2401.29012.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell:</p> <p><code>Get-AppxPackage -Name Microsoft.Microsoft3DViewer</code></p> <p><strong>Where can I find more information?</strong></p> <p>Please see the Microsoft Support Blog Post relating to the disablement of the ability to insert FBX (.fbx files) here: <a href="https://prod.support.services.microsoft.com/en-us/topic/9f2387f1-84ec-496a-a288-2c6f774db219">https://prod.support.services.microsoft.com/en-us/topic/9f2387f1-84ec-496a-a288-2c6f774db219</a></p> <p><strong>Where can I find more information regarding 3D Viewer?</strong></p> <p>Please see the Microsoft Support Blog Post relating to the disablement of the ability to insert FBX (.fbx files) in 3D Viewer here: <a href="https://prod.support.services.microsoft.com/en-us/windows/support-for-fbx-files-has-been-turned-off-in-3d-viewer-b7483e83-422c-4d65-b94d-853eb65cb134">https://prod.support.services.microsoft.com/en-us/windows/support-for-fbx-files-has-been-turned-off-in-3d-viewer-b7483e83-422c-4d65-b94d-853eb65cb134</a>.</p> Microsoft Office Microsoft Yes CVE-2024-20677 Heap-based Buffer Overflow 11760 11573 11574 11762 11763 11951 11952 11953 Remote Code Execution 11760 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Important 11760 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11760 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 Release Notes https://www.microsoft.com/en-us/p/3d-viewer/9nblggh42ths?activetab=pivot:overviewtab 11760 Maybe Security Update 7.2401.29012.0 https://www.microsoft.com/en-us/p/3d-viewer/9nblggh42ths?activetab=pivot:overviewtab 11760 Release Notes Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Maybe Security Update 16.81.24011420 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Release Notes <a href="https://www.notion.so/dong-uk-kim-91de2ceb59c44c6ea7533b0e8b2e35af">Kim Dong-Uk (@justlikebono)</a> HAO LI of VenusTech ADLab Anonymous <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> 1.1 2024-01-16T08:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> 2.0 2024-02-13T08:00:00 <p>In the Security Updates table, added 3D Viewer as it is affected by this vulnerability. In addition, added an FAQ to explain how customers can get the 3D Viewer update.</p> 2.1 2024-02-23T08:00:00 <p>Updated the Executive Summary with information that the ability to insert FBX files has also been disabled in 3D Viewer as of February 13, 2024. This is an informational change only.</p> Microsoft ODBC Driver Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability simply requires the attacker or targeted user to leverage a Microsoft Access application to automatically talk to a SQL Server while utilizing a remote SQL Server address that they control.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the client receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable).</p> Windows ODBC Driver Microsoft Yes CVE-2024-20654 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 5034134 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034134 5033379 10729 10735 Yes Security Update 10.0.10240.20402 https://support.microsoft.com/help/5034134 10729 10735 5034134 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 5034173 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034173 5033422 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22464 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034173 5034173 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034176 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034176 9312 10287 9318 9344 Yes Security Only 6.0.6003.22464 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034176 5034176 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034169 5033433 10051 10049 Yes Monthly Rollup 6.1.7601.26910 https://support.microsoft.com/help/5034169 10051 10049 5034169 5034169 https://support.microsoft.com/help/5034169 10051 10049 5034167 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034167 10051 10049 Yes Security Only 6.1.7601.26910 https://support.microsoft.com/help/5034167 10051 10049 5034167 5034167 https://support.microsoft.com/help/5034167 10051 10049 5034184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034184 5033429 10378 10379 Yes Monthly Rollup 6.2.9200.24664 https://support.microsoft.com/help/5034184 10378 10379 5034184 5034171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034171 5033420 10483 10543 Yes Monthly Rollup 6.3.9600.21765 https://support.microsoft.com/help/5034171 10483 10543 5034171 Anonymous 1.0 2024-01-09T08:00:00 <p>Information published.</p> Windows Group Policy Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Group Policy Microsoft Yes CVE-2024-20657 Improper Access Control 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 5034134 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034134 5033379 10729 10735 Yes Security Update 10.0.10240.20402 https://support.microsoft.com/help/5034134 10729 10735 5034134 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 5034173 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034173 5033422 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22464 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034173 5034173 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034176 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034176 9312 10287 9318 9344 Yes Security Only 6.0.6003.22464 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034176 5034176 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034169 5033433 10051 10049 Yes Monthly Rollup 6.1.7601.26910 https://support.microsoft.com/help/5034169 10051 10049 5034169 5034169 https://support.microsoft.com/help/5034169 10051 10049 5034167 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034167 10051 10049 Yes Security Only 6.1.7601.26910 https://support.microsoft.com/help/5034167 10051 10049 5034167 5034167 https://support.microsoft.com/help/5034167 10051 10049 5034184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034184 5033429 10378 10379 Yes Monthly Rollup 6.2.9200.24664 https://support.microsoft.com/help/5034184 10378 10379 5034184 5034171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034171 5033420 10483 10543 Yes Monthly Rollup 6.3.9600.21765 https://support.microsoft.com/help/5034171 10483 10543 5034171 Tyler Price with <a href="https://microsoft.com/">Microsoft</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Virtual Hard Drive Microsoft Yes CVE-2024-20658 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 5034134 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034134 5033379 10729 10735 Yes Security Update 10.0.10240.20402 https://support.microsoft.com/help/5034134 10729 10735 5034134 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 5034184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034184 5033429 10378 10379 Yes Monthly Rollup 6.2.9200.24664 https://support.microsoft.com/help/5034184 10378 10379 5034184 5034171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034171 5033420 10483 10543 Yes Monthly Rollup 6.3.9600.21765 https://support.microsoft.com/help/5034171 10483 10543 5034171 <a href="https://twitter.com/sat0rn3">Tianyao Xu(@sat0rn3)</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> 1.1 2024-01-12T08:00:00 <p>Updated FAQ information. This is an informational change only.</p> Windows Message Queuing Client (MSMQC) Information Disclosure <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows Message Queuing Microsoft Yes CVE-2024-20680 Untrusted Pointer Dereference 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 5034134 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034134 5033379 10729 10735 Yes Security Update 10.0.10240.20402 https://support.microsoft.com/help/5034134 10729 10735 5034134 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 5034173 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034173 5033422 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22464 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034173 5034173 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034176 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034176 9312 10287 9318 9344 Yes Security Only 6.0.6003.22464 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034176 5034176 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034169 5033433 10051 10049 Yes Monthly Rollup 6.1.7601.26910 https://support.microsoft.com/help/5034169 10051 10049 5034169 5034169 https://support.microsoft.com/help/5034169 10051 10049 5034167 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034167 10051 10049 Yes Security Only 6.1.7601.26910 https://support.microsoft.com/help/5034167 10051 10049 5034167 5034167 https://support.microsoft.com/help/5034167 10051 10049 5034184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034184 5033429 10378 10379 Yes Monthly Rollup 6.2.9200.24664 https://support.microsoft.com/help/5034184 10378 10379 5034184 5034171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034171 5033420 10483 10543 Yes Monthly Rollup 6.3.9600.21765 https://support.microsoft.com/help/5034171 10483 10543 5034171 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> Windows Cryptographic Services Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Windows Cryptographic Services Microsoft Yes CVE-2024-20682 Untrusted Pointer Dereference 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 5034134 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034134 5033379 10729 10735 Yes Security Update 10.0.10240.20402 https://support.microsoft.com/help/5034134 10729 10735 5034134 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 5034184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034184 5033429 10378 10379 Yes Monthly Rollup 6.2.9200.24664 https://support.microsoft.com/help/5034184 10378 10379 5034184 5034171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034171 5033420 10483 10543 Yes Monthly Rollup 6.3.9600.21765 https://support.microsoft.com/help/5034171 10483 10543 5034171 0poss with <a href="https://blog.thalium.re/">Thalium Team</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> Win32k Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Win32K Microsoft Yes CVE-2024-20683 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 5034134 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034134 5033379 10729 10735 Yes Security Update 10.0.10240.20402 https://support.microsoft.com/help/5034134 10729 10735 5034134 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 5034173 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034173 5033422 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22464 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034173 5034173 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034176 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034176 9312 10287 9318 9344 Yes Security Only 6.0.6003.22464 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034176 5034176 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034169 5033433 10051 10049 Yes Monthly Rollup 6.1.7601.26910 https://support.microsoft.com/help/5034169 10051 10049 5034169 5034169 https://support.microsoft.com/help/5034169 10051 10049 5034167 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034167 10051 10049 Yes Security Only 6.1.7601.26910 https://support.microsoft.com/help/5034167 10051 10049 5034167 5034167 https://support.microsoft.com/help/5034167 10051 10049 5034184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034184 5033429 10378 10379 Yes Monthly Rollup 6.2.9200.24664 https://support.microsoft.com/help/5034184 10378 10379 5034184 5034171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034171 5033420 10483 10543 Yes Monthly Rollup 6.3.9600.21765 https://support.microsoft.com/help/5034171 10483 10543 5034171 jackery 1.0 2024-01-09T08:00:00 <p>Information published.</p> Windows Nearby Sharing Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This vulnerability could be triggered when a malicious actor spoofs a machine with the same name that a user is searching for.</p> Windows Nearby Sharing Microsoft Yes CVE-2024-20690 Cryptographic Issues 11568 11569 11570 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 Spoofing 11568 Spoofing 11569 Spoofing 11570 Spoofing 11926 Spoofing 11927 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12085 Spoofing 12086 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12242 Spoofing 12243 Important 11568 Important 11569 Important 11570 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11568 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11569 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11570 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11926 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11927 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11929 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11930 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11931 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 12085 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 12086 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 12097 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 12098 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 12099 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 12242 6.5 5.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 12243 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 5034127 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 Crypto Board 1.0 2024-01-09T08:00:00 <p>Information published.</p> Windows Themes Information Disclosure Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.</p> Windows Themes Microsoft Yes CVE-2024-20691 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 5034134 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034134 5033379 10729 10735 Yes Security Update 10.0.10240.20402 https://support.microsoft.com/help/5034134 10729 10735 5034134 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 5034169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034169 5033433 10051 10049 Yes Monthly Rollup 6.1.7601.26910 https://support.microsoft.com/help/5034169 10051 10049 5034169 5034169 https://support.microsoft.com/help/5034169 10051 10049 5034167 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034167 10051 10049 Yes Security Only 6.1.7601.26910 https://support.microsoft.com/help/5034167 10051 10049 5034167 5034167 https://support.microsoft.com/help/5034167 10051 10049 5034184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034184 5033429 10378 10379 Yes Monthly Rollup 6.2.9200.24664 https://support.microsoft.com/help/5034184 10378 10379 5034184 5034171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034171 5033420 10483 10543 Yes Monthly Rollup 6.3.9600.21765 https://support.microsoft.com/help/5034171 10483 10543 5034171 R4nger & Zhiniang Peng 1.0 2024-01-09T08:00:00 <p>Information published.</p> Windows CoreMessaging Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of stack memory.</p> Windows Collaborative Translation Framework Microsoft Yes CVE-2024-20694 Use of Uninitialized Resource 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10852 10853 10816 10855 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 R4nger &amp; Zhiniang Peng 1.0 2024-01-09T08:00:00 <p>Information published.</p> MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow https://nvd.nist.gov/vuln/detail/CVE-2022-35737 https://nvd.nist.gov/vuln/detail/CVE-2022-35737 https://nvd.nist.gov/vuln/detail/CVE-2022-35737 https://nvd.nist.gov/vuln/detail/CVE-2022-35737 <p><strong>Why is the MITRE Corporation the assigning CNA (CVE Numbering Authority)?</strong></p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2022-35737">CVE-2022-35737</a> is regarding a vulnerability in SQLite. MITRE assigned this CVE number on behalf of the <a href="https://www.sqlite.org/about.html">SQLite organization</a>. Microsoft has included the updated library in Windows that addresses this vulnerability.</p> SQLite MITRE Corporation Yes CVE-2022-35737 12138 12137 12140 12139 11568 11569 11570 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12138 12137 12140 12139 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 12138 12137 12140 12139 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A sqlite 12138 sqlite-3.34.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 sqlite-devel-3.34.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 sqlite-libs-3.34.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 sqlite-debuginfo-3.34.1-2.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.34.1-2 https://nvd.nist.gov/vuln/detail/CVE-2022-35737 12138 sqlite sqlite 12137 sqlite-3.34.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 sqlite-devel-3.34.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 sqlite-libs-3.34.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 sqlite-debuginfo-3.34.1-2.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.34.1-2 https://nvd.nist.gov/vuln/detail/CVE-2022-35737 12137 sqlite sqlite 12140 sqlite-3.39.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 sqlite-devel-3.39.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 sqlite-libs-3.39.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 sqlite-debuginfo-3.39.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.39.2-1 https://nvd.nist.gov/vuln/detail/CVE-2022-35737 12140 sqlite sqlite 12139 sqlite-3.39.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 sqlite-devel-3.39.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 sqlite-libs-3.39.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 sqlite-debuginfo-3.39.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.39.2-1 https://nvd.nist.gov/vuln/detail/CVE-2022-35737 12139 sqlite 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 1.0 2024-01-09T08:00:00 <p>Information published.</p> Windows libarchive Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker with guest privileges must send a victim a malicious site and convince them to open it.</p> Windows Libarchive Microsoft Yes CVE-2024-20696 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 Microsoft Offensive Research &amp; Security Engineering with Microsoft 1.0 2024-01-09T08:00:00 <p>Information published.</p> Windows libarchive Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker with guest privileges must send a victim a malicious site and convince them to open it.</p> Windows Libarchive Microsoft Yes CVE-2024-20697 Heap-based Buffer Overflow 12085 12086 12242 12243 12244 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Important 12085 Important 12086 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 Microsoft Offensive Research &amp; Security Engineering with Microsoft 1.0 2024-01-09T08:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2024-20698 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 <a href="https://twitter.com/ezrak1e">ziming zhang</a> with Ant Security Light-Year Lab 1.0 2024-01-09T08:00:00 <p>Information published.</p> Windows Hyper-V Denial of Service Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker could run a specially crafted application on a vulnerable Hyper-V guest to exploit this vulnerability which, if successful, could potentially interact with processes of another Hyper-V guest hosted on the same Hyper-V host.</p> Windows Hyper-V Microsoft Yes CVE-2024-20699 Improper Handling of Exceptional Conditions 11569 11571 11572 11923 11924 11926 11931 12086 12097 12243 12244 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11931 Denial of Service 12086 Denial of Service 12097 Denial of Service 12243 Denial of Service 12244 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11931 Important 12086 Important 12097 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11569 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11569 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 5034121 5034121 https://support.microsoft.com/help/5034121 11926 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11931 12097 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12086 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 1.0 2024-01-09T08:00:00 <p>Information published.</p> Windows Hyper-V Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.</p> Windows Hyper-V Microsoft Yes CVE-2024-20700 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11569 11571 11572 11923 11924 11926 11927 11931 12085 12086 12097 12242 12243 12244 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12242 Critical 12243 Critical 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11569 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11569 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11931 12097 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 <a href="https://github.com/australeo">@australeo</a> <a href="https://twitter.com/rezer0dai">@rezer0dai</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A hypervisor-protected code integrity (HVCI) security feature bypass vulnerability could exist on some specific Microsoft Surface hardware computers that are still in support, when Windows incorrectly allows certain kernel-mode pages to be marked as Read, Write, Execute (RWX) even with HVCI enabled. To exploit this vulnerability an attacker could run a specially crafted application at administrator level that exploits a signed driver to bypass code integrity protections in Windows.</p> <p>The following versions of Microsoft Surface computers are exploitable by this vulnerability:</p> <ul> <li>Hub 3</li> <li>Pro 5 - not updated due to end of life</li> <li>Pro 7 - not updated due to end of life</li> <li>Laptop Studio</li> <li>Laptop Go 2</li> <li>Pro 7+</li> <li>Studio 2 +</li> <li>Laptop 4 (Intel)</li> <li>Pro 8</li> <li>Hub 2S</li> <li>Hub 2S</li> <li>Book 3</li> <li>Laptop 3 (Intel)</li> <li>Laptop Go</li> <li>Studio 2</li> </ul> Unified Extensible Firmware Interface Microsoft Yes CVE-2024-21305 Incorrect Permission Assignment for Critical Resource 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11568 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11569 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11570 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11571 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11572 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11923 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11924 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11926 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11927 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11929 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11930 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11931 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12085 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12086 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12097 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12098 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12099 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12242 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12243 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12244 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 <a href="https://twitter.com/standa_t">Satoshi Tanda</a> with <a href="https://tandasat.github.io/">System Programming Lab</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> Remote Desktop Client Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Remote Desktop Client Microsoft Yes CVE-2024-21307 Use After Free 11568 11569 11570 11571 11572 11849 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11849 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11849 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11849 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 Release Notes https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows#updates-for-version-124337 11849 Maybe Security Update 1.2.5105.0 https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows#updates-for-version-124337 11849 Release Notes 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034134 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034134 5033379 10729 10735 Yes Security Update 10.0.10240.20402 https://support.microsoft.com/help/5034134 10729 10735 5034134 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 5034169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034169 5033433 10051 10049 Yes Monthly Rollup 6.1.7601.26910 https://support.microsoft.com/help/5034169 10051 10049 5034169 5034169 https://support.microsoft.com/help/5034169 10051 10049 5034167 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034167 10051 10049 Yes Security Only 6.1.7601.26910 https://support.microsoft.com/help/5034167 10051 10049 5034167 5034167 https://support.microsoft.com/help/5034167 10051 10049 5034184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034184 5033429 10378 10379 Yes Monthly Rollup 6.2.9200.24664 https://support.microsoft.com/help/5034184 10378 10379 5034184 5034171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034171 5033420 10483 10543 Yes Monthly Rollup 6.3.9600.21765 https://support.microsoft.com/help/5034171 10483 10543 5034171 <a href="https://x.com/cyberestro">Mingjia Liu</a> with <a href="https://www.dbappsecurity.com.cn/product/cloud250.html">DBAPPSecurity WeBin Lab</a> <a href="https://twitter.com/mas0nshi">YingQi Shi</a> with <a href="https://www.dbappsecurity.com.cn/product/cloud250.html">DBAPPSecurity WeBin Lab</a> <a href="https://twitter.com/jq0904">Quan Jin</a> with <a href="https://www.dbappsecurity.com.cn/product/cloud250.html">DBAPPSecurity WeBin Lab</a> <a href="https://twitter.com/cyberestro">MingjiaLiu</a> with <a href="https://www.dbappsecurity.com.cn/product/cloud250.html">DBAPPSecurity WeBin Lab</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> 2.0 2024-01-10T08:00:00 <p>In the Security Updates table, added Remote Desktop client for Windows Desktop as it is also affected by this vulnerability. Customers running Remote Desktop client for Windows Desktop should ensure that they have version 1.2.5105.0 or higher to be protected from this vulnerability.</p> 2.1 2024-02-23T08:00:00 <p>Added acknowledgements. This is an informational change only.</p> Windows TCP/IP Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the unencrypted contents of IPsec packets from other sessions on a server.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.</p> Windows TCP/IP Microsoft Yes CVE-2024-21313 Generation of Error Message Containing Sensitive Information 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 5034134 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034134 5033379 10729 10735 Yes Security Update 10.0.10240.20402 https://support.microsoft.com/help/5034134 10729 10735 5034134 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 5034173 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034173 5033422 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22464 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034173 5034173 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034176 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034176 9312 10287 9318 9344 Yes Security Only 6.0.6003.22464 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034176 5034176 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034169 5033433 10051 10049 Yes Monthly Rollup 6.1.7601.26910 https://support.microsoft.com/help/5034169 10051 10049 5034169 5034169 https://support.microsoft.com/help/5034169 10051 10049 5034167 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034167 10051 10049 Yes Security Only 6.1.7601.26910 https://support.microsoft.com/help/5034167 10051 10049 5034167 5034167 https://support.microsoft.com/help/5034167 10051 10049 5034184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034184 5033429 10378 10379 Yes Monthly Rollup 6.2.9200.24664 https://support.microsoft.com/help/5034184 10378 10379 5034184 5034171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034171 5033420 10483 10543 Yes Monthly Rollup 6.3.9600.21765 https://support.microsoft.com/help/5034171 10483 10543 5034171 Sujeet Kumar of Microsoft 1.0 2024-01-09T08:00:00 <p>Information published.</p> Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability <p><strong>Do customers need to take additional action if they have already downloaded and ran the Microsoft Printer Metadata Remediation Tool documented in <a href="https://support.microsoft.com/en-us/topic/kb5034510-microsoft-printer-metadata-troubleshooter-tool-december-2023-b3197f24-fd25-430d-96d2-70f2044ce6a1">KB5034510</a>?</strong></p> <p>No, customers who have already downloaded and ran the tool do not need to take additional action. The tool can be removed after its use as the machine is no longer susceptible to this vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user needs to be tricked into running malicious files.</p> Microsoft Devices Microsoft Yes CVE-2024-21325 Untrusted Search Path 12273 Remote Code Execution 12273 Important 12273 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Release Notes https://www.microsoft.com/en-us/download/details.aspx?id=105763 12273 Yes Security Update 1.0.0.1 https://support.microsoft.com/en-us/topic/kb5034510-microsoft-printer-metadata-troubleshooter-tool-december-2023-b3197f24-fd25-430d-96d2-70f2044ce6a1 12273 Release Notes <a href="http://eskamation.de/">Stefan Kanthak</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>The attacker would be able to bypass the protection in Edge that prevents a potentially dangerous extension from being downloaded or updated.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>120.0.2210.133</td> <td>120.0.6099.216/217</td> <td>1/11/2024</td> </tr> </tbody> </table> <p><strong>Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal?</strong></p> <p><a href="https://www.microsoft.com/en-us/msrc/bounty-new-edge">Per our severity guidelines</a>, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, &quot;If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded&quot;. The CVSS scoring system doesn't allow for this type of nuance.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?</strong></p> <p>While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on install to be compromised by the attacker.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2024-20675 Improper Access Control 11655 Security Feature Bypass 11655 Low 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.3 5.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 120.0.2210.133 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Jos&#233; Miguel Moreno with <a href="https://cosec.inf.uc3m.es/">COSEC (UC3M)</a> 1.0 2024-01-11T08:00:00 <p>Information published.</p> 1.1 2024-01-18T08:00:00 <p>Updated FAQ information. This is an informational change only.</p> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and (A:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability could lead to a full compromise of the browser.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.83</td> <td>1/25/2024</td> <td>121.0.6167.85/.86</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.160</td> <td>1/25/2024</td> <td>120.0.6099.268</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2024-21326 Use After Free 11655 Elevation of Privilege 11655 Important 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 9.6 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 121.0.2277.83 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Anonymous 1.0 2024-01-25T08:00:00 <p>Information published.</p> Microsoft Edge for Android Information Disclosure Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability only discloses limited information, no sensitive information can be obtained.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.83</td> <td>1/25/2024</td> <td>121.0.6167.85/.86</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.160</td> <td>1/25/2024</td> <td>120.0.6099.268</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p> Microsoft Edge for Android Microsoft Yes CVE-2024-21382 Permissive Cross-domain Policy with Untrusted Domains 11655 Information Disclosure 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 121.0.2277.83 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes <a href="https://twitter.com/imnarendrabhati">Narendra Bhati</a> with <a href="https://www.linkedin.com/in/imnarendrabhati/">Lead Penetration Tester at Suma Soft Pvt. Ltd. India</a> 1.0 2024-01-25T08:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Spoofing Vulnerability <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.83</td> <td>1/25/2024</td> <td>121.0.6167.85/.86</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.160</td> <td>1/25/2024</td> <td>120.0.6099.268</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N), some loss of integrity (I:L) but have no effect on availability (A:N). How could an attacker impact the PDF File Signature?</strong></p> <p>An attacker could spoof the PDF signature stamp by tricking the user with a forgery when they open a digitally signed PDF and view the visual signature stamp.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2024-21383 Improper Verification of Cryptographic Signature 11655 Spoofing 11655 Low 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 3.3 2.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 121.0.2277.83 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Emanuel Pichler with University of Technology Graz 1.0 2024-01-25T08:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.83</td> <td>1/25/2024</td> <td>121.0.6167.85/.86</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.160</td> <td>1/25/2024</td> <td>120.0.6099.268</td> </tr> </tbody> </table> <p><strong>Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal?</strong></p> <p><a href="https://www.microsoft.com/en-us/msrc/bounty-new-edge">Per our severity guidelines</a>, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, &quot;If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded&quot;. The CVSS scoring system doesn't allow for this type of nuance.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a browser sandbox escape.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> <p><strong>How could an attacker exploit this vulnerability via the Network?</strong></p> <p>An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2024-21385 Use After Free 11655 Elevation of Privilege 11655 Important 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.3 7.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 121.0.2277.83 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Anonymous 1.0 2024-01-25T08:00:00 <p>Information published.</p> Microsoft Edge for Android Spoofing Vulnerability <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.83</td> <td>1/25/2024</td> <td>121.0.6167.85/.86</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.160</td> <td>1/25/2024</td> <td>120.0.6099.268</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could cover and spoof elements of the UI. The modified information is only visual.</p> Microsoft Edge for Android Microsoft Yes CVE-2024-21387 Insufficient UI Warning of Dangerous Operations 11655 12142 Spoofing 11655 Spoofing 12142 Moderate 11655 Moderate 12142 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11655 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 12142 Release Notes 11655 No Security Update 121.0.2277.83 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Release Notes 12142 No Security Update 120.0.2210.160 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 12142 Release Notes Om Apip 1.0 2024-01-25T08:00:00 <p>Information published.</p> Chromium: CVE-2024-0813 Use after free in Reading Mode <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.83</td> <td>1/25/2024</td> <td>121.0.6167.85/.86</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.160</td> <td>1/25/2024</td> <td>120.0.6099.268</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-0813 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 121.0.2277.83 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-01-25T08:00:00 <p>Information published.</p> Chromium: CVE-2024-0811 Inappropriate implementation in Extensions API <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.83</td> <td>1/25/2024</td> <td>121.0.6167.85/.86</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.160</td> <td>1/25/2024</td> <td>120.0.6099.268</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-0811 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 121.0.2277.83 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-01-25T08:00:00 <p>Information published.</p> Chromium: CVE-2024-0810 Insufficient policy enforcement in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.83</td> <td>1/25/2024</td> <td>121.0.6167.85/.86</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.160</td> <td>1/25/2024</td> <td>120.0.6099.268</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-0810 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 121.0.2277.83 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-01-25T08:00:00 <p>Information published.</p> Chromium: CVE-2024-0809 Inappropriate implementation in Autofill <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.83</td> <td>1/25/2024</td> <td>121.0.6167.85/.86</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.160</td> <td>1/25/2024</td> <td>120.0.6099.268</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-0809 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 121.0.2277.83 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-01-25T08:00:00 <p>Information published.</p> Chromium: CVE-2024-0814 Incorrect security UI in Payments <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.83</td> <td>1/25/2024</td> <td>121.0.6167.85/.86</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.160</td> <td>1/25/2024</td> <td>120.0.6099.268</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-0814 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 121.0.2277.83 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-01-25T08:00:00 <p>Information published.</p> Chromium: CVE-2024-0808 Integer underflow in WebUI <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.83</td> <td>1/25/2024</td> <td>121.0.6167.85/.86</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.160</td> <td>1/25/2024</td> <td>120.0.6099.268</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-0808 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 121.0.2277.83 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-01-25T08:00:00 <p>Information published.</p> Chromium: CVE-2024-0812 Inappropriate implementation in Accessibility <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.83</td> <td>1/25/2024</td> <td>121.0.6167.85/.86</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.160</td> <td>1/25/2024</td> <td>120.0.6099.268</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-0812 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 121.0.2277.83 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-01-25T08:00:00 <p>Information published.</p> Chromium: CVE-2024-0807 Use after free in WebAudio <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.83</td> <td>1/25/2024</td> <td>121.0.6167.85/.86</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.160</td> <td>1/25/2024</td> <td>120.0.6099.268</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-0807 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 121.0.2277.83 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-01-25T08:00:00 <p>Information published.</p> Chromium: CVE-2024-0806 Use after free in Passwords <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.83</td> <td>1/25/2024</td> <td>121.0.6167.85/.86</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.160</td> <td>1/25/2024</td> <td>120.0.6099.268</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-0806 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 121.0.2277.83 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-01-25T08:00:00 <p>Information published.</p> Chromium: CVE-2024-0805 Inappropriate implementation in Downloads <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.83</td> <td>1/25/2024</td> <td>121.0.6167.85/.86</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.160</td> <td>1/25/2024</td> <td>120.0.6099.268</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-0805 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 121.0.2277.83 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-01-25T08:00:00 <p>Information published.</p> Chromium: CVE-2024-0804 Insufficient policy enforcement in iOS Security UI <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.83</td> <td>1/25/2024</td> <td>121.0.6167.85/.86</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.160</td> <td>1/25/2024</td> <td>120.0.6099.268</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-0804 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 121.0.2277.83 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-01-25T08:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?</strong></p> <p>While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a browser sandbox escape.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain the privileges needed to install an extension.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.83</td> <td>1/25/2024</td> <td>121.0.6167.85/.86</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.160</td> <td>1/25/2024</td> <td>120.0.6099.268</td> </tr> </tbody> </table> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.98</td> <td>2/1/2024</td> <td>121.0.6167.139/140</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.167</td> <td>2/1/2024</td> <td>120.0.6099.276</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2024-21388 Improper Input Validation 11655 Elevation of Privilege 11655 Important 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 121.0.2277.98 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes <a href="https://labs.guard.io/">Oleg Zaytsev</a> with <a href="https://www.guard.io/">Guardio</a> <a href="https://twitter.com/shhnjk">Jun Kokatsu</a> 1.0 2024-01-30T08:00:00 <p>Information published.</p> Windows HTML Platforms Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>The MapURLToZone method could be bypassed by an attacker if the API returned a Zone value of 'Intranet' by passing a URL with a device path to the Lanman redirector device object. The same is true of the WebDav device.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> Windows Scripting Microsoft Yes CVE-2024-20652 External Control of File Name or Path 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 12243 12244 12242 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12242 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 12243 Important 12244 Important 12242 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12243 12242 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034134 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034134 5033379 10729 10735 Yes Security Update 10.0.10240.20402 https://support.microsoft.com/help/5034134 10729 10735 5034134 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 5034169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034169 5033433 10051 10049 Yes Monthly Rollup 6.1.7601.26910 https://support.microsoft.com/help/5034169 10051 10049 5034169 5034169 https://support.microsoft.com/help/5034169 10051 10049 5034167 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034167 10051 10049 Yes Security Only 6.1.7601.26910 https://support.microsoft.com/help/5034167 10051 10049 5034167 5034167 https://support.microsoft.com/help/5034167 10051 10049 5034120 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034120 5033376 10051 10049 10378 10379 10483 10543 Yes IE Cumulative 1.001 https://support.microsoft.com/help/5034120 10051 10049 10378 10379 10483 10543 5034120 5034184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034184 5033429 10378 10379 Yes Monthly Rollup 6.2.9200.24664 https://support.microsoft.com/help/5034184 10378 10379 5034184 5034171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034171 5033420 10483 10543 Yes Monthly Rollup 6.3.9600.21765 https://support.microsoft.com/help/5034171 10483 10543 5034171 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12243 12242 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12243 12242 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 <a href="https://twitter.com/nachoskrnl">Ben Barnea</a> with <a href="https://www.akamai.com/">Akamai Technologies</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> 1.1 2024-07-19T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> Microsoft Common Log File System Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Common Log File System Driver Microsoft Yes CVE-2024-20653 Out-of-bounds Read 12244 12243 12242 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 12244 Elevation of Privilege 12243 Elevation of Privilege 12242 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Important 12244 Important 12243 Important 12242 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12243 12242 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12243 12242 5034123 5034123 https://support.microsoft.com/help/5034123 12243 12242 12085 12086 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034134 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034134 5033379 10729 10735 Yes Security Update 10.0.10240.20402 https://support.microsoft.com/help/5034134 10729 10735 5034134 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 5034173 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034173 5033422 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22464 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034173 5034173 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034176 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034176 9312 10287 9318 9344 Yes Security Only 6.0.6003.22464 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034176 5034176 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034169 5033433 10051 10049 Yes Monthly Rollup 6.1.7601.26910 https://support.microsoft.com/help/5034169 10051 10049 5034169 5034169 https://support.microsoft.com/help/5034169 10051 10049 5034167 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034167 10051 10049 Yes Security Only 6.1.7601.26910 https://support.microsoft.com/help/5034167 10051 10049 5034167 5034167 https://support.microsoft.com/help/5034167 10051 10049 5034184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034184 5033429 10378 10379 Yes Monthly Rollup 6.2.9200.24664 https://support.microsoft.com/help/5034184 10378 10379 5034184 5034171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034171 5033420 10483 10543 Yes Monthly Rollup 6.3.9600.21765 https://support.microsoft.com/help/5034171 10483 10543 5034171 <a href="https://twitter.com/sat0rn3">Tianyao Xu(@sat0rn3)</a> <a href="https://hello.sangjun.xyz/">Sangjun Park</a> with <a href="https://www.kitribob.kr/">우리 오늘부터 0-day? (BoB 12th)</a> <a href="https://abysslab.github.io/">Jongseong Kim</a> with <a href="https://www.kitribob.kr/">우리 오늘부터 0-day? (BoB 12th)</a> <a href="https://blog.rolling.run/">Byunghyun Kang</a> with <a href="https://www.kitribob.kr/">우리 오늘부터 0-day? (BoB 12th)</a> <a href="https://r136a1x27.github.io/">Yunjin Park</a> with <a href="https://r/">우리 오늘부터 0-day? (BoB 12th)</a> <a href="https://sechack.kr/">Kwon Yul</a> with <a href="https://www.kitribob.kr/">우리 오늘부터 0-day? (BoB 12th)</a> Seungchan Kim with <a href="https://www.kitribob.kr/">우리 오늘부터 0-day? (BoB 12th)</a> <a href="https://hello.sangjun.xyz/">Sangjun Park</a>, <a href="https://abysslab.github.io/">Jongseong Kim</a>, <a href="https://blog.rolling.run/">Byunghyun Kang</a>, <a href="https://r136a1x27.github.io/">Yunjin Park</a>, <a href="https://sechack.kr/">Kwon Yul</a> and Seungchan Kim with <a href="https://www.kitribob.kr/">우리 오늘부터 0-day? (BoB 12th)</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>To successfully exploit this vulnerability the attacker must be an authenticated user that is granted the &quot;manage online responder&quot; permission. This permission defines who can use the Online Responder snap-in to modify the configuration of the Online Responder, and should be granted very selectively.</p> Windows Online Certificate Status Protocol (OCSP) SnapIn Microsoft Yes CVE-2024-20655 Use After Free 11571 11572 11923 11924 12244 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12244 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12244 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10816 10855 5034119 5034173 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034173 5033422 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22464 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034173 5034173 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034176 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034176 9312 10287 9318 9344 Yes Security Only 6.0.6003.22464 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034176 5034176 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034169 5033433 10051 10049 Yes Monthly Rollup 6.1.7601.26910 https://support.microsoft.com/help/5034169 10051 10049 5034169 5034169 https://support.microsoft.com/help/5034169 10051 10049 5034167 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034167 10051 10049 Yes Security Only 6.1.7601.26910 https://support.microsoft.com/help/5034167 10051 10049 5034167 5034167 https://support.microsoft.com/help/5034167 10051 10049 5034184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034184 5033429 10378 10379 Yes Monthly Rollup 6.2.9200.24664 https://support.microsoft.com/help/5034184 10378 10379 5034184 5034171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034171 5033420 10483 10543 Yes Monthly Rollup 6.3.9600.21765 https://support.microsoft.com/help/5034171 10483 10543 5034171 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> Visual Studio Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Visual Studio Microsoft Yes CVE-2024-20656 Improper Link Resolution Before File Access ('Link Following') 11600 12051 11935 12129 12187 10577 Elevation of Privilege 11600 Elevation of Privilege 12051 Elevation of Privilege 11935 Elevation of Privilege 12129 Elevation of Privilege 12187 Elevation of Privilege 10577 Important 11600 Important 12051 Important 11935 Important 12129 Important 12187 Important 10577 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11600 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12129 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12187 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10577 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.59 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.23 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.33 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.15 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.11 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes 5030979 https://aka.ms/vs/14/release/5030979 10577 Maybe Security Update 14.0.27560.00 https://support.microsoft.com/help/5030979 10577 5030979 <a href="https://twitter.com/filip_dragovic">Filip Dragović</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> BitLocker Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.</p> <p><strong>Are there additional steps that I need to take to be protected from this vulnerability?</strong></p> <p>Depending on the version of Windows you are running, you may need to take additional steps to update Windows Recovery Environment (WinRE) to be protected from this vulnerability.</p> <p>For the latest version of Windows the process of updating WinRE is now fully automated. The following versions of Windows require no additional steps as WinRE will be updated as a part of Latest Cumulative Update if you are getting updates from Windows Update and WSUS.:</p> <ul> <li>Windows 11 Version 23H2 for x64-based Systems</li> <li>Windows 11 Version 23H2 for ARM64-based Systems</li> <li>Windows 11 Version 22H2 for x64-based Systems</li> <li>Windows 11 Version 22H2 for ARM64-based Systems</li> </ul> <p>For the following versions of Windows, Windows Recovery Environment updates listed below are available that automatically apply latest Safe OS Dynamic Update to WinRE from the running Windows OS:</p> <ul> <li>Windows Server 2022 (Server Core installation) (<a href="https://support.microsoft.com/help/5034439">KB5034439: Windows Recovery Environment update for Azure Stack HCI, version 22H2 and Windows Server 2022: Jan 9, 2024</a>)</li> <li>Windows Server 2022 (<a href="https://support.microsoft.com/help/5034439">KB5034439: Windows Recovery Environment update for Azure Stack HCI, version 22H2 and Windows Server 2022: January 9, 2024</a>)</li> <li>Windows Server 2022, 23H2 Edition (Server Core installation) (<a href="https://support.microsoft.com/help/5034439">KB5034439: Windows Recovery Environment update for Azure Stack HCI, version 22H2 and Windows Server 2022: January 9, 2024</a>)</li> <li>Windows 11 version 21H2 for x64-based Systems (<a href="https://support.microsoft.com/help/5034440">KB5034440: Windows Recovery Environment update for Windows 11, version 21H2: January 9, 2024</a>)</li> <li>Windows 10 Version 22H2 for x64-based Systems (<a href="https://support.microsoft.com/help/5034441">KB5034441: Windows Recovery Environment update for Windows 10, version 21H2 and 22H2: January 9, 2024</a>)</li> <li>Windows 10 Version 22H2 for 32-bit Systems (<a href="https://support.microsoft.com/help/5034441">KB5034441: Windows Recovery Environment update for Windows 10, version 21H2 and 22H2: January 9, 2024</a>)</li> <li>Windows 10 Version 21H2 for x64-based Systems (<a href="https://support.microsoft.com/help/5034441">KB5034441: Windows Recovery Environment update for Windows 10, version 21H2 and 22H2: January 9, 2024</a>)</li> <li>Windows 10 Version 21H2 for 32-bit Systems (<a href="https://support.microsoft.com/help/5034441">KB5034441: Windows Recovery Environment update for Windows 10, version 21H2 and 22H2: January 9, 2024</a>)</li> </ul> <p>As an alternative to updates provided above or if your version of Windows is not listed above, you can download the latest Windows Safe OS Dynamic Update from the <a href="https://www.catalog.update.microsoft.com/Search.aspx?q=Windows%20Safe%20OS%20Dynamic%20Update">Microsoft Update Catalog</a>. You can then apply the WinRE update, see  <a href="https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-update-to-winre?view=windows-11">Add an update package to Windows RE</a>. To automate your installation Microsoft has developed a sample script that can help with updating WinRE from the running Windows OS. Please see <a href="https://support.microsoft.com/en-us/topic/kb5034957-updating-the-winre-partition-on-deployed-devices-to-address-security-vulnerabilities-in-cve-2024-20666-0190331b-1ca3-42d8-8a55-7fc406910c10">KB5034957: Updating the WinRE partition on deployed devices to address security vulnerabilities in CVE-2024-20666</a> for more information.</p> <p><strong>Can a bootable Windows ISO or USB flash drive that boot to Windows RE be used to exploit this vulnerability?</strong></p> <p>No. The exploit is only possible with the winre.wim on the recovery partition of the device.</p> <p><strong>Can a vulnerable version of WinRE WIM file be used to exploit this vulnerability?</strong></p> <p>No. A BitLocker encrypted drive cannot be accessed via an arbitrary WinRE WIM file hosted on an external drive. Please complete all steps in <a href="https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-update-to-winre?view=windows-11#apply-the-update-to-a-running-pc">Microsoft Learn | Add an Update to Windows RE | Apply the update to a running PC</a> to ensure that the updated Windows RE image is turned on and correctly configured for your Windows installation.</p> <p><strong>If TPM+PIN BitLocker protectors are being used, can the vulnerability be exploited if the attacker does not know the TPM PIN?</strong></p> <p>No. To exploit the vulnerability the attacker needs to know the TPM PIN if the user is protected by the BitLocker TPM+PIN.</p> <p><strong>How do I check whether WinRE has successfully updated?</strong></p> <p>Use DISM /Get-Packages on a mounted WinRE image to ensure latest Safe OS Dynamic Update package is present. For more information, see <a href="https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-update-to-winre?view=windows-11#check-the-winre-image-version">Check the WinRE image version</a>.</p> Windows BitLocker Microsoft Yes CVE-2024-20666 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 5034134 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034134 5033379 10729 10735 Yes Security Update 10.0.10240.20402 https://support.microsoft.com/help/5034134 10729 10735 5034134 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 Zammis Clark 1.0 2024-01-09T08:00:00 <p>Information published.</p> 1.2 2024-01-12T08:00:00 <p>Updated FAQ information. This is an informational change only.</p> 1.1 2024-01-10T08:00:00 <p>Updated FAQ information. This is an informational change only.</p> Microsoft Message Queuing Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows Message Queuing Microsoft Yes CVE-2024-20660 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 5034134 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034134 5033379 10729 10735 Yes Security Update 10.0.10240.20402 https://support.microsoft.com/help/5034134 10729 10735 5034134 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 5034173 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034173 5033422 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22464 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034173 5034173 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034176 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034176 9312 10287 9318 9344 Yes Security Only 6.0.6003.22464 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034176 5034176 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034169 5033433 10051 10049 Yes Monthly Rollup 6.1.7601.26910 https://support.microsoft.com/help/5034169 10051 10049 5034169 5034169 https://support.microsoft.com/help/5034169 10051 10049 5034167 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034167 10051 10049 Yes Security Only 6.1.7601.26910 https://support.microsoft.com/help/5034167 10051 10049 5034167 5034167 https://support.microsoft.com/help/5034167 10051 10049 5034184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034184 5033429 10378 10379 Yes Monthly Rollup 6.2.9200.24664 https://support.microsoft.com/help/5034184 10378 10379 5034184 5034171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034171 5033420 10483 10543 Yes Monthly Rollup 6.3.9600.21765 https://support.microsoft.com/help/5034171 10483 10543 5034171 <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Windows Message Queuing Microsoft Yes CVE-2024-20661 NULL Pointer Dereference 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 5034134 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034134 5033379 10729 10735 Yes Security Update 10.0.10240.20402 https://support.microsoft.com/help/5034134 10729 10735 5034134 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 5034173 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034173 5033422 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22464 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034173 5034173 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034176 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034176 9312 10287 9318 9344 Yes Security Only 6.0.6003.22464 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034176 5034176 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034169 5033433 10051 10049 Yes Monthly Rollup 6.1.7601.26910 https://support.microsoft.com/help/5034169 10051 10049 5034169 5034169 https://support.microsoft.com/help/5034169 10051 10049 5034167 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034167 10051 10049 Yes Security Only 6.1.7601.26910 https://support.microsoft.com/help/5034167 10051 10049 5034167 5034167 https://support.microsoft.com/help/5034167 10051 10049 5034184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034184 5033429 10378 10379 Yes Monthly Rollup 6.2.9200.24664 https://support.microsoft.com/help/5034184 10378 10379 5034184 5034171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034171 5033420 10483 10543 Yes Monthly Rollup 6.3.9600.21765 https://support.microsoft.com/help/5034171 10483 10543 5034171 bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is remote heap memory.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>To successfully exploit this vulnerability the attacker must be an authenticated user that is granted the &quot;manage online responder&quot; permission. This permission defines who can use the Online Responder snap-in to modify the configuration of the Online Responder, and should be granted very selectively.</p> Windows Online Certificate Status Protocol (OCSP) SnapIn Microsoft Yes CVE-2024-20662 Access of Resource Using Incompatible Type ('Type Confusion') 11571 11572 11923 11924 12244 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12244 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12244 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 4.9 4.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 4.9 4.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 4.9 4.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 4.9 4.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 4.9 4.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 4.9 4.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 4.9 4.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 4.9 4.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 4.9 4.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 4.9 4.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 4.9 4.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 4.9 4.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 4.9 4.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 4.9 4.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 4.9 4.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 4.9 4.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 4.9 4.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10816 10855 5034119 5034173 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034173 5033422 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22464 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034173 5034173 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034176 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034176 9312 10287 9318 9344 Yes Security Only 6.0.6003.22464 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034176 5034176 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034169 5033433 10051 10049 Yes Monthly Rollup 6.1.7601.26910 https://support.microsoft.com/help/5034169 10051 10049 5034169 5034169 https://support.microsoft.com/help/5034169 10051 10049 5034167 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034167 10051 10049 Yes Security Only 6.1.7601.26910 https://support.microsoft.com/help/5034167 10051 10049 5034167 5034167 https://support.microsoft.com/help/5034167 10051 10049 5034184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034184 5033429 10378 10379 Yes Monthly Rollup 6.2.9200.24664 https://support.microsoft.com/help/5034184 10378 10379 5034184 5034171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034171 5033420 10483 10543 Yes Monthly Rollup 6.3.9600.21765 https://support.microsoft.com/help/5034171 10483 10543 5034171 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> Windows Message Queuing Client (MSMQC) Information Disclosure <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows Message Queuing Microsoft Yes CVE-2024-20663 Untrusted Pointer Dereference 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 5034134 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034134 5033379 10729 10735 Yes Security Update 10.0.10240.20402 https://support.microsoft.com/help/5034134 10729 10735 5034134 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 5034173 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034173 5033422 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22464 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034173 5034173 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034176 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034176 9312 10287 9318 9344 Yes Security Only 6.0.6003.22464 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034176 5034176 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034169 5033433 10051 10049 Yes Monthly Rollup 6.1.7601.26910 https://support.microsoft.com/help/5034169 10051 10049 5034169 5034169 https://support.microsoft.com/help/5034169 10051 10049 5034167 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034167 10051 10049 Yes Security Only 6.1.7601.26910 https://support.microsoft.com/help/5034167 10051 10049 5034167 5034167 https://support.microsoft.com/help/5034167 10051 10049 5034184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034184 5033429 10378 10379 Yes Monthly Rollup 6.2.9200.24664 https://support.microsoft.com/help/5034184 10378 10379 5034184 5034171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034171 5033420 10483 10543 Yes Monthly Rollup 6.3.9600.21765 https://support.microsoft.com/help/5034171 10483 10543 5034171 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> Microsoft Message Queuing Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows Message Queuing Microsoft Yes CVE-2024-20664 Untrusted Pointer Dereference 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 5034134 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034134 5033379 10729 10735 Yes Security Update 10.0.10240.20402 https://support.microsoft.com/help/5034134 10729 10735 5034134 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 5034173 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034173 5033422 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22464 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034173 5034173 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034176 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034176 9312 10287 9318 9344 Yes Security Only 6.0.6003.22464 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034176 5034176 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034169 5033433 10051 10049 Yes Monthly Rollup 6.1.7601.26910 https://support.microsoft.com/help/5034169 10051 10049 5034169 5034169 https://support.microsoft.com/help/5034169 10051 10049 5034167 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034167 10051 10049 Yes Security Only 6.1.7601.26910 https://support.microsoft.com/help/5034167 10051 10049 5034167 5034167 https://support.microsoft.com/help/5034167 10051 10049 5034184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034184 5033429 10378 10379 Yes Monthly Rollup 6.2.9200.24664 https://support.microsoft.com/help/5034184 10378 10379 5034184 5034171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034171 5033420 10483 10543 Yes Monthly Rollup 6.3.9600.21765 https://support.microsoft.com/help/5034171 10483 10543 5034171 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> Windows Server Key Distribution Service Security Feature Bypass <p><strong>How can an attacker successfully exploit this vulnerability?</strong></p> <p>This vulnerability can be exploited when an attacker with admin privileges creates an x509 certificate with an MD5 property, which causes certificate validation to fail with no further validation checks.</p> Windows Server Key Distribution Service Microsoft Yes CVE-2024-21316 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10852 10853 10816 10855 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11570 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11926 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11927 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12085 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12086 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12097 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12098 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12099 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12242 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12243 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12244 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10855 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 1.0 2024-01-09T08:00:00 <p>Information published.</p> Windows Subsystem for Linux Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Subsystem for Linux Microsoft Yes CVE-2024-20681 Use After Free 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 bframer12@live.com 1.0 2024-01-09T08:00:00 <p>Information published.</p> Win32k Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Win32 Kernel Subsystem Microsoft Yes CVE-2024-20686 Sensitive Data Storage in Improperly Locked Memory 12244 Elevation of Privilege 12244 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 esakis 1.0 2024-01-09T08:00:00 <p>Information published.</p> Microsoft AllJoyn API Denial of Service Vulnerability Windows AllJoyn API Microsoft Yes CVE-2024-20687 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 5034134 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034134 5033379 10729 10735 Yes Security Update 10.0.10240.20402 https://support.microsoft.com/help/5034134 10729 10735 5034134 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 <a href="https://twitter.com/ezrak1e">ziming zhang</a> with Ant Security Light-Year Lab 1.0 2024-01-09T08:00:00 <p>Information published.</p> Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by convincing, or waiting for, a user to connect to an Active Directory Domain Controller and then stealing network secrets. When the vulnerability is successfully exploited this could allow the attacker to retrieve sensitive data in plain-text which could be exploited for further attacks.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker must be on the network to monitor domain network traffic (PR:L) while monitoring for user (UI:R) generated network traffic, or alternatively that attacker convinces an authenticated user to execute a malicious script, as a step to exploit this vulnerability.</p> Windows Local Security Authority Subsystem Service (LSASS) Microsoft Yes CVE-2024-20692 Inadequate Encryption Strength 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 5034134 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034134 5033379 10729 10735 Yes Security Update 10.0.10240.20402 https://support.microsoft.com/help/5034134 10729 10735 5034134 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 5034173 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034173 5033422 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22464 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034173 5034173 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034176 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034176 9312 10287 9318 9344 Yes Security Only 6.0.6003.22464 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034176 5034176 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034169 5033433 10051 10049 Yes Monthly Rollup 6.1.7601.26910 https://support.microsoft.com/help/5034169 10051 10049 5034169 5034169 https://support.microsoft.com/help/5034169 10051 10049 5034167 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034167 10051 10049 Yes Security Only 6.1.7601.26910 https://support.microsoft.com/help/5034167 10051 10049 5034167 5034167 https://support.microsoft.com/help/5034167 10051 10049 5034184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034184 5033429 10378 10379 Yes Monthly Rollup 6.2.9200.24664 https://support.microsoft.com/help/5034184 10378 10379 5034184 5034171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034171 5033420 10483 10543 Yes Monthly Rollup 6.3.9600.21765 https://support.microsoft.com/help/5034171 10483 10543 5034171 <a href="https://twitter.com/mgrafnetter">Michael Grafnetter</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> Microsoft Bluetooth Driver Spoofing Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>In order to exploit this vulnerability, the victim must pair with the attacker's Bluetooth device.</p> Microsoft Bluetooth Driver Microsoft Yes CVE-2024-21306 Missing Authentication for Critical Function 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Spoofing 11923 Spoofing 11924 Spoofing 11926 Spoofing 11927 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12085 Spoofing 12086 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12242 Spoofing 12243 Spoofing 12244 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11923 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11924 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11926 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11927 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11929 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11930 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11931 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12085 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12086 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12097 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12098 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12099 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12242 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12243 5.7 5.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12244 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 <a href="https://github.com/marcnewlin">Marc Newlin</a> with <a href="https://skysafe.io/">SkySafe</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> Windows Kernel-Mode Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel-Mode Drivers Microsoft Yes CVE-2024-21309 Integer Underflow (Wrap or Wraparound) 11923 11924 11926 11927 12085 12086 12242 12243 12244 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Important 11923 Important 11924 Important 11926 Important 11927 Important 12085 Important 12086 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 pwnht 1.0 2024-01-09T08:00:00 <p>Information published.</p> Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Cloud Files Mini Filter Driver Microsoft Yes CVE-2024-21310 Numeric Truncation Error 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12243 12242 12244 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12243 Elevation of Privilege 12242 Elevation of Privilege 12244 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12243 Important 12242 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12243 12242 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12243 12242 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12243 12242 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 Anonymous working with Trend Micro Zero Day Initiative Keqi Hu 1.0 2024-01-09T08:00:00 <p>Information published.</p> Windows Cryptographic Services Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>For successful exploitation, a locally authenticated attacker needs to send a specially crafted request to the cryptography provider's vulnerable function.</p> Windows Cryptographic Services Microsoft Yes CVE-2024-21311 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 5034134 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034134 5033379 10729 10735 Yes Security Update 10.0.10240.20402 https://support.microsoft.com/help/5034134 10729 10735 5034134 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 5034173 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034173 5033422 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22464 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034173 5034173 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034176 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034176 9312 10287 9318 9344 Yes Security Only 6.0.6003.22464 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034176 5034176 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034169 5033433 10051 10049 Yes Monthly Rollup 6.1.7601.26910 https://support.microsoft.com/help/5034169 10051 10049 5034169 5034169 https://support.microsoft.com/help/5034169 10051 10049 5034167 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034167 10051 10049 Yes Security Only 6.1.7601.26910 https://support.microsoft.com/help/5034167 10051 10049 5034167 5034167 https://support.microsoft.com/help/5034167 10051 10049 5034184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034184 5033429 10378 10379 Yes Monthly Rollup 6.2.9200.24664 https://support.microsoft.com/help/5034184 10378 10379 5034184 5034171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034171 5033420 10483 10543 Yes Monthly Rollup 6.3.9600.21765 https://support.microsoft.com/help/5034171 10483 10543 5034171 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> .NET Framework Denial of Service Vulnerability <p><strong>According to the CVSS metric, the privileges required is none (PR:N). What does that mean for this vulnerability?</strong></p> <p>The score is based on websites/apps that are configured to allow anonymous access without authentication. When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk.</p> .NET Framework Microsoft Yes CVE-2024-21312 Improper Input Validation 12079-12243 12079-12242 11650-10852 11650-10853 11650-10816 11650-10855 11650-10378 11650-10379 11650-10483 11650-10543 11676-11568 11676-11569 11676-11571 11676-11572 11676-11923 11676-11924 11676-11926 11676-11927 11676-11929 11676-11930 11676-11931 11676-12097 11676-12098 11676-12099 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 11677-10852 11677-10853 11677-10816 11677-10855 11863-10051 11863-10049 11863-10378 11863-10379 11863-10483 11863-10543 12079-11923 12079-11924 12079-11926 12079-11927 12079-11929 12079-11930 12079-11931 12079-12085 12079-12086 12079-12097 12079-12098 12079-12099 2472-10378 2472-10379 2472-10483 2472-10543 Denial of Service 12079-12243 Denial of Service 12079-12242 Denial of Service 11650-10852 Denial of Service 11650-10853 Denial of Service 11650-10816 Denial of Service 11650-10855 Denial of Service 11650-10378 Denial of Service 11650-10379 Denial of Service 11650-10483 Denial of Service 11650-10543 Denial of Service 11676-11568 Denial of Service 11676-11569 Denial of Service 11676-11571 Denial of Service 11676-11572 Denial of Service 11676-11923 Denial of Service 11676-11924 Denial of Service 11676-11926 Denial of Service 11676-11927 Denial of Service 11676-11929 Denial of Service 11676-11930 Denial of Service 11676-11931 Denial of Service 11676-12097 Denial of Service 11676-12098 Denial of Service 11676-12099 Denial of Service 11677-11568 Denial of Service 11677-11569 Denial of Service 11677-11570 Denial of Service 11677-11571 Denial of Service 11677-11572 Denial of Service 11677-10852 Denial of Service 11677-10853 Denial of Service 11677-10816 Denial of Service 11677-10855 Denial of Service 11863-10051 Denial of Service 11863-10049 Denial of Service 11863-10378 Denial of Service 11863-10379 Denial of Service 11863-10483 Denial of Service 11863-10543 Denial of Service 12079-11923 Denial of Service 12079-11924 Denial of Service 12079-11926 Denial of Service 12079-11927 Denial of Service 12079-11929 Denial of Service 12079-11930 Denial of Service 12079-11931 Denial of Service 12079-12085 Denial of Service 12079-12086 Denial of Service 12079-12097 Denial of Service 12079-12098 Denial of Service 12079-12099 Denial of Service 2472-10378 Denial of Service 2472-10379 Denial of Service 2472-10483 Denial of Service 2472-10543 Important 12079-12243 Important 12079-12242 Important 11650-10852 Important 11650-10853 Important 11650-10816 Important 11650-10855 Important 11650-10378 Important 11650-10379 Important 11650-10483 Important 11650-10543 Important 11676-11568 Important 11676-11569 Important 11676-11571 Important 11676-11572 Important 11676-11923 Important 11676-11924 Important 11676-11926 Important 11676-11927 Important 11676-11929 Important 11676-11930 Important 11676-11931 Important 11676-12097 Important 11676-12098 Important 11676-12099 Important 11677-11568 Important 11677-11569 Important 11677-11570 Important 11677-11571 Important 11677-11572 Important 11677-10852 Important 11677-10853 Important 11677-10816 Important 11677-10855 Important 11863-10051 Important 11863-10049 Important 11863-10378 Important 11863-10379 Important 11863-10483 Important 11863-10543 Important 12079-11923 Important 12079-11924 Important 12079-11926 Important 12079-11927 Important 12079-11929 Important 12079-11930 Important 12079-11931 Important 12079-12085 Important 12079-12086 Important 12079-12097 Important 12079-12098 Important 12079-12099 Important 2472-10378 Important 2472-10379 Important 2472-10483 Important 2472-10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-12243 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-12242 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10852 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10853 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10816 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10855 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10378 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10379 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10483 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11650-10543 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11568 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11569 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11571 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11572 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11923 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11924 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11926 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11927 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11929 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11930 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-11931 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-12097 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-12098 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11676-12099 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11677-11568 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11677-11569 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11677-11570 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11677-11571 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11677-11572 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11677-10852 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11677-10853 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11677-10816 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11677-10855 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11863-10051 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11863-10049 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11863-10378 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11863-10379 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11863-10483 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11863-10543 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-11923 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-11924 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-11926 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-11927 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-11929 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-11930 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-11931 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-12085 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-12086 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-12097 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-12098 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12079-12099 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 2472-10378 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 2472-10379 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 2472-10483 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 2472-10543 5033920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033920 12079-12243 12079-12242 12079-12085 12079-12086 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5033920 12079-12243 12079-12242 12079-12085 12079-12086 5033920 5033910 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033910 11650-10852 11650-10853 11650-10816 11650-10855 Maybe Security Update 4.8.04690.02 https://support.microsoft.com/help/5033910 11650-10852 11650-10853 11650-10816 11650-10855 5033910 5034278 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033913 11650-10378 11650-10379 Maybe Monthly Rollup 4.8.04690.02 https://support.microsoft.com/help/5034278 11650-10378 11650-10379 5034278 5034279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033915 11650-10483 11650-10543 Maybe Monthly Rollup 4.8.04690.02 https://support.microsoft.com/help/5034279 11650-10483 11650-10543 5034279 5034273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033911 11676-11568 11676-11569 11676-11571 11676-11572 Maybe Security Update 4.8.04690.02 https://support.microsoft.com/help/5034273 11676-11568 11676-11569 11676-11571 11676-11572 5034273 5034272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033914 11676-11923 11676-11924 Maybe Security Update 4.8.04690.02 https://support.microsoft.com/help/5034272 11676-11923 11676-11924 5034272 5034276 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033912 11676-11926 11676-11927 Maybe Security Update 4.8.04690.02 https://support.microsoft.com/help/5034276 11676-11926 11676-11927 5034276 5034274 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033909 11676-11929 11676-11930 11676-11931 Maybe Security Update 4.8.04690.02 https://support.microsoft.com/help/5034274 11676-11929 11676-11930 11676-11931 5034274 5034275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033909 11676-12097 11676-12098 11676-12099 Maybe Security Update 4.8.04690.02 https://support.microsoft.com/help/5034275 11676-12097 11676-12098 11676-12099 5034275 5034273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033904 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 Maybe Security Update 4.7.04081.03 https://support.microsoft.com/help/5034273 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 5034273 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 11677-10852 11677-10853 11677-10816 11677-10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 11677-10852 11677-10853 11677-10816 11677-10855 5034119 5034269 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033947 11863-10051 11863-10049 Maybe Security Only 4.7.04081.02 https://support.microsoft.com/help/5034269 11863-10051 11863-10049 5034269 5034278 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033905 11863-10378 11863-10379 Maybe Monthly Rollup 4.7.04081.03 https://support.microsoft.com/help/5034278 11863-10378 11863-10379 5034278 5034279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033900 11863-10483 11863-10543 2472-10483 2472-10543 Maybe Monthly Rollup 3.0.50727.8976 https://support.microsoft.com/help/5034279 11863-10483 11863-10543 2472-10483 2472-10543 5034279 5034272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033922 12079-11923 12079-11924 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5034272 12079-11923 12079-11924 5034272 5034276 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033919 12079-11926 12079-11927 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5034276 12079-11926 12079-11927 5034276 5034274 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033918 12079-11929 12079-11930 12079-11931 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5034274 12079-11929 12079-11930 12079-11931 5034274 5034275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033918 12079-12097 12079-12098 12079-12099 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5034275 12079-12097 12079-12098 12079-12099 5034275 5034278 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033897 2472-10378 2472-10379 Maybe Monthly Rollup 3.0.50727.8976 https://support.microsoft.com/help/5034278 2472-10378 2472-10379 5034278 Karel Rymes 1.0 2024-01-09T08:00:00 <p>Information published.</p> 1.1 2024-01-12T08:00:00 <p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p> 1.2 2024-01-22T08:00:00 <p>Corrected Download links in the Security Updates table. This is an informational change only.</p> 1.3 2024-02-13T08:00:00 <p>To address a known issue with a broken link, corrected Download links in the Security Updates table. This is an informational change only.</p> Microsoft Message Queuing Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows Message Queuing Microsoft Yes CVE-2024-21314 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034130 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034130 5033383 12244 Yes Security Update 10.0.25398.643 https://support.microsoft.com/help/5034130 12244 5034130 5034134 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034134 5033379 10729 10735 Yes Security Update 10.0.10240.20402 https://support.microsoft.com/help/5034134 10729 10735 5034134 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 5034173 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034173 5033422 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22464 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034173 5034173 https://support.microsoft.com/help/5034173 9312 10287 9318 9344 5034176 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034176 9312 10287 9318 9344 Yes Security Only 6.0.6003.22464 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034176 5034176 https://support.microsoft.com/help/5034176 9312 10287 9318 9344 5034169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034169 5033433 10051 10049 Yes Monthly Rollup 6.1.7601.26910 https://support.microsoft.com/help/5034169 10051 10049 5034169 5034169 https://support.microsoft.com/help/5034169 10051 10049 5034167 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034167 10051 10049 Yes Security Only 6.1.7601.26910 https://support.microsoft.com/help/5034167 10051 10049 5034167 5034167 https://support.microsoft.com/help/5034167 10051 10049 5034184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034184 5033429 10378 10379 Yes Monthly Rollup 6.2.9200.24664 https://support.microsoft.com/help/5034184 10378 10379 5034184 5034171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034171 5033420 10483 10543 Yes Monthly Rollup 6.3.9600.21765 https://support.microsoft.com/help/5034171 10483 10543 5034171 <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> Microsoft SharePoint Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker with Site Owner permission can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>In a network-based attack, an authenticated attacker, as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server.</p> Microsoft Office SharePoint Microsoft Yes CVE-2024-21318 Deserialization of Untrusted Data 10950 11585 11961 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 5002541 https://www.microsoft.com/download/details.aspx?familyid=477f8832-db05-4903-872f-1f01117080a8 10950 Maybe Security Update 16.0.5430.1000 https://support.microsoft.com/help/5002541 10950 5002541 5002539 https://www.microsoft.com/download/details.aspx?familyid=71590b2f-5389-452e-b881-9880d076a5d8 11585 Maybe Security Update 16.0.10406.20000 https://support.microsoft.com/help/5002539 11585 5002539 5002540 https://www.microsoft.com/download/details.aspx?familyid=d4bf78f0-bc47-4786-8f86-f44842cd09c2 11961 Maybe Security Update 16.0.10406.20000 https://support.microsoft.com/help/5002540 11961 5002540 Ngo Wei Lin, Billy Jheng Bing Jhong, L&#234; Hữu Quang Linh, Bruce Chen, Nguyn Tin Giang of <a href="https://starlabs.sg/">STAR Labs SG Pte. Ltd.</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> Windows Themes Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file.</p> Windows Themes Microsoft Yes CVE-2024-21320 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Spoofing 11568 Spoofing 11569 Spoofing 11570 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 11926 Spoofing 11927 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12085 Spoofing 12086 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12242 Spoofing 12243 Spoofing 10729 Spoofing 10735 Spoofing 10852 Spoofing 10853 Spoofing 10816 Spoofing 10855 Spoofing 10378 Spoofing 10379 Spoofing 10483 Spoofing 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5034127 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034127 5033371 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5329 https://support.microsoft.com/help/5034127 11568 11569 11570 11571 11572 5034127 5034129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034129 5033118 11923 11924 Yes Security Update 10.0.20348.2227 https://support.microsoft.com/help/5034129 11923 11924 5034129 5034121 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034121 5033369 11926 11927 Yes Security Update 10.0.22000.2713 https://support.microsoft.com/help/5034121 11926 11927 5034121 5034121 https://support.microsoft.com/help/5034121 11926 11927 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 11929 11930 11931 Yes Security Update 10.0.19044.3930 https://support.microsoft.com/help/5034122 11929 11930 11931 5034122 5034122 https://support.microsoft.com/help/5034122 11929 11930 11931 12097 12098 12099 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12085 12086 Yes Security Update 10.0.22621.3007 https://support.microsoft.com/help/5034123 12085 12086 5034123 5034123 https://support.microsoft.com/help/5034123 12085 12086 12242 12243 5034122 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034122 5033372 12097 12098 12099 Yes Security Update 10.0.19045.3930 https://support.microsoft.com/help/5034122 12097 12098 12099 5034122 5034123 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034123 5033375 12242 12243 Yes Security Update 10.0.22631.3007 https://support.microsoft.com/help/5034123 12242 12243 5034123 5034134 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034134 5033379 10729 10735 Yes Security Update 10.0.10240.20402 https://support.microsoft.com/help/5034134 10729 10735 5034134 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 10852 10853 10816 10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 10852 10853 10816 10855 5034119 5034184 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034184 5033429 10378 10379 Yes Monthly Rollup 6.2.9200.24664 https://support.microsoft.com/help/5034184 10378 10379 5034184 5034171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034171 5033420 10483 10543 Yes Monthly Rollup 6.3.9600.21765 https://support.microsoft.com/help/5034171 10483 10543 5034171 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigations might apply in your situation:</p> <ul> <li><p>Systems that have disabled NTLM are not affected.</p> </li> <li><p>Apply the existing group policy to block NTLM hash. With this policy enabled, this issue for a remote SMB location client or server can be mitigated. To enable the policy: Select <strong>Computer Configuration</strong> &gt; <strong>Windows Settings</strong> &gt; ** Security Settings** &gt; <strong>Local Policies</strong> &gt; <strong>Security Options</strong>. On the right pane, double-click the Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers policy per the options listed below in the Network security: <strong>Restrict NTLM: Outgoing NTLM traffic to remote servers</strong> documentation.</p> </li> </ul> <p><strong>References</strong>:</p> <ul> <li>For customers running Windows Server 2008 or 2008 R2: <a href="https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd560653(v=ws.10)">Introducing the Restriction of NTLM Authentication</a></li> <li>For customers running Windows 7 or 2008 R2: <a href="https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/ntlm-blocking-and-you-application-analysis-and-auditing/ba-p/397191">NTLM Blocking and You</a></li> <li>For customers running Windows 10 or 11: Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers <a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers">Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication</a></li> </ul> <a href="https://github.com/tomerpeled92/cve">Tomer Peled</a> with <a href="https://www.akamai.com/">Akamai</a> 1.0 2024-01-09T08:00:00 <p>Information published.</p> Chromium: CVE-2024-0222 Use after free in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>120.0.2210.121</td> <td>120.0.6099.199/200</td> <td>1/5/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-0222 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 120.0.2210.121 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-01-05T17:08:23 <p>Information published.</p> Chromium: CVE-2024-0223 Heap buffer overflow in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>120.0.2210.121</td> <td>120.0.6099.199/200</td> <td>1/5/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-0223 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 120.0.2210.121 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-01-05T17:08:28 <p>Information published.</p> Chromium: CVE-2024-0225 Use after free in WebGPU <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>120.0.2210.121</td> <td>120.0.6099.199/200</td> <td>1/5/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-0225 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 120.0.2210.121 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-01-05T17:08:32 <p>Information published.</p> Chromium: CVE-2024-0224 Use after free in WebAudio <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>120.0.2210.121</td> <td>120.0.6099.199/200</td> <td>1/5/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-0224 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 120.0.2210.121 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-01-05T17:08:30 <p>Information published.</p> Adobe Systems Incorporated: CVE-2024-20721 Improper Input Validation Denial of Service Vulnerability <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>120.0.2210.133</td> <td>120.0.6099.216/217</td> <td>1/11/2024</td> </tr> </tbody> </table> <p><strong>Why is this Adobe CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Adobe Software which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Adobe Systems Incorporated Yes CVE-2024-20721 11655 Remote Code Execution 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Release Notes 11655 No Security Update 120.0.2210.133 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes HAO LI of VenusTech ADLab 1.0 2024-01-11T08:00:00 <p>Information published.</p> 1.1 2024-01-18T08:00:00 <p>Updated FAQ information. This is an informational change only.</p> Chromium: CVE-2024-0333 Insufficient data validation in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>120.0.2210.133</td> <td>120.0.6099.216/217</td> <td>1/11/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-0333 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 120.0.2210.133 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-01-11T18:40:56 <p>Information published.</p> 1.1 2024-01-18T08:00:00 <p>Updated FAQ information. This is an informational change only.</p> Adobe Systems Incorporated: CVE-2024-20709 Javascript Implementation PDF Vulnerability <p>This CVE was assigned by Adobe Systems Incorporated. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>120.0.2210.133</td> <td>120.0.6099.216/217</td> <td>1/11/2024</td> </tr> </tbody> </table> <p><strong>Why is this Adobe CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Adobe Software which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Adobe Systems Incorporated Yes CVE-2024-20709 11655 11655 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Release Notes 11655 No Security Update 120.0.2210.133 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Anonymous 1.0 2024-01-11T08:00:00 <p>Information published.</p> 1.1 2024-01-18T08:00:00 <p>Updated FAQ information. This is an informational change only.</p> Chromium: CVE-2024-0517 Out of bounds write in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>120.0.2210.144</td> <td>120.0.6099.224/225</td> <td>1/17/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-0517 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 120.0.2210.144 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-01-17T18:17:31 <p>Information published.</p> Chromium: CVE-2024-0518 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>120.0.2210.144</td> <td>120.0.6099.224/225</td> <td>1/17/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-0518 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 120.0.2210.144 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-01-17T18:17:35 <p>Information published.</p> Chromium: CVE-2024-0519 Out of bounds memory access in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p>Google is aware of reports that an exploit for CVE-2024-0519 exists in the wild.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>120.0.2210.144</td> <td>120.0.6099.224/225</td> <td>1/17/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-0519 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 120.0.2210.144 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-01-17T18:17:38 <p>Information published.</p> Microsoft Edge (Chromium-based) Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires the victim to open the vulnerable app.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could cover and spoof elements of the UI. The modified information is only visual.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>121.0.2277.83</td> <td>1/25/2024</td> <td>121.0.6167.85/.86</td> </tr> <tr> <td>Extended Stable</td> <td>120.0.2210.160</td> <td>1/25/2024</td> <td>120.0.6099.268</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2024-21336 Insufficient UI Warning of Dangerous Operations 11655 Spoofing 11655 Low 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 2.5 2.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 121.0.2277.83 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes <a href="https://www.linkedin.com/in/hafiizh-7aa6bb31/">Hafiizh</a> with https://www.linkedin.com/in/hafiizh-7aa6bb31/ 1.0 2024-01-26T08:00:00 <p>Information published.</p> .NET Denial of Service Vulnerability .NET Microsoft Yes CVE-2024-20672 Uncontrolled Resource Consumption 12009 12130 Denial of Service 12009 Denial of Service 12130 Important 12009 Important 12130 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12009 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12130 5033733 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.26 https://support.microsoft.com/help/5033733 12009 5033733 5033734 https://dotnet.microsoft.com/en-us/download/dotnet/7.0 12130 Maybe Security Update 7.0.15 https://support.microsoft.com/help/5033734 12130 5033734 1.0 2024-01-09T08:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-51782 https://nvd.nist.gov/vuln/detail/CVE-2023-51782 Mariner cve@mitre.org Yes CVE-2023-51782 12139 12140 12139 12140 12139 12140 DOS:N/A 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 kernel 12139 kernel-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.148.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-51782 12139 kernel kernel 12140 kernel-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.148.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-51782 12140 kernel 1.0 2024-01-19T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-51781 https://nvd.nist.gov/vuln/detail/CVE-2023-51781 Mariner cve@mitre.org Yes CVE-2023-51781 12139 12140 12139 12140 12139 12140 DOS:N/A 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 kernel 12139 kernel-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.148.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-51781 12139 kernel kernel 12140 kernel-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.148.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-51781 12140 kernel 1.0 2024-01-19T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-51780 https://nvd.nist.gov/vuln/detail/CVE-2023-51780 https://nvd.nist.gov/vuln/detail/CVE-2023-51780 https://nvd.nist.gov/vuln/detail/CVE-2023-51780 Mariner cve@mitre.org Yes CVE-2023-51780 12139 12140 12139 12140 12139 12140 DOS:N/A 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 hyperv-daemons 12139 hyperv-daemons-5.15.145.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.145.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.145.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.145.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.145.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.145.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.145.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.145.2-1 https://nvd.nist.gov/vuln/detail/CVE-2023-51780 12139 hyperv-daemons kernel 12139 kernel-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.148.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.148.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-51780 12139 kernel hyperv-daemons 12140 hyperv-daemons-5.15.145.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.145.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.145.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.145.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.145.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.145.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.145.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.145.2-1 https://nvd.nist.gov/vuln/detail/CVE-2023-51780 12140 hyperv-daemons kernel 12140 kernel-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.148.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.148.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-51780 12140 kernel 1.0 2024-01-16T00:00:00 <p>Information published.</p> 1.1 2024-01-19T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 Mariner cna@vuldb.com Yes CVE-2023-7104 12139 12140 12139 12140 12139 12140 DOS:N/A 7.3 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 12139 7.3 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 12140 sqlite 12139 sqlite-3.39.2-3.cm2.x86_64.rpm 0001-01-01T00:00:00 sqlite-devel-3.39.2-3.cm2.x86_64.rpm 0001-01-01T00:00:00 sqlite-libs-3.39.2-3.cm2.x86_64.rpm 0001-01-01T00:00:00 sqlite-debuginfo-3.39.2-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.39.2-3 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 12139 sqlite sqlite 12140 sqlite-3.39.2-3.cm2.aarch64.rpm 0001-01-01T00:00:00 sqlite-devel-3.39.2-3.cm2.aarch64.rpm 0001-01-01T00:00:00 sqlite-libs-3.39.2-3.cm2.aarch64.rpm 0001-01-01T00:00:00 sqlite-debuginfo-3.39.2-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.39.2-3 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 12140 sqlite 1.0 2024-01-06T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-52284 https://nvd.nist.gov/vuln/detail/CVE-2023-52284 Mariner cve@mitre.org Yes CVE-2023-52284 12139 12140 12139 12140 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12140 fluent-bit 12139 fluent-bit-2.1.10-3.cm2.x86_64.rpm 0001-01-01T00:00:00 fluent-bit-devel-2.1.10-3.cm2.x86_64.rpm 0001-01-01T00:00:00 fluent-bit-debuginfo-2.1.10-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.1.10-3 https://nvd.nist.gov/vuln/detail/CVE-2023-52284 12139 fluent-bit fluent-bit 12140 fluent-bit-2.1.10-3.cm2.aarch64.rpm 0001-01-01T00:00:00 fluent-bit-devel-2.1.10-3.cm2.aarch64.rpm 0001-01-01T00:00:00 fluent-bit-debuginfo-2.1.10-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.1.10-3 https://nvd.nist.gov/vuln/detail/CVE-2023-52284 12140 fluent-bit 1.0 2024-01-02T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-3772 https://nvd.nist.gov/vuln/detail/CVE-2023-3772 Mariner secalert@redhat.com Yes CVE-2023-3772 12139 12140 12139 12140 12139 12140 DOS:N/A 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12139 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12140 hyperv-daemons 12139 hyperv-daemons-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.158.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-3772 12139 hyperv-daemons hyperv-daemons 12140 hyperv-daemons-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.158.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-3772 12140 hyperv-daemons 1.0 2024-01-21T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-3773 https://nvd.nist.gov/vuln/detail/CVE-2023-3773 Mariner secalert@redhat.com Yes CVE-2023-3773 12139 12140 12139 12140 12139 12140 DOS:N/A 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 12139 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 12140 hyperv-daemons 12139 hyperv-daemons-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.158.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-3773 12139 hyperv-daemons hyperv-daemons 12140 hyperv-daemons-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.158.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-3773 12140 hyperv-daemons 1.0 2024-01-21T00:00:00 <p>Information published.</p> Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.</p> <p><strong>If I am using System.Data.SqlClient or Microsoft.Data.SqlClient, what do I need to do to be protected from this vulnerability?</strong></p> <p>Customers developing applications using either the System.Data.SqlClient or Microsoft.Data.SqlClient NuGet Packages need to do the following to be protected:</p> <ul> <li>If you are using System.Data.SqlClient on .NET Framework you must install the January 2024 update(s) for .NET Framework</li> <li>If you are using System.Data.SqlClient on .NET 6, .NET 7, or .NET 8 you must update your NuGet package reference to an updated version as listed in the affected packages.</li> <li>If you are using Microsoft.Data.SqlClient, anywhere (.NET 6/7/8, .NET Framework) and you are using a version that is vulnerable you must update your NuGet package reference as listed in the affected packages.</li> </ul> <p>Please see <a href="https://github.com/dotnet/announcements/issues/292">Microsoft Security Advisory CVE 2024-0056 | .NET Information Disclosure Vulnerability</a>.</p> <p>Please Note: Customers running applications that install either System.Data.SqlClient.dll or Microsoft.Data.SqlClient.dll should contact the application developer for application updates.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>A successful attack could exploit a vulnerability in the SQL Data Provider which allows the attacker to exploit the SQL Server.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could carry out a machine-in-the-middle (MITM) attack and could decrypt and read or modify TLS traffic between the client and server. There is no impact to the availability of the attacked machine (A:N).</p> <p><strong>What security feature is bypassed with this vulnerability?</strong></p> <p>An attacker might be able to evade the encryption used in a TLS connection.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft ODBC Driver 17 (or 18) for SQL Server or Microsoft OLE DB Driver 18 (or 19). Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft ODBC Driver 17 (or 18) for SQL Server or Microsoft OLE DB Driver 18 (or 19). Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5033592</td> <td>Security update for SQL Server 2022 CU10+GDR</td> <td>16.0.4003.1 - 16.0.4095.4</td> <td>KB 5031778 - SQL2022 RTM CU10</td> </tr> <tr> <td>5032968</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1105.1</td> <td>KB 5029379 - Previous SQL2022 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-0056 Cleartext Transmission of Sensitive Information 12147 12009 12130 12260 12277 12278 12279 12280 12281 12051 12129 12187 12271 12272 11650-10852 11650-10853 11650-10855 11650-10051 11650-10816 11650-10049 11650-10379 11650-10378 11650-10483 11650-10543 11676-11568 11676-11569 11676-11571 11676-11572 11676-11923 11676-11924 11676-11926 11676-11927 11676-11929 11676-11930 11676-11931 11676-12097 11676-12098 11676-12099 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 11677-10852 11677-10816 11677-10853 11677-10855 11863-10051 11863-10049 11863-10378 11863-10379 11863-10543 11863-10483 12079-11924 12079-11923 12079-11926 12079-11927 12079-11929 12079-11930 12079-11931 12079-12085 12079-12086 12079-12097 12079-12098 12079-12099 12079-12242 12079-12244 12079-12243 9292-9312 9292-9318 Security Feature Bypass 12147 Security Feature Bypass 12009 Security Feature Bypass 12130 Security Feature Bypass 12260 Security Feature Bypass 12277 Security Feature Bypass 12278 Security Feature Bypass 12279 Security Feature Bypass 12280 Security Feature Bypass 12281 Security Feature Bypass 12051 Security Feature Bypass 12129 Security Feature Bypass 12187 Security Feature Bypass 12271 Security Feature Bypass 12272 Security Feature Bypass 11650-10852 Security Feature Bypass 11650-10853 Security Feature Bypass 11650-10855 Security Feature Bypass 11650-10051 Security Feature Bypass 11650-10816 Security Feature Bypass 11650-10049 Security Feature Bypass 11650-10379 Security Feature Bypass 11650-10378 Security Feature Bypass 11650-10483 Security Feature Bypass 11650-10543 Security Feature Bypass 11676-11568 Security Feature Bypass 11676-11569 Security Feature Bypass 11676-11571 Security Feature Bypass 11676-11572 Security Feature Bypass 11676-11923 Security Feature Bypass 11676-11924 Security Feature Bypass 11676-11926 Security Feature Bypass 11676-11927 Security Feature Bypass 11676-11929 Security Feature Bypass 11676-11930 Security Feature Bypass 11676-11931 Security Feature Bypass 11676-12097 Security Feature Bypass 11676-12098 Security Feature Bypass 11676-12099 Security Feature Bypass 11677-11568 Security Feature Bypass 11677-11569 Security Feature Bypass 11677-11570 Security Feature Bypass 11677-11571 Security Feature Bypass 11677-11572 Security Feature Bypass 11677-10852 Security Feature Bypass 11677-10816 Security Feature Bypass 11677-10853 Security Feature Bypass 11677-10855 Security Feature Bypass 11863-10051 Security Feature Bypass 11863-10049 Security Feature Bypass 11863-10378 Security Feature Bypass 11863-10379 Security Feature Bypass 11863-10543 Security Feature Bypass 11863-10483 Security Feature Bypass 12079-11924 Security Feature Bypass 12079-11923 Security Feature Bypass 12079-11926 Security Feature Bypass 12079-11927 Security Feature Bypass 12079-11929 Security Feature Bypass 12079-11930 Security Feature Bypass 12079-11931 Security Feature Bypass 12079-12085 Security Feature Bypass 12079-12086 Security Feature Bypass 12079-12097 Security Feature Bypass 12079-12098 Security Feature Bypass 12079-12099 Security Feature Bypass 12079-12242 Security Feature Bypass 12079-12244 Security Feature Bypass 12079-12243 Security Feature Bypass 9292-9312 Security Feature Bypass 9292-9318 Important 12147 Important 12009 Important 12130 Important 12260 Important 12277 Important 12278 Important 12279 Important 12280 Important 12281 Important 12051 Important 12129 Important 12187 Important 12271 Important 12272 Important 11650-10852 Important 11650-10853 Important 11650-10855 Important 11650-10051 Important 11650-10816 Important 11650-10049 Important 11650-10379 Important 11650-10378 Important 11650-10483 Important 11650-10543 Important 11676-11568 Important 11676-11569 Important 11676-11571 Important 11676-11572 Important 11676-11923 Important 11676-11924 Important 11676-11926 Important 11676-11927 Important 11676-11929 Important 11676-11930 Important 11676-11931 Important 11676-12097 Important 11676-12098 Important 11676-12099 Important 11677-11568 Important 11677-11569 Important 11677-11570 Important 11677-11571 Important 11677-11572 Important 11677-10852 Important 11677-10816 Important 11677-10853 Important 11677-10855 Important 11863-10051 Important 11863-10049 Important 11863-10378 Important 11863-10379 Important 11863-10543 Important 11863-10483 Important 12079-11924 Important 12079-11923 Important 12079-11926 Important 12079-11927 Important 12079-11929 Important 12079-11930 Important 12079-11931 Important 12079-12085 Important 12079-12086 Important 12079-12097 Important 12079-12098 Important 12079-12099 Important 12079-12242 Important 12079-12244 Important 12079-12243 Important 9292-9312 Important 9292-9318 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12147 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12009 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12130 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12260 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12277 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12278 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12279 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12280 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12281 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12051 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12129 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12187 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12271 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12272 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11650-10852 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11650-10853 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11650-10855 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11650-10051 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11650-10816 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11650-10049 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11650-10379 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11650-10378 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11650-10483 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11650-10543 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11676-11568 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11676-11569 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11676-11571 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11676-11572 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11676-11923 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11676-11924 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11676-11926 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11676-11927 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11676-11929 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11676-11930 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11676-11931 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11676-12097 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11676-12098 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11676-12099 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11677-11568 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11677-11569 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11677-11570 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11677-11571 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11677-11572 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11677-10852 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11677-10816 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11677-10853 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11677-10855 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11863-10051 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11863-10049 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11863-10378 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11863-10379 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11863-10543 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11863-10483 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12079-11924 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12079-11923 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12079-11926 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12079-11927 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12079-11929 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12079-11930 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12079-11931 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12079-12085 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12079-12086 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12079-12097 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12079-12098 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12079-12099 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12079-12242 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12079-12244 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12079-12243 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 9292-9312 8.7 7.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 9292-9318 5032968 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1110.1 https://support.microsoft.com/help/5032968 12147 5032968 5033733 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.26 https://support.microsoft.com/help/5033733 12009 5033733 5033734 https://dotnet.microsoft.com/en-us/download/dotnet/7.0 12130 Maybe Security Update 7.0.15 https://support.microsoft.com/help/5033734 12130 5033734 5033741 https://dotnet.microsoft.com/en-us/download/dotnet/8.0 12260 Maybe Security Update 8.0.1 https://support.microsoft.com/help/5033741 12260 5033741 Release Notes https://www.nuget.org/packages/Microsoft.Data.SqlClient/2.1.7 12277 Yes Security Update 2.1.7 https://github.com/dotnet/SqlClient/blob/main/release-notes/2.1/2.1.7.md 12277 Release Notes Release Notes https://www.nuget.org/packages/Microsoft.Data.SqlClient/3.1.5 12278 Yes Security Update 3.1.5 https://github.com/dotnet/SqlClient/blob/main/release-notes/3.1/3.1.5.md 12278 Release Notes Release Notes https://www.nuget.org/packages/Microsoft.Data.SqlClient/4.0.5 12279 Yes Security Update 4.0.5 https://github.com/dotnet/SqlClient/blob/main/release-notes/4.0/4.0.5.md 12279 Release Notes Release Notes https://www.nuget.org/packages/Microsoft.Data.SqlClient/5.1.3 12280 Yes Security Update 5.1.3 https://github.com/dotnet/SqlClient/blob/main/release-notes/5.1/5.1.3.md 12280 Release Notes Release Notes https://www.nuget.org/packages/System.Data.SqlClient/4.8.6 12281 Yes Security Update 4.8.6 https://github.com/dotnet/core/tree/main/release-notes 12281 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.23 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.15 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.11 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.4 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes 5033592 https://www.microsoft.com/download/details.aspx?familyid=1c294110-fb8d-4045-9aec-706def6f151b 12272 Yes Security Update 16.0.4100.1 https://support.microsoft.com/help/5033592 12272 5033592 5033910 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033910 11650-10852 11650-10853 11650-10855 11650-10816 Maybe Security Update 4.8.04690.02 https://support.microsoft.com/help/5033910 11650-10852 11650-10853 11650-10855 11650-10816 5033910 5034277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033916 11650-10051 11650-10049 Maybe Monthly Rollup 4.8.04690.02 https://support.microsoft.com/help/5034277 11650-10051 11650-10049 5034277 5034269 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033948 11650-10051 11650-10049 Maybe Security Only 4.8.04690.01 https://support.microsoft.com/help/5034269 11650-10051 11650-10049 5034269 5034278 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033913 11650-10379 11650-10378 Maybe Monthly Rollup 4.8.04690.02 https://support.microsoft.com/help/5034278 11650-10379 11650-10378 5034278 5034279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033915 11650-10483 11650-10543 Maybe Monthly Rollup 4.8.04690.02 https://support.microsoft.com/help/5034279 11650-10483 11650-10543 5034279 5034273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033911 11676-11568 11676-11569 11676-11571 11676-11572 Maybe Security Update 4.8.04690.02 https://support.microsoft.com/help/5034273 11676-11568 11676-11569 11676-11571 11676-11572 5034273 5034272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033914 11676-11923 11676-11924 Maybe Security Update 4.8.04690.02 https://support.microsoft.com/help/5034272 11676-11923 11676-11924 5034272 5034276 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033912 11676-11926 11676-11927 Maybe Security Update 4.8.04690.02 https://support.microsoft.com/help/5034276 11676-11926 11676-11927 5034276 5034274 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033909 11676-11929 11676-11930 11676-11931 Maybe Security Update 4.8.04690.02 https://support.microsoft.com/help/5034274 11676-11929 11676-11930 11676-11931 5034274 5034275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033909 11676-12097 11676-12098 11676-12099 Maybe Security Update 4.8.04690.02 https://support.microsoft.com/help/5034275 11676-12097 11676-12098 11676-12099 5034275 5034273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033904 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 Maybe Security Update 4.7.04081.03 https://support.microsoft.com/help/5034273 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 5034273 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 11677-10852 11677-10816 11677-10853 11677-10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 11677-10852 11677-10816 11677-10853 11677-10855 5034119 5034269 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033947 11863-10051 11863-10049 Maybe Security Only 4.7.04081.02 https://support.microsoft.com/help/5034269 11863-10051 11863-10049 5034269 5034278 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033905 11863-10378 11863-10379 Maybe Monthly Rollup 4.7.04081.03 https://support.microsoft.com/help/5034278 11863-10378 11863-10379 5034278 5034279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033900 11863-10543 11863-10483 Maybe Monthly Rollup 3.0.50727.8976 https://support.microsoft.com/help/5034279 11863-10543 11863-10483 5034279 5034272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033922 12079-11924 12079-11923 12079-12244 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5034272 12079-11924 12079-11923 12079-12244 5034272 5034276 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033919 12079-11926 12079-11927 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5034276 12079-11926 12079-11927 5034276 5034274 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033918 12079-11929 12079-11930 12079-11931 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5034274 12079-11929 12079-11930 12079-11931 5034274 5033920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033920 12079-12085 12079-12086 12079-12242 12079-12243 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5033920 12079-12085 12079-12086 12079-12242 12079-12243 5033920 5034275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033918 12079-12097 12079-12098 12079-12099 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5034275 12079-12097 12079-12098 12079-12099 5034275 5034280 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033898 9292-9312 9292-9318 Maybe Monthly Rollup 3.0.50727.8976 https://support.microsoft.com/help/5034280 9292-9312 9292-9318 5034280 5034270 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033945 9292-9312 9292-9318 Maybe Security Only 3.0.50727.8976 https://support.microsoft.com/help/5034270 9292-9312 9292-9318 5034270 Vishal Mishra and Anita Gaud with Microsoft's Azure DevSec Variant Hunt Team 1.3 2024-02-13T08:00:00 <p>To address a known issue with a broken link, corrected Download links in the Security Updates table. This is an informational change only.</p> 1.0 2024-01-09T08:00:00 <p>Information published.</p> 1.1 2024-01-12T08:00:00 <p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p> 1.2 2024-01-22T08:00:00 <p>Corrected Download links in the Security Updates table. This is an informational change only.</p> NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A security feature bypass vulnerability exists when Microsoft .NET Framework-based applications use X.509 chain building APIs but do not completely validate the X.509 certificate due to a logic flaw. An attacker could present an arbitrary untrusted certificate with malformed signatures, triggering a bug in the framework. The framework will correctly report that X.509 chain building failed, but it will return an incorrect reason code for the failure. Applications which utilize this reason code to make their own chain building trust decisions may inadvertently treat this scenario as a successful chain build. This could allow an adversary to subvert the app's typical authentication logic.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this by creating a specially crafted X.509 certificate that intentionally introduce or intentionally induces a chain building failure.</p> <p><strong>Is there are reason for such a high CVSS score?</strong></p> <p>Yes, the CVSS scoring guide recommends using a reasonable worst-case implementation scenario when scoring vulnerabilities in software libraries. Vulnerabilites in .NET Framework and similar products are scored with this advice in mind. The score for your implmentation this product may not be as severe, however we recommend installing the update as soon as possible in an abundance of caution.</p> <p>Please see the<a href="https://www.first.org/cvss/v3.1/user-guide"> CVSS user guide</a> for more information.</p> .NET and Visual Studio Microsoft Yes CVE-2024-0057 Improper Input Validation 12260 12130 12009 12051 11935 12129 12187 12271 12300 12301 12302 12303 11970 12131 12262 11650-10852 11650-10853 11650-10816 11650-10855 11650-10051 11650-10049 11650-10379 11650-10378 11650-10483 11650-10543 11676-11569 11676-11568 11676-11571 11676-11572 11676-11923 11676-11924 11676-11927 11676-11929 11676-11926 11676-11930 11676-11931 11676-12097 11676-12098 11676-12099 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 11677-10852 11677-10853 11677-10855 11677-10816 11863-10051 11863-10049 11863-10379 11863-10378 11863-10483 11863-10543 12079-11923 12079-11924 12079-11926 12079-11927 12079-11929 12079-11930 12079-11931 12079-12085 12079-12086 12079-12097 12079-12098 12079-12099 12079-12242 12079-12243 12079-12244 9292-9312 9292-9318 9195-9312 9195-9318 Security Feature Bypass 12260 Security Feature Bypass 12130 Security Feature Bypass 12009 Security Feature Bypass 12051 Security Feature Bypass 11935 Security Feature Bypass 12129 Security Feature Bypass 12187 Security Feature Bypass 12271 Security Feature Bypass 12300 Security Feature Bypass 12301 Security Feature Bypass 12302 Security Feature Bypass 12303 Security Feature Bypass 11970 Security Feature Bypass 12131 Security Feature Bypass 12262 Security Feature Bypass 11650-10852 Security Feature Bypass 11650-10853 Security Feature Bypass 11650-10816 Security Feature Bypass 11650-10855 Security Feature Bypass 11650-10051 Security Feature Bypass 11650-10049 Security Feature Bypass 11650-10379 Security Feature Bypass 11650-10378 Security Feature Bypass 11650-10483 Security Feature Bypass 11650-10543 Security Feature Bypass 11676-11569 Security Feature Bypass 11676-11568 Security Feature Bypass 11676-11571 Security Feature Bypass 11676-11572 Security Feature Bypass 11676-11923 Security Feature Bypass 11676-11924 Security Feature Bypass 11676-11927 Security Feature Bypass 11676-11929 Security Feature Bypass 11676-11926 Security Feature Bypass 11676-11930 Security Feature Bypass 11676-11931 Security Feature Bypass 11676-12097 Security Feature Bypass 11676-12098 Security Feature Bypass 11676-12099 Security Feature Bypass 11677-11568 Security Feature Bypass 11677-11569 Security Feature Bypass 11677-11570 Security Feature Bypass 11677-11571 Security Feature Bypass 11677-11572 Security Feature Bypass 11677-10852 Security Feature Bypass 11677-10853 Security Feature Bypass 11677-10855 Security Feature Bypass 11677-10816 Security Feature Bypass 11863-10051 Security Feature Bypass 11863-10049 Security Feature Bypass 11863-10379 Security Feature Bypass 11863-10378 Security Feature Bypass 11863-10483 Security Feature Bypass 11863-10543 Security Feature Bypass 12079-11923 Security Feature Bypass 12079-11924 Security Feature Bypass 12079-11926 Security Feature Bypass 12079-11927 Security Feature Bypass 12079-11929 Security Feature Bypass 12079-11930 Security Feature Bypass 12079-11931 Security Feature Bypass 12079-12085 Security Feature Bypass 12079-12086 Security Feature Bypass 12079-12097 Security Feature Bypass 12079-12098 Security Feature Bypass 12079-12099 Security Feature Bypass 12079-12242 Security Feature Bypass 12079-12243 Security Feature Bypass 12079-12244 Security Feature Bypass 9292-9312 Security Feature Bypass 9292-9318 Security Feature Bypass 9195-9312 Security Feature Bypass 9195-9318 Important 12260 Important 12130 Important 12009 Important 12051 Important 11935 Important 12129 Important 12187 Important 12271 Important 12300 Important 12301 Important 12302 Important 12303 Important 11970 Important 12131 Important 12262 Important 11650-10852 Important 11650-10853 Important 11650-10816 Important 11650-10855 Important 11650-10051 Important 11650-10049 Important 11650-10379 Important 11650-10378 Important 11650-10483 Important 11650-10543 Important 11676-11569 Important 11676-11568 Important 11676-11571 Important 11676-11572 Important 11676-11923 Important 11676-11924 Important 11676-11927 Important 11676-11929 Important 11676-11926 Important 11676-11930 Important 11676-11931 Important 11676-12097 Important 11676-12098 Important 11676-12099 Important 11677-11568 Important 11677-11569 Important 11677-11570 Important 11677-11571 Important 11677-11572 Important 11677-10852 Important 11677-10853 Important 11677-10855 Important 11677-10816 Important 11863-10051 Important 11863-10049 Important 11863-10379 Important 11863-10378 Important 11863-10483 Important 11863-10543 Important 12079-11923 Important 12079-11924 Important 12079-11926 Important 12079-11927 Important 12079-11929 Important 12079-11930 Important 12079-11931 Important 12079-12085 Important 12079-12086 Important 12079-12097 Important 12079-12098 Important 12079-12099 Important 12079-12242 Important 12079-12243 Important 12079-12244 Important 9292-9312 Important 9292-9318 Important 9195-9312 Important 9195-9318 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12260 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12130 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12009 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12051 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11935 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12129 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12187 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12271 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12300 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12301 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12302 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12303 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11970 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12131 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12262 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11650-10852 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11650-10853 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11650-10816 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11650-10855 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11650-10051 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11650-10049 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11650-10379 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11650-10378 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11650-10483 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11650-10543 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11676-11569 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11676-11568 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11676-11571 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11676-11572 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11676-11923 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11676-11924 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11676-11927 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11676-11929 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11676-11926 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11676-11930 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11676-11931 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11676-12097 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11676-12098 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11676-12099 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11677-11568 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11677-11569 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11677-11570 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11677-11571 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11677-11572 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11677-10852 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11677-10853 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11677-10855 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11677-10816 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11863-10051 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11863-10049 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11863-10379 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11863-10378 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11863-10483 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11863-10543 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12079-11923 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12079-11924 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12079-11926 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12079-11927 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12079-11929 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12079-11930 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12079-11931 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12079-12085 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12079-12086 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12079-12097 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12079-12098 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12079-12099 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12079-12242 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12079-12243 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12079-12244 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 9292-9312 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 9292-9318 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 9195-9312 9.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 9195-9318 5033741 https://dotnet.microsoft.com/en-us/download/dotnet/8.0 12260 Maybe Security Update 8.0.1 https://support.microsoft.com/help/5033741 12260 5033741 5033734 https://dotnet.microsoft.com/en-us/download/dotnet/7.0 12130 Maybe Security Update 7.0.15 https://support.microsoft.com/help/5033734 12130 5033734 5033733 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.26 https://support.microsoft.com/help/5033733 12009 5033733 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.23 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.34 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.15 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.11 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.4 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://www.nuget.org/downloads 12300 Maybe Security Update 5.11.6.0 https://github.com/NuGet/Announcements/issues/71 12300 Release Notes Release Notes https://www.nuget.org/downloads 12301 Maybe Security Update 17.4.3.0 https://github.com/NuGet/Announcements/issues/71 12301 Release Notes Release Notes https://www.nuget.org/downloads 12302 Maybe Security Update 17.6.2.0 https://github.com/NuGet/Announcements/issues/71 12302 Release Notes Release Notes https://www.nuget.org/downloads 12303 Security Update 17.8.1.0 https://github.com/NuGet/Announcements/issues/71 12303 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/72 11970 Maybe Security Update 7.2.18 https://github.com/PowerShell/Announcements/issues/72 11970 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/72 12131 Maybe Security Update 7.3.11 https://github.com/PowerShell/Announcements/issues/72 12131 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/76 12262 Maybe Security Update 7.4.2 https://github.com/PowerShell/Announcements/issues/76 12262 Release Notes 5033910 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033910 11650-10852 11650-10853 11650-10816 11650-10855 Maybe Security Update 4.8.04690.02 https://support.microsoft.com/help/5033910 11650-10852 11650-10853 11650-10816 11650-10855 5033910 5034277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033916 11650-10051 11650-10049 Maybe Monthly Rollup 4.8.04690.02 https://support.microsoft.com/help/5034277 11650-10051 11650-10049 5034277 5034269 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033948 11650-10051 11650-10049 Maybe Security Only 4.8.04690.01 https://support.microsoft.com/help/5034269 11650-10051 11650-10049 5034269 5034278 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033913 11650-10379 11650-10378 Maybe Monthly Rollup 4.8.04690.02 https://support.microsoft.com/help/5034278 11650-10379 11650-10378 5034278 5034279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033915 11650-10483 11650-10543 Maybe Monthly Rollup 4.8.04690.02 https://support.microsoft.com/help/5034279 11650-10483 11650-10543 5034279 5034273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033911 11676-11569 11676-11568 11676-11571 11676-11572 Maybe Security Update 4.8.04690.02 https://support.microsoft.com/help/5034273 11676-11569 11676-11568 11676-11571 11676-11572 5034273 5034272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033914 11676-11923 11676-11924 Maybe Security Update 4.8.04690.02 https://support.microsoft.com/help/5034272 11676-11923 11676-11924 5034272 5034276 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033912 11676-11927 11676-11926 Maybe Security Update 4.8.04690.02 https://support.microsoft.com/help/5034276 11676-11927 11676-11926 5034276 5034274 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033909 11676-11929 11676-11930 11676-11931 Maybe Security Update 4.8.04690.02 https://support.microsoft.com/help/5034274 11676-11929 11676-11930 11676-11931 5034274 5034275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033909 11676-12097 11676-12098 11676-12099 Maybe Security Update 4.8.04690.02 https://support.microsoft.com/help/5034275 11676-12097 11676-12098 11676-12099 5034275 5034273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033904 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 Maybe Security Update 4.7.04081.03 https://support.microsoft.com/help/5034273 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 5034273 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 11677-10852 11677-10853 11677-10855 11677-10816 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 11677-10852 11677-10853 11677-10855 11677-10816 5034119 5034269 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033947 11863-10051 11863-10049 Maybe Security Only 4.7.04081.02 https://support.microsoft.com/help/5034269 11863-10051 11863-10049 5034269 5034278 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033905 11863-10379 11863-10378 Maybe Monthly Rollup 4.7.04081.03 https://support.microsoft.com/help/5034278 11863-10379 11863-10378 5034278 5034279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033900 11863-10483 11863-10543 Maybe Monthly Rollup 3.0.50727.8976 https://support.microsoft.com/help/5034279 11863-10483 11863-10543 5034279 5034272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033922 12079-11923 12079-11924 12079-12244 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5034272 12079-11923 12079-11924 12079-12244 5034272 5034276 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033919 12079-11926 12079-11927 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5034276 12079-11926 12079-11927 5034276 5034274 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033918 12079-11929 12079-11930 12079-11931 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5034274 12079-11929 12079-11930 12079-11931 5034274 5033920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033920 12079-12085 12079-12086 12079-12242 12079-12243 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5033920 12079-12085 12079-12086 12079-12242 12079-12243 5033920 5034275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033918 12079-12097 12079-12098 12079-12099 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5034275 12079-12097 12079-12098 12079-12099 5034275 5034280 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033898 9292-9312 9292-9318 9195-9312 9195-9318 Maybe Monthly Rollup 3.0.50727.8976 https://support.microsoft.com/help/5034280 9292-9312 9292-9318 9195-9312 9195-9318 5034280 5034270 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033945 9292-9312 9292-9318 9195-9312 9195-9318 Maybe Security Only 3.0.50727.8976 https://support.microsoft.com/help/5034270 9292-9312 9292-9318 9195-9312 9195-9318 5034270 Vishal Mishra and Anita Gaud with Microsoft's Azure DevSec Variant Hunt Team and Stav Nir from Microsoft 2.1 2024-01-16T08:00:00 <p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p> 3.0 2024-02-13T08:00:00 <p>In the Security Updates table, added Visual Studio 2019 version 16.11 as it is also affected by this vulnerability. In addition, added NuGet 5.11.0, NuGet 17.4.0, NuGet 17.6.0, and NuGet 17.8.0 because these versions of NuGet are affected by this vulnerability. For more information on the NuGet updates see <a href="https://github.com/NuGet/Announcements/issues/71">https://github.com/NuGet/Announcements/issues/71</a>.</p> <p>Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> 1.0 2024-01-09T08:00:00 <p>Information published.</p> 2.0 2024-01-12T08:00:00 <p>Revised the Security Updates table as follows: Added PowerShell 7.2, PowerShell 7.3, and PowerShell 7.4 because these versions of PowerShell 7 are affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/72">https://github.com/PowerShell/Announcements/issues/72</a> for more information. Corrected Download and Article links for .NET Framework 3.5 and 4.8.1 installed on Windows 10 version 22H2.</p> 2.2 2024-01-22T08:00:00 <p>Corrected Download links in the Security Updates table. This is an informational change only.</p> 3.1 2024-02-13T08:00:00 <p>To address a known issue with a broken link, corrected Download links in the Security Updates table. This is an informational change only.</p> 3.2 2024-04-16T07:00:00 <p>To comprehensively address this vulnerability, Microsoft has released a security update on April 16, 2024 for PowerShell 7.4. Microsoft recommends that customers install the update to be fully protected from the vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/76">https://github.com/PowerShell/Announcements/issues/76</a> for more information.</p> Microsoft Identity Denial of service vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>The attacker must have access to the public encrypt key registered with the IDP(Entra ID) for successful exploitation.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by crafting a malicious JSON Web Encryption (JWE) token with a high compression ratio. This token, when processed by a server, leads to excessive memory allocation and processing time during decompression, causing a denial-of-service (DoS) condition.</p> <p>It's important to note that the attacker must have access to the public key registered with the IDP(AAD) for successful exploitation.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>A scope change (S:C) in the CVSS metric indicates that successful exploitation of this vulnerability could extend beyond the immediate processing of malicious tokens, affecting the overall availability of the system by causing a denial-of-service (DoS) condition.</p> Microsoft Identity Services Microsoft Yes CVE-2024-21319 Improper Input Validation 12009 12051 12187 12129 12271 12130 12260 12274 12275 12283 12284 12282 12285 Denial of Service 12009 Denial of Service 12051 Denial of Service 12187 Denial of Service 12129 Denial of Service 12271 Denial of Service 12130 Denial of Service 12260 Denial of Service 12274 Denial of Service 12275 Denial of Service 12283 Denial of Service 12284 Denial of Service 12282 Denial of Service 12285 Important 12009 Important 12051 Important 12187 Important 12129 Important 12271 Important 12130 Important 12260 Important 12274 Important 12275 Important 12283 Important 12284 Important 12282 Important 12285 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12009 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12051 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12187 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12129 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12271 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12130 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12260 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12274 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12275 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12283 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12284 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12282 6.8 5.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12285 5033733 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.26 https://support.microsoft.com/help/5033733 12009 5033733 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.23 https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12051 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.11 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.15 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.4 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes 5033734 https://dotnet.microsoft.com/en-us/download/dotnet/7.0 12130 Maybe Security Update 7.0.15 https://support.microsoft.com/help/5033734 12130 5033734 5033741 https://dotnet.microsoft.com/en-us/download/dotnet/8.0 12260 Maybe Security Update 8.0.1 https://support.microsoft.com/help/5033741 12260 5033741 Release Notes https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet 12274 12283 Maybe Security Update 6.34.0 https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet 12274 12283 Release Notes Release Notes https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet 12275 12282 Maybe Security Update 7.1.2 https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet 12275 12282 Release Notes Release Notes https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet 12284 12285 Maybe Security Update 5.7.0 https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet 12284 12285 Release Notes Morgan Brown with Microsoft 1.0 2024-01-09T08:00:00 <p>Information published.</p>