March 2024 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2024-Mar 2024-Mar Final 1.0 206 2026-03-31T15:17:06 March 2024 Security Updates 2024-03-12T07:00:00 2026-03-31T15:17:06 <h2 id="this-release-consists-of-the-following-66-microsoft-cves">This release consists of the following 66 Microsoft CVEs:</h2> <table> <thead> <tr> <th>Tag</th> <th>CVE</th> <th>Base Score</th> <th>CVSS Vector</th> <th>Exploitability</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Windows Defender</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20671">CVE-2024-20671</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Open Management Infrastructure</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21330">CVE-2024-21330</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Open Management Infrastructure</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21334">CVE-2024-21334</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Microsoft Authenticator</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21390">CVE-2024-21390</a></td> <td>7.1</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21392">CVE-2024-21392</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Azure Kubernetes Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21400">CVE-2024-21400</a></td> <td>9.0</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21407">CVE-2024-21407</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21408">CVE-2024-21408</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Skype for Consumer</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21411">CVE-2024-21411</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Software for Open Networking in the Cloud (SONiC)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21418">CVE-2024-21418</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21419">CVE-2024-21419</a></td> <td>7.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure SDK</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21421">CVE-2024-21421</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21426">CVE-2024-21426</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kerberos</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21427">CVE-2024-21427</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows USB Hub Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21429">CVE-2024-21429</a></td> <td>6.8</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows USB Serial Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21430">CVE-2024-21430</a></td> <td>5.7</td> <td>CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Hypervisor-Protected Code Integrity</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21431">CVE-2024-21431</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Update Stack</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21432">CVE-2024-21432</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Print Spooler Components</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21433">CVE-2024-21433</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows SCSI Class System File</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21434">CVE-2024-21434</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows OLE</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21435">CVE-2024-21435</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Installer</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21436">CVE-2024-21436</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21437">CVE-2024-21437</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows AllJoyn API</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21438">CVE-2024-21438</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21439">CVE-2024-21439</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows ODBC Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21440">CVE-2024-21440</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21441">CVE-2024-21441</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows USB Print Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21442">CVE-2024-21442</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21443">CVE-2024-21443</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21444">CVE-2024-21444</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows USB Print Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21445">CVE-2024-21445</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NTFS</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21446">CVE-2024-21446</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Teams for Android</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21448">CVE-2024-21448</a></td> <td>5.0</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21450">CVE-2024-21450</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC ODBC Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21451">CVE-2024-21451</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows ODBC Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26159">CVE-2024-26159</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cloud Files Mini Filter Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26160">CVE-2024-26160</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26161">CVE-2024-26161</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows ODBC Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26162">CVE-2024-26162</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26163">CVE-2024-26163</a></td> <td>4.7</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Django Backend for SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26164">CVE-2024-26164</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio Code</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26165">CVE-2024-26165</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26166">CVE-2024-26166</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge for Android</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26167">CVE-2024-26167</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Error Reporting</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26169">CVE-2024-26169</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Composite Image File System</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26170">CVE-2024-26170</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26173">CVE-2024-26173</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26174">CVE-2024-26174</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26176">CVE-2024-26176</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26177">CVE-2024-26177</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26178">CVE-2024-26178</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26181">CVE-2024-26181</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26182">CVE-2024-26182</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Compressed Folder</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26185">CVE-2024-26185</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft QUIC</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26190">CVE-2024-26190</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Standards-Based Storage Management Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26197">CVE-2024-26197</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26198">CVE-2024-26198</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26199">CVE-2024-26199</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Intune</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26201">CVE-2024-26201</a></td> <td>6.6</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Data Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26203">CVE-2024-26203</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Outlook for Android</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26204">CVE-2024-26204</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26246">CVE-2024-26246</a></td> <td>3.9</td> <td>CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26247">CVE-2024-26247</a></td> <td>4.7</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>XBox Crypto Graphic Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-28916">CVE-2024-28916</a></td> <td>8.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-29057">CVE-2024-29057</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET Framework</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-29059">CVE-2024-29059</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="we-are-republishing-16-non-microsoft-cves">We are republishing 16 non-Microsoft CVEs:</h2> <table> <thead> <tr> <th>CNA</th> <th>Tag</th> <th>CVE</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Intel Corporation</td> <td>Intel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-28746">CVE-2023-28746</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-2173">CVE-2024-2173</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-2174">CVE-2024-2174</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-2176">CVE-2024-2176</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-2400">CVE-2024-2400</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-2625">CVE-2024-2625</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-2626">CVE-2024-2626</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-2627">CVE-2024-2627</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-2628">CVE-2024-2628</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-2629">CVE-2024-2629</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-2630">CVE-2024-2630</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-2631">CVE-2024-2631</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-2883">CVE-2024-2883</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-2885">CVE-2024-2885</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-2886">CVE-2024-2886</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-2887">CVE-2024-2887</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>February 15, 2024</td> <td><a href="https://msrc.microsoft.com/blog/2024/02/new-security-advisory-tab-added-to-the-microsoft-security-update-guide/">New Security Advisory Tab Added to the Microsoft Security Update Guide</a></td> </tr> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-resources">Relevant Resources</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and 11, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5035845">5035845</a></td> <td>Windows 10, version 21H2, Windows 10, version 22H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5035920">5035920</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5035933">5035933</a></td> <td>Windows Server 2008 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5036386">5036386</a></td> <td>Exchange Server 2016</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5036401">5036401</a></td> <td>Exchange Server 2019 Cumulative Update 14</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5036402">5036402</a></td> <td>Exchange Server 2019 Cumulative Update 13</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Azure SDK Azure Data Studio Azure Kubernetes Service Confidential Containers Azure Automation Azure Automation Update Management Azure Sentinel Container Monitoring Solution Azure HDInsight Open Management Infrastructure Operations Management Suite Agent for Linux (OMS) Azure Security Center Log Analytics Agent Software for Open Networking in the Cloud (SONiC) 202205 Software for Open Networking in the Cloud (SONiC) 201911 Software for Open Networking in the Cloud (SONiC) 201811 Software for Open Networking in the Cloud (SONiC) 202012 Windows Defender Antimalware Platform System Center Operations Manager (SCOM) 2019 System Center Operations Manager (SCOM) 2022 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 Microsoft SharePoint Server Subscription Edition Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Teams for Android Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft Exchange Server 2019 Cumulative Update 14 Microsoft Exchange Server 2019 Cumulative Update 13 Microsoft Exchange Server 2016 Cumulative Update 23 Intune Company Portal for Android Microsoft Authenticator Microsoft Outlook for Android Skype for Consumer Xbox Gaming Services SQL Server backend for Django Microsoft Edge (Chromium-based) Microsoft Edge for Android Microsoft Edge (Chromium-based) Extended Stable Microsoft Dynamics 365 (on-premises) version 9.1 Visual Studio Code Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2016 Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 R2 Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation) Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.6/4.6.2 on Windows 10 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.6/4.6.2 on Windows 10 for x64-based Systems Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.5 on Windows Server 2012 Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5 on Windows Server 2012 R2 Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Visual Studio 2022 version 17.9 PowerShell 7.3 PowerShell 7.4 .NET 7.0 .NET 8.0 Microsoft Visual Studio 2022 version 17.6 Microsoft Visual Studio 2022 version 17.4 Microsoft Visual Studio 2022 version 17.8 CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft Outlook for Android Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows Server 2016 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft SharePoint Enterprise Server 2016 Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft SharePoint Server 2019 Visual Studio Code Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows Server 2012 Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 R2 Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2016 Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) Microsoft Edge (Chromium-based) Azure Automation Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) Windows Defender Antimalware Platform Microsoft 365 Apps for Enterprise for 64-bit Systems Azure SDK Microsoft Edge for Android Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Microsoft Dynamics 365 (on-premises) version 9.1 Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Open Management Infrastructure Azure Automation Update Management Log Analytics Agent Container Monitoring Solution Azure Security Center Azure Sentinel Microsoft SharePoint Server Subscription Edition Azure HDInsight Microsoft Teams for Android Microsoft Exchange Server 2016 Cumulative Update 23 System Center Operations Manager (SCOM) 2019 System Center Operations Manager (SCOM) 2022 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Visual Studio 2022 version 17.4 .NET 7.0 PowerShell 7.3 Microsoft .NET Framework 3.5 AND 4.6/4.6.2 on Windows 10 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.6/4.6.2 on Windows 10 for x64-based Systems CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM Microsoft Edge (Chromium-based) Extended Stable Microsoft Visual Studio 2022 version 17.6 Microsoft Exchange Server 2019 Cumulative Update 13 Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) .NET 8.0 PowerShell 7.4 Microsoft Visual Studio 2022 version 17.8 Azure Kubernetes Service Confidential Containers Microsoft Authenticator Microsoft Exchange Server 2019 Cumulative Update 14 Operations Management Suite Agent for Linux (OMS) Software for Open Networking in the Cloud (SONiC) 202205 Azure Data Studio Intune Company Portal for Android Microsoft Visual Studio 2022 version 17.9 Skype for Consumer SQL Server backend for Django Software for Open Networking in the Cloud (SONiC) 202012 Software for Open Networking in the Cloud (SONiC) 201911 Software for Open Networking in the Cloud (SONiC) 201811 Xbox Gaming Services Azure Linux 3.0 x64 Azure Linux 3.0 ARM azl3 libdwarf 0.9.0-1 on Azure Linux 3.0 azl3 vitess 19.0.4-2 on Azure Linux 3.0 azl3 hyperv-daemons 6.6.35.1-1 on Azure Linux 3.0 azl3 nodejs 20.14.0-1 on Azure Linux 3.0 cbl2 kernel 5.15.186.1-1 on CBL Mariner 2.0 cbl2 kernel 5.15.180.1-1 on CBL Mariner 2.0 cbl2 cmake 3.21.4-17 on CBL Mariner 2.0 cbl2 kernel 5.15.176.3-3 on CBL Mariner 2.0 cbl2 kernel 5.15.176.3-3 on CBL Mariner 2.0 cbl2 kernel 5.15.173.1-1 on CBL Mariner 2.0 cbl2 kernel 5.15.167.1-2 on CBL Mariner 2.0 cbl2 emacs 29.4-3 on CBL Mariner 2.0 cbl2 hvloader 1.0.1-6 on CBL Mariner 2.0 cbl2 rust 1.72.0-10 on CBL Mariner 2.0 cbl2 skopeo 1.14.2-9 on CBL Mariner 2.0 cbl2 mysql 8.0.40-1 on CBL Mariner 2.0 cbl2 mysql 8.0.36-1 on CBL Mariner 2.0 cbl2 hvloader 1.0.1-5 on CBL Mariner 2.0 cbl2 curl 8.8.0-1 on CBL Mariner 2.0 cbl2 reaper 3.1.1-9 on CBL Mariner 2.0 cbl2 iperf3 3.17-1 on CBL Mariner 2.0 cbl2 vitess 17.0.7-1 on CBL Mariner 2.0 cbl2 moby-engine 24.0.9-9 on CBL Mariner 2.0 cbl2 moby-engine 24.0.9-13 on CBL Mariner 2.0 cbl2 cri-o 1.21.7-2 on CBL Mariner 2.0 cbl2 nodejs18 18.20.3-1 on CBL Mariner 2.0 cbl2 cmake 3.21.4-14 on CBL Mariner 2.0 cbl2 telegraf 1.29.4-8 on CBL Mariner 2.0 cbl2 golang 1.21.6-1 on CBL Mariner 2.0 cbl2 reaper 3.1.1-17 on CBL Mariner 2.0 cbl2 node-problem-detector 0.8.17-2 on CBL Mariner 2.0 cbl2 libvirt 7.10.0-9 on CBL Mariner 2.0 cbl2 gnutls 3.7.11-1 on CBL Mariner 2.0 cbl2 fluent-bit 2.2.2-1 on CBL Mariner 2.0 cbl2 emacs 29.3-1 on CBL Mariner 2.0 cbl2 qt5-qtbase 5.12.11-15 on CBL Mariner 2.0 cbl2 qt5-qtbase 5.12.11-15 on CBL Mariner 2.0 cbl2 python3 3.9.19-1 on CBL Mariner 2.0 cbl2 libvirt 7.10.0-8 on CBL Mariner 2.0 cbl2 nodejs18 18.18.2-5 on CBL Mariner 2.0 cbl2 nodejs 16.20.2-4 on CBL Mariner 2.0 cbl2 nodejs 16.20.2-4 on CBL Mariner 2.0 cbl2 rook 1.6.2-23 on CBL Mariner 2.0 cbl2 packer 1.9.5-8 on CBL Mariner 2.0 cbl2 moby-containerd-cc 1.7.7-9 on CBL Mariner 2.0 cbl2 moby-containerd 1.6.26-9 on CBL Mariner 2.0 cbl2 kubernetes 1.28.4-12 on CBL Mariner 2.0 cbl2 kube-vip-cloud-provider 0.0.2-19 on CBL Mariner 2.0 cbl2 keda 2.4.0-26 on CBL Mariner 2.0 cbl2 influxdb 2.6.1-20 on CBL Mariner 2.0 cbl2 expat 2.6.2-2 on CBL Mariner 2.0 cbl2 dcos-cli 1.2.0-19 on CBL Mariner 2.0 cbl2 containerized-data-importer 1.55.0-20 on CBL Mariner 2.0 cbl2 cert-manager 1.11.2-14 on CBL Mariner 2.0 cbl2 telegraf 1.29.4-4 on CBL Mariner 2.0 cbl2 telegraf 1.28.5-5 on CBL Mariner 2.0 cbl2 terraform 1.3.2-20 on CBL Mariner 2.0 cbl2 sriov-network-device-plugin 3.6.2-6 on CBL Mariner 2.0 cbl2 prometheus-adapter 0.10.0-12 on CBL Mariner 2.0 cbl2 prometheus 2.37.9-1 on CBL Mariner 2.0 cbl2 packer 1.9.5-4 on CBL Mariner 2.0 cbl2 opa 0.63.0-1 on CBL Mariner 2.0 cbl2 moby-containerd-cc 1.7.7-8 on CBL Mariner 2.0 cbl2 moby-containerd 1.6.26-8 on CBL Mariner 2.0 cbl2 moby-compose 2.17.3-5 on CBL Mariner 2.0 cbl2 kubevirt 0.59.0-17 on CBL Mariner 2.0 cbl2 keda 2.4.0-24 on CBL Mariner 2.0 cbl2 kata-containers-cc 3.2.0.azl2-1 on CBL Mariner 2.0 cbl2 kata-containers 3.2.0.azl2-1 on CBL Mariner 2.0 cbl2 influxdb 2.6.1-18 on CBL Mariner 2.0 cbl2 cri-tools 1.29.0-5 on CBL Mariner 2.0 cbl2 coredns 1.11.1-12 on CBL Mariner 2.0 cbl2 cf-cli 8.4.0-22 on CBL Mariner 2.0 cbl2 blobfuse2 2.1.2-7 on CBL Mariner 2.0 cbl2 azcopy 10.24.0-1 on CBL Mariner 2.0 azl3 moby-containerd-cc 1.7.7-9 on Azure Linux 3.0 azl3 cmake 3.30.3-6 on Azure Linux 3.0 azl3 kernel 6.6.82.1-1 on Azure Linux 3.0 azl3 containerd 1.7.13-8 on Azure Linux 3.0 azl3 kernel 6.6.78.1-3 on Azure Linux 3.0 azl3 kernel 6.6.79.1-1 on Azure Linux 3.0 azl3 gnutls 3.8.3-4 on Azure Linux 3.0 azl3 kernel 6.6.57.1-5 on Azure Linux 3.0 azl3 qtbase 6.6.3-2 on Azure Linux 3.0 azl3 python3 3.12.3-5 on Azure Linux 3.0 azl3 gh 2.62.0-1 on Azure Linux 3.0 azl3 prometheus 2.45.4-12 on Azure Linux 3.0 azl3 dcos-cli 1.2.0-18 on Azure Linux 3.0 azl3 mysql 8.0.40-1 on Azure Linux 3.0 azl3 cmake 3.30.3-2 on Azure Linux 3.0 azl3 curl 8.8.0-1 on Azure Linux 3.0 azl3 kata-containers 3.2.0.azl4-1 on Azure Linux 3.0 azl3 kata-containers-cc 3.2.0.azl4-1 on Azure Linux 3.0 azl3 tensorflow 2.16.1-9 on Azure Linux 3.0 azl3 qtbase 6.6.2-1 on Azure Linux 3.0 azl3 libcontainers-common 20240213-2 on Azure Linux 3.0 azl3 python3 3.12.3-1 on Azure Linux 3.0 azl3 ig 0.29.0-1 on Azure Linux 3.0 azl3 skopeo 1.14.4-1 on Azure Linux 3.0 azl3 cmake 3.29.6-1 on Azure Linux 3.0 azl3 libdwarf 0.9.2-1 on Azure Linux 3.0 azl3 kubernetes 1.30.1-1 on Azure Linux 3.0 azl3 telegraf 1.31.0-1 on Azure Linux 3.0 azl3 packer 1.9.5-6 on Azure Linux 3.0 azl3 moby-containerd-cc 1.7.7-6 on Azure Linux 3.0 azl3 keda 2.14.0-1 on Azure Linux 3.0 azl3 influxdb 2.7.3-9 on Azure Linux 3.0 azl3 dcos-cli 1.2.0-16 on Azure Linux 3.0 azl3 containerized-data-importer 1.57.0-9 on Azure Linux 3.0 azl3 containerd 1.7.13-6 on Azure Linux 3.0 azl3 cert-manager 1.12.12-1 on Azure Linux 3.0 azl3 bcc 0.29.1-2 on Azure Linux 3.0 azl3 util-linux 2.39.2-2 on Azure Linux 3.0 azl3 mariadb 10.11.6-3 on Azure Linux 3.0 azl3 gnutls 3.8.3-2 on Azure Linux 3.0 azl3 emacs 29.3-1 on Azure Linux 3.0 azl3 emacs 29.3 on Azure Linux 3.0 azl3 azure-iot-sdk-c 2024.03.04-1 on Azure Linux 3.0 azl3 unixODBC 2.3.12-2 on Azure Linux 3.0 azl3 moby-engine 25.0.3-6 on Azure Linux 3.0 azl3 libuv 1.48.0-1 on Azure Linux 3.0 azl3 expat 2.6.2-1 on Azure Linux 3.0 azl3 bpftrace 0.20.3-1 on Azure Linux 3.0 azl3 hyperv-daemons 6.6.22.1-2 on Azure Linux 3.0 azl3 prometheus-adapter 0.12.0-1 on Azure Linux 3.0 azl3 prometheus 2.45.4-6 on Azure Linux 3.0 azl3 packer 1.9.5-3 on Azure Linux 3.0 azl3 opa 0.63.0-1 on Azure Linux 3.0 azl3 node-problem-detector 0.8.15-2 on Azure Linux 3.0 azl3 moby-engine 25.0.3-7 on Azure Linux 3.0 azl3 moby-containerd-cc 1.7.7-5 on Azure Linux 3.0 azl3 libcontainers-common 20240213-3 on Azure Linux 3.0 azl3 kubevirt 1.2.0-10 on Azure Linux 3.0 azl3 kube-vip-cloud-provider 0.0.10-1 on Azure Linux 3.0 azl3 influxdb 2.7.3-7 on Azure Linux 3.0 azl3 flannel 0.24.2-8 on Azure Linux 3.0 azl3 etcd 3.5.12-2 on Azure Linux 3.0 azl3 docker-compose 2.27.0-1 on Azure Linux 3.0 azl3 docker-cli 25.0.3-2 on Azure Linux 3.0 azl3 docker-buildx 0.14.0-1 on Azure Linux 3.0 azl3 cri-tools 1.30.1-1 on Azure Linux 3.0 azl3 coredns 1.11.1-3 on Azure Linux 3.0 azl3 containerized-data-importer 1.57.0-6 on Azure Linux 3.0 azl3 containerd 1.7.13-5 on Azure Linux 3.0 azl3 cf-cli 8.7.3-3 on Azure Linux 3.0 azl3 blobfuse2 2.3.0-1 on Azure Linux 3.0 azl3 azcopy 10.24.0-1 on Azure Linux 3.0 azl3 rpm-ostree 2024.4-1 on Azure Linux 3.0 azl3 clamav 1.0.6-1 on Azure Linux 3.0 cbl2 rpm-ostree 2022.1-7 on CBL Mariner 2.0 cbl2 netavark 1.0.3-5 on CBL Mariner 2.0 azl3 node-problem-detector 0.8.15-4 on Azure Linux 3.0 azl3 docker-cli 25.0.7-1 on Azure Linux 3.0 azl3 cf-cli 8.7.3-6 on Azure Linux 3.0 cbl2 rabbitmq-server 3.11.24-2 on CBL Mariner 2.0 azl3 rabbitmq-server 3.13.7-1 on Azure Linux 3.0 azl3 telegraf 1.29.4-1 on Azure Linux 3.0 cbl2 terraform 1.3.2-25 on CBL Mariner 2.0 azl3 rabbitmq-server 3.13.0-1 on Azure Linux 3.0 azl3 gcc 13.2.0-7 on Azure Linux 3.0 cbl2 nodejs18 18.20.2-2 on CBL Mariner 2.0 cbl2 golang 1.22.7-3 on CBL Mariner 2.0 cbl2 gcc 11.2.0-8 on CBL Mariner 2.0 azl3 mozjs 102.15.1-1 on Azure Linux 3.0 cbl2 kernel 5.15.182.1-1 on CBL Mariner 2.0 cbl2 expat 2.5.0-1 on CBL Mariner 2.0 azl3 rpm-ostree 2022.1-7 on Azure Linux 3.0 azl3 clamav 0.105.2-4 on Azure Linux 3.0 azl3 emacs 29.1-1 on Azure Linux 3.0 azl3 packer 1.9.5-9 on Azure Linux 3.0 azl3 kubevirt 1.2.0-17 on Azure Linux 3.0 azl3 kubernetes 1.30.10-7 on Azure Linux 3.0 azl3 influxdb 2.7.5-5 on Azure Linux 3.0 azl3 containerized-data-importer 1.57.0-14 on Azure Linux 3.0 azl3 bcc 0.29.1-3 on Azure Linux 3.0 cbl2 moby-engine 24.0.9-16 on CBL Mariner 2.0 cbl2 telegraf 1.29.4-15 on CBL Mariner 2.0 azl3 wireshark 4.4.7-1 on Azure Linux 3.0 azl3 kernel 6.6.92.2-1 on Azure Linux 3.0 cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0 azl3 rust 1.75.0-14 on Azure Linux 3.0 cbl2 kernel 5.15.180.1-1 on CBL Mariner 2.0 cbl2 mysql 8.0.36-1 on CBL Mariner 2.0 azl3 golang 1.23.9-1 on Azure Linux 3.0 cbl2 sriov-network-device-plugin 3.6.2-9 on CBL Mariner 2.0 cbl2 python3 3.9.19-13 on CBL Mariner 2.0 cbl2 kernel 5.15.182.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 azl3 rust 1.86.0-1 on Azure Linux 3.0 azl3 mysql 8.0.36-1 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 cbl2 kata-containers 3.2.0.azl2-6 on CBL Mariner 2.0 azl3 golang 1.24.3-1 on Azure Linux 3.0 cbl2 kata-containers-cc 3.2.0.azl2-6 on CBL Mariner 2.0 cbl2 fluent-bit 2.1.10-3 on CBL Mariner 2.0 cbl2 kernel 5.15.176.3-3 on CBL Mariner 2.0 cbl2 netavark 1.0.3-5 on CBL Mariner 2.0 cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0 cbl2 rpm-ostree 2022.1-7 on CBL Mariner 2.0 cbl2 gcc 11.2.0-8 on CBL Mariner 2.0 cbl2 prometheus 2.37.9-4 on CBL Mariner 2.0 cbl2 rust 1.72.0-10 on CBL Mariner 2.0 azl3 moby-engine 25.0.3-13 on Azure Linux 3.0 cbl2 msft-golang 1.24.1-2 on CBL Mariner 2.0 cbl2 telegraf 1.29.4-15 on CBL Mariner 2.0 cbl2 curl 8.5.0-2 on CBL Mariner 2.0 cbl2 qt5-qtbase 5.12.11-15 on CBL Mariner 2.0 azl3 nodejs 20.10.0-2 on Azure Linux 3.0 azl3 qtbase 6.6.1-1 on Azure Linux 3.0 azl3 curl 8.5.0-1 on Azure Linux 3.0 cbl2 emacs 29.4-3 on CBL Mariner 2.0 cbl2 golang 1.22.7-3 on CBL Mariner 2.0 cbl2 nodejs18 18.18.2-7 on CBL Mariner 2.0 cbl2 cri-tools 1.29.0-6 on CBL Mariner 2.0 cbl2 cmake 3.21.4-17 on CBL Mariner 2.0 azl3 golang 1.23.8-1 on Azure Linux 3.0 cbl2 nodejs18 18.20.2-2 on CBL Mariner 2.0 cbl2 cri-o 1.22.3-14 on CBL Mariner 2.0 cbl2 golang 1.17.13-2 on CBL Mariner 2.0 cbl2 kubevirt 0.59.0-28 on CBL Mariner 2.0 cbl2 moby-buildx 0.7.1-24 on CBL Mariner 2.0 cbl2 golang 1.18.8-7 on CBL Mariner 2.0 cbl2 libcontainers-common 20210626-7 on CBL Mariner 2.0 cbl2 moby-compose 2.17.3-10 on CBL Mariner 2.0 cbl2 moby-engine 24.0.9-16 on CBL Mariner 2.0 cbl2 bpftrace 0.16.0-3 on CBL Mariner 2.0 cbl2 reaper 3.1.1-8 on CBL Mariner 2.0 azl3 docker-buildx 0.12.1-1 on Azure Linux 3.0 cbl2 hvloader 1.0.1-5 on CBL Mariner 2.0 azl3 bpftrace 0.19.1-1 on Azure Linux 3.0 azl3 docker-compose 2.24.6-2 on Azure Linux 3.0 cbl2 cert-manager 1.11.2-22 on CBL Mariner 2.0 cbl2 reaper 3.1.1-18 on CBL Mariner 2.0 cbl2 containerized-data-importer 1.55.0-23 on CBL Mariner 2.0 cbl2 dcos-cli 1.2.0-21 on CBL Mariner 2.0 cbl2 kubernetes 1.28.4-17 on CBL Mariner 2.0 cbl2 influxdb 2.6.1-22 on CBL Mariner 2.0 cbl2 keda 2.4.0-29 on CBL Mariner 2.0 cbl2 kube-vip-cloud-provider 0.0.2-22 on CBL Mariner 2.0 cbl2 moby-containerd 1.6.26-11 on CBL Mariner 2.0 cbl2 moby-containerd-cc 1.7.7-11 on CBL Mariner 2.0 cbl2 packer 1.9.5-12 on CBL Mariner 2.0 cbl2 rook 1.6.2-26 on CBL Mariner 2.0 cbl2 skopeo 1.14.2-10 on CBL Mariner 2.0 cbl2 azure-iot-sdk-c 2022.01.21-4 on CBL Mariner 2.0 azl3 azure-iot-sdk-c 2023.08.07-1 on Azure Linux 3.0 azl3 cert-manager 1.11.2-8 on Azure Linux 3.0 azl3 gh 2.43.1-2 on Azure Linux 3.0 cbl2 coredns 1.11.1-18 on CBL Mariner 2.0 azl3 coredns 1.11.1-4 on Azure Linux 3.0 azl3 keda 2.4.0-15 on Azure Linux 3.0 azl3 skopeo 1.14.1-1 on Azure Linux 3.0 azl3 libvirt 10.0.0-5 on Azure Linux 3.0 cbl2 libvirt 7.10.0-10 on CBL Mariner 2.0 azl3 flannel 0.24.2-14 on Azure Linux 3.0 cbl2 expat 2.5.0-1 on CBL Mariner 2.0 azl3 expat 2.5.0-1 on Azure Linux 3.0 cbl2 terraform 1.3.2-25 on CBL Mariner 2.0 cbl2 moby-cli 24.0.9-6 on CBL Mariner 2.0 cbl2 mariadb 10.6.9-6 on CBL Mariner 2.0 cbl2 libdwarf 0.9.0-3 on CBL Mariner 2.0 azl3 libuv 1.46.0-1 on Azure Linux 3.0 cbl2 blobfuse2 2.1.2-8 on CBL Mariner 2.0 azl3 ig 0.25.0-2 on Azure Linux 3.0 azl3 blobfuse2 2.1.0-4 on Azure Linux 3.0 cbl2 etcd 3.5.12-6 on CBL Mariner 2.0 cbl2 nodejs 16.20.2-4 on CBL Mariner 2.0 azl3 kube-vip-cloud-provider 0.0.7-1 on Azure Linux 3.0 cbl2 prometheus-adapter 0.10.0-17 on CBL Mariner 2.0 azl3 opa 0.55.0-1 on Azure Linux 3.0 azl3 python3 3.12.0-4 on Azure Linux 3.0 azl3 prometheus-adapter 0.11.2-1 on Azure Linux 3.0 azl3 vitess 17.0.2-1 on Azure Linux 3.0 cbl2 python3 3.9.14-8 on CBL Mariner 2.0 cbl2 cf-cli 8.4.0-24 on CBL Mariner 2.0 cbl2 rabbitmq-server 3.11.24-3 on CBL Mariner 2.0 cbl2 iperf3 3.14-2 on CBL Mariner 2.0 azl3 kubernetes 1.29.1-4 on Azure Linux 3.0 azl3 kata-containers-cc 3.2.0.azl3-1 on Azure Linux 3.0 azl3 kata-containers 3.2.0.azl3-2 on Azure Linux 3.0 azl3 cloud-provider-kubevirt 0.5.1-1 on Azure Linux 3.0 cbl2 unixODBC 2.3.9-3 on CBL Mariner 2.0 cbl2 clamav 0.105.2-5 on CBL Mariner 2.0 cbl2 tar 1.34-3 on CBL Mariner 2.0 cbl2 opa 0.50.2-8 on CBL Mariner 2.0 cbl2 emacs 28.2-6 on CBL Mariner 2.0 cbl2 azcopy 10.15.0-15 on CBL Mariner 2.0 azl3 tar 1.35-2 on Azure Linux 3.0 cbl2 vitess 16.0.2-9 on CBL Mariner 2.0 azl3 azcopy 10.22.1-1 on Azure Linux 3.0 azl3 slang 2.3.3-1 on Azure Linux 3.0 cbl2 slang 2.3.2-4 on CBL Mariner 2.0 azl3 cri-tools 1.29.0-1 on Azure Linux 3.0 cbl2 util-linux 2.37.4-9 on CBL Mariner 2.0 cbl2 node-problem-detector 0.8.17-6 on CBL Mariner 2.0 azl3 kernel 6.6.96.2-2 on Azure Linux 3.0 azl3 kernel 6.6.104.2-4 on Azure Linux 3.0 azl3 kernel 6.6.112.1-2 on Azure Linux 3.0 azl3 kernel 6.6.117.1-1 on Azure Linux 3.0 azl3 kernel 6.6.119.3-1 on Azure Linux 3.0 azl3 kernel 6.6.119.3-3 on Azure Linux 3.0 azl3 kernel 6.6.121.1-1 on Azure Linux 3.0 cbl2 kernel 5.15.200.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.126.1-1 on Azure Linux 3.0 cbl2 kernel 5.15.202.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.130.1-3 on Azure Linux 3.0 Microsoft .NET Framework 3.5 on Windows Server 2012 Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5 on Windows Server 2012 R2 Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 SEGV and out of bounds memory read from malicious packet <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner wolfSSL Yes CVE-2024-0901 Improper Validation of Array Index 17774-17084 19914-17086 17774-17084 19914-17086 Important 17774-17084 Important 19914-17086 7.5 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H 17774-17084 7.5 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H 19914-17086 CBL-Mariner Releases 17774-17084 No Security Update 10.11.6-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17774-17084 CBL-Mariner Releases CBL-Mariner Releases 19914-17086 No Security Update 10.6.20-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19914-17086 CBL-Mariner Releases 1.2 2026-02-18T02:14:00 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2024-12-12T00:00:00 <p>Added mariadb to CBL-Mariner 2.0 Added mariadb to Azure Linux 3.0</p> Unixodbc: out of bounds stack write due to pointer-to-integer types conversion <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-1013 Use of Out-of-range Pointer Offset 17780-17084 20009-17086 17780-17084 20009-17086 Important 17780-17084 Important 20009-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17780-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20009-17086 CBL-Mariner Releases 17780-17084 No Security Update 2.3.12-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17780-17084 CBL-Mariner Releases CBL-Mariner Releases 20009-17086 No Security Update 2.3.9-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20009-17086 CBL-Mariner Releases 1.2 2026-02-18T01:40:17 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2025-03-24T00:00:00 <p>Added unixODBC to CBL-Mariner 2.0 Added unixODBC to Azure Linux 3.0</p> ClamAV VirusEvent File Processing Command Injection Vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner cisco Yes CVE-2024-20328 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 17815-17084 18845-17084 20020-17086 17815-17084 18845-17084 20020-17086 Moderate 17815-17084 Moderate 18845-17084 Moderate 20020-17086 5.3 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 17815-17084 5.3 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 18845-17084 5.3 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 20020-17086 CBL-Mariner Releases 17815-17084 18845-17084 No Security Update 1.0.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17815-17084 18845-17084 CBL-Mariner Releases CBL-Mariner Releases 20020-17086 No Security Update 0.105.2-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20020-17086 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2026-02-20T23:10:58 <p>Information published.</p> setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users using version greater or equal than Node.js 18.18.0 Node.js 20.4.0 and Node.js 21. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2024-22017 Execution with Unnecessary Privileges 16990-17084 17782-17084 19922-17084 19740-17084 16990-17084 17782-17084 19922-17084 19740-17084 Important 16990-17084 Important 17782-17084 Important 19922-17084 Important 19740-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L 16990-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L 17782-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L 19922-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L 19740-17084 CBL-Mariner Releases 16990-17084 19740-17084 No Security Update 20.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16990-17084 19740-17084 CBL-Mariner Releases CBL-Mariner Releases 17782-17084 19922-17084 No Security Update 1.48.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17782-17084 19922-17084 CBL-Mariner Releases 1.0 2024-03-19T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2026-02-18T01:26:07 <p>Information published.</p> If kernel headers need to be extracted bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner canonical Yes CVE-2024-2313 17784-17084 19804-17086 19812-17084 17784-17084 19804-17086 19812-17084 Low 17784-17084 Low 19804-17086 Low 19812-17084 2.8 2.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L 17784-17084 2.8 2.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L 19804-17086 2.8 2.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L 19812-17084 CBL-Mariner Releases 17784-17084 19812-17084 No Security Update 0.20.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17784-17084 19812-17084 CBL-Mariner Releases CBL-Mariner Releases 19804-17086 No Security Update 0.16.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19804-17086 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2025-04-11T00:00:00 <p>Added bpftrace to CBL-Mariner 2.0 Added bpftrace to Azure Linux 3.0</p> 1.2 2026-02-18T01:11:05 <p>Information published.</p> QUIC certificate check bypass with wolfSSL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner curl Yes CVE-2024-2379 17628-17084 17734-17084 17628-17084 17734-17084 Moderate 17628-17084 17734-17084 6.3 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 17628-17084 6.3 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 17734-17084 CBL-Mariner Releases 17628-17084 17734-17084 No Security Update 3.30.3-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17628-17084 17734-17084 CBL-Mariner Releases 1.1 2024-10-05T00:00:00 <p>Information published.</p> 1.2 2024-11-15T00:00:00 <p>Added cmake to Azure Linux 3.0</p> 1.0 2024-10-01T00:00:00 <p>Information published.</p> HTTP/2 push headers memory-leak <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner curl Yes CVE-2024-2398 17271-16823 17372-16823 17629-17084 17628-17084 19756-17086 19677-17086 19721-17086 19668-17086 17667-17084 19686-17084 17098-17086 19736-17086 17734-17084 19742-17084 19690-17084 19671-17084 17235-17086 17183-17086 17271-16823 17372-16823 17629-17084 17628-17084 19756-17086 19677-17086 19721-17086 19668-17086 17667-17084 19686-17084 17098-17086 19736-17086 17734-17084 19742-17084 19690-17084 19671-17084 17235-17086 17183-17086 Important 17271-16823 Important 17372-16823 Important 17629-17084 Important 17628-17084 19756-17086 19677-17086 19721-17086 Moderate 19668-17086 Important 17667-17084 Important 19686-17084 Important 17098-17086 Important 19736-17086 Moderate 17734-17084 Important 19742-17084 Moderate 19690-17084 Moderate 19671-17084 Moderate 17235-17086 Moderate 17183-17086 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 17271-16823 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 17372-16823 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 17629-17084 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 17628-17084 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 19756-17086 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 19677-17086 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 19721-17086 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 19668-17086 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 17667-17084 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 19686-17084 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 17098-17086 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 19736-17086 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 17734-17084 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 19742-17084 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 19690-17084 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 19671-17084 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 17235-17086 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 17183-17086 CBL-Mariner Releases 17271-16823 17629-17084 19736-17086 19742-17084 No Security Update 8.8.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17271-16823 17629-17084 19736-17086 19742-17084 CBL-Mariner Releases CBL-Mariner Releases 17372-16823 19756-17086 17098-17086 No Security Update 3.21.4-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17372-16823 19756-17086 17098-17086 CBL-Mariner Releases CBL-Mariner Releases 17628-17084 17734-17084 No Security Update 3.30.3-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17628-17084 17734-17084 CBL-Mariner Releases CBL-Mariner Releases 19677-17086 19690-17084 17235-17086 No Security Update 8.0.40-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19677-17086 19690-17084 17235-17086 CBL-Mariner Releases 2.3 2024-10-05T00:00:00 <p>Information published.</p> 2.6 2024-11-09T00:00:00 <p>Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0</p> 1.0 2024-08-05T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> 2.2 2024-10-01T00:00:00 <p>Information published.</p> 2.4 2024-10-23T00:00:00 <p>Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0</p> 2.5 2024-10-25T00:00:00 <p>Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0</p> 2.7 2024-11-28T00:00:00 <p>Added cmake to CBL-Mariner 2.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0</p> 2.8 2024-12-04T00:00:00 <p>Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0 Added cmake to CBL-Mariner 2.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0</p> 3.0 2026-02-18T01:48:09 <p>Information published.</p> TLS certificate check bypass with mbedTLS <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner curl Yes CVE-2024-2466 Improper Validation of Certificate with Host Mismatch 17271-16823 17628-17084 17629-17084 17734-17084 19736-17086 19742-17084 17271-16823 17628-17084 17629-17084 17734-17084 19736-17086 19742-17084 Moderate 17271-16823 Moderate 17628-17084 Moderate 17629-17084 Moderate 17734-17084 Moderate 19736-17086 Moderate 19742-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 17271-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 17628-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 17629-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 17734-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19736-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19742-17084 CBL-Mariner Releases 17271-16823 17629-17084 19736-17086 19742-17084 No Security Update 8.8.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17271-16823 17629-17084 19736-17086 19742-17084 CBL-Mariner Releases CBL-Mariner Releases 17628-17084 17734-17084 No Security Update 3.30.3-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17628-17084 17734-17084 CBL-Mariner Releases 1.0 2024-08-05T00:00:00 <p>Information published.</p> 1.1 2024-09-11T00:00:00 <p>Information published.</p> 1.2 2024-10-01T00:00:00 <p>Information published.</p> 1.3 2024-10-05T00:00:00 <p>Information published.</p> 1.4 2026-02-18T02:04:04 <p>Information published.</p> Infinite loop in JSON unmarshaling in google.golang.org/protobuf <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2024-24786 Improper Validation of Syntactic Correctness of Input 17360-16823 17378-16823 17341-16823 17406-16823 17373-16823 17407-16823 17216-16823 17408-16823 17409-16823 17410-16823 17411-16823 17412-16823 17413-16823 17414-16823 17416-16823 17395-16823 17417-16823 17418-16823 17419-16823 17420-16823 17422-16823 17423-16823 17424-16823 17402-16823 17425-16823 17426-16823 17726-17084 16898-17084 17758-17084 17727-17084 17786-17084 17787-17084 17788-17084 17789-17084 17790-17084 17791-17084 17792-17084 17793-17084 17794-17084 17753-17084 17795-17084 17761-17084 17647-17084 17646-17084 17796-17084 17563-17084 17797-17084 17798-17084 17799-17084 17800-17084 17801-17084 17802-17084 17803-17084 17804-17084 17805-17084 17806-17084 17766-17084 17807-17084 17808-17084 20110-17086 19923-17086 19867-17086 19754-17086 19833-17086 19832-17086 19782-17086 19784-17086 19794-17086 19845-17086 19848-17086 19735-17086 19912-17086 20168-17086 20171-17084 19932-17084 18085-17084 17468-17084 19346-17084 19869-17084 20194-17084 18084-17084 19865-17084 19344-17084 19993-17084 19877-17084 19955-17084 19986-17084 19339-17084 17461-17084 19729-17084 19961-17084 17582-17084 19966-17084 19888-17084 19970-17084 19930-17084 20242-17086 19798-17086 19913-17086 20001-17084 19422-17086 19817-17086 19977-17086 19934-17086 19695-17086 19700-17086 19836-17086 20090-17086 19851-17086 19720-17086 19957-17086 19858-17086 19680-17086 19863-17084 19808-17084 19815-17084 19895-17084 19989-17084 18082-17084 19335-17084 18164-17084 19437-17086 18201-17086 17360-16823 17378-16823 17341-16823 17406-16823 17373-16823 17407-16823 17216-16823 17408-16823 17409-16823 17410-16823 17411-16823 17412-16823 17413-16823 17414-16823 17416-16823 17395-16823 17417-16823 17418-16823 17419-16823 17420-16823 17422-16823 17423-16823 17424-16823 17402-16823 17425-16823 17426-16823 17726-17084 16898-17084 17758-17084 17727-17084 17786-17084 17787-17084 17788-17084 17789-17084 17790-17084 17791-17084 17792-17084 17793-17084 17794-17084 17753-17084 17795-17084 17761-17084 17647-17084 17646-17084 17796-17084 17563-17084 17797-17084 17798-17084 17799-17084 17800-17084 17801-17084 17802-17084 17803-17084 17804-17084 17805-17084 17806-17084 17766-17084 17807-17084 17808-17084 20110-17086 19923-17086 19867-17086 19754-17086 19833-17086 19832-17086 19782-17086 19784-17086 19794-17086 19845-17086 19848-17086 19735-17086 19912-17086 20168-17086 20171-17084 19932-17084 18085-17084 17468-17084 19346-17084 19869-17084 20194-17084 18084-17084 19865-17084 19344-17084 19993-17084 19877-17084 19955-17084 19986-17084 19339-17084 17461-17084 19729-17084 19961-17084 17582-17084 19966-17084 19888-17084 19970-17084 19930-17084 20242-17086 19798-17086 19913-17086 20001-17084 19422-17086 19817-17086 19977-17086 19934-17086 19695-17086 19700-17086 19836-17086 20090-17086 19851-17086 19720-17086 19957-17086 19858-17086 19680-17086 19863-17084 19808-17084 19815-17084 19895-17084 19989-17084 18082-17084 19335-17084 18164-17084 19437-17086 18201-17086 Important 17360-16823 Important 17378-16823 Important 17341-16823 Important 17406-16823 Important 17373-16823 Important 17407-16823 Important 17216-16823 Important 17408-16823 Important 17409-16823 Important 17410-16823 Important 17411-16823 Important 17412-16823 Important 17413-16823 Important 17414-16823 Important 17416-16823 Important 17395-16823 Important 17417-16823 Important 17418-16823 Important 17419-16823 Important 17420-16823 Important 17422-16823 Important 17423-16823 Important 17424-16823 Important 17402-16823 Important 17425-16823 Important 17426-16823 Important 17726-17084 Important 16898-17084 Important 17758-17084 Important 17727-17084 Important 17786-17084 Important 17787-17084 Important 17788-17084 Important 17789-17084 Important 17790-17084 Important 17791-17084 Important 17792-17084 17793-17084 Important 17794-17084 Important 17753-17084 Important 17795-17084 Important 17761-17084 Important 17647-17084 Important 17646-17084 Important 17796-17084 Important 17563-17084 Important 17797-17084 17798-17084 Important 17799-17084 Important 17800-17084 Important 17801-17084 Important 17802-17084 Important 17803-17084 Important 17804-17084 Important 17805-17084 Important 17806-17084 Important 17766-17084 Important 17807-17084 Important 17808-17084 20110-17086 19923-17086 19867-17086 19754-17086 19833-17086 19832-17086 19782-17086 19784-17086 19794-17086 19845-17086 19848-17086 19735-17086 19912-17086 20168-17086 20171-17084 19932-17084 18085-17084 17468-17084 19346-17084 19869-17084 20194-17084 18084-17084 19865-17084 19344-17084 19993-17084 19877-17084 19955-17084 19986-17084 19339-17084 17461-17084 19729-17084 19961-17084 17582-17084 19966-17084 19888-17084 19970-17084 19930-17084 20242-17086 19798-17086 19913-17086 Important 20001-17084 19422-17086 19817-17086 19977-17086 19934-17086 19695-17086 19700-17086 19836-17086 20090-17086 19851-17086 19720-17086 19957-17086 19858-17086 19680-17086 19863-17084 19808-17084 19815-17084 19895-17084 19989-17084 18082-17084 19335-17084 18164-17084 19437-17086 18201-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17360-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17378-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17341-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17406-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17373-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17407-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17216-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17408-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17409-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17410-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17411-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17412-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17413-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17414-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17416-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17395-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17417-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17418-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17419-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17420-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17422-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17423-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17424-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17402-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17425-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17426-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17726-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16898-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17758-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17727-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17786-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17787-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17788-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17789-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17790-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17791-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17792-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17793-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17794-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17753-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17795-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17761-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17647-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17646-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17796-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17563-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17797-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17798-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17799-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17800-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17801-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17802-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17803-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17804-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17805-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17806-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17766-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17807-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17808-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20110-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19923-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19867-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19754-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19833-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19832-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19782-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19784-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19794-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19845-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19848-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19735-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19912-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20168-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20171-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19932-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18085-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17468-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19346-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19869-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20194-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18084-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19865-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19344-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19993-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19877-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19955-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19986-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19339-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17461-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19729-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19961-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17582-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19966-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19888-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19970-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19930-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20242-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19798-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19913-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20001-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19422-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19817-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19977-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19934-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19695-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19700-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19836-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20090-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19851-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19720-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19957-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19858-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19680-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19863-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19808-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19815-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19895-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19989-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18082-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19335-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18164-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19437-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18201-17086 CBL-Mariner Releases 17360-16823 19798-17086 19422-17086 No Security Update 24.0.9-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17360-16823 19798-17086 19422-17086 CBL-Mariner Releases CBL-Mariner Releases 17378-16823 20242-17086 No Security Update 0.8.17-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17378-16823 20242-17086 CBL-Mariner Releases CBL-Mariner Releases 17341-16823 20168-17086 No Security Update 17.0.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17341-16823 20168-17086 CBL-Mariner Releases CBL-Mariner Releases 17406-16823 19912-17086 18201-17086 No Security Update 1.3.2-20 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17406-16823 19912-17086 18201-17086 CBL-Mariner Releases CBL-Mariner Releases 17373-16823 19735-17086 19437-17086 No Security Update 1.29.4-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17373-16823 19735-17086 19437-17086 CBL-Mariner Releases CBL-Mariner Releases 17407-16823 19680-17086 No Security Update 3.6.2-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17407-16823 19680-17086 CBL-Mariner Releases CBL-Mariner Releases 17216-16823 19858-17086 No Security Update 1.14.2-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17216-16823 19858-17086 CBL-Mariner Releases CBL-Mariner Releases 17408-16823 19957-17086 No Security Update 0.10.0-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17408-16823 19957-17086 CBL-Mariner Releases CBL-Mariner Releases 17409-16823 19720-17086 No Security Update 2.37.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17409-16823 19720-17086 CBL-Mariner Releases CBL-Mariner Releases 17410-16823 19851-17086 No Security Update 1.9.5-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17410-16823 19851-17086 CBL-Mariner Releases CBL-Mariner Releases 17411-16823 17789-17084 19961-17084 20090-17086 No Security Update 0.63.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17411-16823 17789-17084 19961-17084 20090-17086 CBL-Mariner Releases CBL-Mariner Releases 17412-16823 19848-17086 No Security Update 1.7.7-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17412-16823 19848-17086 CBL-Mariner Releases CBL-Mariner Releases 17413-16823 19845-17086 No Security Update 1.6.26-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17413-16823 19845-17086 CBL-Mariner Releases CBL-Mariner Releases 17414-16823 19794-17086 No Security Update 2.17.3-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17414-16823 19794-17086 CBL-Mariner Releases CBL-Mariner Releases 17416-16823 19782-17086 No Security Update 0.59.0-17 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17416-16823 19782-17086 CBL-Mariner Releases CBL-Mariner Releases 17395-16823 19832-17086 No Security Update 1.28.4-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17395-16823 19832-17086 CBL-Mariner Releases CBL-Mariner Releases 17417-16823 No Security Update 2.4.0-24 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17417-16823 CBL-Mariner Releases CBL-Mariner Releases 17418-16823 17419-16823 19695-17086 19700-17086 No Security Update 3.2.0.azl2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17418-16823 17419-16823 19695-17086 19700-17086 CBL-Mariner Releases CBL-Mariner Releases 17420-16823 19833-17086 No Security Update 2.6.1-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17420-16823 19833-17086 CBL-Mariner Releases CBL-Mariner Releases 17422-16823 19754-17086 No Security Update 1.29.0-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17422-16823 19754-17086 CBL-Mariner Releases CBL-Mariner Releases 17423-16823 19867-17086 No Security Update 1.11.1-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17423-16823 19867-17086 CBL-Mariner Releases CBL-Mariner Releases 17424-16823 19977-17086 No Security Update 8.4.0-22 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17424-16823 19977-17086 CBL-Mariner Releases CBL-Mariner Releases 17402-16823 19817-17086 No Security Update 1.11.2-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17402-16823 19817-17086 CBL-Mariner Releases CBL-Mariner Releases 17425-16823 19923-17086 No Security Update 2.1.2-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17425-16823 19923-17086 CBL-Mariner Releases CBL-Mariner Releases 17426-16823 17808-17084 20110-17086 20171-17084 No Security Update 10.24.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17426-16823 17808-17084 20110-17086 20171-17084 CBL-Mariner Releases CBL-Mariner Releases 17726-17084 19930-17084 No Security Update 0.29.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17726-17084 19930-17084 CBL-Mariner Releases CBL-Mariner Releases 16898-17084 19970-17084 No Security Update 19.0.4-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16898-17084 19970-17084 CBL-Mariner Releases CBL-Mariner Releases 17758-17084 18164-17084 No Security Update 1.31.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17758-17084 18164-17084 CBL-Mariner Releases CBL-Mariner Releases 17727-17084 19888-17084 No Security Update 1.14.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17727-17084 19888-17084 CBL-Mariner Releases CBL-Mariner Releases 17786-17084 19966-17084 No Security Update 0.12.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17786-17084 19966-17084 CBL-Mariner Releases CBL-Mariner Releases 17787-17084 17582-17084 No Security Update 2.45.4-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17787-17084 17582-17084 CBL-Mariner Releases CBL-Mariner Releases 17788-17084 19335-17084 No Security Update 1.9.5-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17788-17084 19335-17084 CBL-Mariner Releases CBL-Mariner Releases 17790-17084 18082-17084 No Security Update 0.8.15-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17790-17084 18082-17084 CBL-Mariner Releases CBL-Mariner Releases 17791-17084 19729-17084 No Security Update 25.0.3-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17791-17084 19729-17084 CBL-Mariner Releases CBL-Mariner Releases 17792-17084 17461-17084 No Security Update 1.7.7-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17792-17084 17461-17084 CBL-Mariner Releases CBL-Mariner Releases 17793-17084 No Security Update 20240213-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17793-17084 CBL-Mariner Releases CBL-Mariner Releases 17794-17084 19339-17084 No Security Update 1.2.0-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17794-17084 19339-17084 CBL-Mariner Releases CBL-Mariner Releases 17753-17084 17802-17084 20194-17084 19986-17084 No Security Update 1.30.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17753-17084 17802-17084 20194-17084 19986-17084 CBL-Mariner Releases CBL-Mariner Releases 17795-17084 19955-17084 No Security Update 0.0.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17795-17084 19955-17084 CBL-Mariner Releases CBL-Mariner Releases 17761-17084 19877-17084 No Security Update 2.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17761-17084 19877-17084 CBL-Mariner Releases CBL-Mariner Releases 17647-17084 17646-17084 19993-17084 19989-17084 No Security Update 3.2.0.azl4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17647-17084 17646-17084 19993-17084 19989-17084 CBL-Mariner Releases CBL-Mariner Releases 17796-17084 19344-17084 No Security Update 2.7.3-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17796-17084 19344-17084 CBL-Mariner Releases CBL-Mariner Releases 17563-17084 19865-17084 No Security Update 2.62.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17563-17084 19865-17084 CBL-Mariner Releases CBL-Mariner Releases 17797-17084 19895-17084 No Security Update 0.24.2-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17797-17084 19895-17084 CBL-Mariner Releases CBL-Mariner Releases 17798-17084 No Security Update 3.5.12-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17798-17084 CBL-Mariner Releases CBL-Mariner Releases 17799-17084 19815-17084 No Security Update 2.27.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17799-17084 19815-17084 CBL-Mariner Releases CBL-Mariner Releases 17800-17084 18084-17084 No Security Update 25.0.3-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17800-17084 18084-17084 CBL-Mariner Releases CBL-Mariner Releases 17801-17084 19808-17084 No Security Update 0.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17801-17084 19808-17084 CBL-Mariner Releases CBL-Mariner Releases 17803-17084 19869-17084 No Security Update 1.11.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17803-17084 19869-17084 CBL-Mariner Releases CBL-Mariner Releases 17804-17084 19346-17084 No Security Update 1.57.0-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17804-17084 19346-17084 CBL-Mariner Releases CBL-Mariner Releases 17805-17084 17468-17084 No Security Update 1.7.13-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17805-17084 17468-17084 CBL-Mariner Releases CBL-Mariner Releases 17806-17084 18085-17084 No Security Update 8.7.3-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17806-17084 18085-17084 CBL-Mariner Releases CBL-Mariner Releases 17766-17084 19863-17084 No Security Update 1.12.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17766-17084 19863-17084 CBL-Mariner Releases CBL-Mariner Releases 17807-17084 19932-17084 No Security Update 2.3.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17807-17084 19932-17084 CBL-Mariner Releases CBL-Mariner Releases 19784-17086 No Security Update 0.7.1-24 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19784-17086 CBL-Mariner Releases CBL-Mariner Releases 19913-17086 No Security Update 24.0.9-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19913-17086 CBL-Mariner Releases CBL-Mariner Releases 19934-17086 No Security Update 3.5.12-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19934-17086 CBL-Mariner Releases CBL-Mariner Releases 19836-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19836-17086 CBL-Mariner Releases 3.4 2024-11-01T00:00:00 <p>Added kubernetes to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added vitess to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added ig to Azure Linux 3.0</p> 3.5 2024-11-08T00:00:00 <p>Added azcopy to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0</p> 3.8 2024-12-03T00:00:00 <p>Added cert-manager to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0</p> 3.9 2024-12-04T00:00:00 <p>Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0</p> 4.0 2024-12-07T00:00:00 <p>Added cf-cli to Azure Linux 3.0 Added containerd to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added docker-cli to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added moby-containerd-cc to Azure Linux 3.0 Added moby-engine to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0</p> 4.3 2024-12-18T00:00:00 <p>Added blobfuse2 to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added cf-cli to Azure Linux 3.0 Added containerd to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added docker-cli to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added moby-containerd-cc to Azure Linux 3.0 Added moby-engine to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0</p> 4.7 2025-02-11T00:00:00 <p>Added kata-containers to Azure Linux 3.0 Added kata-containers-cc to Azure Linux 3.0 Added etcd to Azure Linux 3.0 Added flannel to Azure Linux 3.0 Added gh to Azure Linux 3.0 Added cf-cli to Azure Linux 3.0 Added containerd to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added docker-cli to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added moby-containerd-cc to Azure Linux 3.0 Added moby-engine to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0 Added moby-engine to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added moby-buildx to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0</p> 1.0 2024-03-08T00:00:00 <p>Information published.</p> 1.1 2024-04-01T00:00:00 <p>Added node-problem-detector to CBL-Mariner 2.0</p> 1.2 2024-07-02T00:00:00 <p>Information published.</p> 1.3 2024-06-30T07:00:00 <p>Information published.</p> 1.4 2024-07-10T00:00:00 <p>Information published.</p> 1.5 2024-08-16T00:00:00 <p>Information published.</p> 1.6 2024-08-25T00:00:00 <p>Information published.</p> 1.7 2024-08-26T00:00:00 <p>Information published.</p> 1.8 2024-08-27T00:00:00 <p>Information published.</p> 1.9 2024-08-28T00:00:00 <p>Information published.</p> 2.0 2024-08-29T00:00:00 <p>Information published.</p> 2.1 2024-08-30T00:00:00 <p>Information published.</p> 2.2 2024-08-31T00:00:00 <p>Information published.</p> 2.3 2024-09-01T00:00:00 <p>Information published.</p> 2.4 2024-09-02T00:00:00 <p>Information published.</p> 2.5 2024-09-03T00:00:00 <p>Information published.</p> 2.6 2024-09-05T00:00:00 <p>Information published.</p> 2.7 2024-09-06T00:00:00 <p>Information published.</p> 2.8 2024-09-07T00:00:00 <p>Information published.</p> 2.9 2024-09-08T00:00:00 <p>Information published.</p> 3.0 2024-09-11T00:00:00 <p>Information published.</p> 3.1 2024-09-13T00:00:00 <p>Information published.</p> 3.2 2024-10-12T00:00:00 <p>Information published.</p> 3.3 2024-10-16T00:00:00 <p>Added prometheus to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added vitess to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added ig to Azure Linux 3.0</p> 3.6 2024-11-14T00:00:00 <p>Added skopeo to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0</p> 3.7 2024-11-27T00:00:00 <p>Added sriov-network-device-plugin to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0</p> 4.1 2024-12-13T00:00:00 <p>Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added cf-cli to Azure Linux 3.0 Added containerd to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added docker-cli to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added moby-containerd-cc to Azure Linux 3.0 Added moby-engine to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0</p> 4.2 2024-12-14T00:00:00 <p>Added blobfuse2 to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added gh to Azure Linux 3.0 Added cf-cli to Azure Linux 3.0 Added containerd to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added docker-cli to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added moby-containerd-cc to Azure Linux 3.0 Added moby-engine to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0</p> 4.4 2024-12-19T00:00:00 <p>Added cf-cli to CBL-Mariner 2.0 Added moby-buildx to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added flannel to Azure Linux 3.0 Added gh to Azure Linux 3.0 Added cf-cli to Azure Linux 3.0 Added containerd to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added docker-cli to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added moby-containerd-cc to Azure Linux 3.0 Added moby-engine to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0</p> 4.5 2024-12-21T00:00:00 <p>Added coredns to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added moby-buildx to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added etcd to Azure Linux 3.0 Added flannel to Azure Linux 3.0 Added gh to Azure Linux 3.0 Added cf-cli to Azure Linux 3.0 Added containerd to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added docker-cli to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added moby-containerd-cc to Azure Linux 3.0 Added moby-engine to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0</p> 4.6 2024-12-27T00:00:00 <p>Added moby-engine to CBL-Mariner 2.0 Added coredns to CBL-Mariner 2.0 Added etcd to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added cf-cli to CBL-Mariner 2.0 Added moby-buildx to CBL-Mariner 2.0 Added moby-cli to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added terraform to CBL-Mariner 2.0 Added blobfuse2 to CBL-Mariner 2.0 Added cri-tools to CBL-Mariner 2.0 Added kata-containers to CBL-Mariner 2.0 Added kata-containers-cc to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added azcopy to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added moby-compose to CBL-Mariner 2.0 Added node-problem-detector to CBL-Mariner 2.0 Added opa to CBL-Mariner 2.0 Added prometheus to CBL-Mariner 2.0 Added prometheus-adapter to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added etcd to Azure Linux 3.0 Added flannel to Azure Linux 3.0 Added gh to Azure Linux 3.0 Added cf-cli to Azure Linux 3.0 Added containerd to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added coredns to Azure Linux 3.0 Added docker-cli to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added libcontainers-common to Azure Linux 3.0 Added moby-containerd-cc to Azure Linux 3.0 Added moby-engine to Azure Linux 3.0 Added node-problem-detector to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus to Azure Linux 3.0 Added azcopy to Azure Linux 3.0 Added blobfuse2 to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added cri-tools to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added opa to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added vitess to Azure Linux 3.0</p> 5.0 2026-02-21T00:14:28 <p>Information published.</p> Libvirt: negative g_new0 length can lead to unbounded memory allocation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-2494 Memory Allocation with Excessive Size Value 17379-16823 19891-17084 19893-17086 17379-16823 19891-17084 19893-17086 Moderate 17379-16823 Moderate 19891-17084 Moderate 19893-17086 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17379-16823 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 19891-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19893-17086 CBL-Mariner Releases 17379-16823 19893-17086 No Security Update 7.10.0-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17379-16823 19893-17086 CBL-Mariner Releases CBL-Mariner Releases 19891-17084 No Security Update 10.0.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19891-17084 CBL-Mariner Releases 1.0 2024-04-01T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 2.0 2025-07-11T00:00:00 <p>Added libvirt to Azure Linux 3.0 Added libvirt to CBL-Mariner 2.0</p> 2.1 2026-02-18T02:12:39 <p>Information published.</p> sr9800: Add check for usbnet_get_endpoints <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-26651 16989-17084 17785-17084 16989-17084 17785-17084 Moderate 16989-17084 17785-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16989-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17785-17084 CBL-Mariner Releases 16989-17084 17785-17084 No Security Update 6.6.35.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16989-17084 17785-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2025-03-17T00:00:00 <p>Added hyperv-daemons to Azure Linux 3.0</p> Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-28110 Insufficiently Protected Credentials 17405-16823 17758-17084 18164-17084 19735-17086 19437-17086 17405-16823 17758-17084 18164-17084 19735-17086 19437-17086 Important 17405-16823 Important 17758-17084 Important 18164-17084 19735-17086 Important 19437-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17405-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17758-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 18164-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19735-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19437-17086 CBL-Mariner Releases 17405-16823 19735-17086 19437-17086 No Security Update 1.28.5-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17405-16823 19735-17086 19437-17086 CBL-Mariner Releases CBL-Mariner Releases 17758-17084 18164-17084 No Security Update 1.31.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17758-17084 18164-17084 CBL-Mariner Releases 1.1 2024-06-30T07:00:00 <p>Information published.</p> 2.0 2026-02-18T01:04:57 <p>Information published.</p> wall in util-linux through 2.40 often installed with setgid tty permissions allows escape sequences to be sent to other users' terminals through argv. (Specifically escape sequences received from stdin are blocked but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-28085 Improper Neutralization of Escape Meta or Control Sequences 17773-17084 20195-17086 17773-17084 20195-17086 Low 17773-17084 Low 20195-17086 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 17773-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 20195-17086 CBL-Mariner Releases 17773-17084 No Security Update 2.39.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17773-17084 CBL-Mariner Releases CBL-Mariner Releases 20195-17086 No Security Update 2.37.4-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20195-17086 CBL-Mariner Releases 1.2 2024-10-15T00:00:00 <p>Added util-linux to Azure Linux 3.0 Added util-linux to CBL-Mariner 2.0</p> 1.0 2024-04-01T00:00:00 <p>Information published.</p> 1.1 2024-09-11T00:00:00 <p>Information published.</p> 1.3 2026-02-18T02:21:55 <p>Information published.</p> libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-28757 17399-16823 17783-17084 19901-17086 19681-17086 17098-17086 19756-17086 17464-17084 19906-17084 17545-17084 18576-17086 17399-16823 17783-17084 19901-17086 19681-17086 17098-17086 19756-17086 17464-17084 19906-17084 17545-17084 18576-17086 Important 17399-16823 Important 17783-17084 19901-17086 19681-17086 17098-17086 19756-17086 17464-17084 19906-17084 17545-17084 18576-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17399-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17783-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19901-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19681-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17098-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19756-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17464-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19906-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17545-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18576-17086 CBL-Mariner Releases 17399-16823 19901-17086 18576-17086 No Security Update 2.6.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17399-16823 19901-17086 18576-17086 CBL-Mariner Releases CBL-Mariner Releases 17783-17084 19906-17084 No Security Update 2.6.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17783-17084 19906-17084 CBL-Mariner Releases CBL-Mariner Releases 19681-17086 19756-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19681-17086 19756-17086 CBL-Mariner Releases CBL-Mariner Releases 17545-17084 No Security Update 3.12.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17545-17084 CBL-Mariner Releases 1.1 2025-02-27T00:00:00 <p>Added expat to CBL-Mariner 2.0 Added expat to Azure Linux 3.0</p> 1.2 2025-03-14T00:00:00 <p>Added python3 to Azure Linux 3.0 Added expat to Azure Linux 3.0 Added expat to CBL-Mariner 2.0</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> 2.0 2026-02-18T01:23:29 <p>Information published.</p> Gnutls: vulnerable to minerva side-channel information leak <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-28834 Use of a Broken or Risky Cryptographic Algorithm 17380-16823 17775-17084 17479-17084 17380-16823 17775-17084 17479-17084 Moderate 17380-16823 Moderate 17775-17084 Moderate 17479-17084 5.3 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 17380-16823 5.3 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 17775-17084 5.3 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 17479-17084 CBL-Mariner Releases 17380-16823 No Security Update 3.7.11-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17380-16823 CBL-Mariner Releases CBL-Mariner Releases 17775-17084 17479-17084 No Security Update 3.8.3-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17775-17084 17479-17084 CBL-Mariner Releases 1.0 2024-11-09T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:10:06 <p>Information published.</p> Proxy-Authorization header kept across hosts in follow-redirects <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-28849 Exposure of Sensitive Information to an Unauthorized Actor 17334-16823 19806-17086 19712-17086 19693-17084 17334-16823 19806-17086 19712-17086 19693-17084 Moderate 17334-16823 Moderate 19806-17086 Moderate 19712-17086 Moderate 19693-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17334-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19806-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19712-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19693-17084 CBL-Mariner Releases 17334-16823 19806-17086 No Security Update 3.1.1-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17334-16823 19806-17086 CBL-Mariner Releases CBL-Mariner Releases 19693-17084 No Security Update 2.16.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19693-17084 CBL-Mariner Releases 1.2 2026-02-18T01:39:21 <p>Information published.</p> 1.0 2024-03-25T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0 and Mbed Crypto. The PSA Crypto API mishandles shared memory. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-28960 Improper Access Control 17178-16823 19809-17086 17238-17086 17178-16823 19809-17086 17238-17086 Important 17178-16823 19809-17086 Important 17238-17086 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 17178-16823 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 19809-17086 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 17238-17086 CBL-Mariner Releases 17178-16823 19809-17086 17238-17086 No Security Update 1.0.1-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17178-16823 19809-17086 17238-17086 CBL-Mariner Releases 1.0 2024-11-28T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:22:39 <p>Information published.</p> An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1 3.11.7 3.10.13 3.9.18 and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner PSF Yes CVE-2023-6597 19964-17084 19976-17086 17386-16823 17712-17084 17667-17084 19964-17084 19976-17086 17386-16823 17712-17084 17667-17084 Important 19964-17084 Important 19976-17086 Important 17386-16823 Important 17712-17084 Important 17667-17084 7.8 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N 19964-17084 7.8 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N 19976-17086 7.8 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N 17386-16823 7.8 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N 17712-17084 7.8 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N 17667-17084 CBL-Mariner Releases 19964-17084 17712-17084 No Security Update 3.12.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19964-17084 17712-17084 CBL-Mariner Releases CBL-Mariner Releases 19976-17086 17386-16823 No Security Update 3.9.19-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19976-17086 17386-16823 CBL-Mariner Releases 2.6 2026-02-18T01:35:38 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2024-08-25T00:00:00 <p>Information published.</p> 1.2 2024-08-26T00:00:00 <p>Information published.</p> 1.3 2024-08-27T00:00:00 <p>Information published.</p> 1.4 2024-08-28T00:00:00 <p>Information published.</p> 1.5 2024-08-29T00:00:00 <p>Information published.</p> 1.6 2024-08-30T00:00:00 <p>Information published.</p> 1.7 2024-08-31T00:00:00 <p>Information published.</p> 1.8 2024-09-01T00:00:00 <p>Information published.</p> 1.9 2024-09-02T00:00:00 <p>Information published.</p> 2.0 2024-09-03T00:00:00 <p>Information published.</p> 2.1 2024-09-05T00:00:00 <p>Information published.</p> 2.2 2024-09-06T00:00:00 <p>Information published.</p> 2.3 2024-09-07T00:00:00 <p>Information published.</p> 2.4 2024-09-08T00:00:00 <p>Information published.</p> 2.5 2024-09-11T00:00:00 <p>Information published.</p> Errors returned from JSON marshaling may break template escaping in html/template <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2024-24785 17375-16823 19718-17086 19747-17086 18315-17084 19785-17086 19712-17086 17667-17084 18447-17086 18444-17086 19730-17086 19778-17086 19668-17086 19693-17084 19697-17084 17375-16823 19718-17086 19747-17086 18315-17084 19785-17086 19712-17086 17667-17084 18447-17086 18444-17086 19730-17086 19778-17086 19668-17086 19693-17084 19697-17084 Moderate 17375-16823 19718-17086 19747-17086 Moderate 18315-17084 19785-17086 19712-17086 17667-17084 18447-17086 18444-17086 19730-17086 19778-17086 19668-17086 19693-17084 Moderate 19697-17084 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 17375-16823 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 19718-17086 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 19747-17086 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 18315-17084 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 19785-17086 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 19712-17086 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 17667-17084 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 18447-17086 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 18444-17086 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 19730-17086 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 19778-17086 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 19668-17086 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 19693-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 19697-17084 CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases CBL-Mariner Releases 19785-17086 19778-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19785-17086 19778-17086 CBL-Mariner Releases 2.0 2026-02-18T14:49:14 <p>Information published.</p> 1.0 2025-09-04T00:47:50 <p>Information published.</p> tracing: Ensure visibility when inserting an element into tracing_map <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-26645 17465-17084 19529-17084 17465-17084 19529-17084 Moderate 17465-17084 Moderate 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 CBL-Mariner Releases 17465-17084 No Security Update 6.6.82.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 CBL-Mariner Releases CBL-Mariner Releases 19529-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 CBL-Mariner Releases 1.0 2025-09-04T00:50:26 <p>Information published.</p> 1.1 2026-02-18T14:57:28 <p>Information published.</p> drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52585 NULL Pointer Dereference 19682-17086 18490-17086 17099-16823 17472-17084 19529-17084 19682-17086 18490-17086 17099-16823 17472-17084 19529-17084 19682-17086 Moderate 18490-17086 Moderate 17099-16823 Moderate 17472-17084 Moderate 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17472-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 CBL-Mariner Releases 19682-17086 19529-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 19529-17084 CBL-Mariner Releases CBL-Mariner Releases 17099-16823 No Security Update 5.15.176.3-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17099-16823 CBL-Mariner Releases CBL-Mariner Releases 17472-17084 No Security Update 6.6.79.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17472-17084 CBL-Mariner Releases 2.0 2026-02-21T02:30:29 <p>Information published.</p> 1.0 2025-09-03T22:23:46 <p>Information published.</p> Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2023-45289 19747-17086 18315-17084 19679-17084 17667-17084 19697-17084 18447-17086 18444-17086 17375-16823 19718-17086 19730-17086 19785-17086 19778-17086 19712-17086 19668-17086 19693-17084 19762-17084 19747-17086 18315-17084 19679-17084 17667-17084 19697-17084 18447-17086 18444-17086 17375-16823 19718-17086 19730-17086 19785-17086 19778-17086 19712-17086 19668-17086 19693-17084 19762-17084 19747-17086 Moderate 18315-17084 19679-17084 17667-17084 Moderate 19697-17084 18447-17086 18444-17086 Moderate 17375-16823 19718-17086 19730-17086 19785-17086 19778-17086 19712-17086 19668-17086 19693-17084 Moderate 19762-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 19747-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 18315-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 19679-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 17667-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 19697-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 18447-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 18444-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 17375-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 19718-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 19730-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 19785-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 19778-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 19712-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 19668-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 19693-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 19762-17084 CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases CBL-Mariner Releases 19785-17086 19778-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19785-17086 19778-17086 CBL-Mariner Releases 1.0 2025-09-04T01:09:58 <p>Information published.</p> 2.0 2026-02-18T14:51:58 <p>Information published.</p> In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.) <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-30161 Use After Free 17497-17084 17680-17084 17497-17084 17680-17084 Moderate 17497-17084 17680-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 17497-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 17680-17084 CBL-Mariner Releases 17497-17084 17680-17084 No Security Update 6.6.3-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17497-17084 17680-17084 CBL-Mariner Releases 1.0 2025-01-18T00:00:00 <p>Information published.</p> 2.0 2025-01-19T00:00:00 <p>Information published.</p> 3.0 2025-03-14T00:00:00 <p>Information published.</p> Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark https://nvd.nist.gov/vuln/detail/CVE-2023-6175 https://nvd.nist.gov/vuln/detail/CVE-2023-6175 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2023-6175 Buffer Copy without Checking Size of Input (&#39;Classic Buffer Overflow&#39;) 12356 12357 12356 12357 12356 12357 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12356 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12357 wireshark 12356 wireshark-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 wireshark-cli-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 wireshark-devel-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 wireshark-debuginfo-4.4.7-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.7-1 https://nvd.nist.gov/vuln/detail/CVE-2023-6175 12356 wireshark wireshark 12357 wireshark-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 wireshark-cli-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 wireshark-devel-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 wireshark-debuginfo-4.4.7-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.7-1 https://nvd.nist.gov/vuln/detail/CVE-2023-6175 12357 wireshark 1.0 2025-07-11T00:00:00 <p>Information published.</p> Mismatched Memory Management Routines in Wireshark <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2024-2955 Mismatched Memory Management Routines 19523-17084 19523-17084 Important 19523-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19523-17084 CBL-Mariner Releases 19523-17084 No Security Update 4.4.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19523-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2025-08-07T00:00:00 <p>Added wireshark to Azure Linux 3.0</p> If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-2612 Use After Free 18469-17084 18469-17084 Important 18469-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 18469-17084 1.0 2025-09-03T21:34:18 <p>Information published.</p> 1.1 2026-02-18T14:35:01 <p>Information published.</p> webpack-dev-middleware Path Traversal vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-29180 Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;) 19693-17084 19693-17084 Important 19693-17084 7.4 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N 19693-17084 1.0 2025-09-03T21:37:29 <p>Information published.</p> 1.1 2026-02-18T02:59:16 <p>Information published.</p> net: mana: Fix TX CQE error handling <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52532 17087-17086 21093-17086 20925-17086 17087-17086 21093-17086 20925-17086 17087-17086 21093-17086 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 2.0 2026-03-03T14:54:58 <p>Information published.</p> 3.0 2026-03-31T15:16:23 <p>Information published.</p> 1.0 2025-09-03T21:38:55 <p>Information published.</p> btrfs: remove BUG() after failure to insert delayed dir index item <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52569 Reachable Assertion 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 1.0 2025-09-03T21:40:32 <p>Information published.</p> 2.0 2026-03-03T14:55:47 <p>Information published.</p> 3.0 2026-03-31T15:16:52 <p>Information published.</p> netfs: Only call folio_start_fscache() one time for each folio <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52582 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 1.0 2025-09-03T21:43:31 <p>Information published.</p> 2.0 2026-03-03T14:56:04 <p>Information published.</p> 3.0 2026-03-31T15:17:06 <p>Information published.</p> drm/msm/dpu: Add mutex lock in control vblank irq <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52586 Concurrent Execution using Shared Resource with Improper Synchronization (&#39;Race Condition&#39;) 19683-17084 20412-17084 20613-17084 20725-17084 20788-17084 20925-17086 20956-17084 21093-17086 17087-17086 20553-17084 20823-17084 20860-17084 21094-17084 19683-17084 20412-17084 20613-17084 20725-17084 20788-17084 20925-17086 20956-17084 21093-17086 17087-17086 20553-17084 20823-17084 20860-17084 21094-17084 19683-17084 Important 20412-17084 Important 20613-17084 Important 20725-17084 Important 20788-17084 Important 20925-17086 Important 20956-17084 Important 21093-17086 Important 17087-17086 Important 20553-17084 Important 20823-17084 Important 20860-17084 Important 21094-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20613-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20925-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20956-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21093-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20823-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21094-17084 1.0 2025-09-03T21:56:10 <p>Information published.</p> 2.0 2025-12-07T01:38:16 <p>Information published.</p> 6.0 2026-03-03T14:39:06 <p>Information published.</p> 7.0 2026-03-04T14:35:46 <p>Information published.</p> 3.0 2026-01-08T14:37:02 <p>Information published.</p> 4.0 2026-01-20T14:35:40 <p>Information published.</p> 5.0 2026-02-19T01:21:04 <p>Information published.</p> 8.0 2026-03-31T14:47:58 <p>Information published.</p> x86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52576 Use After Free 19682-17086 18490-17086 19682-17086 18490-17086 19682-17086 Moderate 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 1.0 2025-09-03T21:54:34 <p>Information published.</p> 2.0 2026-02-18T02:26:48 <p>Information published.</p> arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52561 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 2.0 2026-03-03T14:58:12 <p>Information published.</p> 3.0 2026-03-31T14:40:09 <p>Information published.</p> 1.0 2025-09-03T21:56:45 <p>Information published.</p> Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-2614 Out-of-bounds Write 18469-17084 18469-17084 Important 18469-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18469-17084 1.0 2025-09-03T22:07:01 <p>Information published.</p> 1.1 2026-02-18T14:39:30 <p>Information published.</p> ocfs2: Avoid touching renamed directory if parent does not change <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52590 Improper Locking 19682-17086 19529-17084 18490-17086 19682-17086 19529-17084 18490-17086 19682-17086 Moderate 19529-17084 Moderate 18490-17086 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 19682-17086 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 19529-17084 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 18490-17086 1.0 2025-09-03T22:15:16 <p>Information published.</p> 2.0 2026-02-19T01:21:57 <p>Information published.</p> media: rkisp1: Fix IRQ disable race issue <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52589 Concurrent Execution using Shared Resource with Improper Synchronization (&#39;Race Condition&#39;) 19682-17086 18490-17086 19682-17086 18490-17086 19682-17086 Moderate 18490-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 1.0 2025-09-03T22:17:34 <p>Information published.</p> 2.0 2026-02-19T01:22:04 <p>Information published.</p> S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function tt_sprintf(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-45927 Improper Check or Handling of Exceptional Conditions 20175-17084 20177-17086 20175-17084 20177-17086 Moderate 20175-17084 Moderate 20177-17086 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20175-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20177-17086 1.0 2025-09-03T22:32:27 <p>Information published.</p> sh: push-switch: Reorder cleanup operations to avoid use-after-free bug <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52629 Use After Free 19682-17086 18490-17086 19682-17086 18490-17086 19682-17086 Important 18490-17086 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19682-17086 8.4 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18490-17086 1.0 2025-09-03T22:31:11 <p>Information published.</p> 2.0 2026-02-21T02:26:38 <p>Information published.</p> reiserfs: Avoid touching renamed directory if parent does not change <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52591 18490-17086 19682-17086 18490-17086 19682-17086 Important 18490-17086 19682-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18490-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19682-17086 2.0 2026-02-21T02:34:05 <p>Information published.</p> 1.0 2025-09-03T22:34:49 <p>Information published.</p> S-Lang 2.3.2 was discovered to contain a segmentation fault via the function fixup_tgetstr(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-45929 Buffer Copy without Checking Size of Input (&#39;Classic Buffer Overflow&#39;) 20175-17084 20177-17086 20175-17084 20177-17086 Moderate 20175-17084 Moderate 20177-17086 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20175-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20177-17086 1.0 2025-09-03T22:36:34 <p>Information published.</p> spmi: mediatek: Fix UAF on device remove <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52584 Use After Free 19682-17086 18490-17086 19682-17086 18490-17086 19682-17086 Low 18490-17086 3.8 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N 19682-17086 3.8 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N 18490-17086 1.0 2025-09-03T22:37:27 <p>Information published.</p> 2.0 2026-02-21T02:34:48 <p>Information published.</p> An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-2605 18469-17084 18469-17084 Moderate 18469-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 18469-17084 1.0 2025-09-03T22:49:35 <p>Information published.</p> 1.1 2026-02-18T15:18:11 <p>Information published.</p> cifs: Fix UAF in cifs_demultiplex_thread() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52572 Use After Free 19682-17086 18490-17086 19682-17086 18490-17086 19682-17086 Important 18490-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19682-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18490-17086 CBL-Mariner Releases 19682-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 CBL-Mariner Releases 1.0 2025-09-03T22:52:49 <p>Information published.</p> 2.0 2026-02-18T14:20:09 <p>Information published.</p> drm/amd/display: Wake DMCUB before executing GPINT commands <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52624 Improper Neutralization of Special Elements used in a Command (&#39;Command Injection&#39;) 17087-17086 20553-17084 20613-17084 20725-17084 20823-17084 20860-17084 20956-17084 21093-17086 21094-17084 19683-17084 20412-17084 20788-17084 20925-17086 17087-17086 20553-17084 20613-17084 20725-17084 20823-17084 20860-17084 20956-17084 21093-17086 21094-17084 19683-17084 20412-17084 20788-17084 20925-17086 Important 17087-17086 Important 20553-17084 Important 20613-17084 Important 20725-17084 Important 20823-17084 Important 20860-17084 Important 20956-17084 Important 21093-17086 Important 21094-17084 19683-17084 Important 20412-17084 Important 20788-17084 Important 20925-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20613-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20823-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20956-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21094-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20925-17086 2.0 2025-12-07T01:39:54 <p>Information published.</p> 4.0 2026-01-20T14:37:03 <p>Information published.</p> 5.0 2026-02-18T14:46:18 <p>Information published.</p> 6.0 2026-03-03T14:45:58 <p>Information published.</p> 7.0 2026-03-04T14:36:47 <p>Information published.</p> 8.0 2026-03-31T14:59:56 <p>Information published.</p> 1.0 2025-09-03T23:15:49 <p>Information published.</p> 3.0 2026-01-08T14:38:38 <p>Information published.</p> drm/amd/display: Refactor DMCUB enter/exit idle interface <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52625 19682-17086 19529-17084 18490-17086 19682-17086 19529-17084 18490-17086 19682-17086 Moderate 19529-17084 Moderate 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 1.0 2025-09-03T23:28:13 <p>Information published.</p> 2.0 2026-02-18T14:47:59 <p>Information published.</p> thermal: intel: hfi: Add syscore callbacks for system-wide PM <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-26646 Allocation of Resources Without Limits or Throttling 18490-17086 19682-17086 18490-17086 19682-17086 Moderate 18490-17086 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 1.0 2025-09-03T23:40:44 <p>Information published.</p> 2.0 2026-02-18T14:49:31 <p>Information published.</p> Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-2606 Incorrect Type Conversion or Cast 18469-17084 18469-17084 18469-17084 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 18469-17084 1.0 2025-09-03T23:44:41 <p>Information published.</p> drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-26648 NULL Pointer Dereference 19682-17086 18490-17086 19682-17086 18490-17086 19682-17086 Moderate 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 1.0 2025-09-03T23:45:23 <p>Information published.</p> 2.0 2026-02-18T02:24:10 <p>Information published.</p> bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52621 Reachable Assertion 19682-17086 18490-17086 19682-17086 18490-17086 19682-17086 Moderate 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 CBL-Mariner Releases 19682-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 CBL-Mariner Releases 2.0 2026-02-18T14:55:22 <p>Information published.</p> 1.0 2025-09-04T00:31:29 <p>Information published.</p> nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52508 NULL Pointer Dereference 19682-17086 18490-17086 19682-17086 18490-17086 19682-17086 Moderate 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 1.0 2025-09-04T01:35:25 <p>Information published.</p> 2.0 2026-02-18T15:01:37 <p>Information published.</p> Quoted zip-bomb protection for zipfile <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner PSF Yes CVE-2024-0450 Asymmetric Resource Consumption (Amplification) 17386-16823 17712-17084 19976-17086 19964-17084 17386-16823 17712-17084 19976-17086 19964-17084 Moderate 17386-16823 Moderate 17712-17084 Moderate 19976-17086 Moderate 19964-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17386-16823 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17712-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19976-17086 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19964-17084 CBL-Mariner Releases 17386-16823 19976-17086 No Security Update 3.9.19-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17386-16823 19976-17086 CBL-Mariner Releases CBL-Mariner Releases 17712-17084 19964-17084 No Security Update 3.12.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17712-17084 19964-17084 CBL-Mariner Releases 2.6 2026-02-18T01:38:05 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2024-08-25T00:00:00 <p>Information published.</p> 1.2 2024-08-26T00:00:00 <p>Information published.</p> 1.3 2024-08-27T00:00:00 <p>Information published.</p> 1.4 2024-08-28T00:00:00 <p>Information published.</p> 1.5 2024-08-29T00:00:00 <p>Information published.</p> 1.6 2024-08-30T00:00:00 <p>Information published.</p> 1.7 2024-08-31T00:00:00 <p>Information published.</p> 1.8 2024-09-01T00:00:00 <p>Information published.</p> 1.9 2024-09-02T00:00:00 <p>Information published.</p> 2.0 2024-09-03T00:00:00 <p>Information published.</p> 2.1 2024-09-05T00:00:00 <p>Information published.</p> 2.2 2024-09-06T00:00:00 <p>Information published.</p> 2.3 2024-09-07T00:00:00 <p>Information published.</p> 2.4 2024-09-08T00:00:00 <p>Information published.</p> 2.5 2024-09-11T00:00:00 <p>Information published.</p> Libvirt: off-by-one error in udevlistinterfacesbystatus() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-1441 Off-by-one Error 17387-16823 19893-17086 19891-17084 17387-16823 19893-17086 19891-17084 Moderate 17387-16823 Moderate 19893-17086 Moderate 19891-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17387-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19893-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 19891-17084 CBL-Mariner Releases 17387-16823 19893-17086 No Security Update 7.10.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17387-16823 19893-17086 CBL-Mariner Releases CBL-Mariner Releases 19891-17084 No Security Update 10.0.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19891-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> 2.0 2025-07-11T00:00:00 <p>Added libvirt to Azure Linux 3.0 Added libvirt to CBL-Mariner 2.0</p> 2.1 2026-02-18T01:25:13 <p>Information published.</p> Buildah: full container escape at build time <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-1753 Improper Link Resolution Before File Access ('Link Following') 17699-17084 17793-17084 17699-17084 17793-17084 Important 17699-17084 Important 17793-17084 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 17699-17084 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 17793-17084 CBL-Mariner Releases 17699-17084 17793-17084 No Security Update 20240213-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17699-17084 17793-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:40:58 <p>Information published.</p> Libdwarf: crashes randomly on fuzzed object <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-2002 Double Free 17736-17084 16880-17084 19917-17086 17736-17084 16880-17084 19917-17086 Important 17736-17084 Important 16880-17084 Moderate 19917-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17736-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16880-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19917-17086 CBL-Mariner Releases 17736-17084 16880-17084 No Security Update 0.9.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17736-17084 16880-17084 CBL-Mariner Releases CBL-Mariner Releases 19917-17086 No Security Update 0.9.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19917-17086 CBL-Mariner Releases 1.3 2026-02-18T01:34:15 <p>Information published.</p> 1.0 2024-03-19T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2025-04-01T00:00:00 <p>Added libdwarf to Azure Linux 3.0 Added libdwarf to CBL-Mariner 2.0</p> Usage of disabled protocol <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner curl Yes CVE-2024-2004 Interpretation Conflict 17218-16823 17271-16823 17607-17084 17629-17084 17628-17084 19671-17084 19721-17086 17667-17084 19686-17084 19736-17086 17734-17084 19742-17084 19690-17084 19677-17086 19668-17086 17235-17086 17183-17086 17218-16823 17271-16823 17607-17084 17629-17084 17628-17084 19671-17084 19721-17086 17667-17084 19686-17084 19736-17086 17734-17084 19742-17084 19690-17084 19677-17086 19668-17086 17235-17086 17183-17086 Low 17218-16823 Low 17271-16823 Low 17607-17084 Low 17629-17084 Low 17628-17084 Low 19671-17084 19721-17086 Low 17667-17084 Low 19686-17084 Low 19736-17086 Low 17734-17084 Low 19742-17084 Low 19690-17084 19677-17086 Low 19668-17086 Low 17235-17086 Low 17183-17086 3.5 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 17218-16823 3.5 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 17271-16823 3.5 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 17607-17084 3.5 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 17629-17084 3.5 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 17628-17084 3.5 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 19671-17084 3.5 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 19721-17086 3.5 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 17667-17084 3.5 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 19686-17084 3.5 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 19736-17086 3.5 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 17734-17084 3.5 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 19742-17084 3.5 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 19690-17084 3.5 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 19677-17086 3.5 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 19668-17086 3.5 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 17235-17086 3.5 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 17183-17086 CBL-Mariner Releases 17218-16823 17607-17084 19690-17084 19677-17086 17235-17086 No Security Update 8.0.40-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17218-16823 17607-17084 19690-17084 19677-17086 17235-17086 CBL-Mariner Releases CBL-Mariner Releases 17271-16823 17629-17084 19736-17086 19742-17084 No Security Update 8.8.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17271-16823 17629-17084 19736-17086 19742-17084 CBL-Mariner Releases CBL-Mariner Releases 17628-17084 17734-17084 No Security Update 3.30.3-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17628-17084 17734-17084 CBL-Mariner Releases 2.3 2024-10-05T00:00:00 <p>Information published.</p> 2.6 2024-11-09T00:00:00 <p>Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0</p> 1.0 2024-08-05T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> 2.2 2024-10-01T00:00:00 <p>Information published.</p> 2.4 2024-10-23T00:00:00 <p>Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0</p> 2.5 2024-10-25T00:00:00 <p>Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0</p> 2.7 2024-12-04T00:00:00 <p>Added mysql to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0</p> 3.0 2026-02-18T02:01:47 <p>Information published.</p> A vulnerability in Node.js has been identified allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory potentially leading to process termination depending on the system configuration. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2024-22025 Improper Resource Shutdown or Release 17388-16823 17389-16823 16990-17084 19951-17086 17389-17086 19740-17084 19748-17086 17388-16823 17389-16823 16990-17084 19951-17086 17389-17086 19740-17084 19748-17086 Moderate 17388-16823 Moderate 17389-16823 Moderate 16990-17084 19951-17086 Moderate 17389-17086 Moderate 19740-17084 Moderate 19748-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17388-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17389-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 16990-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19951-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17389-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19740-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19748-17086 CBL-Mariner Releases 17388-16823 19748-17086 No Security Update 18.18.2-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17388-16823 19748-17086 CBL-Mariner Releases CBL-Mariner Releases 17389-16823 19951-17086 17389-17086 No Security Update 16.20.2-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17389-16823 19951-17086 17389-17086 CBL-Mariner Releases CBL-Mariner Releases 16990-17084 19740-17084 No Security Update 20.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16990-17084 19740-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> 2.0 2026-02-18T01:30:51 <p>Information published.</p> In Fluent Bit 2.1.8 through 2.2.1 a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-23722 NULL Pointer Dereference 17381-16823 19701-17086 17381-16823 19701-17086 Important 17381-16823 Important 19701-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17381-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19701-17086 CBL-Mariner Releases 17381-16823 19701-17086 No Security Update 2.2.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17381-16823 19701-17086 CBL-Mariner Releases 1.0 2024-04-01T00:00:00 <p>Information published.</p> 1.1 2024-08-06T00:00:00 <p>Information published.</p> 1.2 2026-02-18T02:09:08 <p>Information published.</p> Libvirt: null pointer dereference in udevconnectlistallinterfaces() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-2496 NULL Pointer Dereference 17387-16823 19893-17086 17387-16823 19893-17086 Moderate 17387-16823 Moderate 19893-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17387-16823 5.0 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H 19893-17086 CBL-Mariner Releases 17387-16823 19893-17086 No Security Update 7.10.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17387-16823 19893-17086 CBL-Mariner Releases 1.2 2026-02-18T01:37:03 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2025-04-09T00:00:00 <p>Added libvirt to CBL-Mariner 2.0</p> An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17 6.x before 6.2.12 6.3.x through 6.5.x before 6.5.5 and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-25580 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 17384-16823 17680-17084 19737-17086 19741-17084 17384-17086 17384-16823 17680-17084 19737-17086 19741-17084 17384-17086 Moderate 17384-16823 Moderate 17680-17084 19737-17086 19741-17084 17384-17086 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17384-16823 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17680-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19737-17086 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19741-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17384-17086 CBL-Mariner Releases 17384-16823 19737-17086 17384-17086 No Security Update 5.12.11-15 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17384-16823 19737-17086 17384-17086 CBL-Mariner Releases CBL-Mariner Releases 17680-17084 19741-17084 No Security Update 6.6.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17680-17084 19741-17084 CBL-Mariner Releases 1.1 2024-10-29T00:00:00 <p>Added qtbase to Azure Linux 3.0</p> 1.2 2025-03-19T00:00:00 <p>Added qt5-qtbase to CBL-Mariner 2.0 Added qtbase to Azure Linux 3.0</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> 2.0 2026-02-18T01:42:59 <p>Information published.</p> pgx SQL Injection via Line Comment Creation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-27289 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 17404-16823 17758-17084 18164-17084 19735-17086 19437-17086 17404-16823 17758-17084 18164-17084 19735-17086 19437-17086 Important 17404-16823 Important 17758-17084 Important 18164-17084 19735-17086 Important 19437-17086 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17404-16823 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17758-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 18164-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19735-17086 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19437-17086 CBL-Mariner Releases 17404-16823 19735-17086 19437-17086 No Security Update 1.29.4-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17404-16823 19735-17086 19437-17086 CBL-Mariner Releases CBL-Mariner Releases 17758-17084 18164-17084 No Security Update 1.31.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17758-17084 18164-17084 CBL-Mariner Releases 1.0 2024-03-11T00:00:00 <p>Information published.</p> 1.2 2024-06-30T07:00:00 <p>Information published.</p> 2.0 2026-02-18T01:03:52 <p>Information published.</p> pgx SQL Injection via Protocol Message Size Overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-27304 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 17405-16823 17758-17084 19735-17086 18164-17084 19437-17086 17405-16823 17758-17084 19735-17086 18164-17084 19437-17086 Critical 17405-16823 Critical 17758-17084 19735-17086 Critical 18164-17084 Critical 19437-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17405-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17758-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19735-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18164-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19437-17086 CBL-Mariner Releases 17405-16823 No Security Update 1.28.5-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17405-16823 CBL-Mariner Releases CBL-Mariner Releases 17758-17084 18164-17084 No Security Update 1.31.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17758-17084 18164-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> 2.0 2026-02-18T01:05:59 <p>Information published.</p> Mio's tokens for named pipes may be delivered after deregistration <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-27308 Use After Free 17811-17084 18815-17084 19714-17086 19721-17086 18469-17084 19695-17086 19700-17086 19707-17086 18012-17086 18011-17086 17183-17086 17811-17084 18815-17084 19714-17086 19721-17086 18469-17084 19695-17086 19700-17086 19707-17086 18012-17086 18011-17086 17183-17086 Important 17811-17084 Important 18815-17084 19714-17086 19721-17086 Important 18469-17084 Important 19695-17086 Important 19700-17086 19707-17086 Important 18012-17086 Important 18011-17086 Important 17183-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 17811-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 18815-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19714-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19721-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 18469-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19695-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19700-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19707-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 18012-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 18011-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 17183-17086 CBL-Mariner Releases 17811-17084 18815-17084 No Security Update 2024.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17811-17084 18815-17084 CBL-Mariner Releases CBL-Mariner Releases 19695-17086 19700-17086 No Security Update 3.2.0.azl2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19695-17086 19700-17086 CBL-Mariner Releases 1.0 2024-03-11T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 2.0 2025-08-06T00:00:00 <p>Added kata-containers to Azure Linux 3.0 Added rpm-ostree to Azure Linux 3.0</p> 3.0 2026-02-18T01:02:56 <p>Information published.</p> Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-28180 Improper Handling of Highly Compressed Data (Data Amplification) 17367-16823 17373-16823 17216-16823 17391-16823 17392-16823 17393-16823 17394-16823 17395-16823 17396-16823 17397-16823 17398-16823 17400-16823 17401-16823 17402-16823 17758-17084 17727-17084 17759-17084 17760-17084 17753-17084 17761-17084 17762-17084 17763-17084 17764-17084 17765-17084 17766-17084 19845-17086 19848-17086 19851-17086 19854-17086 19858-17086 17468-17084 17586-17084 19877-17084 17793-17084 17461-17084 19335-17084 19735-17086 19777-17086 18164-17084 19817-17086 19821-17086 19829-17086 19833-17086 19836-17086 19840-17086 19832-17086 19792-17086 19863-17084 19346-17084 19344-17084 19340-17084 19888-17084 19437-17086 17367-16823 17373-16823 17216-16823 17391-16823 17392-16823 17393-16823 17394-16823 17395-16823 17396-16823 17397-16823 17398-16823 17400-16823 17401-16823 17402-16823 17758-17084 17727-17084 17759-17084 17760-17084 17753-17084 17761-17084 17762-17084 17763-17084 17764-17084 17765-17084 17766-17084 19845-17086 19848-17086 19851-17086 19854-17086 19858-17086 17468-17084 17586-17084 19877-17084 17793-17084 17461-17084 19335-17084 19735-17086 19777-17086 18164-17084 19817-17086 19821-17086 19829-17086 19833-17086 19836-17086 19840-17086 19832-17086 19792-17086 19863-17084 19346-17084 19344-17084 19340-17084 19888-17084 19437-17086 Moderate 17367-16823 Moderate 17373-16823 Moderate 17216-16823 Moderate 17391-16823 Moderate 17392-16823 Moderate 17393-16823 Moderate 17394-16823 Moderate 17395-16823 Moderate 17396-16823 Moderate 17397-16823 Moderate 17398-16823 Moderate 17400-16823 Moderate 17401-16823 Moderate 17402-16823 Moderate 17758-17084 Moderate 17727-17084 Moderate 17759-17084 Moderate 17760-17084 Moderate 17753-17084 Moderate 17761-17084 Moderate 17762-17084 Moderate 17763-17084 Moderate 17764-17084 Moderate 17765-17084 Moderate 17766-17084 Moderate 19845-17086 Moderate 19848-17086 Moderate 19851-17086 Moderate 19854-17086 Moderate 19858-17086 Moderate 17468-17084 Moderate 17586-17084 Moderate 19877-17084 Moderate 17793-17084 Moderate 17461-17084 Moderate 19335-17084 19735-17086 Moderate 19777-17086 Moderate 18164-17084 Moderate 19817-17086 Moderate 19821-17086 Moderate 19829-17086 Moderate 19833-17086 Moderate 19836-17086 Moderate 19840-17086 Moderate 19832-17086 Moderate 19792-17086 Moderate 19863-17084 Moderate 19346-17084 Moderate 19344-17084 Moderate 19340-17084 Moderate 19888-17084 Moderate 19437-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17367-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17373-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17216-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17391-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17392-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17393-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17394-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17395-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17396-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17397-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17398-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17400-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17401-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17402-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17758-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17727-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17759-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17760-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17753-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17761-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17762-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17763-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17764-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17765-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17766-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19845-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19848-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19851-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19854-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19858-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17468-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17586-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19877-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17793-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17461-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19335-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19735-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19777-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 18164-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19817-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19821-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19829-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19833-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19836-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19840-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19832-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19792-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19863-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19346-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19344-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19340-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19888-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19437-17086 CBL-Mariner Releases 17367-16823 19777-17086 No Security Update 1.21.7-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17367-16823 19777-17086 CBL-Mariner Releases CBL-Mariner Releases 17373-16823 19735-17086 19437-17086 No Security Update 1.29.4-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17373-16823 19735-17086 19437-17086 CBL-Mariner Releases CBL-Mariner Releases 17216-16823 19858-17086 No Security Update 1.14.2-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17216-16823 19858-17086 CBL-Mariner Releases CBL-Mariner Releases 17391-16823 19854-17086 No Security Update 1.6.2-23 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17391-16823 19854-17086 CBL-Mariner Releases CBL-Mariner Releases 17392-16823 19851-17086 No Security Update 1.9.5-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17392-16823 19851-17086 CBL-Mariner Releases CBL-Mariner Releases 17393-16823 19848-17086 No Security Update 1.7.7-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17393-16823 19848-17086 CBL-Mariner Releases CBL-Mariner Releases 17394-16823 19845-17086 No Security Update 1.6.26-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17394-16823 19845-17086 CBL-Mariner Releases CBL-Mariner Releases 17395-16823 19832-17086 No Security Update 1.28.4-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17395-16823 19832-17086 CBL-Mariner Releases CBL-Mariner Releases 17396-16823 19840-17086 No Security Update 0.0.2-19 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17396-16823 19840-17086 CBL-Mariner Releases CBL-Mariner Releases 17397-16823 19836-17086 No Security Update 2.4.0-26 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17397-16823 19836-17086 CBL-Mariner Releases CBL-Mariner Releases 17398-16823 19833-17086 No Security Update 2.6.1-20 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17398-16823 19833-17086 CBL-Mariner Releases CBL-Mariner Releases 17400-16823 19829-17086 No Security Update 1.2.0-19 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17400-16823 19829-17086 CBL-Mariner Releases CBL-Mariner Releases 17401-16823 19821-17086 No Security Update 1.55.0-20 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17401-16823 19821-17086 CBL-Mariner Releases CBL-Mariner Releases 17402-16823 19817-17086 No Security Update 1.11.2-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17402-16823 19817-17086 CBL-Mariner Releases CBL-Mariner Releases 17758-17084 18164-17084 No Security Update 1.31.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17758-17084 18164-17084 CBL-Mariner Releases CBL-Mariner Releases 17727-17084 19888-17084 No Security Update 1.14.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17727-17084 19888-17084 CBL-Mariner Releases CBL-Mariner Releases 17759-17084 19335-17084 No Security Update 1.9.5-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17759-17084 19335-17084 CBL-Mariner Releases CBL-Mariner Releases 17760-17084 17461-17084 No Security Update 1.7.7-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17760-17084 17461-17084 CBL-Mariner Releases CBL-Mariner Releases 17753-17084 19340-17084 No Security Update 1.30.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17753-17084 19340-17084 CBL-Mariner Releases CBL-Mariner Releases 17761-17084 19877-17084 No Security Update 2.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17761-17084 19877-17084 CBL-Mariner Releases CBL-Mariner Releases 17762-17084 19344-17084 No Security Update 2.7.3-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17762-17084 19344-17084 CBL-Mariner Releases CBL-Mariner Releases 17763-17084 17586-17084 No Security Update 1.2.0-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17763-17084 17586-17084 CBL-Mariner Releases CBL-Mariner Releases 17764-17084 19346-17084 No Security Update 1.57.0-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17764-17084 19346-17084 CBL-Mariner Releases CBL-Mariner Releases 17765-17084 17468-17084 No Security Update 1.7.13-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17765-17084 17468-17084 CBL-Mariner Releases CBL-Mariner Releases 17766-17084 19863-17084 No Security Update 1.12.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17766-17084 19863-17084 CBL-Mariner Releases 3.1 2024-10-09T00:00:00 <p>Information published.</p> 3.4 2024-11-01T00:00:00 <p>Added dcos-cli to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added kubernetes to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added keda to Azure Linux 3.0</p> 3.5 2024-11-09T00:00:00 <p>Added dcos-cli to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added dcos-cli to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0</p> 3.9 2025-01-30T00:00:00 <p>Added influxdb to Azure Linux 3.0 Added dcos-cli to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added influxdb to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added dcos-cli to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0</p> 4.0 2025-02-01T00:00:00 <p>Added rook to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added dcos-cli to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added dcos-cli to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added keda to Azure Linux 3.0</p> 4.1 2025-02-13T00:00:00 <p>Added moby-containerd to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added dcos-cli to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added dcos-cli to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added keda to Azure Linux 3.0</p> 4.2 2025-02-14T00:00:00 <p>Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added dcos-cli to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added dcos-cli to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added keda to Azure Linux 3.0</p> 4.5 2025-03-14T00:00:00 <p>Added packer to Azure Linux 3.0 Added containerd to Azure Linux 3.0 Added moby-containerd-cc to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added dcos-cli to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added dcos-cli to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0</p> 1.0 2024-04-11T00:00:00 <p>Information published.</p> 1.2 2024-06-30T07:00:00 <p>Information published.</p> 1.3 2024-08-16T00:00:00 <p>Information published.</p> 1.4 2024-08-25T00:00:00 <p>Information published.</p> 1.5 2024-08-26T00:00:00 <p>Information published.</p> 1.6 2024-08-27T00:00:00 <p>Information published.</p> 1.7 2024-08-28T00:00:00 <p>Information published.</p> 1.8 2024-08-29T00:00:00 <p>Information published.</p> 1.9 2024-08-30T00:00:00 <p>Information published.</p> 2.0 2024-08-31T00:00:00 <p>Information published.</p> 2.1 2024-09-01T00:00:00 <p>Information published.</p> 2.2 2024-09-02T00:00:00 <p>Information published.</p> 2.3 2024-09-03T00:00:00 <p>Information published.</p> 2.4 2024-09-05T00:00:00 <p>Information published.</p> 2.5 2024-09-06T00:00:00 <p>Information published.</p> 2.6 2024-09-07T00:00:00 <p>Information published.</p> 2.7 2024-09-08T00:00:00 <p>Information published.</p> 2.8 2024-09-11T00:00:00 <p>Information published.</p> 2.9 2024-09-13T00:00:00 <p>Information published.</p> 3.0 2024-10-05T00:00:00 <p>Information published.</p> 3.2 2024-10-12T00:00:00 <p>Information published.</p> 3.3 2024-10-16T00:00:00 <p>Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added kubernetes to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added keda to Azure Linux 3.0</p> 3.6 2024-11-14T00:00:00 <p>Added skopeo to CBL-Mariner 2.0 Added dcos-cli to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added dcos-cli to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added keda to Azure Linux 3.0</p> 3.7 2024-12-03T00:00:00 <p>Added cert-manager to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added dcos-cli to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added dcos-cli to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added keda to Azure Linux 3.0</p> 3.8 2025-01-24T00:00:00 <p>Added influxdb to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added dcos-cli to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added dcos-cli to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added keda to Azure Linux 3.0</p> 4.3 2025-02-16T00:00:00 <p>Added moby-containerd-cc to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added dcos-cli to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0 Added containerized-data-importer to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added dcos-cli to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added keda to Azure Linux 3.0</p> 4.4 2025-02-26T00:00:00 <p>Added containerd to Azure Linux 3.0 Added moby-containerd-cc to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added dcos-cli to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added cert-manager to Azure Linux 3.0 Added skopeo to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added keda to Azure Linux 3.0 Added moby-containerd-cc to CBL-Mariner 2.0 Added keda to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added moby-containerd to CBL-Mariner 2.0 Added rook to CBL-Mariner 2.0 Added influxdb to CBL-Mariner 2.0 Added cert-manager to CBL-Mariner 2.0 Added containerized-data-importer to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added dcos-cli to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added kube-vip-cloud-provider to CBL-Mariner 2.0 Added cri-o to CBL-Mariner 2.0</p> 5.0 2026-02-18T01:21:19 <p>Information published.</p> Gnutls: potential crash during chain building/verification <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-28835 Uncaught Exception 17380-16823 17775-17084 17479-17084 17380-16823 17775-17084 17479-17084 Moderate 17380-16823 Moderate 17775-17084 Moderate 17479-17084 5.0 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H 17380-16823 5.0 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H 17775-17084 5.0 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H 17479-17084 CBL-Mariner Releases 17380-16823 No Security Update 3.7.11-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17380-16823 CBL-Mariner Releases CBL-Mariner Releases 17775-17084 17479-17084 No Security Update 3.8.3-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17775-17084 17479-17084 CBL-Mariner Releases 1.0 2024-11-09T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:11:02 <p>Information published.</p> node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-28863 Uncontrolled Resource Consumption 17377-16823 17371-16823 16990-17084 19820-17086 19693-17084 20044-17086 20131-17084 18381-17086 19740-17084 19770-17086 19712-17086 17377-16823 17371-16823 16990-17084 19820-17086 19693-17084 20044-17086 20131-17084 18381-17086 19740-17084 19770-17086 19712-17086 Moderate 17377-16823 Moderate 17371-16823 Moderate 16990-17084 Moderate 19820-17086 Moderate 19693-17084 Moderate 20044-17086 Moderate 20131-17084 Moderate 18381-17086 Moderate 19740-17084 19770-17086 Moderate 19712-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17377-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17371-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 16990-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19820-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19693-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20044-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20131-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18381-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19740-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19770-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19712-17086 CBL-Mariner Releases 17377-16823 19820-17086 No Security Update 3.1.1-17 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17377-16823 19820-17086 CBL-Mariner Releases CBL-Mariner Releases 17371-16823 18381-17086 19770-17086 No Security Update 18.20.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17371-16823 18381-17086 19770-17086 CBL-Mariner Releases CBL-Mariner Releases 16990-17084 19740-17084 No Security Update 20.14.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16990-17084 19740-17084 CBL-Mariner Releases 2.0 2025-12-18T01:04:40 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2024-07-10T00:00:00 <p>Information published.</p> 1.2 2025-03-25T00:00:00 <p>Added reaper to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0 Added nodejs to Azure Linux 3.0</p> 3.0 2026-02-18T02:16:39 <p>Information published.</p> External DNS requests from 'internal' networks could lead to data exfiltration <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-29018 Incorrect Resource Transfer Between Spheres 17358-16823 17781-17084 19422-17086 19729-17084 19798-17086 17358-16823 17781-17084 19422-17086 19729-17084 19798-17086 Important 17358-16823 Important 17781-17084 Moderate 19422-17086 Moderate 19729-17084 19798-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17358-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17781-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 19422-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 19729-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 19798-17086 CBL-Mariner Releases 17358-16823 19422-17086 19798-17086 No Security Update 24.0.9-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17358-16823 19422-17086 19798-17086 CBL-Mariner Releases CBL-Mariner Releases 17781-17084 19729-17084 No Security Update 25.0.3-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17781-17084 19729-17084 CBL-Mariner Releases 1.2 2024-10-15T00:00:00 <p>Added moby-engine to Azure Linux 3.0 Added moby-engine to CBL-Mariner 2.0</p> 1.0 2024-09-13T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> 1.3 2024-12-03T00:00:00 <p>Added moby-engine to CBL-Mariner 2.0 Added moby-engine to Azure Linux 3.0</p> 1.4 2025-04-09T00:00:00 <p>Added moby-engine to CBL-Mariner 2.0 Added moby-engine to Azure Linux 3.0</p> 2.0 2026-02-18T01:41:59 <p>Information published.</p> Express.js Open Redirect in malformed URLs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-29041 URL Redirection to Untrusted Site ('Open Redirect') 17334-16823 19806-17086 19693-17084 17334-16823 19806-17086 19693-17084 Moderate 17334-16823 Moderate 19806-17086 Moderate 19693-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17334-16823 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19806-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19693-17084 CBL-Mariner Releases 17334-16823 19806-17086 No Security Update 3.1.1-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17334-16823 19806-17086 CBL-Mariner Releases 1.0 2024-04-01T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2026-02-18T02:23:33 <p>Information published.</p> Azure C SDK Integer Wraparound Vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-29195 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 17778-17084 19861-17084 19859-17086 17778-17084 19861-17084 19859-17086 Moderate 17778-17084 Moderate 19861-17084 Moderate 19859-17086 6.0 6.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L 17778-17084 6.0 6.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L 19861-17084 6.0 6.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L 19859-17086 CBL-Mariner Releases 17778-17084 19861-17084 No Security Update 2024.03.04-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17778-17084 19861-17084 CBL-Mariner Releases CBL-Mariner Releases 19859-17086 No Security Update 2022.01.21-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19859-17086 CBL-Mariner Releases 1.1 2025-03-19T00:00:00 <p>Added azure-iot-sdk-c to CBL-Mariner 2.0 Added azure-iot-sdk-c to Azure Linux 3.0</p> 1.2 2026-02-18T01:44:00 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> In Emacs before 29.3 arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-30202 Improper Control of Generation of Code ('Code Injection') 17382-16823 17776-17084 20109-17086 19239-17084 17382-16823 17776-17084 20109-17086 19239-17084 Important 17382-16823 Important 17776-17084 20109-17086 19239-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17382-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17776-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20109-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19239-17084 CBL-Mariner Releases 17382-16823 17776-17084 20109-17086 19239-17084 No Security Update 29.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17382-16823 17776-17084 20109-17086 19239-17084 CBL-Mariner Releases 1.1 2024-11-15T00:00:00 <p>Added emacs to CBL-Mariner 2.0 Added emacs to Azure Linux 3.0</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> In Emacs before 29.3 Gnus treats inline MIME contents as trusted. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-30203 17382-16823 17776-17084 20109-17086 19239-17084 17382-16823 17776-17084 20109-17086 19239-17084 Moderate 17382-16823 Moderate 17776-17084 20109-17086 19239-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17382-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17776-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20109-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19239-17084 CBL-Mariner Releases 17382-16823 17776-17084 20109-17086 19239-17084 No Security Update 29.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17382-16823 17776-17084 20109-17086 19239-17084 CBL-Mariner Releases 1.1 2024-11-08T00:00:00 <p>Added emacs to CBL-Mariner 2.0 Added emacs to Azure Linux 3.0</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> In Emacs before 29.3 Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-30205 Download of Code Without Integrity Check 17382-16823 17776-17084 20109-17086 19239-17084 17382-16823 17776-17084 20109-17086 19239-17084 Important 17382-16823 Important 17776-17084 20109-17086 19239-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H 17382-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H 17776-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H 20109-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H 19239-17084 CBL-Mariner Releases 17382-16823 17776-17084 20109-17086 19239-17084 No Security Update 29.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17382-16823 17776-17084 20109-17086 19239-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2024-12-07T00:00:00 <p>Added emacs to CBL-Mariner 2.0 Added emacs to Azure Linux 3.0</p> In GNU tar before 1.35 mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner MITRE Yes CVE-2023-39804 20044-17086 20044-17086 Moderate 20044-17086 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20044-17086 CBL-Mariner Releases 20044-17086 No Security Update 1.34-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20044-17086 CBL-Mariner Releases 1.0 2024-11-23T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:36:29 <p>Information published.</p> erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-50966 Uncontrolled Resource Consumption 18127-16823 18128-17084 18238-17084 19983-17086 18127-16823 18128-17084 18238-17084 19983-17086 Moderate 18127-16823 Moderate 18128-17084 Important 18238-17084 Important 19983-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 18127-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 18128-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 18238-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19983-17086 CBL-Mariner Releases 18127-16823 19983-17086 No Security Update 3.11.24-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18127-16823 19983-17086 CBL-Mariner Releases CBL-Mariner Releases 18128-17084 18238-17084 No Security Update 3.13.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18128-17084 18238-17084 CBL-Mariner Releases 1.0 2024-10-15T00:00:00 <p>Information published.</p> 1.1 2025-02-16T00:00:00 <p>Added rabbitmq-server to CBL-Mariner 2.0 Added rabbitmq-server to Azure Linux 3.0</p> 1.2 2026-02-18T01:59:29 <p>Information published.</p> Iperf3: possible denial of service <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-7250 Permissive List of Allowed Inputs 19985-17086 17339-16823 19985-17086 17339-16823 Moderate 19985-17086 Moderate 17339-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19985-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17339-16823 CBL-Mariner Releases 19985-17086 17339-16823 No Security Update 3.17-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19985-17086 17339-16823 CBL-Mariner Releases 1.2 2026-02-18T01:36:21 <p>Information published.</p> 1.0 2024-03-25T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> Verify panics on certificates with an unknown public key algorithm in crypto/x509 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2024-24783 NULL Pointer Dereference 17375-16823 19718-17086 19747-17086 18315-17084 19778-17086 19668-17086 17667-17084 19693-17084 19697-17084 18447-17086 19730-17086 19785-17086 19712-17086 18444-17086 17375-16823 19718-17086 19747-17086 18315-17084 19778-17086 19668-17086 17667-17084 19693-17084 19697-17084 18447-17086 19730-17086 19785-17086 19712-17086 18444-17086 Moderate 17375-16823 19718-17086 19747-17086 Moderate 18315-17084 19778-17086 19668-17086 17667-17084 19693-17084 Moderate 19697-17084 18447-17086 19730-17086 19785-17086 19712-17086 18444-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 17375-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 19718-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 19747-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 18315-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 19778-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 19668-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 17667-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 19693-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 19697-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 18447-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 19730-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 19785-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 19712-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 18444-17086 CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases CBL-Mariner Releases 19778-17086 19785-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19778-17086 19785-17086 CBL-Mariner Releases 1.0 2025-09-04T00:29:44 <p>Information published.</p> 2.0 2026-02-18T14:46:40 <p>Information published.</p> Comments in display names are incorrectly handled in net/mail <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2024-24784 17375-16823 19718-17086 19747-17086 19730-17086 18315-17084 19679-17084 19785-17086 19778-17086 19693-17084 19697-17084 18447-17086 19712-17086 19668-17086 17667-17084 18444-17086 17375-16823 19718-17086 19747-17086 19730-17086 18315-17084 19679-17084 19785-17086 19778-17086 19693-17084 19697-17084 18447-17086 19712-17086 19668-17086 17667-17084 18444-17086 Important 17375-16823 19718-17086 19747-17086 Moderate 19730-17086 Important 18315-17084 Moderate 19679-17084 Moderate 19785-17086 Important 19778-17086 Important 19693-17084 Important 19697-17084 Moderate 18447-17086 Moderate 19712-17086 Moderate 19668-17086 Important 17667-17084 Moderate 18444-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 17375-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19718-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19747-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19730-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 18315-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19679-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19785-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19778-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19697-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 18447-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19712-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 19668-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 17667-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 18444-17086 CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases CBL-Mariner Releases 19718-17086 19785-17086 19778-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19718-17086 19785-17086 19778-17086 CBL-Mariner Releases 1.0 2025-09-03T23:48:08 <p>Information published.</p> 1.1 2026-02-21T00:21:34 <p>Information published.</p> 2.0 2026-02-21T00:21:40 <p>Information published.</p> In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-30204 Incorrect Default Permissions 17777-17084 19745-17086 17168-17086 17777-17084 19745-17086 17168-17086 Low 17777-17084 19745-17086 17168-17086 2.8 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L 17777-17084 2.8 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L 19745-17086 2.8 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L 17168-17086 CBL-Mariner Releases 17777-17084 No Security Update 29.3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17777-17084 CBL-Mariner Releases CBL-Mariner Releases 19745-17086 17168-17086 No Security Update 29.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19745-17086 17168-17086 CBL-Mariner Releases 1.0 2025-09-03T21:51:16 <p>Information published.</p> 2.0 2026-02-18T02:05:03 <p>Information published.</p> wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52593 NULL Pointer Dereference 17123-16823 19673-17086 17095-17086 17123-16823 19673-17086 17095-17086 Moderate 17123-16823 19673-17086 Moderate 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 17123-16823 No Security Update 5.15.173.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17123-16823 CBL-Mariner Releases 1.0 2025-09-03T19:45:05 <p>Information published.</p> 2.0 2026-02-18T14:30:36 <p>Information published.</p> jfs: fix array-index-out-of-bounds in dbAdjTree <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52601 Improper Validation of Array Index 17471-17084 17156-16823 17495-17084 19705-17086 17099-17086 17471-17084 17156-16823 17495-17084 19705-17086 17099-17086 Important 17471-17084 Important 17156-16823 Important 17495-17084 19705-17086 Important 17099-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17471-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17156-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17495-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19705-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17099-17086 CBL-Mariner Releases 17156-16823 No Security Update 5.15.167.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17156-16823 CBL-Mariner Releases CBL-Mariner Releases 17495-17084 No Security Update 6.6.57.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17495-17084 CBL-Mariner Releases 1.0 2025-09-03T22:32:54 <p>Information published.</p> 2.0 2026-02-18T14:16:28 <p>Information published.</p> Memory exhaustion in multipart form parsing in net/textproto and net/http <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2023-45290 Allocation of Resources Without Limits or Throttling 19730-17086 19785-17086 19668-17086 19693-17084 18447-17086 17375-16823 19718-17086 19747-17086 18315-17084 19778-17086 19712-17086 17667-17084 19697-17084 18444-17086 19730-17086 19785-17086 19668-17086 19693-17084 18447-17086 17375-16823 19718-17086 19747-17086 18315-17084 19778-17086 19712-17086 17667-17084 19697-17084 18444-17086 19730-17086 19785-17086 19668-17086 19693-17084 18447-17086 Moderate 17375-16823 19718-17086 19747-17086 Moderate 18315-17084 19778-17086 19712-17086 17667-17084 Moderate 19697-17084 18444-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19730-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19785-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19668-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19693-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18447-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17375-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19718-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19747-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18315-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19778-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19712-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17667-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19697-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18444-17086 CBL-Mariner Releases 19785-17086 19778-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19785-17086 19778-17086 CBL-Mariner Releases CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases 1.0 2025-09-04T00:08:16 <p>Information published.</p> 2.0 2026-02-18T14:44:04 <p>Information published.</p> If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner canonical Yes CVE-2024-2314 17767-17084 19404-17084 17767-17084 19404-17084 Low 17767-17084 Low 19404-17084 2.8 2.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L 17767-17084 2.8 2.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L 19404-17084 CBL-Mariner Releases 17767-17084 19404-17084 No Security Update 0.29.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17767-17084 19404-17084 CBL-Mariner Releases 1.0 2025-09-03T21:08:32 <p>Information published.</p> 1.1 2026-02-18T14:30:47 <p>Information published.</p> latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. https://nvd.nist.gov/vuln/detail/CVE-2023-50967 https://nvd.nist.gov/vuln/detail/CVE-2023-50967 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-50967 Uncontrolled Resource Consumption 12356 12357 12356 12357 12356 12357 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12356 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12357 jose 12356 jose-14-3.azl3.x86_64.rpm 0001-01-01T00:00:00 libjose-14-3.azl3.x86_64.rpm 0001-01-01T00:00:00 libjose-devel-14-3.azl3.x86_64.rpm 0001-01-01T00:00:00 jose-debuginfo-14-3.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 14-3 https://nvd.nist.gov/vuln/detail/CVE-2023-50967 12356 jose jose 12357 jose-14-3.azl3.aarch64.rpm 0001-01-01T00:00:00 libjose-14-3.azl3.aarch64.rpm 0001-01-01T00:00:00 libjose-devel-14-3.azl3.aarch64.rpm 0001-01-01T00:00:00 jose-debuginfo-14-3.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 14-3 https://nvd.nist.gov/vuln/detail/CVE-2023-50967 12357 jose 1.0 2025-07-11T00:00:00 <p>Information published.</p> sysctl: Fix out of bounds access for empty sysctl registers <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52596 Out-of-bounds Write 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 1.0 2025-09-03T22:11:24 <p>Information published.</p> 2.0 2026-03-03T14:39:24 <p>Information published.</p> 3.0 2026-03-31T14:48:22 <p>Information published.</p> An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-29943 Out-of-bounds Read 18469-17084 18469-17084 Critical 18469-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18469-17084 1.1 2026-02-18T14:56:30 <p>Information published.</p> 1.0 2025-09-04T00:02:18 <p>Information published.</p> Azure SDK Spoofing Vulnerability <p><strong>What actions do customers need to take to protect themselves from this vulnerability?</strong></p> <p>Customers with deployments created prior to Oct 19. 2023 must manually upgrade azure-core to Azure Core Build 1.29.5 or higher to be protected. For information reference the following: <a href="https://azure.github.io/azure-sdk/releases/latest/index.html">https://azure.github.io/azure-sdk/releases/latest/index.html</a>. Customers with deployments created after October 19, 2023 recieved the fix automatically and no action is needed.</p> Azure SDK Microsoft Yes CVE-2024-21421 Dependency on Vulnerable Third-Party Component 11797 Spoofing 11797 Important 11797 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11797 Release Notes https://azure.github.io/azure-sdk/ 11797 Maybe Security Update 1.29.5 https://learn.microsoft.com/en-us/dotnet/api/overview/azure/core-readme?view=azure-dotnet 11797 Release Notes Chris Burr Chris Burr 1.0 2024-03-12T07:00:00 <p>Information published.</p> Microsoft Defender Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An authenticated attacker who successfully exploited this vulnerability could prevent Microsoft Defender from starting.</p> <table> <thead> <tr> <th>References</th> <th>Identification</th> </tr> </thead> <tbody> <tr> <td>Last version of the Windows Defender Antimalware Platform affected by this vulnerability</td> <td>Version 4.18.23110.3</td> </tr> <tr> <td>First version of the Windows Defender Antimalware Platform with this vulnerability addressed</td> <td>Version 4.18.24010.12</td> </tr> </tbody> </table> <p>See <a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus">Manage Updates Baselines Microsoft Defender Antivirus</a> for more information.</p> <p><strong>Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue?</strong></p> <p>Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state.</p> <p><strong>Why is no action required to install this update?</strong></p> <p>In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Windows Defender Antimalware Platform. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.</p> <p>For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Windows Defender Antimalware Platform are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.</p> <p>Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Windows Defender Antimalware Platform updates and malware definitions, is working as expected in their environment.</p> <p><strong>How often are the Windows Defender Antimalware Platform and malware definitions updated?</strong></p> <p>Microsoft typically releases an update for the Windows Defender Antimalware Platform once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed.</p> <p>Depending on which Microsoft antimalware software is used and how it is configured, the software may search for platform, engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.</p> <p><strong>What is the Windows Defender Antimalware Platform?</strong></p> <p>The Windows Defender Antimalware Platform is a collection of user-mode binaries (e.g. MsMpEng.exe) and kernel-mode drivers that run on top of Windows to keep devices protected against new and prevalent threats.</p> <p><strong>Windows Defender uses the Windows Defender Antimalware Platform. On which products is Defender installed and active by default?</strong></p> <p>Defender runs on all supported versions of Windows.</p> <p><strong>Are there other products that use the Windows Defender Antimalware Platform?</strong></p> <p>Yes, Microsoft System Center Endpoint Protection, Microsoft System Center 2012 R2 Endpoint Protection, Microsoft System Center 2012 Endpoint Protection and Microsoft Security Essentials.</p> <p><strong>Does this update contain any additional security-related changes to functionality?</strong></p> <p>Yes.  In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features.</p> <h2 id="suggested-actions">Suggested Actions</h2> <p><strong>Verify that the update is installed</strong></p> <p>Customers should verify that the latest version of the Microsoft Malware Protection Platform and definition updates are being actively downloaded and installed for their Microsoft antimalware products.</p> <ol> <li>Open the Windows Security program. For example, type Security in the Search bar, and select the Windows Security program.</li> <li>In the navigation pane, select Virus &amp; threat protection.</li> <li>Under Virus &amp; threat protection updates in the main window, select Check for updates</li> <li>Select Check for updates again.</li> <li>In the navigation pane, select Settings, and then select About.</li> <li>Examine the Platform Version number. The update was successfully installed if the Malware Protection Platform version number or the signature package version number matches or exceeds the version number that you are trying to verify as installed.</li> </ol> Windows Defender Microsoft Yes CVE-2024-20671 Incorrect Default Permissions 11744 Security Feature Bypass 11744 Important 11744 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11744 Release Notes 11744 No Security Update 4.18.24010.12 https://www.microsoft.com/en-us/wdsi/defenderupdates 11744 Release Notes Manuel Feifel with <a href="https://infoguard.ch/">Infoguard (Vurex)</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Microsoft Office SharePoint Microsoft Yes CVE-2024-21426 Use After Free 10950 11585 11961 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 5002559 https://www.microsoft.com/download/details.aspx?familyid=332a33f5-8d03-4ca9-b652-5828321d4a94 5002541 10950 Maybe Security Update 16.0.5439.1000 https://support.microsoft.com/help/5002559 10950 5002559 5002562 https://www.microsoft.com/download/details.aspx?familyid=2d65c041-a750-42d6-8af0-1fa765aa4a3f 5002539 11585 Maybe Security Update 16.0.10408.20000 https://support.microsoft.com/help/5002562 11585 5002562 5002564 https://www.microsoft.com/download/details.aspx?familyid=6215f691-2621-421f-a643-760e222f37b0 11961 Maybe Security Update 16.0.17328.20136 https://support.microsoft.com/help/5002564 11961 5002564 5002564 https://support.microsoft.com/help/5002564 11961 kap0k 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows USB Hub Driver Remote Code Execution Vulnerability Windows USB Hub Driver Microsoft Yes CVE-2024-21429 Numeric Truncation Error 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035920 5034795 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22567 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035920 5035920 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035933 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035933 9312 10287 9318 9344 Yes Security Only 6.0.6003.22567 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035933 5035933 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035888 5034831 10051 10049 Yes Monthly Rollup 6.1.7601.27017 https://support.microsoft.com/help/5035888 10051 10049 5035888 5035919 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035919 10051 10049 Yes Security Only 6.1.7601.27017 https://support.microsoft.com/help/5035919 10051 10049 5035919 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to physically access the target device. To gain access, an attacker must acquire the device after being unlocked by a legitimate user (target of opportunity) or possess the ability to pass device authentication or password protection mechanisms.</p> Windows USB Serial Driver Microsoft Yes CVE-2024-21430 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 12242 12244 12243 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Remote Code Execution 12242 Remote Code Execution 12244 Remote Code Execution 12243 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Important 12242 Important 12244 Important 12243 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11568 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11569 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11570 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11571 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11572 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11923 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11924 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11926 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11927 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11929 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11930 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 11931 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12085 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12086 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12097 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12098 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12099 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 10729 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 10735 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 10852 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 10853 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 10816 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 10855 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 10378 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 10379 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 10483 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 10543 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12242 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12244 5.7 5.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12243 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Microsoft AllJoyn API Denial of Service Vulnerability Windows AllJoyn API Microsoft Yes CVE-2024-21438 Divide By Zero 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 <a href="https://twitter.com/ezrak1e">ziming zhang</a> with Ant Security Light-Year Lab 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows Telephony Server Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could execute code in the security context of the “NT AUTHORITY\Network Service” account.</p> Windows Telephony Server Microsoft Yes CVE-2024-21439 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035920 5034795 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22567 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035920 5035920 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035933 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035933 9312 10287 9318 9344 Yes Security Only 6.0.6003.22567 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035933 5035933 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035888 5034831 10051 10049 Yes Monthly Rollup 6.1.7601.27017 https://support.microsoft.com/help/5035888 10051 10049 5035888 5035919 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035919 10051 10049 Yes Security Only 6.1.7601.27017 https://support.microsoft.com/help/5035919 10051 10049 5035919 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2024-21441 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035920 5034795 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22567 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035920 5035920 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035933 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035933 9312 10287 9318 9344 Yes Security Only 6.0.6003.22567 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035933 5035933 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035888 5034831 10051 10049 Yes Monthly Rollup 6.1.7601.27017 https://support.microsoft.com/help/5035888 10051 10049 5035888 5035919 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035919 10051 10049 Yes Security Only 6.1.7601.27017 https://support.microsoft.com/help/5035919 10051 10049 5035919 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 Anonymous 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows USB Print Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows USB Print Driver Microsoft Yes CVE-2024-21442 Improper Null Termination 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 <a href="https://abysslab.github.io/">Jongseong Kim</a>, <a href="https://blog.rolling.run/">Byunghyun Kang</a>, <a href="https://hello.sangjun.xyz/">Sangjun Park</a>, <a href="https://r136a1x27.github.io/">Yunjin Park</a>, <a href="https://blog.sechack.kr/">Kwon Yul</a> and <a href="https://mylostchristmas.kro.kr/">Seungchan Kim</a> with <a href="https://www.kitribob.kr/">우리 오늘부터 0-day? (BoB 12th)</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability?</strong></p> <p>An administrative user must be convinced to open a malicious COM object like an .rtf file.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2024-21443 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 CHEN QINGYANG with Topsec Alpha Team 1.0 2024-03-12T07:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2024-21444 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035920 5034795 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22567 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035920 5035920 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035933 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035933 9312 10287 9318 9344 Yes Security Only 6.0.6003.22567 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035933 5035933 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035888 5034831 10051 10049 Yes Monthly Rollup 6.1.7601.27017 https://support.microsoft.com/help/5035888 10051 10049 5035888 5035919 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035919 10051 10049 Yes Security Only 6.1.7601.27017 https://support.microsoft.com/help/5035919 10051 10049 5035919 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 Anonymous 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows USB Print Driver Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows USB Print Driver Microsoft Yes CVE-2024-21445 Double Free 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 <a href="https://abysslab.github.io/">Jongseong Kim</a>, <a href="https://blog.rolling.run/">Byunghyun Kang</a>, <a href="https://hello.sangjun.xyz/">Sangjun Park</a>, <a href="https://r136a1x27.github.io/">Yunjin Park</a>, <a href="https://blog.sechack.kr/">Kwon Yul</a> and <a href="https://mylostchristmas.kro.kr/">Seungchan Kim</a> with <a href="https://www.kitribob.kr/">우리 오늘부터 0-day? (BoB 12th)</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> NTFS Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows NTFS Microsoft Yes CVE-2024-21446 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035920 5034795 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22567 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035920 5035920 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035933 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035933 9312 10287 9318 9344 Yes Security Only 6.0.6003.22567 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035933 5035933 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035888 5034831 10051 10049 Yes Monthly Rollup 6.1.7601.27017 https://support.microsoft.com/help/5035888 10051 10049 5035888 5035919 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035919 10051 10049 Yes Security Only 6.1.7601.27017 https://support.microsoft.com/help/5035919 10051 10049 5035919 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 Anonymous 1.0 2024-03-12T07:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2024-21450 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035920 5034795 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22567 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035920 5035920 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035933 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035933 9312 10287 9318 9344 Yes Security Only 6.0.6003.22567 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035933 5035933 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035888 5034831 10051 10049 Yes Monthly Rollup 6.1.7601.27017 https://support.microsoft.com/help/5035888 10051 10049 5035888 5035919 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035919 10051 10049 Yes Security Only 6.1.7601.27017 https://support.microsoft.com/help/5035919 10051 10049 5035919 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 Anonymous 1.0 2024-03-12T07:00:00 <p>Information published.</p> Microsoft ODBC Driver Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> Microsoft WDAC ODBC Driver Microsoft Yes CVE-2024-21451 Numeric Truncation Error 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035920 5034795 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22567 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035920 5035920 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035933 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035933 9312 10287 9318 9344 Yes Security Only 6.0.6003.22567 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035933 5035933 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035888 5034831 10051 10049 Yes Monthly Rollup 6.1.7601.27017 https://support.microsoft.com/help/5035888 10051 10049 5035888 5035919 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035919 10051 10049 Yes Security Only 6.1.7601.27017 https://support.microsoft.com/help/5035919 10051 10049 5035919 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 Anonymous 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows Standards-Based Storage Management Service Denial of Service Vulnerability Windows Standards-Based Storage Management Service Microsoft Yes CVE-2024-26197 Improper Input Validation 11571 11572 11923 11924 10816 10855 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 10816 Denial of Service 10855 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10816 10855 5035855 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Microsoft ODBC Driver Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> Windows ODBC Driver Microsoft Yes CVE-2024-26159 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035920 5034795 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22567 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035920 5035920 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035933 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035933 9312 10287 9318 9344 Yes Security Only 6.0.6003.22567 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035933 5035933 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035888 5034831 10051 10049 Yes Monthly Rollup 6.1.7601.27017 https://support.microsoft.com/help/5035888 10051 10049 5035888 5035919 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035919 10051 10049 Yes Security Only 6.1.7601.27017 https://support.microsoft.com/help/5035919 10051 10049 5035919 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 Anonymous 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows Kerberos Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>The authentication feature could be bypassed as this vulnerability allows impersonation.</p> Windows Kerberos Microsoft Yes CVE-2024-21427 Improper Authentication 11571 11572 11923 11924 12244 10816 10855 10483 10543 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 12244 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12244 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5036896 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5036896 5035849 11571 11572 Yes Security Update 10.0.17763.5696 https://support.microsoft.com/help/5036896 11571 11572 5036896 5036909 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5036909 11923 11924 Yes Security Update 10.0.20348.2402 https://support.microsoft.com/help/5036909 11923 11924 5036909 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5036910 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5036910 5035856 12244 Yes Security Update 10.0.25398.830 https://support.microsoft.com/help/5036910 12244 5036910 5036899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5036899 5035855 10816 10855 Yes Security Update 10.0.14393.6897 https://support.microsoft.com/help/5036899 10816 10855 5036899 5036960 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5036960 5035885 10483 10543 Yes Monthly Rollup 6.3.9600.21924 https://support.microsoft.com/help/5036960 10483 10543 5036960 Jo Sutton with Catalyst IT <a href="https://twitter.com/4ndr3w6s">Andrew Schwartz</a> with <a href="https://www.trustedsec.com/">TrustedSec</a> and <a href="https://twitter.com/exploitph">Charlie Clark</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> 2.0 2024-04-09T07:00:00 <p>The following changes have been made: 1) In the Security Updates table, removed all supported client versions of Windows 10 and Windows 11 as they are not affected by this vulnerability. 2) To comprehensively address CVE-2024-21427 Microsoft has released April 2024 security updates for all affected versions of Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2022, 23H2 Edition. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> 2.1 2024-04-25T07:00:00 <p>Updated acknowledgment. This is an informational change only.</p> Microsoft Exchange Server Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could exploit the vulnerability by placing a specially crafted file onto an online directory or in a local network location then convincing the user to open it. In a successful attack, this will then load a malicious DLL which could lead to a remote code execution.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires a specially crafted file to be placed either in an online directory or in a local network location. When a victim runs this file, it loads the malicious DLL.</p> Microsoft Exchange Server Microsoft Yes CVE-2024-26198 Untrusted Search Path 12293 12191 12039 Remote Code Execution 12293 Remote Code Execution 12191 Remote Code Execution 12039 Important 12293 Important 12191 Important 12039 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12293 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12191 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 5037224 https://www.microsoft.com/download/details.aspx?familyid=8c2c81e5-fc91-4ee6-bc5f-ed5d1a423017 5036401 12293 Yes Security Update 15.02.1258.034 https://support.microsoft.com/help/5037224 12293 5037224 5037224 https://www.microsoft.com/download/details.aspx?familyid=11b316cf-c030-43e0-9a09-2717bb9630c5 5036402 12191 Yes Security Update 15.02.1544.011 https://support.microsoft.com/help/5037224 12191 5037224 5037224 https://www.microsoft.com/download/details.aspx?familyid=11b316cf-c030-43e0-9a09-2717bb9630c5 5036386 12039 Yes Security Update 15.01.2507.039 https://support.microsoft.com/help/5037224 12039 5037224 kap0k 1.0 2024-03-12T07:00:00 <p>Information published.</p> 2.0 2024-04-23T07:00:00 <p>Microsoft is announcing the release of a new version of the Microsoft Exchange Server updates to address all known issues that were identified in the March 2024 Security Updates. Microsoft strongly recommends installing these new updates to address the vulnerability identified by CVE-2024-26198.</p> Microsoft Office Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Office Microsoft Yes CVE-2024-26199 Improper Link Resolution Before File Access ('Link Following') 11763 Elevation of Privilege 11763 Important 11763 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 Click to Run 11763 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates 11763 Click to Run Iván Almuiña from Hacking Corporation Sàrl 1.0 2024-03-12T07:00:00 <p>Information published.</p> Microsoft Intune Linux Agent Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires a user to modify a custom compliance script on the device after it is written to temporary storage and before execution of the script finishes.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) and integrity (I:H) but not availability (A:N). What does that mean for this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to view potentially restricted information inside of a custom compliance script and tamper with the results of the scripts, but does not allow the attacker to make any other parts of the Intune service unavailable</p> <p><strong>What privileges could an attacker gain by successful exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could alter the results of a custom compliance script, bypassing compliance checks enforced by these scripts.</p> Microsoft Intune Microsoft Yes CVE-2024-26201 Improper Access Control 12307 Elevation of Privilege 12307 Important 12307 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.6 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C 12307 Release Notes https://learn.microsoft.com/en-us/mem/intune/user-help/microsoft-intune-app-linux#update-intune-app 12307 Maybe Security Update 1.2402.12 https://learn.microsoft.com/en-us/mem/intune/fundamentals/whats-new 12307 Release Notes <a href="https://reinom.com/">Xenos</a> with <a href="https://preligens.com/">Preligens</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> 1.1 2024-03-14T07:00:00 <p>Updated the build numbers. This is an informational update only.</p> Azure Data Studio Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>The attacker would gain the rights of the user that is running the affected application.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker must wait for the victim user to launch the application for the vulnerability to be exploited.</p> Azure Data Studio Microsoft Yes CVE-2024-26203 Improper Access Control 12306 Elevation of Privilege 12306 Important 12306 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.3 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 12306 Release Notes https://github.com/microsoft/azuredatastudio/releases/tag/1.48.0 12306 Maybe Security Update 1.48.0 https://github.com/microsoft/azuredatastudio/releases/tag/1.48.0 12306 Release Notes <a href="https://twitter.com/filip_dragovic">Filip Dragović</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2024-26161 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035920 5034795 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22567 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035920 5035920 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035933 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035933 9312 10287 9318 9344 Yes Security Only 6.0.6003.22567 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035933 5035933 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035888 5034831 10051 10049 Yes Monthly Rollup 6.1.7601.27017 https://support.microsoft.com/help/5035888 10051 10049 5035888 5035919 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035919 10051 10049 Yes Security Only 6.1.7601.27017 https://support.microsoft.com/help/5035919 10051 10049 5035919 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 Anonymous 1.0 2024-03-12T07:00:00 <p>Information published.</p> Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could use the unsanitized parameter into a SQL query to trigger SQL Injection.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability simply requires the attacker or targeted user to leverage a Microsoft Access application to automatically talk to a SQL Server while utilizing a remote SQL Server address that they control.</p> Microsoft Django Backend for SQL Server Microsoft Yes CVE-2024-26164 Improper Input Validation 12311 Remote Code Execution 12311 Important 12311 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12311 Release Notes https://pypi.org/project/mssql-django/1.4.1/ 12311 No Security Update 1.4.1 https://github.com/microsoft/mssql-django/releases/tag/1.4.1 12311 Release Notes <a href="https://www.linkedin.com/in/federicoemartinez/">Federico Martinez</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Chromium: CVE-2024-2400 Use after free in Performance Manager <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>122.0.2365.92</td> <td>3/14/2024</td> <td>122.0.6261.128/.129</td> </tr> <tr> <td>Extended Stable</td> <td>122.0.2365.92</td> <td>3/14/2024</td> <td>122.0.6261.128/.129</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-2400 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 122.0.2365.92 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-03-14T20:14:06 <p>Information published.</p> Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this could bypass the Edge AutoFill Protection feature</p> <p><strong>According to the CVSS metric, the attack vector is physical (AV:P), user interaction is required (UI:R), and privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker with physical access to a victim's unsecured Android phone must use the autofill feature on Edge Android to access victim's saved credentials.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>122.0.2365.92</td> <td>3/14/2024</td> <td>122.0.6261.128/.129</td> </tr> <tr> <td>Extended Stable</td> <td>122.0.2365.92</td> <td>3/14/2024</td> <td>122.0.6261.128/.129</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2024-26246 Insufficient Granularity of Access Control 11815 Security Feature Bypass 11815 Low 11815 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 3.9 3.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11815 Release Notes 11815 No Security Update 122.0.2365.92 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11815 Release Notes Vlad 1.0 2024-03-14T07:00:00 <p>Information published.</p> 1.1 2024-03-15T07:00:00 <p>Updated CVE Tag. This is an informational change only.</p> Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability <p><strong>How could an attacker exploit this vulnerability via the Network?</strong></p> <p>An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a browser sandbox escape.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>122.0.2365.92</td> <td>3/14/2024</td> <td>122.0.6261.128/.129</td> </tr> <tr> <td>Extended Stable</td> <td>122.0.2365.92</td> <td>3/14/2024</td> <td>122.0.6261.128/.129</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of Integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>Attacker is able to bypass Content Security Policy (CSP) and Pop-up blocker this this vulnerability, but cannot modify additional content of the browser itself.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2024-26163 Protection Mechanism Failure 11655 12142 Security Feature Bypass 11655 Security Feature Bypass 12142 Low 11655 Low 12142 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.7 4.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C 11655 4.7 4.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C 12142 Release Notes 11655 12142 No Security Update 122.0.2365.92 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 12142 Release Notes <a href="https://twitter.com/shhnjk">Jun Kokatsu</a> 1.0 2024-03-14T07:00:00 <p>Information published.</p> 1.1 2024-03-15T07:00:00 <p>Updated CVE Tag. This is an informational change only.</p> 2.0 2024-03-15T07:00:00 <p>In the Security Updates table, added Microsoft Edge (Chromium-based) Extended Stable because this versions of Microsoft Edge (Chromium-based) is also affected by this vulnerability. Microsoft strongly recommends that customers running Microsoft Edge (Chromium-based) install the updates to be fully protected from the vulnerability.</p> Windows Hyper-V Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>How would an attacker exploit this vulnerability?</strong></p> <p>This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server.</p> Role: Windows Hyper-V Microsoft Yes CVE-2024-21407 Use After Free 11569 11571 11572 11923 11924 11926 11927 11931 12085 12086 12097 12242 12243 12244 10735 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10735 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12242 Critical 12243 Critical 12244 Critical 10735 Critical 10853 Critical 10816 Critical 10855 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11569 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11569 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11931 12097 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10853 10816 10855 5035855 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 chief banana <a href="https://x.com/australeo">@australeo</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows Hyper-V Denial of Service Vulnerability Role: Windows Hyper-V Microsoft Yes CVE-2024-21408 Loop with Unreachable Exit Condition ('Infinite Loop') 11569 11571 11572 11923 11924 11926 11927 11931 12085 12086 12097 12098 12242 12243 12244 10735 10853 10816 10855 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 10735 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12242 Critical 12243 Critical 12244 Critical 10735 Critical 10853 Critical 10816 Critical 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11569 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11569 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11931 12097 12098 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10853 10816 10855 5035855 <a href="https://twitter.com/rthhh17">HongZhenhao</a> with <a href="https://twitter.com/tiangonglab">TianGong Team of Legendsec at Qi&#39;anxin Group</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> <p><strong>According to the CVSS metric, privileges required is none (PR:N). Does the attacker need to be authenticated?</strong></p> <p>No. An unauthenticated attacker can move the same workload onto a machine they control, where the attacker is root.</p> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could steal credentials and affect resources beyond the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC).</p> <p><strong>Is there any action I need to take to be protected from this vulnerability?</strong></p> <p>Customer must ensure they are running the latest version of <code>az confcom</code> and Kata Image.</p> <p>Customers who do not have <code>az confcom</code> installed can install the latest version by executing <code>az extension add -n confcom</code>. Customers who are running versions prior to 0.3.3 need to update by executing <code>az extension update -n confcom</code>. For more information, reference:</p> <ul> <li><a href="https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-nodes-aks-addon">Confidential computing plugin for Confidential VMs</a>.</li> <li><a href="https://learn.microsoft.com/en-us/cli/azure/extension?view=azure-cli-latest#az-extension-update">https://learn.microsoft.com/en-us/cli/azure/extension?view=azure-cli-latest#az-extension-update</a></li> <li><a href="https://github.com/Azure/AgentBaker/blob/master/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/202402.26.0.txt">https://github.com/Azure/AgentBaker/blob/master/vhdbuilder/release-notes/AKSCBLMarinerV2/gen2kata/202402.26.0.txt</a></li> </ul> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker can access the untrusted AKS Kubernetes node and AKS Confidential Container to take over confidential guests and containers beyond the network stack it might be bound to.</p> Microsoft Azure Kubernetes Service Microsoft Yes CVE-2024-21400 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 12288 Elevation of Privilege 12288 Important 12288 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 9.0 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 12288 Release Notes https://learn.microsoft.com/en-us/azure/aks/deploy-confidential-containers-default-policy 12288 Maybe Security Update 0.3.3 https://learn.microsoft.com/en-us/cli/azure/confcom?view=azure-cli-latest 12288 Release Notes <a href="https://twitter.com/yuvalavra">Yuval Avrahami</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Microsoft Authenticator Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, Attack Vector is Local (AV:L). What does that mean for this vulnerability?</strong></p> <p>An attacker would have to have local presence on the device through malware or a malicious application to be able to exploit this vulnerability.</p> <p><strong>According to the CVSS metric, User Interaction is Required (UI:R). What interaction would the user have to do?</strong></p> <p>The victim will have to close and re-open the Authenticator app for the attacker to exploit this vulnerability.</p> <p><strong>According to the CVSS metric, Confidentiality and Integrity impact are High and Availability is None (C:H, I:H, A:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability could allow an attacker to gain access to multi-factor authentication codes for the victim's accounts, as well as modify or delete accounts in the authenticator app but not prevent the app from launching or running.</p> Microsoft Authenticator Microsoft Yes CVE-2024-21390 Improper Authentication 12292 Elevation of Privilege 12292 Important 12292 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12292 Release Notes https://www.microsoft.com/en-us/security/mobile-authenticator-app 12292 Maybe Security Update 6.2401.0617 https://learn.microsoft.com/en-us/entra/fundamentals/whats-new 12292 Release Notes Anonymous alirez Anonymous 1.0 2024-03-12T07:00:00 <p>Information published.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker with read/write privileges must send a victim a malicious email, or share the link to a malicious email, and convince them to open it.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> Microsoft Dynamics Microsoft Yes CVE-2024-21419 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11921 Spoofing 11921 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11921 5035697 https://www.microsoft.com/download/details.aspx?familyid=874932d3-755c-4667-be9e-f7bc847eb8e9 11921 Maybe Security Update 9.1.26 https://support.microsoft.com/help/5035697 11921 5035697 <a href="https://www.linkedin.com/in/wei-jian-lim-63832410a">Lim Wei Jian</a> Artem with <a href="https://gethacked.ca/">GetHacked Inc.</a> <a href="https://www.linkedin.com/in/oeissa">Omar Eissa</a> 1.1 2024-03-13T07:00:00 <p>Added an acknowledgement. This is an informational change only.</p> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability will locally elevate the attacker's privileges to communicate as Root with OMI server.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker be an authenticated user on the resource to access the necessary socket files to control the OMI service.</p> <p><strong>What actions do I need to take to be protected from this vulnerability?</strong></p> <p>Customers running affected versions of SCOM (System Center Operations Manager) should update to OMI version 1.8.1-0.</p> <p><strong>What is OMI?</strong></p> <p>Open Management Infrastructure (OMI) is an open-source Web-Based Enterprise Management (WBEM) implementation for managing Linux and UNIX systems. SCOM uses this framework to orchestrate configuration management and log collection on Linux VMs. More information can be found here: <a href="https://github.com/Microsoft/omi">GitHub - Open Management Infrastructure</a>.</p> <p><strong>What products are affected by this vulnerability and how can I protect myself?</strong></p> <p>The following table lists the affected services and the required customer action to protect against this vulnerability.</p> <table> <thead> <tr> <th>Affected Product</th> <th>Fixed Version Number</th> <th>Customer action required</th> </tr> </thead> <tbody> <tr> <td><a href="https://github.com/microsoft/omi">OMI as standalone package</a></td> <td>OMI version v1.8.1-0</td> <td>Manually download the update <a href="https://github.com/Microsoft/omi#get-omi">here</a></td> </tr> <tr> <td><a href="https://docs.microsoft.com/en-us/system-center/scom/plan-planning-agent-deployment?view=sc-om-2019#:%7E:text=In%20System%20Center%20Operations%20Manager%2C%20the%20management%20server,the%20discovery%20of%20agents%20that%20were%20already%20installed.">System Center Operations Manager (SCOM)</a> Management Pack for UNIX and Linux Operating Systems</td> <td>Management Pack for SCOM 2019: 10.19.1253.0</td> <td>Manually download and update the applicable management packs:  <a href="https://www.microsoft.com/en-us/download/details.aspx?id=58208">2019</a>, or <a href="https://www.microsoft.com/en-in/download/details.aspx?id=104213">2022</a>.</td> </tr> <tr> <td></td> <td>Management Pack for SCOM 2022: 10.22.1070.0</td> <td></td> </tr> <tr> <td><a href="https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agent-linux">Log Analytics Agent</a></td> <td>OMS Agent for Linux GA v1.19.0</td> <td>Manually download and update the OMS shell bundle using instructions <a href="https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agent-linux">here</a> OR through Azure Powershell or Azure CLI using the instructions <a href="https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/oms-linux#azure-cli-deployment">here</a>.</td> </tr> <tr> <td><a href="https://docs.microsoft.com/en-us/azure/defender-for-cloud/faq-data-collection-agents">Azure Security Center</a></td> <td>OMS Agent for Linux GA v1.19.0</td> <td>Manually download and update the OMS shell bundle using instructions <a href="https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agent-linux">here</a> OR through Azure Powershell or Azure CLI using the instructions <a href="https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/oms-linux#azure-cli-deployment">here</a>.</td> </tr> <tr> <td><a href="https://docs.microsoft.com/en-us/azure/azure-monitor/containers/containers">Container Monitoring Solution</a></td> <td>Image tag: microsoft-oms-latest with full ID: sha256:855bfeb0599e1e1d954ab8660808cc24bb190a4447818cd3fa8ad89bdad88df4</td> <td>Manually update the OMS-docker image using instructions <a href="https://github.com/microsoft/OMS-docker/blob/master/Upgrade.md">here</a>.</td> </tr> <tr> <td><a href="https://docs.microsoft.com/en-us/azure/sentinel/overview">Azure Sentinel</a></td> <td>OMS Agent for Linux GA v1.19.0</td> <td>Manually download and update the OMS shell bundle using instructions <a href="https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agent-linux">here</a> OR through Azure Powershell or Azure CLI using the instructions <a href="https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/oms-linux#azure-cli-deployment">here</a>.</td> </tr> <tr> <td><a href="https://docs.microsoft.com/en-us/azure/automation/automation-runbook-execution">Azure Automation</a></td> <td>OMS Agent for Linux GA v1.19.0</td> <td>Manually download and update the OMS shell bundle using instructions <a href="https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agent-linux">here</a> OR through Azure Powershell or Azure CLI using the instructions <a href="https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/oms-linux#azure-cli-deployment">here</a>.</td> </tr> <tr> <td><a href="https://docs.microsoft.com/en-us/azure/automation/update-management/overview">Azure Automation Update Management</a></td> <td>OMS Agent for Linux GA v1.19.0</td> <td>Manually download and update the OMS shell bundle using instructions <a href="https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agent-linux">here</a> OR through Azure Powershell or Azure CLI using the instructions <a href="https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/oms-linux#azure-cli-deployment">here</a>.</td> </tr> </tbody> </table> Open Management Infrastructure Microsoft Yes CVE-2024-21330 Heap-based Buffer Overflow 12057 12058 11656 11944 11949 11947 11987 11933 12295 11948 11945 Elevation of Privilege 12057 Elevation of Privilege 12058 Elevation of Privilege 11656 Elevation of Privilege 11944 Elevation of Privilege 11949 Elevation of Privilege 11947 Elevation of Privilege 11987 Elevation of Privilege 11933 Elevation of Privilege 12295 Elevation of Privilege 11948 Elevation of Privilege 11945 Important 12057 Important 12058 Important 11656 Important 11944 Important 11949 Important 11947 Important 11987 Important 11933 Important 12295 Important 11948 Important 11945 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12057 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12058 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11656 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11944 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11949 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11947 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11987 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11933 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12295 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11948 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11945 Release Notes https://www.microsoft.com/en-us/download/details.aspx?id=58208 12057 Maybe Security Update 10.19.1253.0 https://www.microsoft.com/en-us/download/details.aspx?id=58208 12057 Release Notes Release Notes https://www.microsoft.com/en-in/download/details.aspx?id=104213 12058 Maybe Security Update 10.22.1070.0 https://www.microsoft.com/en-in/download/details.aspx?id=104213 12058 Release Notes Release Notes 11656 11948 Maybe Security Update OMS Agent for Linux GA 1.19.0 https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/oms-linux#azure-cli-deployment 11656 11948 Release Notes Release Notes 11944 11949 Maybe Security Update OMS Agent for Linux GA v1.19.0 https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/oms-linux#azure-cli-deployment 11944 11949 Release Notes Release Notes https://github.com/microsoft/OMS-docker/blob/master/Upgrade.md 11947 Maybe Security Update microsoft-oms-latest with full ID: sha256:855bfeb0 https://github.com/microsoft/containerregistry 11947 Release Notes Release Notes https://hdiconfigactions.blob.core.windows.net/patch-omi/patch-omi.sh 11987 Maybe Security Update omi-1.8.1-0 https://learn.microsoft.com/en-us/azure/hdinsight/hdinsight-release-notes 11987 Release Notes Release Notes https://github.com/microsoft/omi-kits/tree/master/release 11933 Maybe Security Update OMI version 1.8.1-0 https://github.com/microsoft/omi 11933 Release Notes Release Notes https://github.com/microsoft/OMS-Agent-for-Linux 12295 Maybe Security Update 1.8.1-0 https://github.com/microsoft/OMS-Agent-for-Linux 12295 Release Notes Release Notes https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/oms-linux#azure-cli-deployment 11945 Maybe Security Update OMS Agent for Linux GA v1.19.0 https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-overview#azure-cli-deployment 11945 Release Notes Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> 2.0 2024-04-09T07:00:00 <p>In the Security Updates table, added Azure HDInsights because this product is also affected by this vulnerability. Microsoft strongly recommends that customers running Azure HDInsights install the updates to be fully protected from the vulnerability.</p> Open Management Infrastructure (OMI) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>A remote unauthenticated attacker could access the OMI instance from the Internet and send specially crafted requests to trigger a use-after-free vulnerability.</p> <p><strong>Is there any action customers need to take to protect themselves against this vulnerability?</strong></p> <p>Customers running affected versions of SCOM (System Center Operations Manager) should update to OMI version 1.8.1-0.</p> Open Management Infrastructure Microsoft Yes CVE-2024-21334 Use After Free 12057 12058 11933 Remote Code Execution 12057 Remote Code Execution 12058 Remote Code Execution 11933 Important 12057 Important 12058 Important 11933 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12057 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12058 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11933 Release Notes https://www.microsoft.com/en-us/download/details.aspx?id=58208 12057 Maybe Security Update 10.19.1253.0 https://www.microsoft.com/en-us/download/details.aspx?id=58208 12057 Release Notes Release Notes https://www.microsoft.com/en-in/download/details.aspx?id=104213 12058 Maybe Security Update 10.22.1070.0 https://www.microsoft.com/en-in/download/details.aspx?id=104213 12058 Release Notes Release Notes https://github.com/microsoft/omi-kits/tree/master/release 11933 Maybe Security Update OMI version 1.8.1-0 https://github.com/microsoft/omi 11933 Release Notes <p><strong>Is there any action a customer can take to protect against this vulnerability if they are unable to update?</strong></p> <p>If the Linux machines do not need network listening, OMI incoming ports can be disabled.</p> Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability <p><strong>What privileges could an attacker gain with a successful exploitation?</strong></p> <p>An unprivileged attacker with read only permissions can escalate to Root in the Border Gateway Protocol container and perform specific actions that enable them to escape the container.</p> Software for Open Networking in the Cloud (SONiC) Microsoft Yes CVE-2024-21418 Improper Access Control 12296 12313 12314 12312 Elevation of Privilege 12296 Elevation of Privilege 12313 Elevation of Privilege 12314 Elevation of Privilege 12312 Important 12296 Important 12313 Important 12314 Important 12312 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12296 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12313 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12314 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12312 Release Notes https://github.com/sonic-net/SONiC 12296 Maybe Security Update 20220531.26 https://github.com/sonic-net/SONiC/wiki 12296 Release Notes Release Notes https://github.com/sonic-net/SONiC 12313 Maybe Security Update 20191130.89 https://github.com/sonic-net/SONiC/wiki 12313 Release Notes Release Notes https://github.com/sonic-net/SONiC 12314 Maybe Security Update 20181130.106 https://github.com/sonic-net/SONiC/wiki 12314 Release Notes Release Notes https://github.com/sonic-net/SONiC 12312 Maybe Security Update 20201231.96 https://github.com/sonic-net/SONiC/wiki 12312 Release Notes Sarah Mulnick 1.0 2024-03-12T07:00:00 <p>Information published.</p> Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A hypervisor-protected code integrity (HVCI) security feature bypass vulnerability could exist when Windows incorrectly allows certain kernel-mode pages to be marked as Read, Write, Execute (RWX) even with HVCI enabled. To exploit this vulnerability an attacker could run a specially crafted script at administrator level that exploits a signed driver to bypass code integrity protections in Windows.</p> Windows Hypervisor-Protected Code Integrity Microsoft Yes CVE-2024-21431 Incorrect Permission Assignment for Critical Resource 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 Anonymous 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows Update Stack Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p> Windows Update Stack Microsoft Yes CVE-2024-21432 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 <a href="https://twitter.com/filip_dragovic">Filip Dragović</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows Print Spooler Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Print Spooler Components Microsoft Yes CVE-2024-21433 Time-of-check Time-of-use (TOCTOU) Race Condition 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 1.0 2024-03-12T07:00:00 <p>Information published.</p> Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Windows SCSI Class System File Microsoft Yes CVE-2024-21434 Numeric Truncation Error 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 Wen of KunlunLab 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows OLE Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires a specially crafted file to be placed either in an online directory or in a local network location. When a victim runs this file, it loads the malicious DLL.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could exploit the vulnerability by placing a specially crafted file onto an online directory or in a local network location then convincing the user to open it. In a successful attack, this will then load a malicious DLL which could lead to a remote code execution.</p> Windows OLE Microsoft Yes CVE-2024-21435 Untrusted Search Path 12085 12086 12242 12243 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12242 Remote Code Execution 12243 Important 12085 Important 12086 Important 12242 Important 12243 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 kap0k CHEN QINGYANG with Topsec Alpha Team 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows Installer Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> Windows Installer Microsoft Yes CVE-2024-21436 Improper Access Control 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035920 5034795 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22567 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035920 5035920 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035933 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035933 9312 10287 9318 9344 Yes Security Only 6.0.6003.22567 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035933 5035933 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035888 5034831 10051 10049 Yes Monthly Rollup 6.1.7601.27017 https://support.microsoft.com/help/5035888 10051 10049 5035888 5035919 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035919 10051 10049 Yes Security Only 6.1.7601.27017 https://support.microsoft.com/help/5035919 10051 10049 5035919 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 <a href="https://twitter.com/sim0nsecurity">@sim0nsecurity</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Graphics Component Microsoft Yes CVE-2024-21437 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035920 5034795 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22567 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035920 5035920 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035933 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035933 9312 10287 9318 9344 Yes Security Only 6.0.6003.22567 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035933 5035933 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035888 5034831 10051 10049 Yes Monthly Rollup 6.1.7601.27017 https://support.microsoft.com/help/5035888 10051 10049 5035888 5035919 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035919 10051 10049 Yes Security Only 6.1.7601.27017 https://support.microsoft.com/help/5035919 10051 10049 5035919 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 esakis 1.0 2024-03-12T07:00:00 <p>Information published.</p> Microsoft ODBC Driver Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> Windows ODBC Driver Microsoft Yes CVE-2024-21440 Numeric Truncation Error 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035920 5034795 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22567 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035920 5035920 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035933 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035933 9312 10287 9318 9344 Yes Security Only 6.0.6003.22567 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035933 5035933 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035888 5034831 10051 10049 Yes Monthly Rollup 6.1.7601.27017 https://support.microsoft.com/help/5035888 10051 10049 5035888 5035919 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035919 10051 10049 Yes Security Only 6.1.7601.27017 https://support.microsoft.com/help/5035919 10051 10049 5035919 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 Anonymous 1.0 2024-03-12T07:00:00 <p>Information published.</p> Microsoft Teams for Android Information Disclosure Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is information disclosure?</strong></p> <p>The attack itself is carried out locally. For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> (AV:L) and <strong>User Interaction</strong> is <strong>Required</strong> (UI:R), this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and run a malicious application. This could lead to a local attack on the user's device which could leak data.</p> <p><strong>How do I get the update for Teams for Android?</strong></p> <ol> <li>Tap the <strong>Play Store</strong> icon on your home screen.</li> <li>Tap the circular account icon at the top right of the screen.</li> <li>Tap <strong>Manage apps &amp; devices</strong>.</li> <li>Tap <strong>Updates available</strong>.</li> <li>Tap the <strong>Update</strong> button next to the Microsoft Teams app.</li> </ol> <p><strong>Is there a direct link on the web?</strong></p> <p>Yes: <a href="https://play.google.com/store/apps/details?id=com.microsoft.teams">https://play.google.com/store/apps/details?id=com.microsoft.teams</a></p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>If an attacker successfully exploited this vulnerability, they can read files from the private directory of the application.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker could convince a user to confirm an action through a dialog box.</p> Microsoft Teams for Android Microsoft Yes CVE-2024-21448 Improper Input Validation 12007 Information Disclosure 12007 Important 12007 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12007 Release Notes https://play.google.com/store/apps/details/Microsoft_Teams?id=com.microsoft.teams&hl=en_US 12007 Maybe Security Update 1.0.0.2024022302 https://learn.microsoft.com/en-us/officeupdates/teams-app-versioning#mobile-android-version-history 12007 Release Notes <a href="https://www.linkedin.com/in/valsamaras">Dimitrios Valsamaras</a> with <a href="https://microsoft.com/">Microsoft</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> Windows Cloud Files Mini Filter Driver Microsoft Yes CVE-2024-26160 Buffer Over-read 12085 12086 12242 12243 12244 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Important 12085 Important 12086 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities and Mitigations 1.0 2024-03-12T07:00:00 <p>Information published.</p> Microsoft ODBC Driver Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> Windows ODBC Driver Microsoft Yes CVE-2024-26162 Incorrect Conversion between Numeric Types 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035920 5034795 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22567 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035920 5035920 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035933 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035933 9312 10287 9318 9344 Yes Security Only 6.0.6003.22567 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035933 5035933 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035888 5034831 10051 10049 Yes Monthly Rollup 6.1.7601.27017 https://support.microsoft.com/help/5035888 10051 10049 5035888 5035919 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035919 10051 10049 Yes Security Only 6.1.7601.27017 https://support.microsoft.com/help/5035919 10051 10049 5035919 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 Anonymous 1.0 2024-03-12T07:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2024-26166 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035920 5034795 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22567 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035920 5035920 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035933 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035933 9312 10287 9318 9344 Yes Security Only 6.0.6003.22567 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035933 5035933 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035888 5034831 10051 10049 Yes Monthly Rollup 6.1.7601.27017 https://support.microsoft.com/help/5035888 10051 10049 5035888 5035919 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035919 10051 10049 Yes Security Only 6.1.7601.27017 https://support.microsoft.com/help/5035919 10051 10049 5035919 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 Anonymous 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows Error Reporting Service Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Error Reporting Microsoft Yes CVE-2024-26169 Improper Privilege Management 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 Naceri with MSRC Vulnerabilities &amp; Mitigations 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.</p> Windows Composite Image File System Microsoft Yes CVE-2024-26170 Improper Input Validation 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 Anonymous 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2024-26173 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035920 5034795 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22567 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035920 5035920 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035933 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035933 9312 10287 9318 9344 Yes Security Only 6.0.6003.22567 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035933 5035933 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035888 5034831 10051 10049 Yes Monthly Rollup 6.1.7601.27017 https://support.microsoft.com/help/5035888 10051 10049 5035888 5035919 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035919 10051 10049 Yes Security Only 6.1.7601.27017 https://support.microsoft.com/help/5035919 10051 10049 5035919 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 Mateusz Jurczyk with <a href="https://www.google.com/">Google Project Zero</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is values of registry keys the attacker does not have permissions to view.</p> Windows Kernel Microsoft Yes CVE-2024-26174 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035920 5034795 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22567 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035920 5035920 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035933 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035933 9312 10287 9318 9344 Yes Security Only 6.0.6003.22567 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035933 5035933 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035888 5034831 10051 10049 Yes Monthly Rollup 6.1.7601.27017 https://support.microsoft.com/help/5035888 10051 10049 5035888 5035919 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035919 10051 10049 Yes Security Only 6.1.7601.27017 https://support.microsoft.com/help/5035919 10051 10049 5035919 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 Mateusz Jurczyk with <a href="https://www.google.com/">Google Project Zero</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2024-26176 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035920 5034795 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22567 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035920 5035920 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035933 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035933 9312 10287 9318 9344 Yes Security Only 6.0.6003.22567 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035933 5035933 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035888 5034831 10051 10049 Yes Monthly Rollup 6.1.7601.27017 https://support.microsoft.com/help/5035888 10051 10049 5035888 5035919 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035919 10051 10049 Yes Security Only 6.1.7601.27017 https://support.microsoft.com/help/5035919 10051 10049 5035919 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 Mateusz Jurczyk with <a href="https://www.google.com/">Google Project Zero</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is values of registry keys the attacker does not have permissions to view.</p> Windows Kernel Microsoft Yes CVE-2024-26177 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035920 5034795 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22567 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035920 5035920 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035933 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035933 9312 10287 9318 9344 Yes Security Only 6.0.6003.22567 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035933 5035933 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035888 5034831 10051 10049 Yes Monthly Rollup 6.1.7601.27017 https://support.microsoft.com/help/5035888 10051 10049 5035888 5035919 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035919 10051 10049 Yes Security Only 6.1.7601.27017 https://support.microsoft.com/help/5035919 10051 10049 5035919 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 Mateusz Jurczyk with <a href="https://www.google.com/">Google Project Zero</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2024-26178 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035920 5034795 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22567 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035920 5035920 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035933 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035933 9312 10287 9318 9344 Yes Security Only 6.0.6003.22567 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035933 5035933 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035888 5034831 10051 10049 Yes Monthly Rollup 6.1.7601.27017 https://support.microsoft.com/help/5035888 10051 10049 5035888 5035919 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035919 10051 10049 Yes Security Only 6.1.7601.27017 https://support.microsoft.com/help/5035919 10051 10049 5035919 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 Mateusz Jurczyk with <a href="https://www.google.com/">Google Project Zero</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows Kernel Denial of Service Vulnerability Windows Kernel Microsoft Yes CVE-2024-26181 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035920 5034795 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22567 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035920 5035920 https://support.microsoft.com/help/5035920 9312 10287 9318 9344 5035933 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035933 9312 10287 9318 9344 Yes Security Only 6.0.6003.22567 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035933 5035933 https://support.microsoft.com/help/5035933 9312 10287 9318 9344 5035888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035888 5034831 10051 10049 Yes Monthly Rollup 6.1.7601.27017 https://support.microsoft.com/help/5035888 10051 10049 5035888 5035919 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035919 10051 10049 Yes Security Only 6.1.7601.27017 https://support.microsoft.com/help/5035919 10051 10049 5035919 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 Mateusz Jurczyk with <a href="https://www.google.com/">Google Project Zero</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2024-26182 Use After Free 11568 11569 11570 11571 11572 11929 11930 11931 12097 12098 12099 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11570 11571 11572 5035849 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11930 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11930 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11930 11931 12097 12098 12099 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12098 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12098 12099 5035845 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 Mateusz Jurczyk with <a href="https://www.google.com/">Google Project Zero</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Windows Compressed Folder Tampering Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Windows Compressed Folder Microsoft Yes CVE-2024-26185 External Control of File Name or Path 12085 12086 12242 12243 Tampering 12085 Tampering 12086 Tampering 12242 Tampering 12243 Important 12085 Important 12086 Important 12242 Important 12243 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12243 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 <a href="https://twitter.com/terrynini38514">Terrynini</a> with <a href="https://devco.re/)">DEVCORE</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Intel: CVE-2023-28746 Register File Data Sampling (RFDS) <p>This CVE was assigned by Intel. Please see <a href="https://www.cve.org/CVERecord?id=CVE-2023-28746">CVE-2023-28746</a> on CVE.org for more information.</p> <p><strong>Why is this Intel CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in certain processor models offered by Intel. The mitigation for this vulnerability requires a firmware update, and a corresponding Windows updates enables the mitigation. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and are not vulnerable to the issue when paired with the firmware update. Please see the following for more information: <a href="https://www.intel.com/content/www/us/en/developer/articles/technical/softwaresecurity-guidance/advisory-guidance/register-file-data-sampling.html">https://www.intel.com/content/www/us/en/developer/articles/technical/softwaresecurity-guidance/advisory-guidance/register-file-data-sampling.html</a></p> Intel Intel Corporation Yes CVE-2023-28746 Processor Optimization Removal or Modification of Security-critical Code 11568 11569 11571 11572 11923 11924 11926 11929 11931 12086 12097 12099 12243 12244 10729 10735 10852 10853 10816 10855 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11929 Information Disclosure 11931 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12099 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11929 Important 11931 Important 12086 Important 12097 Important 12099 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5035849 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849 5034768 11568 11569 11571 11572 Yes Security Update 10.0.17763.5576 https://support.microsoft.com/help/5035849 11568 11569 11571 11572 5035849 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 5035854 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 11929 11931 Yes Security Update 10.0.19044.4170 https://support.microsoft.com/help/5035845 11929 11931 5035845 5035845 https://support.microsoft.com/help/5035845 11929 11931 12097 12099 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12086 5035853 5035845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845 5034763 12097 12099 Yes Security Update 10.0.19045.4170 https://support.microsoft.com/help/5035845 12097 12099 5035845 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 5035858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858 5034774 10729 10735 Yes Security Update 10.0.10240.20526 https://support.microsoft.com/help/5035858 10729 10735 5035858 5035855 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855 5034767 10852 10853 10816 10855 Yes Security Update 10.0.14393.6796 https://support.microsoft.com/help/5035855 10852 10853 10816 10855 5035855 5035920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035920 5034795 9318 9344 Yes Monthly Rollup 6.0.6003.22567 https://support.microsoft.com/help/5035920 9318 9344 5035920 5035920 https://support.microsoft.com/help/5035920 9318 9344 5035933 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035933 9318 9344 Yes Security Only 6.0.6003.22567 https://support.microsoft.com/help/5035933 9318 9344 5035933 5035933 https://support.microsoft.com/help/5035933 9318 9344 5035888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035888 5034831 10051 10049 Yes Monthly Rollup 6.1.7601.27017 https://support.microsoft.com/help/5035888 10051 10049 5035888 5035919 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035919 10051 10049 Yes Security Only 6.1.7601.27017 https://support.microsoft.com/help/5035919 10051 10049 5035919 5035930 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930 5034830 10378 10379 Yes Monthly Rollup 6.2.9200.24768 https://support.microsoft.com/help/5035930 10378 10379 5035930 5035885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885 5034819 10483 10543 Yes Monthly Rollup 6.3.9600.21871 https://support.microsoft.com/help/5035885 10483 10543 5035885 1.0 2024-03-12T07:00:00 <p>Information published.</p> Outlook for Android Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content.</p> Outlook for Android Microsoft Yes CVE-2024-26204 Improper Neutralization of Special Elements used in a Command ('Command Injection') 10685 Information Disclosure 10685 Important 10685 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10685 Release Notes https://play.google.com/store/apps/details/Microsoft_Outlook?id=com.microsoft.office.outlook&hl=en_US&pli=1 10685 Maybe Security Update 4.2404.0 https://learn.microsoft.com/en-us/officeupdates/release-notes-outlook-mobile 10685 Release Notes <a href="https://www.linkedin.com/in/valsamaras">Dimitrios Valsamaras</a> with <a href="https://www.microsoft.com/">Microsoft</a> 1.0 2024-03-12T07:00:00 <p>Information published.</p> Visual Studio Code Elevation of Privilege Vulnerability Visual Studio Code Microsoft Yes CVE-2024-26165 Plaintext Storage of a Password 11622 Elevation of Privilege 11622 Important 11622 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11622 Release Notes https://code.visualstudio.com/ 11622 Maybe Security Update 1.87.2 https://code.visualstudio.com/updates/v1_87 11622 Release Notes 1.0 2024-03-12T07:00:00 <p>Information published.</p> Microsoft Edge for Android Spoofing Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could cover and spoof elements of the UI. The modified information is only visual.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>122.0.2365.92</td> <td>3/14/2024</td> <td>122.0.6261.128/.129</td> </tr> <tr> <td>Extended Stable</td> <td>122.0.2365.92</td> <td>3/14/2024</td> <td>122.0.6261.128/.129</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>Is the update for Edge for Android currently available?</strong></p> <p>The security update for Edge for Android is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE information.</p> Microsoft Edge for Android Microsoft Yes CVE-2024-26167 Improper Restriction of Rendered UI Layers or Frames 11815 Spoofing 11815 Low 11815 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11815 Release Notes 11815 No Security Update 122.0.2365.92 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11815 Release Notes <a href="https://www.linkedin.com/in/hafiizh-7aa6bb31/">Hafiizh</a> with https://www.linkedin.com/in/hafiizh-7aa6bb31/ 1.1 2024-03-07T08:00:00 <p>FAQ added to explain that the Edge for Android update is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE information.</p> 2.0 2024-03-14T07:00:00 <p>The security update 122.0.2365.92 for Edge for Android is now available. See the Security Updates table for more information.</p> 1.0 2024-03-07T08:00:00 <p>Information published.</p> Chromium: CVE-2024-2173 Out of bounds memory access in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>122.0.2365.80</td> <td>3/7/2024</td> <td>122.0.6261.111/.112</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-2173 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 122.0.2365.80 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-03-07T18:54:07 <p>Information published.</p> Chromium: CVE-2024-2176 Use after free in FedCM <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>122.0.2365.80</td> <td>3/7/2024</td> <td>122.0.6261.111/.112</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-2176 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 122.0.2365.80 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-03-07T18:54:14 <p>Information published.</p> Chromium: CVE-2024-2174 Inappropriate implementation in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>122.0.2365.80</td> <td>3/7/2024</td> <td>122.0.6261.111/.112</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-2174 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 122.0.2365.80 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-03-07T18:54:12 <p>Information published.</p> Microsoft Edge (Chromium-based) Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could cover and spoof elements of the UI. The modified information is only visual.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>123.0.2420.53</td> <td>3/22/2024</td> <td>123.0.6312.58/.59</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2024-29057 Insufficient UI Warning of Dangerous Operations 11655 Spoofing 11655 Low 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 123.0.2420.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes <a href="https://www.linkedin.com/in/afif-hidayatullah">Om Apip</a> with <a href="https://itsec.asia/">ITSEC Asia</a> 1.0 2024-03-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-2627 Use after free in Canvas <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>123.0.2420.53</td> <td>3/22/2024</td> <td>123.0.6312.58/.59</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-2627 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 123.0.2420.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-03-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-2628 Inappropriate implementation in Downloads <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>123.0.2420.53</td> <td>3/22/2024</td> <td>123.0.6312.58/.59</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-2628 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 123.0.2420.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-03-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-2626 Out of bounds read in Swiftshader <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>123.0.2420.53</td> <td>3/22/2024</td> <td>123.0.6312.58/.59</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-2626 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 123.0.2420.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-03-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-2625 Object lifecycle issue in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>123.0.2420.53</td> <td>3/22/2024</td> <td>123.0.6312.58/.59</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-2625 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 123.0.2420.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-03-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-2629 Incorrect security UI in iOS <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>123.0.2420.53</td> <td>3/22/2024</td> <td>123.0.6312.58/.59</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-2629 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 123.0.2420.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-03-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-2630 Inappropriate implementation in iOS <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>123.0.2420.53</td> <td>3/22/2024</td> <td>123.0.6312.58/.59</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-2630 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 123.0.2420.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-03-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-2631 Inappropriate implementation in iOS <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>123.0.2420.53</td> <td>3/22/2024</td> <td>123.0.6312.58/.59</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-2631 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 123.0.2420.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-03-22T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>123.0.2420.53</td> <td>3/22/2024</td> <td>123.0.6312.58/.59</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>Integrity is impacted as XSS allows an attacker to add their malicious script to fetch victim's sensitive info or to change DOM execution.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>The Microsoft Edge API is bypassed.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2024-26247 Improper Privilege Management 11655 Security Feature Bypass 11655 Low 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.7 4.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 123.0.2420.53 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Oleg Zaytsev with <a href="https://www.guard.io/">Guardio</a> 1.0 2024-03-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-2883 Use after free in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>123.0.2420.65</td> <td>3/26/2024</td> <td>123.0.6312.86/.87</td> </tr> <tr> <td>Extended Stable</td> <td>122.0.2365.113</td> <td>3/26/2024</td> <td>122.0.6261.148</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-2883 12142 11655 12142 11655 12142 11655 DOS:N/A Release Notes 12142 No Security Update 122.0.6261.148 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 12142 Release Notes Release Notes 11655 No Security Update 123.0.2420.65 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.1 2024-04-01T07:00:00 <p>Removed the sentence regarding active attacks because Google was not aware of active attacks using this vulnerability. This is an informational change only.</p> 1.0 2024-03-27T07:00:00 <p>Information published.</p> Chromium: CVE-2024-2885 Use after free in Dawn <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>123.0.2420.65</td> <td>3/26/2024</td> <td>123.0.6312.86/.87</td> </tr> <tr> <td>Extended Stable</td> <td>122.0.2365.113</td> <td>3/26/2024</td> <td>122.0.6261.148</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-2885 12142 11655 12142 11655 12142 11655 DOS:N/A Release Notes 12142 No Security Update 122.0.6261.148 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 12142 Release Notes Release Notes 11655 No Security Update 123.0.2420.65 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-03-27T07:00:00 <p>Information published.</p> Chromium: CVE-2024-2886 Use after free in WebCodecs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>123.0.2420.65</td> <td>3/26/2024</td> <td>123.0.6312.86/.87</td> </tr> <tr> <td>Extended Stable</td> <td>122.0.2365.113</td> <td>3/26/2024</td> <td>122.0.6261.148</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-2886 12142 11655 12142 11655 12142 11655 DOS:N/A Release Notes 12142 No Security Update 122.0.6261.148 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 12142 Release Notes Release Notes 11655 No Security Update 123.0.2420.65 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-03-27T07:00:00 <p>Information published.</p> Chromium: CVE-2024-2887 Type Confusion in WebAssembly <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>123.0.2420.65</td> <td>3/26/2024</td> <td>123.0.6312.86/.87</td> </tr> <tr> <td>Extended Stable</td> <td>122.0.2365.113</td> <td>3/26/2024</td> <td>122.0.6261.148</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-2887 12142 11655 12142 11655 12142 11655 DOS:N/A Release Notes 12142 No Security Update 122.0.6261.148 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 12142 Release Notes Release Notes 11655 No Security Update 123.0.2420.65 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-03-27T07:00:00 <p>Information published.</p> .NET Framework Information Disclosure Vulnerability <p>**What type of information could be disclosed by this vulnerability? **</p> <p>An attacker who successfully exploited this vulnerability could obtain the ObjRef URI which could lead to remote code execution.</p> .NET Framework Microsoft Yes CVE-2024-29059 Generation of Error Message Containing Sensitive Information 11650-10852 11650-10853 11650-10816 11650-10855 11650-10051 11650-10049 11650-10378 11650-10379 11650-10483 11650-10543 11676-11568 11676-11569 11676-11571 11676-11572 11676-11923 11676-11924 11676-11926 11676-11927 11676-11929 11676-11930 11676-11931 11676-12097 11676-12098 11676-12099 11677-11569 11677-11571 11677-11572 11677-10852 11677-10853 11677-10816 11677-10855 11863-10051 11863-10049 11863-10378 11863-10379 11863-10483 11863-10543 12079-11923 12079-11924 12079-11926 12079-11927 12079-11929 12079-11930 12079-11931 12079-12085 12079-12086 12079-12097 12079-12098 12079-12099 12079-12242 12079-12243 12079-12244 12115-9312 12115-10287 12115-9318 12115-9344 12135-10729 12135-10735 9292-9312 9292-9318 9195-9312 9195-9318 2472-10378 2472-10379 2472-10483 2472-10543 9495-10051 9495-10049 Information Disclosure 11650-10852 Information Disclosure 11650-10853 Information Disclosure 11650-10816 Information Disclosure 11650-10855 Information Disclosure 11650-10051 Information Disclosure 11650-10049 Information Disclosure 11650-10378 Information Disclosure 11650-10379 Information Disclosure 11650-10483 Information Disclosure 11650-10543 Information Disclosure 11676-11568 Information Disclosure 11676-11569 Information Disclosure 11676-11571 Information Disclosure 11676-11572 Information Disclosure 11676-11923 Information Disclosure 11676-11924 Information Disclosure 11676-11926 Information Disclosure 11676-11927 Information Disclosure 11676-11929 Information Disclosure 11676-11930 Information Disclosure 11676-11931 Information Disclosure 11676-12097 Information Disclosure 11676-12098 Information Disclosure 11676-12099 Information Disclosure 11677-11569 Information Disclosure 11677-11571 Information Disclosure 11677-11572 Information Disclosure 11677-10852 Information Disclosure 11677-10853 Information Disclosure 11677-10816 Information Disclosure 11677-10855 Information Disclosure 11863-10051 Information Disclosure 11863-10049 Information Disclosure 11863-10378 Information Disclosure 11863-10379 Information Disclosure 11863-10483 Information Disclosure 11863-10543 Information Disclosure 12079-11923 Information Disclosure 12079-11924 Information Disclosure 12079-11926 Information Disclosure 12079-11927 Information Disclosure 12079-11929 Information Disclosure 12079-11930 Information Disclosure 12079-11931 Information Disclosure 12079-12085 Information Disclosure 12079-12086 Information Disclosure 12079-12097 Information Disclosure 12079-12098 Information Disclosure 12079-12099 Information Disclosure 12079-12242 Information Disclosure 12079-12243 Information Disclosure 12079-12244 Information Disclosure 12115-9312 Information Disclosure 12115-10287 Information Disclosure 12115-9318 Information Disclosure 12115-9344 Information Disclosure 12135-10729 Information Disclosure 12135-10735 Information Disclosure 9292-9312 Information Disclosure 9292-9318 Information Disclosure 9195-9312 Information Disclosure 9195-9318 Information Disclosure 2472-10378 Information Disclosure 2472-10379 Information Disclosure 2472-10483 Information Disclosure 2472-10543 Information Disclosure 9495-10051 Information Disclosure 9495-10049 Important 11650-10852 Important 11650-10853 Important 11650-10816 Important 11650-10855 Important 11650-10051 Important 11650-10049 Important 11650-10378 Important 11650-10379 Important 11650-10483 Important 11650-10543 Important 11676-11568 Important 11676-11569 Important 11676-11571 Important 11676-11572 Important 11676-11923 Important 11676-11924 Important 11676-11926 Important 11676-11927 Important 11676-11929 Important 11676-11930 Important 11676-11931 Important 11676-12097 Important 11676-12098 Important 11676-12099 Important 11677-11569 Important 11677-11571 Important 11677-11572 Important 11677-10852 Important 11677-10853 Important 11677-10816 Important 11677-10855 Important 11863-10051 Important 11863-10049 Important 11863-10378 Important 11863-10379 Important 11863-10483 Important 11863-10543 Important 12079-11923 Important 12079-11924 Important 12079-11926 Important 12079-11927 Important 12079-11929 Important 12079-11930 Important 12079-11931 Important 12079-12085 Important 12079-12086 Important 12079-12097 Important 12079-12098 Important 12079-12099 Important 12079-12242 Important 12079-12243 Important 12079-12244 Important 12115-9312 Important 12115-10287 Important 12115-9318 Important 12115-9344 Important 12135-10729 Important 12135-10735 Important 9292-9312 Important 9292-9318 Important 9195-9312 Important 9195-9318 Important 2472-10378 Important 2472-10379 Important 2472-10483 Important 2472-10543 Important 9495-10051 Important 9495-10049 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11650-10543 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11676-12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11677-11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11677-11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11677-11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11677-10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11677-10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11677-10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11677-10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11863-10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11863-10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11863-10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11863-10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11863-10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11863-10543 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12079-12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12115-9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12115-10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12115-9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12115-9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12135-10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12135-10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9292-9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9292-9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9195-9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9195-9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 2472-10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 2472-10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 2472-10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 2472-10543 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9495-10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9495-10049 5033910 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033910 11650-10852 11650-10853 11650-10816 11650-10855 Maybe Security Update 4.8.04690.02 https://support.microsoft.com/help/5033910 11650-10852 11650-10853 11650-10816 11650-10855 5033910 5034277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033916 11650-10051 11650-10049 Maybe Monthly Rollup 4.8.04690.02 https://support.microsoft.com/help/5034277 11650-10051 11650-10049 5034277 5034269 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033948 11650-10051 11650-10049 11863-10051 11863-10049 Maybe Security Only 4.8.04690.01 https://support.microsoft.com/help/5034269 11650-10051 11650-10049 11863-10051 11863-10049 5034269 5034278 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033913 11650-10378 11650-10379 Maybe Monthly Rollup 4.8.04690.02 https://support.microsoft.com/help/5034278 11650-10378 11650-10379 5034278 5034279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033915 11650-10483 11650-10543 Maybe Monthly Rollup 4.8.04690.02 https://support.microsoft.com/help/5034279 11650-10483 11650-10543 5034279 5034273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033911 11676-11568 11676-11569 11676-11571 11676-11572 Maybe Security Update 4.8.04690.02 https://support.microsoft.com/help/5034273 11676-11568 11676-11569 11676-11571 11676-11572 5034273 5034272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033922 11676-11923 11676-11924 12079-11923 12079-11924 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5034272 11676-11923 11676-11924 12079-11923 12079-11924 5034272 5034276 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033912 11676-11926 11676-11927 Maybe Security Update 4.8.04690.02 https://support.microsoft.com/help/5034276 11676-11926 11676-11927 5034276 5034274 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033909 11676-11929 11676-11930 11676-11931 Maybe Security Update 4.8.04690.02 https://support.microsoft.com/help/5034274 11676-11929 11676-11930 11676-11931 5034274 5034275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033909 11676-12097 11676-12098 11676-12099 Maybe Security Update 4.8.04690.02 https://support.microsoft.com/help/5034275 11676-12097 11676-12098 11676-12099 5034275 5034273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033904 11677-11569 11677-11571 11677-11572 Maybe Security Update 4.7.04081.03 https://support.microsoft.com/help/5034273 11677-11569 11677-11571 11677-11572 5034273 5034119 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034119 5033373 11677-10852 11677-10853 11677-10816 11677-10855 Yes Security Update 10.0.14393.6614 https://support.microsoft.com/help/5034119 11677-10852 11677-10853 11677-10816 11677-10855 5034119 5034277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033907 11863-10051 11863-10049 Maybe Monthly Rollup 4.7.04081.03 https://support.microsoft.com/help/5034277 11863-10051 11863-10049 5034277 5034278 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033905 11863-10378 11863-10379 Maybe Monthly Rollup 4.7.04081.03 https://support.microsoft.com/help/5034278 11863-10378 11863-10379 5034278 5034279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033906 11863-10483 11863-10543 Maybe Monthly Rollup 4.7.04081.03 https://support.microsoft.com/help/5034279 11863-10483 11863-10543 5034279 5034276 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033919 12079-11926 12079-11927 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5034276 12079-11926 12079-11927 5034276 5034274 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033918 12079-11929 12079-11930 12079-11931 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5034274 12079-11929 12079-11930 12079-11931 5034274 5033920 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033920 12079-12085 12079-12086 12079-12242 12079-12243 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5033920 12079-12085 12079-12086 12079-12242 12079-12243 5033920 5034275 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033918 12079-12097 12079-12098 12079-12099 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5034275 12079-12097 12079-12098 12079-12099 5034275 5033917 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033917 12079-12244 Maybe Security Update 4.8.09214.01 https://support.microsoft.com/help/5033917 12079-12244 5033917 5034280 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033907 12115-9312 12115-10287 12115-9318 12115-9344 Maybe Monthly Rollup 4.7.04081.03 https://support.microsoft.com/help/5034280 12115-9312 12115-10287 12115-9318 12115-9344 5034280 5034270 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033947 12115-9312 12115-10287 12115-9318 12115-9344 Maybe Security Only 4.7.04081.02 https://support.microsoft.com/help/5034270 12115-9312 12115-10287 12115-9318 12115-9344 5034270 5034134 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5034134 5033379 12135-10729 12135-10735 Yes Security Update 10.0.10240.20402 https://support.microsoft.com/help/5034134 12135-10729 12135-10735 5034134 5034280 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033898 9292-9312 9292-9318 9195-9312 9195-9318 Maybe Monthly Rollup 3.0.50727.8976 https://support.microsoft.com/help/5034280 9292-9312 9292-9318 9195-9312 9195-9318 5034280 5034270 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033945 9292-9312 9292-9318 9195-9312 9195-9318 Maybe Security Only 3.0.50727.8976 https://support.microsoft.com/help/5034270 9292-9312 9292-9318 9195-9312 9195-9318 5034270 5034278 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033897 2472-10378 2472-10379 Maybe Monthly Rollup 3.0.50727.8976 https://support.microsoft.com/help/5034278 2472-10378 2472-10379 5034278 5034279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033900 2472-10483 2472-10543 Maybe Monthly Rollup 3.0.50727.8976 https://support.microsoft.com/help/5034279 2472-10483 2472-10543 5034279 5034277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033899 9495-10051 9495-10049 Maybe Monthly Rollup 3.0.30729.8959 https://support.microsoft.com/help/5034277 9495-10051 9495-10049 5034277 5034269 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5033946 9495-10051 9495-10049 Maybe Security Only 3.0.30729.8959 https://support.microsoft.com/help/5034269 9495-10051 9495-10049 5034269 <a href="https://twitter.com/mwulftange">Markus Wulftange</a> with <a href="https://code-white.com/">CODE WHITE GmbH</a> <a href="https://twitter.com/mwulftange">Markus Wulftange</a> with <a href="https://code-white.com/">CODE WHITE GmbH</a> 2.0 2024-05-08T07:00:00 <p>The following corrections have been made in the Security Updates table: 1) Removed .NET Framework 3.5 and 4.7.2 on Windows 10 version 1809 for ARM-based systems, .NET Framework 3.5 and 4.7/4.7.1/4.7.2 on Windows 10 version 1607 as these versions are not affected by this vulnerability. 2) Added .NET Framework 3.5 &amp; 4.8 on Windows 10 version 1809 and Windows Server 2019, .NET Framework 3.5 and 4.7.2 on Windows 10 version 1607. Customers whose systems are configured to receive automatic updates do not need to take any further action. 3) Corrected Download and Article links.</p> 1.0 2024-03-22T07:00:00 <p>Information published. This CVE was addressed by updates that were released in January 2024, but the CVE was inadvertently omitted from the January 2024 Security Updates. This is an informational change only. Customers who have already installed the January 2024 updates do not need to take any further action.</p> Skype for Consumer Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by sending the user a malicious link or a malicious image via Instant Message and then convincing the user to click the link or image.</p> <p><strong>How do I get the update?</strong></p> <ol> <li>Click the <a href="https://www.skype.com/en/get-skype/">Download</a> link.</li> <li>Under <strong>Skype for Desktop</strong> select the <strong>Get Skype for Windows 10 &amp; 11</strong> arrow to display download options.</li> <li>Select from the following to download the version you need for your Desktop.</li> </ol> <ul> <li>Get Skype for Windows</li> <li>Get Skype for Mac</li> <li>Get Skype for Linux SNAP</li> </ul> <p>To verify that you have the latest version of Skype installed, Select <strong>Settings</strong> &gt; <strong>Help &amp; Feedback</strong>.</p> <p>For more information on how to update Skype, see <a href="https://support.skype.com/en/faq/fa34841/updating-to-the-latest-version-of-skype">Updating to the latest version of Skype</a>.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.</p> Skype for Consumer Microsoft Yes CVE-2024-21411 Insecure Default Variable Initialization 12310 Remote Code Execution 12310 Important 12310 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12310 Release Notes https://www.skype.com/en/get-skype/ 12310 Maybe Security Update 8.113 https://www.skype.com/en/ 12310 Release Notes Hector Peralta (@hperalta89) and Nicol\xc3\xa1s Armua working with Trend Micro Zero Day Initiative 1.0 2024-03-12T07:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-26594 https://nvd.nist.gov/vuln/detail/CVE-2024-26594 Mariner cve@kernel.org Yes CVE-2024-26594 12139 12140 12139 12140 12139 12140 DOS:N/A 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12139 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12140 hyperv-daemons 12139 hyperv-daemons-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.153.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.153.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.153.1-1 https://nvd.nist.gov/vuln/detail/CVE-2024-26594 12139 hyperv-daemons hyperv-daemons 12140 hyperv-daemons-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.153.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.153.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.153.1-1 https://nvd.nist.gov/vuln/detail/CVE-2024-26594 12140 hyperv-daemons 1.0 2024-03-04T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-52160 https://nvd.nist.gov/vuln/detail/CVE-2023-52160 Mariner cve@mitre.org Yes CVE-2023-52160 12139 12140 12139 12140 12139 12140 DOS:N/A 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 12139 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 12140 wpa_supplicant 12139 wpa_supplicant-2.10-2.cm2.x86_64.rpm 0001-01-01T00:00:00 wpa_supplicant-debuginfo-2.10-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.10-2 https://nvd.nist.gov/vuln/detail/CVE-2023-52160 12139 wpa_supplicant wpa_supplicant 12140 wpa_supplicant-2.10-2.cm2.aarch64.rpm 0001-01-01T00:00:00 wpa_supplicant-debuginfo-2.10-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.10-2 https://nvd.nist.gov/vuln/detail/CVE-2023-52160 12140 wpa_supplicant 1.0 2024-03-04T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-52435 https://nvd.nist.gov/vuln/detail/CVE-2023-52435 Mariner cve@kernel.org Yes CVE-2023-52435 12139 12140 12139 12140 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12139 kernel-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.153.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-52435 12139 kernel kernel 12140 kernel-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.153.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-52435 12140 kernel 1.0 2024-03-16T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-26588 https://nvd.nist.gov/vuln/detail/CVE-2024-26588 Mariner cve@kernel.org Yes CVE-2024-26588 12139 12140 12139 12140 12139 12140 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 kernel 12139 kernel-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.158.1-1 https://nvd.nist.gov/vuln/detail/CVE-2024-26588 12139 kernel kernel 12140 kernel-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.158.1-1 https://nvd.nist.gov/vuln/detail/CVE-2024-26588 12140 kernel 1.0 2024-03-19T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-26587 https://nvd.nist.gov/vuln/detail/CVE-2024-26587 Mariner cve@kernel.org Yes CVE-2024-26587 12139 12140 12139 12140 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12139 kernel-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.158.1-1 https://nvd.nist.gov/vuln/detail/CVE-2024-26587 12139 kernel kernel 12140 kernel-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.158.1-1 https://nvd.nist.gov/vuln/detail/CVE-2024-26587 12140 kernel 1.0 2024-03-19T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-52434 https://nvd.nist.gov/vuln/detail/CVE-2023-52434 Mariner cve@kernel.org Yes CVE-2023-52434 12139 12140 12139 12140 12139 12140 DOS:N/A 8.0 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 8.0 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 kernel 12139 kernel-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.153.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.153.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-52434 12139 kernel kernel 12140 kernel-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.153.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.153.1-1 https://nvd.nist.gov/vuln/detail/CVE-2023-52434 12140 kernel 1.0 2024-03-16T00:00:00 <p>Information published.</p> Xbox Gaming Services Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> <p><strong>According to the CVSS metrics, the attack vector is local (AV:L) and privilege required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An attacker must have local access to the targeted machine and must be able to create folders and performance traces on the machine, with restricted privileges that normal users have by default.</p> <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for information about the apps installed on your device.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.</p> <p>If you want to get updates immediately, or if you don't have automatic updates enabled, select <strong>Get Updates</strong>. You can then update apps individually by selecting <strong>Update</strong> for each app, or you can select <strong>Update all</strong> to install all updates. We recommend that you select <strong>Update all</strong> as a best practice to stay protected.</p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>App package versions <strong>19.87.13001.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell:</p> <p><code>get-appxpackage Microsoft.GamingServices</code></p> XBox Crypto Graphic Services Microsoft Yes CVE-2024-28916 Improper Link Resolution Before File Access ('Link Following') 12316 Elevation of Privilege 12316 Important 12316 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 8.8 7.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 12316 Release Notes ms-windows-store://pdp/?productid=9MWPM2CQNLHN 12316 Maybe Security Update 19.87.13001.0 https://ms-windows-store://pdp?productid=9MWPM2CQNLHN 12316 Release Notes <a href="https://twitter.com/filip_dragovic">Filip Dragović</a> 1.0 2024-03-22T07:00:00 <p>Information published.</p> .NET and Visual Studio Denial of Service Vulnerability .NET Microsoft Yes CVE-2024-21392 Uncontrolled Resource Consumption 12309 12131 12262 12130 12260 12187 12129 12271 Denial of Service 12309 Denial of Service 12131 Denial of Service 12262 Denial of Service 12130 Denial of Service 12260 Denial of Service 12187 Denial of Service 12129 Denial of Service 12271 Important 12309 Important 12131 Important 12262 Important 12130 Important 12260 Important 12187 Important 12129 Important 12271 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12309 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12131 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12262 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12130 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12260 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12187 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12129 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 12271 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.9 12309 Maybe Security Update 17.9.3 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12309 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/59 12131 Maybe Security Update 7.3.12 https://github.com/PowerShell/Announcements/issues/59 12131 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/59 12262 Maybe Security Update 7.4.1 https://github.com/PowerShell/Announcements/issues/59 12262 Release Notes 5036451 https://dotnet.microsoft.com/en-us/download/dotnet/7.0 12130 Maybe Monthly Rollup 7.0.17 https://support.microsoft.com/help/5036451 12130 5036451 5036452 https://dotnet.microsoft.com/en-us/download/dotnet/8.0 12260 Maybe Security Update 8.0.3 https://support.microsoft.com/help/5036452 12260 5036452 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.13 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes 1.0 2024-03-12T07:00:00 <p>Information published.</p> 2.0 2024-04-16T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.3 and PowerShell 7.4 because these versions of PowerShell 7 are affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/74">https://github.com/PowerShell/Announcements/issues/74</a> for more information.</p> Microsoft QUIC Denial of Service Vulnerability Microsoft QUIC Microsoft Yes CVE-2024-26190 Uncontrolled Resource Consumption 12309 11923 11924 11926 11927 12085 12086 12242 12243 12244 12131 12262 12129 12187 12271 12130 12260 Denial of Service 12309 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 12085 Denial of Service 12086 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12131 Denial of Service 12262 Denial of Service 12129 Denial of Service 12187 Denial of Service 12271 Denial of Service 12130 Denial of Service 12260 Important 12309 Important 11923 Important 11924 Important 11926 Important 11927 Important 12085 Important 12086 Important 12242 Important 12243 Important 12244 Important 12131 Important 12262 Important 12129 Important 12187 Important 12271 Important 12130 Important 12260 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12309 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12131 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12262 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12129 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12187 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12271 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12130 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12260 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.9 12309 Maybe Security Update 17.9.3 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12309 Release Notes 5035857 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857 5034770 11923 11924 Yes Security Update 10.0.20348.2340 https://support.microsoft.com/help/5035857 11923 11924 5035857 5035959 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959 5034860 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.2333 https://support.microsoft.com/help/5035959 11923 11924 5035959 5035854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854 5034766 11926 11927 Yes Security Update 10.0.22000.2836 https://support.microsoft.com/help/5035854 11926 11927 5035854 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12085 12086 Yes Security Update 10.0.22621.3296 https://support.microsoft.com/help/5035853 12085 12086 5035853 5035853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853 5034765 12242 12243 Yes Security Update 10.0.22631.3296 https://support.microsoft.com/help/5035853 12242 12243 5035853 5035856 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856 5034769 12244 Yes Security Update 10.0.25398.763 https://support.microsoft.com/help/5035856 12244 5035856 Release Notes https://github.com/PowerShell/Announcements/issues/73 12131 Maybe Security Update 7.3.12 https://github.com/PowerShell/Announcements/issues/73 12131 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/73 12262 Maybe Security Update 7.4.2 https://github.com/PowerShell/Announcements/issues/73 12262 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.13 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.8 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes 5036451 https://dotnet.microsoft.com/en-us/download/dotnet/7.0 12130 Maybe Monthly Rollup 7.0.17 https://support.microsoft.com/help/5036451 12130 5036451 5036452 https://dotnet.microsoft.com/en-us/download/dotnet/8.0 12260 Maybe Security Update 8.0.3 https://support.microsoft.com/help/5036452 12260 5036452 1.0 2024-03-12T07:00:00 <p>Information published.</p> 2.0 2024-04-16T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.3 and PowerShell 7.4 because these versions of PowerShell 7 are affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/73">https://github.com/PowerShell/Announcements/issues/73</a> for more information.</p>